tag:blogger.com,1999:blog-86238114508262110592024-03-14T02:27:42.251-07:00DNS Amplification Attacks ObserverI run a low bandwidth Open DNS server and observe / report what I see (automatically) [ Twitter: @DnsSmurf ] [ Email: smurfmonitor _at_ gmail _._ com ]dnsamplificationattackshttp://www.blogger.com/profile/01320145168822507091noreply@blogger.comBlogger161125tag:blogger.com,1999:blog-8623811450826211059.post-60407135612416426542015-02-24T01:59:00.003-08:002015-02-24T02:00:15.692-08:00Domain: cdnmyhost.comDomain: cdnmyhost.com <br><p><br />If you are seeing queries for this domain, than you are likely participating in DNS Amplification attacks and your DNS server is probably reachable from the internet and has recursion enabled. <br /><p><br />If you are seeing responses for this domain.. unlucky. You are currently beeing DDOS-ed! Good luck. <br /><br /><h2><br /><span style="font-size: large;">IPtables:</span></h2><br />There are two iptable rules available. If your distribution supports Iptables 'u32' module pick this one, otherwise use the 'string' rule.<br /><br><b>U32:</b><br />iptables --insert INPUT -p udp --dport 53 -m u32 --u32 "0x28&0xFFDFDFDF=0x0943444e && 0x2c&0xDFDFDFDF=0x4d59484f && 0x30&0xDFDFFFDF=0x53540343 && 0x34&0xDFDFFFFF=0x4f4d0000 && 0x38&0xFF000000=0xFF000000" -j DROP -m comment --comment "DROP DNS Q cdnmyhost.com"<br><br>More U32 rules can be found here:<br /><br><a href="https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist.txt">https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist.txt</a><br /><p><br /><b>String:</b><br />iptables --insert INPUT -p udp --dport 53 -m string --from 40 --to 57 --algo bm --hex-string '|0963646e6d79686f737403636f6d0000ff|' -j DROP -m comment --comment "DROP DNS Q cdnmyhost.com"<br>More Iptables rules for the STRING module can be found here:<br /><br /><br><a href="https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist-string.txt">https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist-string.txt</a><br /><h2><span style="font-size: large;">Source:</span></h2><br />No IP source for this domain<br /><h2><span style="font-size: large;">Name server:</span></h2><br />;; ANSWER SECTION:<br>cdnmyhost.com. 21599 IN NS brad.ns.cloudflare.com.<br>cdnmyhost.com. 21599 IN NS amber.ns.cloudflare.com.<br><br><br /><h2><span style="font-size: large;">Response:</span></h2><br />A 2<br> NS 2<br> SOA 1<br> TXT 2<br> Rsize 4031<br /><br><br /><h2><span style="font-size: large;">Whois</span></h2><br /><br>Whois Server Version 2.0<br><br>Domain names in the .com and .net domains can now be registered<br>with many different competing registrars. Go to http://www.internic.net<br>for detailed information.<br><br> Domain Name: CDNMYHOST.COM<br> Registrar: ENOM, INC.<br> Sponsoring Registrar IANA ID: 48<br> Whois Server: whois.enom.com<br> Referral URL: http://www.enom.com<br> Name Server: AMBER.NS.CLOUDFLARE.COM<br> Name Server: BRAD.NS.CLOUDFLARE.COM<br> Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited<br> Updated Date: 18-feb-2015<br> Creation Date: 13-dec-2014<br> Expiration Date: 13-dec-2015<br><br>>>> Last update of whois database: Tue, 24 Feb 2015 09:59:05 GMT <<<<br><br>NOTICE: The expiration date displayed in this record is the date the <br>registrar's sponsorship of the domain name registration in the registry is <br>currently set to expire. This date does not necessarily reflect the expiration <br>date of the domain name registrant's agreement with the sponsoring <br>registrar. Users may consult the sponsoring registrar's Whois database to <br>view the registrar's reported date of expiration for this registration.<br><br><br>The Registry database contains ONLY .COM, .NET, .EDU domains and<br>Registrars.<br><br>For more information on Whois status codes, please visit <br>https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en.<br><br><br>Domain Name: CDNMYHOST.COM<br>Registry Domain ID: 1890194452_DOMAIN_COM-VRSN<br>Registrar WHOIS Server: whois.enom.com<br>Registrar URL: www.enom.com<br>Updated Date: 2014-12-13T11:23:42.00Z<br>Creation Date: 2014-12-13T19:23:00.00Z<br>Registrar Registration Expiration Date: 2015-12-13T19:23:00.00Z<br>Registrar: ENOM, INC.<br>Registrar IANA ID: 48<br>Registrar Abuse Contact Email: abuse@enom.com<br>Registrar Abuse Contact Phone: +1.4252982646<br>Reseller: NAMECHEAP.COM<br>Domain Status: clientTransferProhibited<br>Registry Registrant ID: <br>Registrant Name: WHOISGUARD PROTECTED<br>Registrant Organization: WHOISGUARD, INC.<br>Registrant Street: P.O. BOX 0823-03411<br>Registrant City: PANAMA<br>Registrant State/Province: PANAMA<br>Registrant Postal Code: 00000<br>Registrant Country: PA<br>Registrant Phone: +507.8365503<br>Registrant Phone Ext: <br>Registrant Fax: +51.17057182<br>Registrant Fax Ext:<br>Registrant Email: 96DB3259BF024660997FDD41F8605E22.PROTECT@WHOISGUARD.COM<br>Registry Admin ID: <br>Admin Name: WHOISGUARD PROTECTED<br>Admin Organization: WHOISGUARD, INC.<br>Admin Street: P.O. BOX 0823-03411<br>Admin City: PANAMA<br>Admin State/Province: PANAMA<br>Admin Postal Code: 00000<br>Admin Country: PA<br>Admin Phone: +507.8365503<br>Admin Phone Ext: <br>Admin Fax: +51.17057182<br>Admin Fax Ext:<br>Admin Email: 96DB3259BF024660997FDD41F8605E22.PROTECT@WHOISGUARD.COM<br>Registry Tech ID: <br>Tech Name: WHOISGUARD PROTECTED<br>Tech Organization: WHOISGUARD, INC.<br>Tech Street: P.O. BOX 0823-03411<br>Tech City: PANAMA<br>Tech State/Province: PANAMA<br>Tech Postal Code: 00000<br>Tech Country: PA<br>Tech Phone: +507.8365503<br>Tech Phone Ext: <br>Tech Fax: +51.17057182<br>Tech Fax Ext: <br>Tech Email: 96DB3259BF024660997FDD41F8605E22.PROTECT@WHOISGUARD.COM<br>Name Server: AMBER.NS.CLOUDFLARE.COM<br>Name Server: BRAD.NS.CLOUDFLARE.COM<br>DNSSEC: unSigned<br>URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/<br>Last update of WHOIS database: 2014-12-13T11:23:42.00Z<br><br><br>We reserve the right to modify these terms at any time. By submitting <br>this query, you agree to abide by these terms.<br>Version 6.3 4/3/2002<br><br><br />Smurfmonitorhttp://www.blogger.com/profile/16107249324533319448noreply@blogger.com0tag:blogger.com,1999:blog-8623811450826211059.post-49408027397321079652015-02-24T01:59:00.001-08:002015-02-24T02:00:15.687-08:00Domain: pidarastik.ruDomain: pidarastik.ru <br><p><br />If you are seeing queries for this domain, than you are likely participating in DNS Amplification attacks and your DNS server is probably reachable from the internet and has recursion enabled. <br /><p><br />If you are seeing responses for this domain.. unlucky. You are currently beeing DDOS-ed! Good luck. <br /><br /><h2><br /><span style="font-size: large;">IPtables:</span></h2><br />There are two iptable rules available. If your distribution supports Iptables 'u32' module pick this one, otherwise use the 'string' rule.<br /><br><b>U32:</b><br />iptables --insert INPUT -p udp --dport 53 -m u32 --u32 "0x28&0xFFDFDFDF=0x0a504944 && 0x2c&0xDFDFDFDF=0x41524153 && 0x30&0xDFDFDFFF=0x54494b02 && 0x34&0xDFDFFFFF=0x52550000 && 0x38&0xFF000000=0xFF000000" -j DROP -m comment --comment "DROP DNS Q pidarastik.ru"<br><br>More U32 rules can be found here:<br /><br><a href="https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist.txt">https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist.txt</a><br /><p><br /><b>String:</b><br />iptables --insert INPUT -p udp --dport 53 -m string --from 40 --to 57 --algo bm --hex-string '|0A7069646172617374696b0272750000ff|' -j DROP -m comment --comment "DROP DNS Q pidarastik.ru"<br>More Iptables rules for the STRING module can be found here:<br /><br /><br><a href="https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist-string.txt">https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist-string.txt</a><br /><h2><span style="font-size: large;">Source:</span></h2><br />No IP source for this domain<br /><h2><span style="font-size: large;">Name server:</span></h2><br />;; ANSWER SECTION:<br>pidarastik.ru. 599 IN NS ns2.spaceweb.ru.<br>pidarastik.ru. 599 IN NS ns1.spaceweb.ru.<br><br><br /><h2><span style="font-size: large;">Response:</span></h2><br />A 2<br> MX 2<br> NS 2<br> SOA 1<br> TXT 22<br> Rsize 4076<br /><br><br /><h2><span style="font-size: large;">Whois</span></h2><br />% By submitting a query to RIPN's Whois Service<br>% you agree to abide by the following terms of use:<br>% http://www.ripn.net/about/servpol.html#3.2 (in Russian) <br>% http://www.ripn.net/about/en/servpol.html#3.2 (in English).<br><br>domain: PIDARASTIK.RU<br>nserver: ns1.spaceweb.ru.<br>nserver: ns2.spaceweb.ru.<br>state: REGISTERED, DELEGATED, VERIFIED<br>person: Private Person<br>registrar: R01-RU<br>admin-contact: https://partner.r01.ru/contact_admin.khtml<br>created: 2015.01.10<br>paid-till: 2016.01.10<br>free-date: 2016.02.10<br>source: TCI<br><br>Last updated on 2015.02.24 12:56:31 MSK<br><br><br><br />Smurfmonitorhttp://www.blogger.com/profile/16107249324533319448noreply@blogger.com0tag:blogger.com,1999:blog-8623811450826211059.post-86706767842220389282015-02-24T01:58:00.001-08:002015-02-24T02:00:15.697-08:00Domain: viareality.czDomain: viareality.cz <br><p><br />If you are seeing queries for this domain, than you are likely participating in DNS Amplification attacks and your DNS server is probably reachable from the internet and has recursion enabled. <br /><p><br />If you are seeing responses for this domain.. unlucky. You are currently beeing DDOS-ed! Good luck. <br /><br /><h2><br /><span style="font-size: large;">IPtables:</span></h2><br />There are two iptable rules available. If your distribution supports Iptables 'u32' module pick this one, otherwise use the 'string' rule.