Observation of DNS Amplification Attack (krasti.us)
$ dig @::1 krasti.us any ;; Truncated, retrying in TCP mode. ; <<>> DiG 9.8.5-P1 <<>> @::1 krasti.us any ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44376 ;; flags: qr rd ra; QUERY: 1, ANSWER: 35, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;krasti.us. IN ANY ;; ANSWER SECTION: krasti.us. 600 IN A 184.168.221.51 krasti.us. 604800 IN MX 10 lolwutevet1.ddos-guard.sux.net.antipainkillyouallmydomainthebestever.h4xored.by.antipainlolwutandyouaresucksuckssucksuck.com. krasti.us. 604800 IN MX 21 lolwutevet2.ddos-guard.sux.net.aipainkillyouallmydomainthebestever.h4xored.by.antipainlolwutandyouaresucksucksuscksuck.com. krasti.us. 604800 IN MX 22 lolwutevet3.ddos-guard.sux.net.aipainkillyouallmydomainthebestever.h4xored.by.antipainlolwutandyouaresucksuckncsucksuck.com. krasti.us. 604800 IN MX 23 lolwutevet4.ddos-guard.sux.net.aipainkillyouallmydomainthebestever.h4xored.by.antipainlolwutandyouaresucksucnksucksuck.com. krasti.us. 604800 IN MX 24 lolwutevet5.ddos-guard.sux.net.aipainkillyouallmydomainthebestever.h4xored.by.antipainlolwutandyouaresucksu0cksucksuck.com. krasti.us. 604800 IN MX 26 lolwutevet8.ddos-guard.sux.net.aipainkillyouallmydomainthebestever.h4xored.by.antipainlolwutandyouaresuck8sucksucksuck.com. krasti.us. 604800 IN MX 28 lolwutevet0.ddos-guard.sux.net.aipainkillyouallmydomainthebestever.h4xored.by.antipainlolwutandyouaresuc7ksucksucksuck.com. krasti.us. 604800 IN MX 29 lolwutevet33.ddos-guard.sux.net.aipainkillyouallmydomainthebestever.h4xored.by.antipainlolwutandyouares6ucksucksucksuck.com. krasti.us. 604800 IN MX 30 lolwutevet23.ddos-guard.sux.net.aipainkillyouallmydomainthebestever.h4xored.by.antipainlolwutandyouare5sucksucksucksuck.com. krasti.us. 604800 IN MX 32 lolwutevet33.ddos-guard.sux.net.aipainkillyouallmydomainthebestever.h4xored.by.antipainlolwutandyouar4esucksucksucksuck.com. krasti.us. 604800 IN MX 10 lolwutevet1.ddos-guard.sux.net.antipainkillyouallmydomainthebestever.h4xored.by.antipainlolwutandyou3aresucksucksucksuck.com. krasti.us. 604800 IN MX 21 lolwutevet2.ddos-guard.sux.net.aipainkillyouallmydomainthebestever.h4xored.by.antipainlolwutandyoua2resucksucksucksuck.com. krasti.us. 604800 IN MX 22 lolwutevet3.ddos-guard.sux.net.aipainkillyouallmydomainthebestever.h4xored.by.antipainlolwutandyou1aresucksucksucksuxck.com. krasti.us. 604800 IN MX 23 lolwutevet4.ddos-guard.sux.net.aipainkillyouallmydomainthebestever.h4xored.by.antipainlolwutandyouaresucksucksucknbsuxck.com. krasti.us. 604800 IN MX 24 lolwutevet5.ddos-guard.sux.net.aipainkillyouallmydomainthebestever.h4xored.by.antipainlolwutandyouaresucksucksucksuck.com. krasti.us. 604800 IN MX 26 lolwutevet8.ddos-guard.sux.net.aipainkillyouallmydomainthebestever.h4xored.by.antipainlolwutandyouaresucksucksucksugck.com. krasti.us. 604800 IN MX 28 lolwutevet0.ddos-guard.sux.net.aipainkillyouallmydomainthebestever.h4xored.by.antipainlolwutandyouaresucksucksuckgsuck.com. krasti.us. 604800 IN MX 29 lolwutevet33.ddos-guard.sux.net.aipainkillyouallmydomainthebestever.h4xored.by.antipainlolwutandyouaresucksucksgucksuck.com. krasti.us. 604800 IN MX 30 lolwutevet23.ddos-guard.sux.net.aipainkillyouallmydomainthebestever.h4xored.by.antipainlolwutandyouaresucksucksucgknsuck.com. krasti.us. 604800 IN MX 32 lolwutevet33.ddos-guard.sux.net.aipainkillyouallmydomainthebestever.h4xored.by.antipainlolwutandyouaresucksucksucksuckn.com. krasti.us. 604800 IN MX 10 lolwutevet1.ddos-guard.sux.net.antipainkillyouallmydomainthebestever.h4xored.by.antipainlolwutandyouaresucksucksucksucdk.com. krasti.us. 604800 IN MX 21 lolwutevet2.ddos-guard.sux.net.aipainkillyouallmydomainthebestever.h4xored.by.antipainlolwutandyouaresucksucksucksuckd.com. krasti.us. 604800 IN MX 22 lolwutevet3.ddos-guard.sux.net.aipainkillyouallmydomainthebestever.h4xored.by.antipainlolwutandyouaresucksucksucksugckd.com. krasti.us. 604800 IN MX 23 