Friday, July 5, 2013

Domain: t4.Deparel.com

Domain DeParel.com observed today for the first time.

DeParel can be translated to 'The Pearl' from Dutch..

Domain in query: t4.deparel.com

Whois details:


Owner Contact:
   R.L. Jansen
   UNKNOWN ORGANIZTION
   
info @ nitt.nl
   tuinbouwstraat 52 N/A
   Groningen, 9717JK, NL

   Punycode Name:  deparel.com
   Unicode Name:   deparel.com

   Admin Contact
      R.L. Jansen
      UNKNOWN ORGANIZTION
      
info @ nitt.nl
      tuinbouwstraat 52 N/A
      Groningen, 9717JK, NL
      phone: +31.000000000

   Technical Contact
      R.L. Jansen
      UNKNOWN ORGANIZTION
      
info @ nitt.nl
      tuinbouwstraat 52 N/A
      Groningen, 9717JK, NL
      phone: +31.000000000

   Zone Contact
      R.L. Jansen
      UNKNOWN ORGANIZTION
      info @ nitt.nl
      tuinbouwstraat 52 N/A
      Groningen, 9717JK, NL
      phone: +31.000000000

   Record expires on: 2013-08-08 00:00:00

   Domain servers in listed order:

      ns3.gowebhosting.nl 193.138.249.199
      ns4.gowebhosting.nl 83.172.141.18



The email address of the contact person is '@nitt.nl' who are the owners of 'GoWebHosting.nl' which are the name servers of this domain:


dig any deparel.com @8.8.8.8
;; ANSWER SECTION:
deparel.com. 21600 IN SOA ns1.nitthosting.nl. root.ns1.nitthosting.nl. 2005071907 3600 3600 604800 3600
deparel.com. 21600 IN NS ns2.nitthosting.nl.
deparel.com. 21600 IN NS ns1.nitthosting.nl.
deparel.com. 21600 IN A 83.172.140.18
deparel.com. 21600 IN MX 10 mail.deparel.com.


A record points to a 'valid' domain about some tent beach house on Vlieland which is a island above Holland.

Seems like this domain has been hijacked..

Query:


;; ANSWER SECTION:
t4.deparel.com. 54384 IN TXT "sdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdasssdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdas5533" ">" "sdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdasdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdas5533" ">" "sdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdaasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdas5533" ">" "sdasdassdasdassdasdassdasdassdasdassdasdassdasdassdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdas5533" ">" "sdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdas5533" ">" "sdasdassdasdassdasdassdasdassdasdassdasdassdasdasasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdas5533" ">" "sdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdas5533" ">" "sdasdassdasdassdasdassdasdassdasdassdasdassdasdassdassdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdas5533" ">" "sdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdas5533" ">" "sdasdassdasdassdasdassdasdassdasdassdasdassdssdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdas5533" ">" "sdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdas5533" ">" "sdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdssdasdassdasdassdasdassdasdassdasdassdasdassdas5533" ">" "11111111wwwsdasdassdasdassaasdasdasddasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdasasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasddassda88978978766sdassdasdassd" ">" "11111111wwwsdasdassdasdassaasdasdasddasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasddassda88978978766sdassdasdassd" ">" "11111111wwwsdasdassdasdassaasdasdasddasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasddassda88978978766sdassdasdassd" ">" "11111111wwwsdasdassdasdassaasdasdasddasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasdassdasddassda88978978766sdassdasdassd" ">" "asuidhasiudyhasiudhyasiudyhasiudyuaisydasiuydasuidhasiudyhasiudhyasiudyhasiudyuaisydasiuydsadjua"


Attacks size:

The rate at which I am seeing queries at the moment is something I haven't seen before.

Queries for Deparel.com per day:

4,794,038   05-Jul-2013
   950,164   06-Jul-2013

Queries per hour:
Around 500,000 - 600,000 per hour!

05-Jul-2013
16 593865
17 647915
18 593818
19 545343
20 606182
21 606637
22 534538
23 665740

06-Jul-2013
00 616354
01 333810

Attacked hosts:


186.2.162.10 22730
186.2.162.100 22428
186.2.162.101 22795
186.2.162.102 22353
186.2.162.103 22837
...
...
..
186.2.162.250 22414
186.2.162.251 22775
186.2.162.252 22426
186.2.162.253 22911
186.2.162.254 22438
186.2.162.255 22778


Basically the entire /24

The network range belongs to:  

inetnum:     186.2.160/22
status:      reallocated
owner:       DDoS-Guard.net
ownerid:     BZ-DDOS-LACNIC
responsible: Alexander Golovin
address:     1/2Miles Northern Highway, Belize City, Belize, , 
address:      - Belize City - BZ
country:     BZ
phone:       +7 495 2150387 []
owner-c:     ALG43
tech-c:      ALG43
abuse-c:     ALG43
inetrev:     186.2.162/23
nserver:     NS1.DDOS-GUARD.NET  
nsstat:      20130705 AA
nslastaa:    20130705
nserver:     NS2.DDOS-GUARD.NET  
nsstat:      20130705 AA
nslastaa:    20130705
nserver:     NS3.DDOS-GUARD.NET  
nsstat:      20130705 AA
nslastaa:    20130705
nserver:     NS4.DDOS-GUARD.NET  
nsstat:      20130705 AA
nslastaa:    20130705
nserver:     NS5.DDOS-GUARD.NET  
nsstat:      20130705 TIMEOUT
nslastaa:    20130620
created:     20130119
changed:     20130119
inetnum-up:  186.2.160/20

nic-hdl:     ALG43
person:      Alexander Golovin

e-mail:      
address:     1/2 Miles Northern Highway, , 
address:      - Belize City - BZ
country:     BZ
phone:       +7 495 2150387 []
created:     20130119
changed:     20130119

I guess that this Ddos protection service is being thoroughly tested!



No comments:

Post a Comment