<br /><br><b>U32:</b><br />iptables --insert INPUT -p udp --dport 53 -m u32 --u32 "0x28&0xFFDFDFDF=0x0a564941 && 0x2c&0xDFDFDFDF=0x5245414c && 0x30&0xDFDFDFFF=0x49545902 && 0x34&0xDFDFFFFF=0x435a0000 && 0x38&0xFF000000=0xFF000000" -j DROP -m comment --comment "DROP DNS Q viareality.cz"<br><br>More U32 rules can be found here:<br /><br><a href="https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist.txt">https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist.txt</a><br /><p><br /><b>String:</b><br />iptables --insert INPUT -p udp --dport 53 -m string --from 40 --to 57 --algo bm --hex-string '|0A7669617265616c69747902637a0000ff|' -j DROP -m comment --comment "DROP DNS Q viareality.cz"<br>More Iptables rules for the STRING module can be found here:<br /><br /><br><a href="https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist-string.txt">https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist-string.txt</a><br /><h2><span style="font-size: large;">Source:</span></h2><br />No IP source for this domain<br /><h2><span style="font-size: large;">Name server:</span></h2><br />;; ANSWER SECTION:<br>viareality.cz. 3599 IN NS ns1.regzone.cz.<br>viareality.cz. 3599 IN NS ns1.regzone.de.<br>viareality.cz. 3599 IN NS ns1.regzone.info.<br><br><br /><h2><span style="font-size: large;">Response:</span></h2><br />A 14<br> AAAA 2<br> DNSKEY 4<br> MX 6<br> NS 10<br> NSEC3PARAM 2<br> RRSIG 8<br> SOA 2<br> Rsize 3779<br /><br><br /><h2><span style="font-size: large;">Whois</span></h2><br />% (c) 2006-2015 CZ.NIC, z.s.p.o.<br>% <br>% Intended use of supplied data and information<br>% <br>% Data contained in the domain name register, as well as information<br>% supplied through public information services of CZ.NIC association,<br>% are appointed only for purposes connected with Internet network<br>% administration and operation, or for the purpose of legal or other<br>% similar proceedings, in process as regards a matter connected<br>% particularly with holding and using a concrete domain name.<br>% <br>% Full text available at:<br>% http://www.nic.cz/page/306/intended-use-of-supplied-data-and-information/<br>% <br>% See also a search service at http://www.nic.cz/whois/<br>% <br>% <br>% Whoisd Server Version: 3.10.0<br>% Timestamp: Tue Feb 24 10:58:50 2015<br><br>domain: viareality.cz<br>registrant: MSC-VIACENTRUM<br>admin-c: MSC-TUMA<br>nsset: NSSET:ZONER<br>keyset: KS:ZONER:1289219690<br>registrar: REG-INTERNET-CZ<br>registered: 29.08.2008 13:01:54<br>changed: 08.02.2012 15:58:13<br>expire: 29.08.2015<br><br>contact: MSC-VIACENTRUM<br>org: viaCentrum s.r.o.<br>name: Michal Valta<br>address: Ztracená 268/34<br>address: Olomouc<br>address: 77200<br>address: CZ<br>phone: +420.739025939<br>e-mail: domain@viacentrum.net<br>registrar: REG-INTERNET-CZ<br>created: 29.08.2008 11:12:16<br><br>contact: MSC-TUMA<br>name: Pavel Tuma<br>address: Pechackova 968/35<br>address: Plzen<br>address: 31800<br>address: CZ<br>registrar: REG-INTERNET-CZ<br>created: 03.07.2004 17:35:00<br>changed: 15.10.2013 20:00:32<br><br>nsset: NSSET:ZONER<br>nserver: ns1.regzone.info <br>nserver: ns1.regzone.de <br>nserver: ns1.regzone.cz (217.198.113.10, 2a00:19a0:2:300::2)<br>tech-c: ZONER<br>registrar: REG-ZONER<br>created: 08.04.2010 12:23:52<br>changed: 28.04.2011 14:16:23<br><br>contact: ZONER<br>org: ZONER software, a.s.<br>name: ZONER software, a.s.<br>address: Nové Sady 583/18<br>address: Brno<br>address: 602 00<br>address: CZ<br>phone: +420.543257244<br>fax-no: +420.543257245<br>e-mail: admin@zoner.cz<br>registrar: REG-ZONER<br>created: 10.11.2006 13:45:00<br>changed: 01.12.2011 10:55:14<br><br>keyset: KS:ZONER:1289219690<br>dnskey: 257 3 7 AwEAAb7N/rX8zrMtOG0qenf6jAI15VSC0Dv9feUbDh93AyxoJH/I2PaSGRWx29emlf9u21nAlnlJ0GiBMLPc/4/IBkI4QFf3TQ+z4Ox87x+NP8d1yEoO8yNdx0I9wDGIUe95djRMbI4T/wADeq8Dwcf7HGOLof7aQnTCV5lKLjrZkfpdw8ZJb+L4gI9s2u205WmfNQ0W6ZPvLXbbDT/kBnKxhhKHLkqxJH/tuqfg0E0SLZU97qC91tKRg9VfvaNEv498njkOU4eZ5C53iaE03MK4tPrlHDuwENFbHbbCxjQ66vc+v9UGmQOJbxNJJe/Q3HxmCDjKbtZfzxpaFte8bV47ZoKzip1gCk1xt7yr8reTekuLRp7dXMIM4EXp2MjgGtK2ExGji93yxvDn4uIh7pchi61aTPEPWx5P2rWjlFX5DbUaM6IWGeA7jcyTLGO+U8vYjSKgBoWhlVNyoCipWJ6VOUOVW4ii52VCBBBfahO0J1qIyym46raaylw6UDUn0Ziu2DR/FUOW3bB8TSNHi1sHu3UEktZciq85KL4nKHIhQdyFqOZQKcktNQJrRHHfLkgAvzyVTUwbA5cOGlc4V8S7yWjnew21WGapBAJsuF5Kpi7ZC2+cbqcoqR62VDBCa7Io/WRtA9xFbInsMJAHqoA8jBQY0xiRnBbA7ThNS2Cugv4z<br>tech-c: ZONER<br>registrar: REG-ZONER<br>created: 08.11.2010 13:34:55<br>changed: 30.11.2012 14:51:29<br><br><br><br><br />Smurfmonitorhttp://www.blogger.com/profile/16107249324533319448noreply@blogger.com0tag:blogger.com,1999:blog-8623811450826211059.post-72200850835606128222015-02-09T14:34:00.000-08:002015-02-09T14:34:41.745-08:00Domain: uzuzuu.ruDomain: uzuzuu.ru <br />
<br />If you are seeing queries for this domain, than you are likely participating in DNS Amplification attacks and your DNS server is probably reachable from the internet and has recursion enabled. <br />
<br />If you are seeing responses for this domain.. unlucky. You are currently beeing DDOS-ed! Good luck. <br /><br />
<h2>
<br /><span style="font-size: large;">IPtables:</span></h2>
<br />There are two iptable rules available. If your distribution supports Iptables 'u32' module pick this one, otherwise use the 'string' rule.<br /><br /><b>U32:</b><br />iptables --insert INPUT -p udp --dport 53 -m u32 --u32 "0x28&0xFFDFDFDF=0x06555a55 && 0x2c&0xDFDFDFFF=0x5a555502 && 0x30&0xDFDFFF00=0x52550000" -j DROP -m comment --comment "DROP DNS Q uzuzuu.ru"<br /><br />More U32 rules can be found here:<br /><br /><a href="https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist.txt">https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist.txt</a><br /><br /><b>String:</b><br />iptables --insert INPUT -p udp --dport 53 -m string --from 40 --to 51 --algo bm --hex-string '|06757a757a757502727500|' -j DROP -m comment --comment "DROP DNS Q uzuzuu.ru"<br />More Iptables rules for the STRING module can be found here:<br /><br /><br /><a href="https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist-string.txt">https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist-string.txt</a><br />
<h2>
<span style="font-size: large;">Source:</span></h2>
<br />No IP source for this domain<br /><h2>
<span style="font-size: large;">Name server:</span></h2>
<br />;; ANSWER SECTION:<br />uzuzuu.ru. 599 IN NS ns2.spaceweb.ru.<br />uzuzuu.ru. 599 IN NS ns1.spaceweb.ru.<br /><br /><br /><h2>
<span style="font-size: large;">Response:</span></h2>
<br />A 2<br /> MX 2<br /> NS 2<br /> SOA 1<br /> TXT 22<br /> Rsize 4072<br /><br /><br /><h2>
<span style="font-size: large;">Whois</span></h2>
<br />% By submitting a query to RIPN's Whois Service<br />% you agree to abide by the following terms of use:<br />% http://www.ripn.net/about/servpol.html#3.2 (in Russian) <br />% http://www.ripn.net/about/en/servpol.html#3.2 (in English).<br /><br />domain: UZUZUU.RU<br />nserver: ns1.spaceweb.ru.<br />nserver: ns2.spaceweb.ru.<br />state: REGISTERED, DELEGATED, VERIFIED<br />person: Private Person<br />registrar: R01-RU<br />admin-contact: https://partner.r01.ru/contact_admin.khtml<br />created: 2015.01.10<br />paid-till: 2016.01.10<br />free-date: 2016.02.10<br />source: TCI<br /><br />Last updated on 2015.02.10 01:31:32 MSK<br /><br /><br /><br />
<br />
Smurfmonitorhttp://www.blogger.com/profile/16107249324533319448noreply@blogger.com0tag:blogger.com,1999:blog-8623811450826211059.post-18477251741464471012015-01-01T06:37:00.001-08:002015-01-01T06:37:11.718-08:00Domain: ohhr.ruDomain: ohhr.ru <br />
<br />If you are seeing queries for this domain, than you are likely participating in DNS Amplification attacks and your DNS server is probably reachable from the internet and has recursion enabled. <br />
<br />If you are seeing responses for this domain.. unlucky. You are currently beeing DDOS-ed! Good luck. <br /><br />
<h2>
<br /><span style="font-size: large;">IPtables:</span></h2>
<br />There are two iptable rules available. If your distribution supports Iptables 'u32' module pick this one, otherwise use the 'string' rule.<br /><br /><b>U32:</b><br />iptables --insert INPUT -p udp --dport 53 -m u32 --u32 "0x28&0xFFDFDFDF=0x044f4848 && 0x2c&0xDFFFDFDF=0x52025255 && 0x30&0xFFFFFF00=0x0000FF00" -j DROP -m comment --comment "DROP DNS Q ohhr.ru"<br /><br />More U32 rules can be found here:<br /><br /><a href="https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist.txt">https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist.txt</a><br /><br /><b>String:</b><br />iptables --insert INPUT -p udp --dport 53 -m string --from 40 --to 51 --algo bm --hex-string '|046f6868720272750000ff|' -j DROP -m comment --comment "DROP DNS Q ohhr.ru"<br />More Iptables rules for the STRING module can be found here:<br /><br /><br /><a href="https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist-string.txt">https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist-string.txt</a><br />
<h2>
<span style="font-size: large;">Source:</span></h2>
<br />No IP source for this domain<br /><h2>
<span style="font-size: large;">Name server:</span></h2>
<br />;; ANSWER SECTION:<br />ohhr.ru. 3599 IN NS ns1.reg.ru.<br />ohhr.ru. 3599 IN NS ns2.reg.ru.<br /><br /><br /><h2>
<span style="font-size: large;">Response:</span></h2>