lolwutevet4.ddos-guard.sux.net.aipainkillyouallmydomainthebestever.h4xored.by.antipainlolwutandyouaresucksucksucksuckn.com. krasti.us. 604800 IN MX 24 lolwutevet5.ddos-guard.sux.net.aipainkillyouallmydomainthebestever.h4xored.by.antipainlolwutandyouaresucksucksucksuckg.com. krasti.us. 604800 IN MX 26 lolwutevet8.ddos-guard.sux.net.aipainkillyouallmydomainthebestever.h4xored.by.antipainlolwutandyouaresucksucksucksuckg.com. krasti.us. 604800 IN MX 28 lolwutevet0.ddos-guard.sux.net.aipainkillyouallmydomainthebestever.h4xored.by.antipainlolwutandyouaresucksucksucksuckg.com. krasti.us. 604800 IN MX 30 lolwutevet23.ddos-guard.sux.net.aipainkillyouallmydomainthebestever.h4xored.by.antipainlolwutandyouaresucksucksucksuckf.com. krasti.us. 604800 IN MX 32 lolwutevet33.ddos-guard.sux.net.aipainkillyouallmydomainthebestever.h4xored.by.antipainlolwutandyouaresucksucksucksucku.com. krasti.us. 604800 IN MX 10 lolwutevet1.ddos-guard.sux.net.antipainkillyouallmydomainthebestever.h4xored.by.antipainlolwutandyouaresucksucksucksuck.com. krasti.us. 3600 IN NS ns09.domaincontrol.com. krasti.us. 3600 IN NS ns10.domaincontrol.com. krasti.us. 604800 IN TXT "sdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdasssdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdas5533 > sdasd" "assdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdasdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdas5533 > sdasdassdasd" "assdasdassdasdassdasdassdasdassdasdassdasdassdaasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdas5533 > sdasdassdasdassda" "sdassdasdassdasdassdasdassdasdassdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdas5533 > sdasdassdasdassdasdassdasdassdasdassd" "asda" krasti.us. 3600 IN SOA ns09.domaincontrol.com. dns.jomax.net. 2013102200 28800 7200 604800 600 ;; Query time: 8 msec ;; SERVER: ::1#53(::1) ;; WHEN: Wed Oct 23 18:04:24 JST 2013 ;; MSG SIZE rcvd: 4886
$ dig @::1 krasti.us ns ; <<>> DiG 9.8.5-P1 <<>> @::1 krasti.us ns ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62904 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;krasti.us. IN NS ;; ANSWER SECTION: krasti.us. 3526 IN NS ns09.domaincontrol.com. krasti.us. 3526 IN NS ns10.domaincontrol.com. ;; Query time: 171 msec ;; SERVER: ::1#53(::1) ;; WHEN: Wed Oct 23 18:05:38 JST 2013 ;; MSG SIZE rcvd: 82
ns09.domaincontrol.com. 71506 IN A 216.69.185.5 ns10.domaincontrol.com. 71502 IN A 208.109.255.5
$ whois 216.69.185.5 # # ARIN WHOIS data and services are subject to the Terms of Use # available at: https://www.arin.net/whois_tou.html # # # Query terms are ambiguous. The query is assumed to be: # "n 216.69.185.5" # # Use "?" to get help. # # # The following results may also be obtained via: # http://whois.arin.net/rest/nets;q=216.69.185.5?showDetails=true&showARIN=false&ext=netref2 # NetRange: 216.69.128.0 - 216.69.191.255 CIDR: 216.69.128.0/18 OriginAS: NetName: GO-DADDY-COM-LLC NetHandle: NET-216-69-128-0-1 Parent: NET-216-0-0-0-0 NetType: Direct Allocation RegDate: 2004-05-24 Updated: 2012-02-24 Ref: http://whois.arin.net/rest/net/NET-216-69-128-0-1 OrgName: GoDaddy.com, LLC OrgId: GODAD Address: 14455 N Hayden Road Address: Suite 226 City: Scottsdale StateProv: AZ PostalCode: 85260 Country: US RegDate: 2007-06-01 Updated: 2012-03-15 Comment: Please send abuse complaints to abuse@godaddy.com Ref: http://whois.arin.net/rest/org/GODAD OrgAbuseHandle: ABUSE51-ARIN OrgAbuseName: Abuse Department OrgAbusePhone: +1-480-624-2505 OrgAbuseEmail: abuse@godaddy.com OrgAbuseRef: http://whois.arin.net/rest/poc/ABUSE51-ARIN OrgNOCHandle: NOC124-ARIN OrgNOCName: Network Operations Center OrgNOCPhone: +1-480-505-8809 OrgNOCEmail: noc@godaddy.com OrgNOCRef: http://whois.arin.net/rest/poc/NOC124-ARIN OrgTechHandle: NOC124-ARIN OrgTechName: Network Operations Center OrgTechPhone: +1-480-505-8809 OrgTechEmail: noc@godaddy.com OrgTechRef: http://whois.arin.net/rest/poc/NOC124-ARIN # # ARIN WHOIS data and services are subject to the Terms of Use # available at: https://www.arin.net/whois_tou.html