Observation of DNS Amplification Attack (krasti.us)


$ dig @::1 krasti.us any
;; Truncated, retrying in TCP mode.

; <<>> DiG 9.8.5-P1 <<>> @::1 krasti.us any
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44376
;; flags: qr rd ra; QUERY: 1, ANSWER: 35, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;krasti.us.			IN	ANY

;; ANSWER SECTION:
krasti.us.		600	IN	A	184.168.221.51
krasti.us.		604800	IN	MX	10 lolwutevet1.ddos-guard.sux.net.antipainkillyouallmydomainthebestever.h4xored.by.antipainlolwutandyouaresucksuckssucksuck.com.
krasti.us.		604800	IN	MX	21 lolwutevet2.ddos-guard.sux.net.aipainkillyouallmydomainthebestever.h4xored.by.antipainlolwutandyouaresucksucksuscksuck.com.
krasti.us.		604800	IN	MX	22 lolwutevet3.ddos-guard.sux.net.aipainkillyouallmydomainthebestever.h4xored.by.antipainlolwutandyouaresucksuckncsucksuck.com.
krasti.us.		604800	IN	MX	23 lolwutevet4.ddos-guard.sux.net.aipainkillyouallmydomainthebestever.h4xored.by.antipainlolwutandyouaresucksucnksucksuck.com.
krasti.us.		604800	IN	MX	24 lolwutevet5.ddos-guard.sux.net.aipainkillyouallmydomainthebestever.h4xored.by.antipainlolwutandyouaresucksu0cksucksuck.com.
krasti.us.		604800	IN	MX	26 lolwutevet8.ddos-guard.sux.net.aipainkillyouallmydomainthebestever.h4xored.by.antipainlolwutandyouaresuck8sucksucksuck.com.
krasti.us.		604800	IN	MX	28 lolwutevet0.ddos-guard.sux.net.aipainkillyouallmydomainthebestever.h4xored.by.antipainlolwutandyouaresuc7ksucksucksuck.com.
krasti.us.		604800	IN	MX	29 lolwutevet33.ddos-guard.sux.net.aipainkillyouallmydomainthebestever.h4xored.by.antipainlolwutandyouares6ucksucksucksuck.com.
krasti.us.		604800	IN	MX	30 lolwutevet23.ddos-guard.sux.net.aipainkillyouallmydomainthebestever.h4xored.by.antipainlolwutandyouare5sucksucksucksuck.com.
krasti.us.		604800	IN	MX	32 lolwutevet33.ddos-guard.sux.net.aipainkillyouallmydomainthebestever.h4xored.by.antipainlolwutandyouar4esucksucksucksuck.com.
krasti.us.		604800	IN	MX	10 lolwutevet1.ddos-guard.sux.net.antipainkillyouallmydomainthebestever.h4xored.by.antipainlolwutandyou3aresucksucksucksuck.com.
krasti.us.		604800	IN	MX	21 lolwutevet2.ddos-guard.sux.net.aipainkillyouallmydomainthebestever.h4xored.by.antipainlolwutandyoua2resucksucksucksuck.com.
krasti.us.		604800	IN	MX	22 lolwutevet3.ddos-guard.sux.net.aipainkillyouallmydomainthebestever.h4xored.by.antipainlolwutandyou1aresucksucksucksuxck.com.
krasti.us.		604800	IN	MX	23 lolwutevet4.ddos-guard.sux.net.aipainkillyouallmydomainthebestever.h4xored.by.antipainlolwutandyouaresucksucksucknbsuxck.com.
krasti.us.		604800	IN	MX	24 lolwutevet5.ddos-guard.sux.net.aipainkillyouallmydomainthebestever.h4xored.by.antipainlolwutandyouaresucksucksucksuck.com.
krasti.us.		604800	IN	MX	26 lolwutevet8.ddos-guard.sux.net.aipainkillyouallmydomainthebestever.h4xored.by.antipainlolwutandyouaresucksucksucksugck.com.
krasti.us.		604800	IN	MX	28 lolwutevet0.ddos-guard.sux.net.aipainkillyouallmydomainthebestever.h4xored.by.antipainlolwutandyouaresucksucksuckgsuck.com.
krasti.us.		604800	IN	MX	29 lolwutevet33.ddos-guard.sux.net.aipainkillyouallmydomainthebestever.h4xored.by.antipainlolwutandyouaresucksucksgucksuck.com.
krasti.us.		604800	IN	MX	30 lolwutevet23.ddos-guard.sux.net.aipainkillyouallmydomainthebestever.h4xored.by.antipainlolwutandyouaresucksucksucgknsuck.com.
krasti.us.		604800	IN	MX	32 lolwutevet33.ddos-guard.sux.net.aipainkillyouallmydomainthebestever.h4xored.by.antipainlolwutandyouaresucksucksucksuckn.com.
krasti.us.		604800	IN	MX	10 lolwutevet1.ddos-guard.sux.net.antipainkillyouallmydomainthebestever.h4xored.by.antipainlolwutandyouaresucksucksucksucdk.com.
krasti.us.		604800	IN	MX	21 lolwutevet2.ddos-guard.sux.net.aipainkillyouallmydomainthebestever.h4xored.by.antipainlolwutandyouaresucksucksucksuckd.com.
krasti.us.		604800	IN	MX	22 lolwutevet3.ddos-guard.sux.net.aipainkillyouallmydomainthebestever.h4xored.by.antipainlolwutandyouaresucksucksucksugckd.com.
krasti.us.		604800	IN	MX	23 lolwutevet4.ddos-guard.sux.net.aipainkillyouallmydomainthebestever.h4xored.by.antipainlolwutandyouaresucksucksucksuckn.com.
krasti.us.		604800	IN	MX	24 lolwutevet5.ddos-guard.sux.net.aipainkillyouallmydomainthebestever.h4xored.by.antipainlolwutandyouaresucksucksucksuckg.com.
krasti.us.		604800	IN	MX	26 lolwutevet8.ddos-guard.sux.net.aipainkillyouallmydomainthebestever.h4xored.by.antipainlolwutandyouaresucksucksucksuckg.com.
krasti.us.		604800	IN	MX	28 lolwutevet0.ddos-guard.sux.net.aipainkillyouallmydomainthebestever.h4xored.by.antipainlolwutandyouaresucksucksucksuckg.com.
krasti.us.		604800	IN	MX	30 lolwutevet23.ddos-guard.sux.net.aipainkillyouallmydomainthebestever.h4xored.by.antipainlolwutandyouaresucksucksucksuckf.com.
krasti.us.		604800	IN	MX	32 lolwutevet33.ddos-guard.sux.net.aipainkillyouallmydomainthebestever.h4xored.by.antipainlolwutandyouaresucksucksucksucku.com.
krasti.us.		604800	IN	MX	10 lolwutevet1.ddos-guard.sux.net.antipainkillyouallmydomainthebestever.h4xored.by.antipainlolwutandyouaresucksucksucksuck.com.
krasti.us.		3600	IN	NS	ns09.domaincontrol.com.
krasti.us.		3600	IN	NS	ns10.domaincontrol.com.
krasti.us.		604800	IN	TXT	"sdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdasssdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdas5533 > sdasd" "assdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdasdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdas5533 > sdasdassdasd" "assdasdassdasdassdasdassdasdassdasdassdasdassdaasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdas5533 > sdasdassdasdassda" "sdassdasdassdasdassdasdassdasdassdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdas5533 > sdasdassdasdassdasdassdasdassdasdassd" "asda"
krasti.us.		3600	IN	SOA	ns09.domaincontrol.com. dns.jomax.net. 2013102200 28800 7200 604800 600