<br />A 244<br /> NS 2<br /> SOA 1<br /> Rsize 4000<br /><br /><br /><h2>
<span style="font-size: large;">Whois</span></h2>
<br />% By submitting a query to RIPN's Whois Service<br />% you agree to abide by the following terms of use:<br />% http://www.ripn.net/about/servpol.html#3.2 (in Russian) <br />% http://www.ripn.net/about/en/servpol.html#3.2 (in English).<br /><br />domain: OHHR.RU<br />nserver: ns1.reg.ru.<br />nserver: ns2.reg.ru.<br />state: REGISTERED, DELEGATED, VERIFIED<br />person: Private Person<br />registrar: REGRU-RU<br />admin-contact: http://www.reg.ru/whois/admin_contact<br />created: 2014.11.07<br />paid-till: 2015.11.07<br />free-date: 2015.12.08<br />source: TCI<br /><br />Last updated on 2015.01.01 17:31:31 MSK<br /><br /><br /><br />
<br />
Smurfmonitorhttp://www.blogger.com/profile/16107249324533319448noreply@blogger.com0tag:blogger.com,1999:blog-8623811450826211059.post-8736283653010583312015-01-01T06:37:00.000-08:002015-01-01T06:37:02.462-08:00Domain: gransy.comDomain: gransy.com <br />
<br />If you are seeing queries for this domain, than you are likely participating in DNS Amplification attacks and your DNS server is probably reachable from the internet and has recursion enabled. <br />
<br />If you are seeing responses for this domain.. unlucky. You are currently beeing DDOS-ed! Good luck. <br /><br />
<h2>
<br /><span style="font-size: large;">IPtables:</span></h2>
<br />There are two iptable rules available. If your distribution supports Iptables 'u32' module pick this one, otherwise use the 'string' rule.<br /><br /><b>U32:</b><br />iptables --insert INPUT -p udp --dport 53 -m u32 --u32 "0x28&0xFFDFDFDF=0x06475241 && 0x2c&0xDFDFDFFF=0x4e535903 && 0x30&0xDFDFDFFF=0x434f4d00 && 0x34&0xFFFF0000=0x00FF0000" -j DROP -m comment --comment "DROP DNS Q gransy.com"<br /><br />More U32 rules can be found here:<br /><br /><a href="https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist.txt">https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist.txt</a><br /><br /><b>String:</b><br />iptables --insert INPUT -p udp --dport 53 -m string --from 40 --to 54 --algo bm --hex-string '|066772616e737903636f6d0000ff|' -j DROP -m comment --comment "DROP DNS Q gransy.com"<br />More Iptables rules for the STRING module can be found here:<br /><br /><br /><a href="https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist-string.txt">https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist-string.txt</a><br />
<h2>
<span style="font-size: large;">Source:</span></h2>
<br />No IP source for this domain<br /><h2>
<span style="font-size: large;">Name server:</span></h2>
<br />;; ANSWER SECTION:<br />gransy.com. 1799 IN NS ns2.gransy.com.<br />gransy.com. 1799 IN NS ns5.gransy.com.<br />gransy.com. 1799 IN NS ns3.gransy.com.<br />gransy.com. 1799 IN NS ns4.gransy.com.<br />gransy.com. 1799 IN NS ns.gransy.com.<br /><br /><br /><h2>
<span style="font-size: large;">Response:</span></h2>
<br />A 14<br /> AAAA 5<br /> DNSKEY 5<br /> MX 4<br /> NS 14<br /> NSEC 2<br /> RRSIG 9<br /> SOA 3<br /> Rsize 5885<br /><br /><br /><h2>
<span style="font-size: large;">Whois</span></h2>
<br /><br />Whois Server Version 2.0<br /><br />Domain names in the .com and .net domains can now be registered<br />with many different competing registrars. Go to http://www.internic.net<br />for detailed information.<br /><br /> Domain Name: GRANSY.COM<br /> Registrar: GRANSY S.R.O D/B/A SUBREG.CZ<br /> Whois Server: whois.regtons.com<br /> Referral URL: http://regtons.com<br /> Name Server: NS.GRANSY.COM<br /> Name Server: NS2.GRANSY.COM<br /> Name Server: NS3.GRANSY.COM<br /> Name Server: NS4.GRANSY.COM<br /> Name Server: NS5.GRANSY.COM<br /> Status: clientDeleteProhibited<br /> Status: clientTransferProhibited<br /> Status: clientUpdateProhibited<br /> Updated Date: 10-jul-2014<br /> Creation Date: 21-oct-2002<br /> Expiration Date: 21-oct-2021<br /><br />>>> Last update of whois database: Thu, 01 Jan 2015 14:35:56 GMT <<<<br /><br />NOTICE: The expiration date displayed in this record is the date the <br />registrar's sponsorship of the domain name registration in the registry is <br />currently set to expire. This date does not necessarily reflect the expiration <br />date of the domain name registrant's agreement with the sponsoring <br />registrar. Users may consult the sponsoring registrar's Whois database to <br />view the registrar's reported date of expiration for this registration.<br /><br /><br />The Registry database contains ONLY .COM, .NET, .EDU domains and<br />Registrars.<br />Domain Name: gransy.com<br />Registry Domain ID: 91407614_DOMAIN_COM-VRSN<br />Registrar WHOIS Server: whois.regtons.com<br />Registrar URL: http://regtons.com<br />Updated Date: 2014-07-10T00:00:00Z<br />Creation Date: 2002-10-21T00:00:00Z<br />Registrar Registration Expiration Date: 2021-10-21T00:00:00Z<br />Registrar: GRANSY S.R.O D/B/A SUBREG.CZ<br />Registrar IANA ID: 1505<br />Registrar Abuse Contact Email: abuse@regtons.com<br />Registrar Abuse Contact Phone: +420.734463373<br />Domain Status: clientTransferProhibited<br />Domain Status: clientUpdateProhibited<br />Domain Status: clientDeleteProhibited<br />Registry Registrant ID: G-000050<br />Registrant Name: Jan Horak<br />Registrant Organization: Gransy s.r.o.<br />Registrant Street: Borivojova 35<br />Registrant City: Prague<br />Registrant State/Province: <br />Registrant Postal Code: 13000<br />Registrant Country: CZ<br />Registrant Phone: +420.732954549<br />Registrant Phone Ext: <br />Registrant Fax: +420.226517341<br />Registrant Fax Ext: <br />Registrant Email: info@gransy.com<br />Registry Admin ID: G-000050<br />Admin Name: Jan Horak<br />Admin Organization: Gransy s.r.o.<br />Admin Street: Borivojova 35<br />Admin City: Prague<br />Admin State/Province: <br />Admin Postal Code: 13000<br />Admin Country: CZ<br />Admin Phone: +420.732954549<br />Admin Phone Ext: <br />Admin Fax: +420.226517341<br />Admin Fax Ext: <br />Admin Email: info@gransy.com<br />Registry Tech ID: G-000050<br />Tech Name: Jan Horak<br />Tech Organization: Gransy s.r.o.<br />Tech Street: Borivojova 35<br />Tech City: Prague<br />Tech State/Province: <br />Tech Postal Code: 13000<br />Tech Country: CZ<br />Tech Phone: +420.732954549<br />Tech Phone Ext: <br />Tech Fax: +420.226517341<br />Tech Fax Ext: <br />Tech Email: info@gransy.com<br />Name Server: ns.gransy.com<br />Name Server: ns5.gransy.com<br />Name Server: ns3.gransy.com<br />Name Server: ns2.gransy.com<br />Name Server: ns4.gransy.com<br />DNSSEC: signedDelegation<br />URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/<br />>>> Last update of WHOIS database: 2015-01-01T14:00:00Z <<<<br /><br />#<br /># This domain is registered by http://g-hosting.cz<br /># <br /># G-Hosting.CZ - This is good place for your website <br />#<br /># PHP, Java, Ruby, Python and VPS hosting services<br />#<br /><br /><br />
<br />
Smurfmonitorhttp://www.blogger.com/profile/16107249324533319448noreply@blogger.com0tag:blogger.com,1999:blog-8623811450826211059.post-33034922506847529102014-12-22T15:10:00.000-08:002014-12-22T15:10:04.251-08:00Domain: defcon.orgDomain: defcon.org <br />
<br />If you are seeing queries for this domain, than you are likely participating in DNS Amplification attacks and your DNS server is probably reachable from the internet and has recursion enabled. <br />
<br />If you are seeing responses for this domain.. unlucky. You are currently beeing DDOS-ed! Good luck. <br /><br />
<h2>
<br /><span style="font-size: large;">IPtables:</span></h2>
<br />There are two iptable rules available. If your distribution supports Iptables 'u32' module pick this one, otherwise use the 'string' rule.<br /><br /><b>U32:</b><br />iptables --insert INPUT -p udp --dport 53 -m u32 --u32 "0x28&0xFFDFDFDF=0x06444546 && 0x2c&0xDFDFDFFF=0x434f4e03 && 0x30&0xDFDFDFFF=0x4f524700 && 0x34&0xFFFF0000=0x00FF0000" -j DROP -m comment --comment "DROP DNS Q defcon.org"<br /><br />More U32 rules can be found here:<br /><br /><a href="https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist.txt">https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist.txt</a><br /><br /><b>String:</b><br />iptables --insert INPUT -p udp --dport 53 -m string --from 40 --to 54 --algo bm --hex-string '|06646566636f6e036f72670000ff|' -j DROP -m comment --comment "DROP DNS Q defcon.org"<br />More Iptables rules for the STRING module can be found here:<br /><br /><br /><a href="https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist-string.txt">https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist-string.txt</a><br />
<h2>
<span style="font-size: large;">Source:</span></h2>
<br />No IP source for this domain<br /><h2>
<span style="font-size: large;">Name server:</span></h2>
<br />;; ANSWER SECTION:<br />defcon.org. 17330 IN NS dns-2.datamerica.com.<br />defcon.org. 17330 IN NS dns-1.datamerica.com.<br /><br /><br /><h2>
<span style="font-size: large;">Response:</span></h2>
<br />A 14<br /> DNSKEY 5<br /> MX 3<br /> NS 9<br /> NSEC 2<br /> RRSIG 10<br /> SOA 3<br /> SPF 3<br /> TXT 3<br /> Rsize 4084<br /><br /><br /><h2>
<span style="font-size: large;">Whois</span></h2>
