Monday, August 19, 2013

Domain: NapiFun.com

Received a tip this domain is being abused, so no IPs.

The registrar is Name Cheap.

Domain has been dropped by cloudns.net

IPtables drop rule:

iptables --insert INPUT -p udp --dport 53 -m u32 --u32 "0x28=0x076e6170 && 0x2c=0x6966756e && 0x30=0x03636f6d" -j DROP

Response:


The response contains multiple records, so I assume it is going to be an IN ANY, IN AAAA or in MX query.

    255x  AAAA
    255x  A
    117x  MX
         4x NS
         1x SOA

A large amount if you ask me, a total of: 633 records! 
Full response can be found here.

Name servers:


napifun.com. 2934 IN NS ns3.cloudns.net.
napifun.com. 2934 IN NS ns1.cloudns.net.
napifun.com. 2934 IN NS ns4.cloudns.net.
napifun.com. 2934 IN NS ns2.cloudns.net.

;; ADDITIONAL SECTION:
ns4.cloudns.net. 66338 IN A 85.25.34.84
ns1.cloudns.net. 66338 IN A 85.159.233.17
ns2.cloudns.net. 66338 IN A 108.59.1.205
ns3.cloudns.net. 66338 IN A 91.230.195.150


Whois:


Registration Service Provided By: Namecheap.com
Contact: 
Visit: http://namecheap.com
Registered through: eNom, Inc.

Domain name: napifun.com

Registrant Contact:
   WhoisGuard, Inc.
   WhoisGuard Protected ()
   
   Fax: 
   P.O. Box 0823-03411
   Panama, Panama NA
   PA

Administrative Contact:
   WhoisGuard, Inc.
   WhoisGuard Protected ()
   +507.8365503
   Fax: +51.17057182
   P.O. Box 0823-03411
   Panama, Panama NA
   PA

Technical Contact:
   WhoisGuard, Inc.
   WhoisGuard Protected ()
   +507.8365503
   Fax: +51.17057182
   P.O. Box 0823-03411
   Panama, Panama NA
   PA

Status: Locked

Name Servers:
   ns1.cloudns.net
   ns2.cloudns.net
   ns3.cloudns.net
   ns4.cloudns.net
   
Creation date: 12 Jun 2012 19:52:00
Expiration date: 12 Jun 2015 11:52:00


Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)