Wednesday, November 27, 2013

Domain: stopdrugs77.com

Domain: stopdrugs77.com



If you are seeing queries for this domain, than you are likely participating in DNS Amplification attacks and your DNS server is probably reachable from the internet and has recursion enabled.

If you are seeing responses for this domain.. unlucky. You are currently beeing DDOS-ed! Good luck.


IPtables:


There are two iptable rules available. If your distribution supports Iptables 'u32' module pick this one, otherwise use the 'string' rule.

U32:
iptables --insert INPUT -p udp --dport 53 -m u32 --u32 "0x28&0xFFDFDFDF=0x0b53544f && 0x2c&0xDFDFDFDF=0x50445255 && 0x30&0xDFDFFFFF=0x47533737 && 0x34&0xFFDFDFDF=0x03434f6d" -j DROP -m comment --comment "DROP DNS Q stopdrugs77.com"

More U32 rules can be found here:

https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist.txt

String:
iptables --insert INPUT -p udp --dport 53 -m string --from 40 --to 66 --algo bm --hex-string '|0b73 746f706472756773373703636f6d00|' -j DROP -m comment --comment "DROP DNS Q stopdrugs77.com"

More Iptables rules for the STRING module can be found here:


https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist-string.txt

Source:

Unknown

Name server:



;; ANSWER SECTION:
stopdrugs77.com. 10800 IN NS a.dns.gandi.net.
stopdrugs77.com. 10800 IN NS b.dns.gandi.net.
stopdrugs77.com. 10800 IN NS c.dns.gandi.net.


Response:


A 239
NS 3
MX 2
SOA 1
Rsize 4027


Whois


Registrars.
Domain Name: stopdrugs77.com
Registry Domain ID: 1836814491_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.gandi.net
Registrar URL: http://www.gandi.net
Updated Date: 2013-11-25T21:14:22Z
Creation Date: 2013-11-25T20:17:27Z
Registrar Registration Expiration Date: 2014-11-25T19:17:26Z
Registrar: GANDI SAS
Registrar IANA ID: 81
Registrar Abuse Contact Email: abuse@support.gandi.net
Registrar Abuse Contact Phone: +33.170377661
Reseller:
Domain Status: clientTransferProhibited
Domain Status:
Domain Status:
Domain Status:
Domain Status:
Registry Registrant ID:
Registrant Name: Vasa Petrov
Registrant Organization:
Registrant Street: Gandi, 63-65 boulevard Massena
Registrant City: (Gandi) Paris
Registrant State/Province:
Registrant Postal Code: (Gandi) 75013
Registrant Country: (Gandi) FR
Registrant Phone: (Gandi) +33.170377666
Registrant Phone Ext:
Registrant Fax: (Gandi) +33.143730576
Registrant Fax Ext:
Registrant Email: 2d531f20f9ec1578c38b964aea7c748f-1815942@contact.gandi.net
Registry Admin ID:
Admin Name: Vasa Petrov
Admin Organization:
Admin Street: Gandi, 63-65 boulevard Massena
Admin City: (Gandi) Paris
Admin State/Province:
Admin Postal Code: (Gandi) 75013
Admin Country: (Gandi) FR
Admin Phone: (Gandi) +33.170377666
Admin Phone Ext:
Admin Fax: (Gandi) +33.143730576
Admin Fax Ext:
Admin Email: 2d531f20f9ec1578c38b964aea7c748f-1815942@contact.gandi.net
Registry Tech ID:
Tech Name: Vasa Petrov
Tech Organization:
Tech Street: Gandi, 63-65 boulevard Massena
Tech City: (Gandi) Paris
Tech State/Province:
Tech Postal Code: (Gandi) 75013
Tech Country: (Gandi) FR
Tech Phone: (Gandi) +33.170377666
Tech Phone Ext:
Tech Fax: (Gandi) +33.143730576
Tech Fax Ext:
Tech Email: 2d531f20f9ec1578c38b964aea7c748f-1815942@contact.gandi.net
Name Server: A.DNS.GANDI.NET
Name Server: B.DNS.GANDI.NET
Name Server: C.DNS.GANDI.NET
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
DNSSEC: Unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2013-11-27T13:08:25Z <<<

Reseller Email:
Reseller URL:


No comments:

Post a Comment