<br />Domain Name:DEFCON.ORG<br />Domain ID: D1826-LROR<br />Creation Date: 1993-06-21T04:00:00Z<br />Updated Date: 2014-04-21T08:27:45Z<br />Registry Expiry Date: 2017-06-20T04:00:00Z<br />Sponsoring Registrar:Network Solutions, LLC (R63-LROR)<br />Sponsoring Registrar IANA ID: 2<br />WHOIS Server: <br />Referral URL: <br />Domain Status: clientTransferProhibited<br />Registrant ID:51671423-NSIV<br />Registrant Name:Perfect Privacy, LLC<br />Registrant Organization:DEF CON Communications, Inc.<br />Registrant Street: 12808 Gran Bay Parkway West<br />Registrant Street: care of Network Solutions<br />Registrant Street: PO Box 459<br />Registrant City:Jacksonville<br />Registrant State/Province:FL<br />Registrant Postal Code:32258<br />Registrant Country:US<br />Registrant Phone:+1.5707088780<br />Registrant Phone Ext: <br />Registrant Fax: <br />Registrant Fax Ext: <br />Registrant Email:ua7cc74z6fh@networksolutionsprivateregistration.com<br />Admin ID:43296585-NSIV<br />Admin Name:Perfect Privacy, LLC<br />Admin Organization:<br />Admin Street: 12808 Gran Bay Parkway West<br />Admin Street: care of Network Solutions<br />Admin City:Jacksonville<br />Admin State/Province:FL<br />Admin Postal Code:32258<br />Admin Country:US<br />Admin Phone:+1.5707088780<br />Admin Phone Ext: <br />Admin Fax: <br />Admin Fax Ext: <br />Admin Email:rv4hu2bx2d2@networksolutionsprivateregistration.com<br />Tech ID:43296585-NSIV<br />Tech Name:Perfect Privacy, LLC<br />Tech Organization:<br />Tech Street: 12808 Gran Bay Parkway West<br />Tech Street: care of Network Solutions<br />Tech City:Jacksonville<br />Tech State/Province:FL<br />Tech Postal Code:32258<br />Tech Country:US<br />Tech Phone:+1.5707088780<br />Tech Phone Ext: <br />Tech Fax: <br />Tech Fax Ext: <br />Tech Email:rv4hu2bx2d2@networksolutionsprivateregistration.com<br />Name Server:DNS-2.DATAMERICA.COM<br />Name Server:DNS-1.DATAMERICA.COM<br />Name Server: <br />Name Server: <br />Name Server: <br />Name Server: <br />Name Server: <br />Name Server: <br />Name Server: <br />Name Server: <br />Name Server: <br />Name Server: <br />Name Server: <br />DNSSEC:signedDelegation<br />DS Created 1:2011-07-08T13:14:45Z<br />DS Key Tag 1:59611<br />Algorithm 1:5<br />Digest Type 1:1<br />Digest 1:07BCC192690AEE10148C5E6AB38995FE0A2A4B3D<br />DS Maximum Signature Life 1:1814400 seconds<br />DS Created 2:2011-07-08T13:15:14Z<br />DS Key Tag 2:59611<br />Algorithm 2:5<br />Digest Type 2:2<br />Digest 2:15B567E4743D993B923507926CDA709611F335A1D0A7D38456EE12E5D16375B7<br />DS Maximum Signature Life 2:1814400 seconds<br /><br />Access to Public Interest Registry WHOIS information is provided to assist persons in determining the contents of a domain name registration record in the Public Interest Registry registry database. The data in this record is provided by Public Interest Registry for informational purposes only, and Public Interest Registry does not guarantee its accuracy. This service is intended only for query-based access. You agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to(a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or (b) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator, a Registrar, or Afilias except as reasonably necessary to register domain names or modify existing registrations. All rights reserved. Public Interest Registry reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy.<br /><br /><br /><br /><br />
<br />
Smurfmonitorhttp://www.blogger.com/profile/16107249324533319448noreply@blogger.com0tag:blogger.com,1999:blog-8623811450826211059.post-54462466133253166322014-12-17T13:39:00.002-08:002014-12-17T13:39:57.363-08:00Domain: globe.govDomain: globe.gov <br />
<br />If you are seeing queries for this domain, than you are likely participating in DNS Amplification attacks and your DNS server is probably reachable from the internet and has recursion enabled. <br />
<br />If you are seeing responses for this domain.. unlucky. You are currently beeing DDOS-ed! Good luck. <br /><br />
<h2>
<br /><span style="font-size: large;">IPtables:</span></h2>
<br />There are two iptable rules available. If your distribution supports Iptables 'u32' module pick this one, otherwise use the 'string' rule.<br /><br /><b>U32:</b><br />iptables --insert INPUT -p udp --dport 53 -m u32 --u32 "0x28&0xFFDFDFDF=0x05474c4f && 0x2c&0xDFDFFFDF=0x42450347 && 0x30&0xDFDFFFFF=0x4f560000 && 0x34&0xFF000000=0xFF000000" -j DROP -m comment --comment "DROP DNS Q globe.gov"<br /><br />More U32 rules can be found here:<br /><br /><a href="https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist.txt">https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist.txt</a><br /><br /><b>String:</b><br />iptables --insert INPUT -p udp --dport 53 -m string --from 40 --to 53 --algo bm --hex-string '|05676c6f626503676f760000ff|' -j DROP -m comment --comment "DROP DNS Q globe.gov"<br />More Iptables rules for the STRING module can be found here:<br /><br /><br /><a href="https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist-string.txt">https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist-string.txt</a><br />
<h2>
<span style="font-size: large;">Source:</span></h2>
<br />No IP source for this domain<br /><h2>
<span style="font-size: large;">Name server:</span></h2>
<br />;; ANSWER SECTION:<br />globe.gov. 21599 IN NS ns1.p03.dynect.net.<br />globe.gov. 21599 IN NS ns2.p03.dynect.net.<br />globe.gov. 21599 IN NS ns3.p03.dynect.net.<br />globe.gov. 21599 IN NS ns4.p03.dynect.net.<br /><br /><br /><h2>
<span style="font-size: large;">Response:</span></h2>
<br />A 29<br /> DNSKEY 9<br /> MX 10<br /> NS 17<br /> NSEC 3<br /> RRSIG 17<br /> SOA 4<br /> TXT 5<br /> Rsize 6584<br /><br /><br /><h2>
<span style="font-size: large;">Whois</span></h2>
<br />% DOTGOV WHOIS Server ready<br /> Domain Name: GLOBE.GOV<br /> Status: ACTIVE<br /><br /><br />>>> Last update of whois database: 2014-12-17T21:39:17Z <<<<br />Please be advised that this whois server only contains information pertaining<br />to the .GOV domain. For information for other domains please use the whois<br />server at RS.INTERNIC.NET. <br /><br /><br />
<br />
Smurfmonitorhttp://www.blogger.com/profile/16107249324533319448noreply@blogger.com0tag:blogger.com,1999:blog-8623811450826211059.post-15874170203032094332014-12-17T12:24:00.000-08:002014-12-17T12:24:16.338-08:00Domain: inboot.coDomain: inboot.co <br />
<br />If you are seeing queries for this domain, than you are likely participating in DNS Amplification attacks and your DNS server is probably reachable from the internet and has recursion enabled. <br />
<br />If you are seeing responses for this domain.. unlucky. You are currently beeing DDOS-ed! Good luck. <br /><br />
<h2>
<br /><span style="font-size: large;">IPtables:</span></h2>
<br />There are two iptable rules available. If your distribution supports Iptables 'u32' module pick this one, otherwise use the 'string' rule.<br /><br /><b>U32:</b><br />iptables --insert INPUT -p udp --dport 53 -m u32 --u32 "0x28&0xFFDFDFDF=0x06494e42 && 0x2c&0xDFDFDFFF=0x4f4f5402 && 0x30&0xDFDFFFFF=0x434f0000 && 0x34&0xFF000000=0xFF000000" -j DROP -m comment --comment "DROP DNS Q inboot.co"<br /><br />More U32 rules can be found here:<br /><br /><a href="https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist.txt">https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist.txt</a><br /><br /><b>String:</b><br />iptables --insert INPUT -p udp --dport 53 -m string --from 40 --to 53 --algo bm --hex-string '|06696e626f6f7402636f0000ff|' -j DROP -m comment --comment "DROP DNS Q inboot.co"<br />More Iptables rules for the STRING module can be found here:<br /><br /><br /><a href="https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist-string.txt">https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist-string.txt</a><br />
<h2>
<span style="font-size: large;">Source:</span></h2>
<br />No IP source for this domain<br /><h2>
<span style="font-size: large;">Name server:</span></h2>
<br />;; ANSWER SECTION:<br />inboot.co. 21599 IN NS tim.ns.cloudflare.com.<br />inboot.co. 21599 IN NS sue.ns.cloudflare.com.<br /><br /><br /><h2>
<span style="font-size: large;">Response:</span></h2>
<br />A 4<br /> NS 4<br /> SOA 1<br /> TXT 2<br /> Rsize 4240<br /><br /><br /><h2>
<span style="font-size: large;">Whois</span></h2>
<br />Domain Name: INBOOT.CO<br />Domain ID: D61871173-CO<br />Sponsoring Registrar: ENOM, INC.<br />Sponsoring Registrar IANA ID: 48<br />Registrar URL (registration services): www.enom.com<br />Domain Status: clientTransferProhibited<br />Variant: INBOOT.CO<br />Registrant ID: 8EDE10B0075F53D1<br />Registrant Name: WhoisGuard Protected<br />Registrant Organization: WhoisGuard, Inc.<br />Registrant Address1: P.O. Box 0823-03411<br />Registrant City: Panama<br />Registrant State/Province: Panama<br />Registrant Postal Code: 00000<br />Registrant Country: Panama<br />Registrant Country Code: PA<br />Registrant Phone Number: +507.8365503<br />Registrant Facsimile Number: +51.17057182<br />Registrant Email: legal@whoisguard.com<br />Administrative Contact ID: 8EDE10B0075F53D1<br />Administrative Contact Name: WhoisGuard Protected<br />Administrative Contact Organization: WhoisGuard, Inc.<br />Administrative Contact Address1: P.O. Box 0823-03411<br />Administrative Contact City: Panama<br />Administrative Contact State/Province: Panama<br />Administrative Contact Postal Code: 00000<br />Administrative Contact Country: Panama<br />Administrative Contact Country Code: PA<br />Administrative Contact Phone Number: +507.8365503<br />Administrative Contact Facsimile Number: +51.17057182<br />Administrative Contact Email: legal@whoisguard.com<br />Billing Contact ID: 8EDE10B0075F53D1<br />Billing Contact Name: WhoisGuard Protected<br />Billing Contact Organization: WhoisGuard, Inc.