;; Query time: 8 msec
;; SERVER: ::1#53(::1)
;; WHEN: Wed Oct 23 18:04:24 JST 2013
;; MSG SIZE  rcvd: 4886
$ dig @::1 krasti.us ns

; <<>> DiG 9.8.5-P1 <<>> @::1 krasti.us ns
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62904
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;krasti.us.			IN	NS

;; ANSWER SECTION:
krasti.us.		3526	IN	NS	ns09.domaincontrol.com.
krasti.us.		3526	IN	NS	ns10.domaincontrol.com.

;; Query time: 171 msec
;; SERVER: ::1#53(::1)
;; WHEN: Wed Oct 23 18:05:38 JST 2013
;; MSG SIZE  rcvd: 82
ns09.domaincontrol.com.	71506	IN	A	216.69.185.5
ns10.domaincontrol.com.	71502	IN	A	208.109.255.5
$ whois 216.69.185.5

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#


#
# Query terms are ambiguous.  The query is assumed to be:
#     "n 216.69.185.5"
#
# Use "?" to get help.
#

#
# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=216.69.185.5?showDetails=true&showARIN=false&ext=netref2
#

NetRange:       216.69.128.0 - 216.69.191.255
CIDR:           216.69.128.0/18
OriginAS:
NetName:        GO-DADDY-COM-LLC
NetHandle:      NET-216-69-128-0-1
Parent:         NET-216-0-0-0-0
NetType:        Direct Allocation
RegDate:        2004-05-24
Updated:        2012-02-24
Ref:            http://whois.arin.net/rest/net/NET-216-69-128-0-1

OrgName:        GoDaddy.com, LLC
OrgId:          GODAD
Address:        14455 N Hayden Road
Address:        Suite 226
City:           Scottsdale
StateProv:      AZ
PostalCode:     85260
Country:        US
RegDate:        2007-06-01
Updated:        2012-03-15
Comment:        Please send abuse complaints to abuse@godaddy.com
Ref:            http://whois.arin.net/rest/org/GODAD

OrgAbuseHandle: ABUSE51-ARIN
OrgAbuseName:   Abuse Department
OrgAbusePhone:  +1-480-624-2505
OrgAbuseEmail:  abuse@godaddy.com
OrgAbuseRef:    http://whois.arin.net/rest/poc/ABUSE51-ARIN

OrgNOCHandle: NOC124-ARIN
OrgNOCName:   Network Operations Center
OrgNOCPhone:  +1-480-505-8809
OrgNOCEmail:  noc@godaddy.com
OrgNOCRef:    http://whois.arin.net/rest/poc/NOC124-ARIN

OrgTechHandle: NOC124-ARIN
OrgTechName:   Network Operations Center
OrgTechPhone:  +1-480-505-8809
OrgTechEmail:  noc@godaddy.com
OrgTechRef:    http://whois.arin.net/rest/poc/NOC124-ARIN


#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html