Sunday, September 15, 2013

Domain: aa.asd3sc.com

Reveived a tip for the following domain aa.asd3sc.com

Source:

I first observed domain on September 13th the same day as I received a tip of this over email from a reader.

Firs seem from:

50x 122.136.196.117 - AS4837 CHINA169-BACKBONE CNCGROUP

Later seen from:

1x 93.174.93.96 - Ecatel !


Response:

About 300 A records in the 207.251.103.x range.


IPtables rule:

iptables --insert INPUT -p udp --dport 53 -m u32 --u32 "0x28&0xFFDFDFFF=0x02414106 && 0x2c&0xDFDFDFFF=0x41534433 && 0x30&0xDFDFFFDF=0x53430343 && 0x34&0xDFDFFFFF=0x4f4d0000" -j DROP -m comment --comment "DROP DNS Q aa.asd3sc.com"

More rules here

Name servers:

ns1.asd3sc.com


Whois:

Domain: asd3sc.com
Status: Protected

DNS:
        ns1.asd3sc.com
        ns2.asd3sc.com

Created: 2013-09-12 16:04:29
Expires: 2014-09-12 08:04:29
Last Modified: 2013-09-12 16:04:29

Registrant Contact:
        Hong Qun
        qun hong ()
        No.111, aihua Road 
        Huaihua, Hunan, cn 418000
        P: +745.2714381 F: +0.0

Administrative Contact:
        Hong Qun
        qun hong ()
        No.111, aihua Road 
        Huaihua, Hunan, cn 418000
        P: +745.2714381 F: +0.0

Technical Contact:
        Hong Qun
        qun hong ()
        No.111, aihua Road 
        Huaihua, Hunan, cn 418000
        P: +745.2714381 F: +0.0

Billing Contact:
        Hong Qun
        qun hong ()
        No.111, aihua Road 
        Huaihua, Hunan, cn 418000
        P: +745.2714381 F: +0.0
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)