<br />Billing Contact Address1: P.O. Box 0823-03411<br />Billing Contact City: Panama<br />Billing Contact State/Province: Panama<br />Billing Contact Postal Code: 00000<br />Billing Contact Country: Panama<br />Billing Contact Country Code: PA<br />Billing Contact Phone Number: +507.8365503<br />Billing Contact Facsimile Number: +51.17057182<br />Billing Contact Email: legal@whoisguard.com<br />Technical Contact ID: 8EDE10B0075F53D1<br />Technical Contact Name: WhoisGuard Protected<br />Technical Contact Organization: WhoisGuard, Inc.<br />Technical Contact Address1: P.O. Box 0823-03411<br />Technical Contact City: Panama<br />Technical Contact State/Province: Panama<br />Technical Contact Postal Code: 00000<br />Technical Contact Country: Panama<br />Technical Contact Country Code: PA<br />Technical Contact Phone Number: +507.8365503<br />Technical Contact Facsimile Number: +51.17057182<br />Technical Contact Email: legal@whoisguard.com<br />Name Server: TIM.NS.CLOUDFLARE.COM<br />Name Server: SUE.NS.CLOUDFLARE.COM<br />Created by Registrar: ENOM, INC.<br />Last Updated by Registrar: ENOM, INC.<br />Domain Registration Date: Sat Oct 11 18:43:36 GMT 2014<br />Domain Expiration Date: Sat Oct 10 23:59:59 GMT 2015<br />Domain Last Updated Date: Sat Oct 11 18:50:09 GMT 2014<br />DNSSEC: false<br /><br />>>>> Whois database was last updated on: Wed Dec 17 20:22:54 GMT 2014 <<<<<br />.CO Internet, S.A.S., the Administrator for .CO, has collected this<br />information for the WHOIS database through Accredited Registrars. <br />This information is provided to you for informational purposes only <br />and is designed to assist persons in determining contents of a domain <br />name registration record in the .CO Internet registry database. .CO <br />Internet makes this information available to you "as is" and does not <br />guarantee its accuracy.<br /> <br />By submitting a WHOIS query, you agree that you will use this data <br />only for lawful purposes and that, under no circumstances will you <br />use this data: (1) to allow, enable, or otherwise support the transmission <br />of mass unsolicited, commercial advertising or solicitations via direct <br />mail, electronic mail, or by telephone; (2) in contravention of any <br />applicable data and privacy protection laws; or (3) to enable high volume, <br />automated, electronic processes that apply to the registry (or its systems). <br />Compilation, repackaging, dissemination, or other use of the WHOIS <br />database in its entirety, or of a substantial portion thereof, is not allowed <br />without .CO Internet's prior written permission. .CO Internet reserves the <br />right to modify or change these conditions at any time without prior or <br />subsequent notification of any kind. By executing this query, in any manner <br />whatsoever, you agree to abide by these terms. In some limited cases, <br />domains that might appear as available in whois might not actually be <br />available as they could be already registered and the whois not yet updated <br />and/or they could be part of the Restricted list. In this cases, performing a <br />check through your Registrar's (EPP check) will give you the actual status <br />of the domain. Additionally, domains currently or previously used as <br />extensions in 3rd level domains will not be available for registration in the <br />2nd level. For example, org.co,mil.co,edu.co,com.co,net.co,nom.co,arts.co,<br />firm.co,info.co,int.co,web.co,rec.co,co.co. <br /> <br />NOTE: FAILURE TO LOCATE A RECORD IN THE WHOIS DATABASE IS NOT <br />INDICATIVE OF THE AVAILABILITY OF A DOMAIN NAME. <br /> <br />All domain names are subject to certain additional domain name registration <br />rules. For details, please visit our site at www.cointernet.co <http: www.cointernet.co="">.<br /><br /></http:><br />
<br />
Smurfmonitorhttp://www.blogger.com/profile/16107249324533319448noreply@blogger.com0tag:blogger.com,1999:blog-8623811450826211059.post-34575751827381979852014-12-17T12:23:00.002-08:002014-12-17T12:23:22.827-08:00Domain: vlch.netDomain: vlch.net <br />
<br />If you are seeing queries for this domain, than you are likely participating in DNS Amplification attacks and your DNS server is probably reachable from the internet and has recursion enabled. <br />
<br />If you are seeing responses for this domain.. unlucky. You are currently beeing DDOS-ed! Good luck. <br /><br />
<h2>
<br /><span style="font-size: large;">IPtables:</span></h2>
<br />There are two iptable rules available. If your distribution supports Iptables 'u32' module pick this one, otherwise use the 'string' rule.<br /><br /><b>U32:</b><br />iptables --insert INPUT -p udp --dport 53 -m u32 --u32 "0x28&0xFFDFDFDF=0x04564c43 && 0x2c&0xDFFFDFDF=0x48034e45 && 0x30&0xDFFFFFFF=0x540000FF" -j DROP -m comment --comment "DROP DNS Q vlch.net"<br /><br />More U32 rules can be found here:<br /><br /><a href="https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist.txt">https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist.txt</a><br /><br /><b>String:</b><br />iptables --insert INPUT -p udp --dport 53 -m string --from 40 --to 52 --algo bm --hex-string '|04766c6368036e65740000ff|' -j DROP -m comment --comment "DROP DNS Q vlch.net"<br />More Iptables rules for the STRING module can be found here:<br /><br /><br /><a href="https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist-string.txt">https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist-string.txt</a><br />
<h2>
<span style="font-size: large;">Source:</span></h2>
<br />No IP source for this domain<br /><h2>
<span style="font-size: large;">Name server:</span></h2>
<br />;; ANSWER SECTION:<br />vlch.net. 3599 IN NS ns.ru-tld.ru.<br />vlch.net. 3599 IN NS ns.ru-tld.com.<br />vlch.net. 3599 IN NS ns.ru-tld.net.<br />vlch.net. 3599 IN NS ns.ru-tld.org.<br /><br /><br /><h2>
<span style="font-size: large;">Response:</span></h2>
<br />NS 4<br /> SOA 1<br /> TXT 1<br /> Rsize 4400<br /><br /><br /><h2>
<span style="font-size: large;">Whois</span></h2>
<br /><br />Whois Server Version 2.0<br /><br />Domain names in the .com and .net domains can now be registered<br />with many different competing registrars. Go to http://www.internic.net<br />for detailed information.<br /><br /> Domain Name: VLCH.NET<br /> Registrar: BIZCN.COM, INC.<br /> Whois Server: whois.bizcn.com<br /> Referral URL: http://www.bizcn.com<br /> Name Server: NS.RU-TLD.COM<br /> Name Server: NS.RU-TLD.NET<br /> Name Server: NS.RU-TLD.ORG<br /> Name Server: NS.RU-TLD.RU<br /> Status: clientDeleteProhibited<br /> Status: clientTransferProhibited<br /> Updated Date: 06-dec-2014<br /> Creation Date: 05-dec-2014<br /> Expiration Date: 05-dec-2015<br /><br />>>> Last update of whois database: Wed, 17 Dec 2014 20:21:53 GMT <<<<br /><br />NOTICE: The expiration date displayed in this record is the date the <br />registrar's sponsorship of the domain name registration in the registry is <br />currently set to expire. This date does not necessarily reflect the expiration <br />date of the domain name registrant's agreement with the sponsoring <br />registrar. Users may consult the sponsoring registrar's Whois database to <br />view the registrar's reported date of expiration for this registration.<br /><br /><br />The Registry database contains ONLY .COM, .NET, .EDU domains and<br />Registrars.<br />Domain name: vlch.net<br />Registry Domain ID: 1888849831_DOMAIN_NET-VRSN<br />Registrar WHOIS Server: whois.bizcn.com<br />Registrar URL: http://www.bizcn.com<br />Updated Date: 2014-12-05T18:40:38Z<br />Creation Date: 2014-12-05T18:40:34Z<br />Registrar Registration Expiration Date: 2015-12-05T18:40:34Z<br />Registrar: Bizcn.com,Inc.<br />Registrar IANA ID: 471<br />Registrar Abuse Contact Email: abuse@bizcn.com<br />Registrar Abuse Contact Phone: +86.5922577888<br />Reseller: Cnobin Technology HK Limited<br />Domain Status: clientDeleteProhibited<br />Domain Status: clientTransferProhibited<br />Registry Registrant ID: <br />Registrant Name: Zhong Si<br />Registrant Organization: Xicheng Co.<br />Registrant Street: Huixindongjie 15 2<br />Registrant City: Beijing<br />Registrant State/Province: Chaoyang<br />Registrant Postal Code: 101402<br />Registrant Country: cn<br />Registrant Phone: +01.01066569215<br />Registrant Phone Ext: <br />Registrant Fax: +01.01066549216<br />Registrant Fax Ext: <br />Registrant Email: williamdanielsen@yahoo.com<br />Registry Admin ID:<br />Admin Name: Zhong Si<br />Admin Organization: Xicheng Co. <br />Admin Street: Huixindongjie 15 2<br />Admin City: Beijing<br />Admin State/Province: Chaoyang<br />Admin Postal Code: 101402<br />Admin Country: cn<br />Admin Phone: +01.01066569215<br />Admin Phone Ext: <br />Admin Fax: +01.01066549216<br />Admin Fax Ext: <br />Admin Email: williamdanielsen@yahoo.com<br />Registry Tech ID:<br />Tech Name: Zhong Si<br />Tech Organization: Xicheng Co. <br />Tech Street: Huixindongjie 15 2<br />Tech City: Beijing<br />Tech State/Province: Chaoyang<br />Tech Postal Code: 101402<br />Tech Country: cn<br />Tech Phone: +01.01066569215<br />Tech Phone Ext: <br />Tech Fax: +01.01066549216<br />Tech Fax Ext: <br />Tech Email: williamdanielsen@yahoo.com<br />Name Server: ns.ru-tld.com<br />Name Server: ns.ru-tld.org<br />Name Server: ns.ru-tld.net<br />Name Server: ns.ru-tld.ru<br />DNSSEC: unsignedDelegation<br />URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/<br />>>> Last update of WHOIS database: 2014-12-17T20:22:12Z<br /><br /><br /><br />
<br />
Smurfmonitorhttp://www.blogger.com/profile/16107249324533319448noreply@blogger.com1tag:blogger.com,1999:blog-8623811450826211059.post-61545487251374568632014-12-17T12:23:00.000-08:002014-12-17T12:23:01.683-08:00Domain: maximumstresser.netDomain: maximumstresser.net <br />
<br />If you are seeing queries for this domain, than you are likely participating in DNS Amplification attacks and your DNS server is probably reachable from the internet and has recursion enabled. <br />
<br />If you are seeing responses for this domain.. unlucky. You are currently beeing DDOS-ed! Good luck. <br /><br />
<h2>
<br /><span style="font-size: large;">IPtables:</span></h2>
<br />There are two iptable rules available. If your distribution supports Iptables 'u32' module pick this one, otherwise use the 'string' rule.<br /><br /><b>U32:</b><br />iptables --insert INPUT -p udp --dport 53 -m u32 --u32 "0x28&0xFFDFDFDF=0x0f4d4158 && 0x2c&0xDFDFDFDF=0x494d554d && 0x30&0xDFDFDFDF=0x53545245 && 0x34&0xDFDFDFDF=0x53534552 && 0x38&0xFFDFDFDF=0x034e4554 && 0x3c&0xFF000000=0x00000000" -j DROP -m comment --comment "DROP DNS Q maximumstresser.net"<br /><br />More U32 rules can be found here:<br /><br /><a href="https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist.txt">https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist.txt</a><br /><br /><b>String:</b><br />iptables --insert INPUT -p udp --dport 53 -m string --from 40 --to 61 --algo bm --hex-string '|0F6d6178696d756d7374726573736572036e657400|' -j DROP -m comment --comment "DROP DNS Q maximumstresser.net"<br />More Iptables rules for the STRING module can be found here:<br /><br /><br /><a href="https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist-string.txt">https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist-string.txt</a><br />
<h2>
<span style="font-size: large;">Source:</span></h2>
<br />No IP source for this domain<br /><h2>
<span style="font-size: large;">Name server:</span></h2>
<br />;; ANSWER SECTION:<br />maximumstresser.net. 20557 IN NS ns2.maximumstresser.net.<br />maximumstresser.net. 20557 IN NS ns1.maximumstresser.net.<br /><br /><br /><h2>
<span style="font-size: large;">Response:</span></h2>
<br />A 241<br /> NS 2<br /> SOA 1<br /> Rsize 3992<br /><br /><br /><h2>
<span style="font-size: large;">Whois</span></h2>
<br /><br />Whois Server Version 2.0<br /><br />Domain names in the .com and .net domains can now be registered<br />with many different competing registrars. Go to http://www.internic.net<br />for detailed information.<br /><br /> Domain Name: MAXIMUMSTRESSER.NET<br /> Registrar: ENOM, INC.<br /> Whois Server: whois.enom.com<br /> Referral URL: http://www.enom.com<br /> Name Server: NS1.MAXIMUMSTRESSER.NET<br /> Name Server: NS2.MAXIMUMSTRESSER.NET<br /> Status: clientTransferProhibited<br /> Updated Date: 15-dec-2014<br /> Creation Date: 20-oct-2014<br /> Expiration Date: 20-oct-2015<br /><br />>>> Last update of whois database: Wed, 17 Dec 2014 20:19:06 GMT <<<<br /><br />NOTICE: The expiration date displayed in this record is the date the <br />registrar's sponsorship of the domain name registration in the registry is <br />currently set to expire. This date does not necessarily reflect the expiration <br />date of the domain name registrant's agreement with the sponsoring <br />registrar. Users may consult the sponsoring registrar's Whois database to <br />view the registrar's reported date of expiration for this registration.<br /><br /><br />The Registry database contains ONLY .COM, .NET, .EDU domains and<br />Registrars.<br /><br /><br />Domain Name: MAXIMUMSTRESSER.NET<br />Registry Domain ID: 1881263729_DOMAIN_NET-VRSN<br />Registrar WHOIS Server: whois.enom.com<br />Registrar URL: www.enom.com<br />Updated Date: 2014-10-20T07:13:35.00Z<br />Creation Date: 2014-10-20T14:13:00.00Z<br />Registrar Registration Expiration Date: 2015-10-20T14:13:00.00Z<br />Registrar: ENOM, INC.<br />Registrar IANA ID: 48<br />Registrar Abuse Contact Email: abuse@enom.com<br />Registrar Abuse Contact Phone: +1.4252982646<br />Reseller: NAMECHEAP.COM<br />Domain Status: clientTransferProhibited<br />Registry Registrant ID: <br />Registrant Name: WHOISGUARD PROTECTED<br />Registrant Organization: WHOISGUARD, INC.<br />Registrant Street: P.O. BOX 0823-03411<br />Registrant City: PANAMA<br />Registrant State/Province: PANAMA<br />Registrant Postal Code: 00000<br />Registrant Country: PA<br />Registrant Phone: +507.8365503<br />Registrant Phone Ext: <br />Registrant Fax: +51.17057182<br />Registrant Fax Ext:<br />Registrant Email: F0792631A61B409D871FFC1496678396.PROTECT@WHOISGUARD.COM<br />Registry Admin ID: <br />Admin Name: WHOISGUARD PROTECTED<br />Admin Organization: WHOISGUARD, INC.<br />Admin Street: P.O. BOX 0823-03411<br />Admin City: PANAMA<br />Admin State/Province: PANAMA<br />Admin Postal Code: 00000<br />Admin Country: PA<br />Admin Phone: +507.8365503<br />Admin Phone Ext: <br />Admin Fax: +51.17057182<br />Admin Fax Ext:<br />Admin Email: F0792631A61B409D871FFC1496678396.PROTECT@WHOISGUARD.COM<br />Registry Tech ID: <br />Tech Name: WHOISGUARD PROTECTED<br />Tech Organization: WHOISGUARD, INC.<br />Tech Street: P.O. BOX 0823-03411<br />Tech City: PANAMA<br />Tech State/Province: PANAMA<br />Tech Postal Code: 00000<br />Tech Country: PA<br />Tech Phone: +507.8365503<br />Tech Phone Ext: <br />Tech Fax: +51.17057182<br />Tech Fax Ext: <br />Tech Email: F0792631A61B409D871FFC1496678396.PROTECT@WHOISGUARD.COM<br />Name Server: NS1.MAXIMUMSTRESSER.NET<br />Name Server: NS2.MAXIMUMSTRESSER.NET<br />DNSSEC: unSigned<br />URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/<br />Last update of WHOIS database: 2014-10-20T07:13:35.00Z<br /><br /><br />We reserve the right to modify these terms at any time. By submitting <br />this query, you agree to abide by these terms.<br />Version 6.3 4/3/2002<br /><br /><br />
<br />
Smurfmonitorhttp://www.blogger.com/profile/16107249324533319448noreply@blogger.com0tag:blogger.com,1999:blog-8623811450826211059.post-39635112580014975482014-12-13T12:00:00.000-08:002014-12-13T12:00:14.775-08:00Domain: pizdaizda.com.ruDomain: pizdaizda.com.ru <br />
<br />If you are seeing queries for this domain, than you are likely participating in DNS Amplification attacks and your DNS server is probably reachable from the internet and has recursion enabled. <br />
<br />If you are seeing responses for this domain.. unlucky. You are currently beeing DDOS-ed! Good luck. <br /><br />
<h2>
<br /><span style="font-size: large;">IPtables:</span></h2>
<br />There are two iptable rules available. If your distribution supports Iptables 'u32' module pick this one, otherwise use the 'string' rule.<br /><br /><b>U32:</b><br />iptables --insert INPUT -p udp --dport 53 -m u32 --u32 "0x28&0xFFDFDFDF=0x0950495a && 0x2c&0xDFDFDFDF=0x4441495a && 0x30&0xDFDFFFDF=0x44410343 && 0x34&0xDFDFFFDF=0x4f4d0252 && 0x38&0xDFFF0000=0x55000000" -j DROP -m comment --comment "DROP DNS Q pizdaizda.com.ru"<br /><br />More U32 rules can be found here:<br /><br /><a href="https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist.txt">https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist.txt</a><br /><br /><b>String:</b><br />iptables --insert INPUT -p udp --dport 53 -m string --from 40 --to 58 --algo bm --hex-string '|0970697a6461697a646103636f6d02727500|' -j DROP -m comment --comment "DROP DNS Q pizdaizda.com.ru"<br />More Iptables rules for the STRING module can be found here:<br /><br /><br /><a href="https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist-string.txt">https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist-string.txt</a><br />
<h2>
<span style="font-size: large;">Source:</span></h2>
<br />No IP source for this domain<br /><h2>
<span style="font-size: large;">Name server:</span></h2>
<br />;; ANSWER SECTION:<br />pizdaizda.com.ru. 298 IN NS ns2.spaceweb.ru.<br />pizdaizda.com.ru. 298 IN NS ns1.spaceweb.ru.<br /><br /><br /><h2>
<span style="font-size: large;">Response:</span></h2>
<br />A 2<br /> MX 2<br /> NS 2<br /> SOA 1<br /> TXT 20<br /> Rsize 4080<br /><br /><br /><h2>
<span style="font-size: large;">Whois</span></h2>
<br />% By submitting a query to RIPN's Whois Service<br />% you agree to abide by the following terms of use:<br />% http://www.ripn.net/about/servpol.html#3.2 (in Russian) <br />% http://www.ripn.net/about/en/servpol.html#3.2 (in English).<br /><br />No entries found for the selected source(s).<br /><br />Last updated on 2014.12.13 22:56:31 MSK<br /><br /><br /><br />
<br />
Smurfmonitorhttp://www.blogger.com/profile/16107249324533319448noreply@blogger.com0tag:blogger.com,1999:blog-8623811450826211059.post-68408126366832476572014-12-09T11:47:00.000-08:002014-12-09T11:47:03.742-08:00Domain: basjuk.com.ruDomain: basjuk.com.ru <br />
<br />If you are seeing queries for this domain, than you are likely participating in DNS Amplification attacks and your DNS server is probably reachable from the internet and has recursion enabled. <br />
<br />If you are seeing responses for this domain.. unlucky. You are currently beeing DDOS-ed! Good luck. <br /><br />
<h2>
<br /><span style="font-size: large;">IPtables:</span></h2>
<br />There are two iptable rules available. If your distribution supports Iptables 'u32' module pick this one, otherwise use the 'string' rule.<br /><br /><b>U32:</b><br />iptables --insert INPUT -p udp --dport 53 -m u32 --u32 "0x28&0xFFDFDFDF=0x06424153 && 0x2c&0xDFDFDFFF=0x4a554b03 && 0x30&0xDFDFDFFF=0x434f4d02 && 0x34&0xDFDFFF00=0x52550000" -j DROP -m comment --comment "DROP DNS Q basjuk.com.ru"<br /><br />More U32 rules can be found here:<br /><br /><a href="https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist.txt">https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist.txt</a><br /><br /><b>String:</b><br />iptables --insert INPUT -p udp --dport 53 -m string --from 40 --to 55 --algo bm --hex-string '|066261736a756b03636f6d02727500|' -j DROP -m comment --comment "DROP DNS Q basjuk.com.ru"<br />More Iptables rules for the STRING module can be found here:<br /><br /><br /><a href="https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist-string.txt">https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist-string.txt</a><br />
<h2>
<span style="font-size: large;">Source:</span></h2>
<br />No IP source for this domain<br /><h2>
<span style="font-size: large;">Name server:</span></h2>
<br />;; ANSWER SECTION:<br />basjuk.com.ru. 599 IN NS ns1.spaceweb.ru.<br />basjuk.com.ru. 599 IN NS ns2.spaceweb.ru.<br /><br /><br /><h2>
<span style="font-size: large;">Response:</span></h2>
<br />A 2<br /> MX 2<br /> NS 2<br /> SOA 1<br /> TXT 20<br /> Rsize 4077<br /><br /><br /><h2>
<span style="font-size: large;">Whois</span></h2>
<br />% By submitting a query to RIPN's Whois Service<br />% you agree to abide by the following terms of use:<br />% http://www.ripn.net/about/servpol.html#3.2 (in Russian) <br />% http://www.ripn.net/about/en/servpol.html#3.2 (in English).<br /><br />No entries found for the selected source(s).<br /><br />Last updated on 2014.12.09 22:21:33 MSK<br /><br /><br /><br />
<br />
Smurfmonitorhttp://www.blogger.com/profile/16107249324533319448noreply@blogger.com0tag:blogger.com,1999:blog-8623811450826211059.post-57835247093490606622014-12-08T13:15:00.002-08:002014-12-08T13:15:53.421-08:00Domain: free-google-2.cloudns.orgDomain: free-google-2.cloudns.org <br />
<br />If you are seeing queries for this domain, than you are likely participating in DNS Amplification attacks and your DNS server is probably reachable from the internet and has recursion enabled. <br />
<br />If you are seeing responses for this domain.. unlucky. You are currently beeing DDOS-ed! Good luck. <br /><br />
<h2>
<br /><span style="font-size: large;">IPtables:</span></h2>
<br />There are two iptable rules available. If your distribution supports Iptables 'u32' module pick this one, otherwise use the 'string' rule.<br /><br /><b>U32:</b><br />iptables --insert INPUT -p udp --dport 53 -m u32 --u32 "0x28&0xFFDFDFDF=0x0d465245 && 0x2c&0xDFFFDFDF=0x452d474f && 0x30&0xDFDFDFDF=0x4f474c45 && 0x34&0xFFFFFFDF=0x2d320743 && 0x38&0xDFDFDFDF=0x4c4f5544 && 0x3c&0xDFDFFFDF=0x4e53034f && 0x40&0xDFDFFF00=0x52470000" -j DROP -m comment --comment "DROP DNS Q free-google-2.cloudns.org"<br /><br />More U32 rules can be found here:<br /><br /><a href="https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist.txt">https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist.txt</a><br /><br /><b>String:</b><br />iptables --insert INPUT -p udp --dport 53 -m string --from 40 --to 67 --algo bm --hex-string '|0D667265652d676f6f676c652d3207636c6f75646e73036f726700|' -j DROP -m comment --comment "DROP DNS Q free-google-2.cloudns.org"<br />More Iptables rules for the STRING module can be found here:<br /><br /><br /><a href="https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist-string.txt">https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist-string.txt</a><br />
<h2>
<span style="font-size: large;">Source:</span></h2>
<br />No IP source for this domain<br /><h2>
<span style="font-size: large;">Name server:</span></h2>
<br />;; ANSWER SECTION:<br />cloudns.org. 3599 IN NS ns1.cloudns.net.<br />cloudns.org. 3599 IN NS ns2.cloudns.net.<br />cloudns.org. 3599 IN NS ns3.cloudns.net.<br />cloudns.org. 3599 IN NS ns4.cloudns.net.<br /><br /><br /><h2>
<span style="font-size: large;">Response:</span></h2>
<br />A 128<br /> MX 2<br /> NS 4<br /> SOA 1<br /> Rsize 2250<br /><br /><br /><h2>
<span style="font-size: large;">Whois</span></h2>
<br />Domain Name:CLOUDNS.ORG<br />Domain ID: D158423907-LROR<br />Creation Date: 2010-02-22T14:13:42Z<br />Updated Date: 2014-02-06T09:03:03Z<br />Registry Expiry Date: 2015-02-22T14:13:42Z<br />Sponsoring Registrar:PDR Ltd. d/b/a PublicDomainRegistry.com (R27-LROR)<br />Sponsoring Registrar IANA ID: 303<br />WHOIS Server: <br />Referral URL: <br />Domain Status: clientTransferProhibited<br />Registrant ID:DI_13293734<br />Registrant Name:Domain Administrator<br />Registrant Organization:Cloud DNS Ltd<br />Registrant Street: Iskar Str 4<br />Registrant Street: Lozenets<br />Registrant City:Sofia<br />Registrant State/Province:Sofia<br />Registrant Postal Code:1000<br />Registrant Country:BG<br />Registrant Phone:+359.888911444<br />Registrant Phone Ext: <br />Registrant Fax: +359.8889114441<br />Registrant Fax Ext: <br />Registrant Email:support@cloudns.net<br />Admin ID:DI_13293734<br />Admin Name:Domain Administrator<br />Admin Organization:Cloud DNS Ltd<br />Admin Street: Iskar Str 4<br />Admin Street: Lozenets<br />Admin City:Sofia<br />Admin State/Province:Sofia<br />Admin Postal Code:1000<br />Admin Country:BG<br />Admin Phone:+359.888911444<br />Admin Phone Ext: <br />Admin Fax: +359.8889114441<br />Admin Fax Ext: <br />Admin Email:support@cloudns.net<br />Tech ID:DI_13293734<br />Tech Name:Domain Administrator<br />Tech Organization:Cloud DNS Ltd<br />Tech Street: Iskar Str 4<br />Tech Street: Lozenets<br />Tech City:Sofia<br />Tech State/Province:Sofia<br />Tech Postal Code:1000<br />Tech Country:BG<br />Tech Phone:+359.888911444<br />Tech Phone Ext: <br />Tech Fax: +359.8889114441<br />Tech Fax Ext: <br />Tech Email:support@cloudns.net<br />Name Server:NS1.CLOUDNS.NET<br />Name Server:NS2.CLOUDNS.NET<br />Name Server:NS3.CLOUDNS.NET<br />Name Server:NS4.CLOUDNS.NET<br />Name Server: <br />Name Server: <br />Name Server: <br />Name Server: <br />Name Server: <br />Name Server: <br />Name Server: <br />Name Server: <br />Name Server: <br />DNSSEC:Unsigned<br /><br />Access to Public Interest Registry WHOIS information is provided to assist persons in determining the contents of a domain name registration record in the Public Interest Registry registry database. The data in this record is provided by Public Interest Registry for informational purposes only, and Public Interest Registry does not guarantee its accuracy. This service is intended only for query-based access. You agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to(a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or (b) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator, a Registrar, or Afilias except as reasonably necessary to register domain names or modify existing registrations. All rights reserved. Public Interest Registry reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy.<br /><br /><br /><br /><br />
<br />
Smurfmonitorhttp://www.blogger.com/profile/16107249324533319448noreply@blogger.com0tag:blogger.com,1999:blog-8623811450826211059.post-58735875373447011372014-12-07T03:14:00.000-08:002014-12-07T03:14:19.002-08:00Domain: ojjr.ruDomain: ojjr.ru <br />
<br />If you are seeing queries for this domain, than you are likely participating in DNS Amplification attacks and your DNS server is probably reachable from the internet and has recursion enabled. <br />
<br />If you are seeing responses for this domain.. unlucky. You are currently beeing DDOS-ed! Good luck. <br /><br />
<h2>
<br /><span style="font-size: large;">IPtables:</span></h2>
<br />There are two iptable rules available. If your distribution supports Iptables 'u32' module pick this one, otherwise use the 'string' rule.<br /><br /><b>U32:</b><br /><br /><br />More U32 rules can be found here:<br /><br /><a href="https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist.txt">https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist.txt</a><br /><br /><b>String:</b><br />iptables --insert INPUT -p udp --dport 53 -m string --from 40 --to 51 --algo bm --hex-string '|046f6a6a720272750000ff|' -j DROP -m comment --comment "DROP DNS Q ojjr.ru"<br />More Iptables rules for the STRING module can be found here:<br /><br /><br /><a href="https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist-string.txt">https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist-string.txt</a><br />
<h2>
<span style="font-size: large;">Source:</span></h2>
<br />No IP source for this domain<br /><h2>
<span style="font-size: large;">Name server:</span></h2>
<br />;; ANSWER SECTION:<br />ojjr.ru. 3599 IN NS ns1.reg.ru.<br />ojjr.ru. 3599 IN NS ns2.reg.ru.<br /><br /><br /><h2>
<span style="font-size: large;">Response:</span></h2>
<br />A 246<br /> NS 2<br /> SOA 1<br /> Rsize 4032<br /><br /><br /><h2>
<span style="font-size: large;">Whois</span></h2>
<br />% By submitting a query to RIPN's Whois Service<br />% you agree to abide by the following terms of use:<br />% http://www.ripn.net/about/servpol.html#3.2 (in Russian) <br />% http://www.ripn.net/about/en/servpol.html#3.2 (in English).<br /><br />domain: OJJR.RU<br />nserver: ns1.reg.ru.<br />nserver: ns2.reg.ru.<br />state: REGISTERED, DELEGATED, UNVERIFIED<br />person: Private Person<br />registrar: REGRU-RU<br />admin-contact: http://www.reg.ru/whois/admin_contact<br />created: 2014.12.03<br />paid-till: 2015.12.03<br />free-date: 2016.01.03<br />source: TCI<br /><br />Last updated on 2014.12.07 14:11:34 MSK<br /><br /><br /><br />
<br />
Smurfmonitorhttp://www.blogger.com/profile/16107249324533319448noreply@blogger.com0tag:blogger.com,1999:blog-8623811450826211059.post-34756714413860013742014-11-25T14:29:00.000-08:002014-11-25T14:29:33.537-08:00Domain: non.digmehl.cu.ccDomain: non.digmehl.cu.cc <br />
<br />If you are seeing queries for this domain, than you are likely participating in DNS Amplification attacks and your DNS server is probably reachable from the internet and has recursion enabled. <br />
<br />If you are seeing responses for this domain.. unlucky. You are currently beeing DDOS-ed! Good luck. <br /><br />
<h2>
<br /><span style="font-size: large;">IPtables:</span></h2>
<br />There are two iptable rules available. If your distribution supports Iptables 'u32' module pick this one, otherwise use the 'string' rule.<br /><br /><b>U32:</b><br />iptables --insert INPUT -p udp --dport 53 -m u32 --u32 "0x28&0xFFDFDFDF=0x034e4f4e && 0x2c&0xFFDFDFDF=0x07444947 && 0x30&0xDFDFDFDF=0x4d45484c && 0x34&0xFFDFDFFF=0x02435502 && 0x38&0xDFDFFF00=0x43430000" -j DROP -m comment --comment "DROP DNS Q non.digmehl.cu.cc"<br /><br />More U32 rules can be found here:<br /><br /><a href="https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist.txt">https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist.txt</a><br /><br /><b>String:</b><br />iptables --insert INPUT -p udp --dport 53 -m string --from 40 --to 59 --algo bm --hex-string '|036e6f6e076469676d65686c02637502636300|' -j DROP -m comment --comment "DROP DNS Q non.digmehl.cu.cc"<br />More Iptables rules for the STRING module can be found here:<br /><br /><br /><a href="https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist-string.txt">https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist-string.txt</a><br />
<h2>
<span style="font-size: large;">Source:</span></h2>
<br />No IP source for this domain<br /><h2>
<span style="font-size: large;">Name server:</span></h2>
<br />;; ANSWER SECTION:<br />digmehl.cu.cc. 21599 IN NS ken.ns.cloudflare.com.<br />digmehl.cu.cc. 21599 IN NS chan.ns.cloudflare.com.<br /><br /><br /><h2>
<span style="font-size: large;">Response:</span></h2>
<br />TXT 1<br /> Rsize 4095<br /><br /><br /><h2>
<span style="font-size: large;">Whois</span></h2>
<br /><br />Whois Server Version 2.0<br /><br />Domain names can now be registered with many different competing registrars. <br />Go to http://registrar.verisign-grs.com/whois/ for detailed information.<br /><br />No match for "DIGMEHL.CU.CC".<br /><br />>>> Last update of whois database: 2014-11-25T22:25:55Z <<<<br /><br />NOTICE: The expiration date displayed in this record is the date the <br />registrar's sponsorship of the domain name registration in the registry is <br />currently set to expire. This date does not necessarily reflect the <br />expiration date of the domain name registrant's agreement with the <br />sponsoring registrar. Users may consult the sponsoring registrar's <br />Whois database to view the registrar's reported date of expiration <br />for this registration.<br /><br /><br />The Registry database contains ONLY .cc, .tv, and .jobs domains <br />and Registrars.<br /><br /><br />
<br />
Smurfmonitorhttp://www.blogger.com/profile/16107249324533319448noreply@blogger.com0tag:blogger.com,1999:blog-8623811450826211059.post-2764092618328479252014-11-25T14:28:00.000-08:002014-11-25T14:28:55.363-08:00Domain: freeinfosys.comDomain: freeinfosys.com <br />
<br />If you are seeing queries for this domain, than you are likely participating in DNS Amplification attacks and your DNS server is probably reachable from the internet and has recursion enabled. <br />
<br />If you are seeing responses for this domain.. unlucky. You are currently beeing DDOS-ed! Good luck. <br /><br />
<h2>
<br /><span style="font-size: large;">IPtables:</span></h2>
<br />There are two iptable rules available. If your distribution supports Iptables 'u32' module pick this one, otherwise use the 'string' rule.<br /><br /><b>U32:</b><br />iptables --insert INPUT -p udp --dport 53 -m u32 --u32 "0x28&0xFFDFDFDF=0x0b465245 && 0x2c&0xDFDFDFDF=0x45494e46 && 0x30&0xDFDFDFDF=0x4f535953 && 0x34&0xFFDFDFDF=0x03434f4d && 0x38&0xFF000000=0x00000000" -j DROP -m comment --comment "DROP DNS Q freeinfosys.com"<br /><br />More U32 rules can be found here:<br /><br /><a href="https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist.txt">https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist.txt</a><br /><br /><b>String:</b><br />iptables --insert INPUT -p udp --dport 53 -m string --from 40 --to 57 --algo bm --hex-string '|0B66726565696e666f73797303636f6d00|' -j DROP -m comment --comment "DROP DNS Q freeinfosys.com"<br />More Iptables rules for the STRING module can be found here:<br /><br /><br /><a href="https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist-string.txt">https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist-string.txt</a><br />
<h2>
<span style="font-size: large;">Source:</span></h2>
<br />No IP source for this domain<br /><h2>
<span style="font-size: large;">Name server:</span></h2>
<br />;; ANSWER SECTION:<br />freeinfosys.com. 3599 IN NS ns77.domaincontrol.com.<br />freeinfosys.com. 3599 IN NS ns78.domaincontrol.com.<br /><br /><br /><h2>
<span style="font-size: large;">Response:</span></h2>
<br />A 5<br /> MX 2<br /> NS 2<br /> SOA 1<br /> TXT 7<br /> Rsize 3125<br /><br /><br /><h2>
<span style="font-size: large;">Whois</span></h2>
<br /><br />Whois Server Version 2.0<br /><br />Domain names in the .com and .net domains can now be registered<br />with many different competing registrars. Go to http://www.internic.net<br />for detailed information.<br /><br /> Domain Name: FREEINFOSYS.COM<br /> Registrar: GODADDY.COM, LLC<br /> Whois Server: whois.godaddy.com<br /> Referral URL: http://registrar.godaddy.com<br /> Name Server: NS77.DOMAINCONTROL.COM<br /> Name Server: NS78.DOMAINCONTROL.COM<br /> Status: clientDeleteProhibited<br /> Status: clientRenewProhibited<br /> Status: clientTransferProhibited<br /> Status: clientUpdateProhibited<br /> Updated Date: 25-nov-2014<br /> Creation Date: 25-nov-2014<br /> Expiration Date: 25-nov-2015<br /><br />>>> Last update of whois database: Tue, 25 Nov 2014 22:14:51 GMT <<<<br /><br />NOTICE: The expiration date displayed in this record is the date the <br />registrar's sponsorship of the domain name registration in the registry is <br />currently set to expire. This date does not necessarily reflect the expiration <br />date of the domain name registrant's agreement with the sponsoring <br />registrar. Users may consult the sponsoring registrar's Whois database to <br />view the registrar's reported date of expiration for this registration.<br /><br /><br />The Registry database contains ONLY .COM, .NET, .EDU domains and<br />Registrars.<br />Domain Name: FREEINFOSYS.COM<br />Registry Domain ID: 1887105896_DOMAIN_COM-VRSN<br />Registrar WHOIS Server: whois.godaddy.com<br />Registrar URL: http://www.godaddy.com<br />Update Date: 2014-11-25 10:07:51<br />Creation Date: 2014-11-25 10:03:07<br />Registrar Registration Expiration Date: 2015-11-25 10:03:07<br />Registrar: GoDaddy.com, LLC<br />Registrar IANA ID: 146<br />Registrar Abuse Contact Email: abuse@godaddy.com<br />Registrar Abuse Contact Phone: +1.480-624-2505<br />Domain Status: clientTransferProhibited<br />Domain Status: clientUpdateProhibited<br />Domain Status: clientRenewProhibited<br />Domain Status: clientDeleteProhibited<br />Registry Registrant ID: <br />Registrant Name: Ludwig Rhys<br />Registrant Organization: <br />Registrant Street: 3796 N Yosemite St<br />Registrant City: Parkville<br />Registrant State/Province: MD<br />Registrant Postal Code: 21267<br />Registrant Country: China<br />Registrant Phone: +86.4108394461<br />Registrant Phone Ext: <br />Registrant Fax: <br />Registrant Fax Ext: <br />Registrant Email: dt22888@126.com<br />Registry Admin ID: <br />Admin Name: Ludwig Rhys<br />Admin Organization: <br />Admin Street: 3796 N Yosemite St<br />Admin City: Parkville<br />Admin State/Province: MD<br />Admin Postal Code: 21267<br />Admin Country: China<br />Admin Phone: +86.4108394461<br />Admin Phone Ext: <br />Admin Fax: <br />Admin Fax Ext: <br />Admin Email: dt22888@126.com<br />Registry Tech ID: <br />Tech Name: Ludwig Rhys<br />Tech Organization: <br />Tech Street: 3796 N Yosemite St<br />Tech City: Parkville<br />Tech State/Province: MD<br />Tech Postal Code: 21267<br />Tech Country: China<br />Tech Phone: +86.4108394461<br />Tech Phone Ext: <br />Tech Fax: <br />Tech Fax Ext: <br />Tech Email: dt22888@126.com<br />Name Server: NS77.DOMAINCONTROL.COM<br />Name Server: NS78.DOMAINCONTROL.COM<br />DNSSEC: unsigned<br />URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/<br />Last update of WHOIS database: 2014-11-25T22:00:00Z<br /><br />The data contained in GoDaddy.com, LLC's WhoIs database,<br />while believed by the company to be reliable, is provided "as is"<br />with no guarantee or warranties regarding its accuracy. This<br />information is provided for the sole purpose of assisting you<br />in obtaining information about domain name registration records.<br />Any use of this data for any other purpose is expressly forbidden without the prior written<br />permission of GoDaddy.com, LLC. By submitting an inquiry,<br />you agree to these terms of usage and limitations of warranty. In particular,<br />you agree not to use this data to allow, enable, or otherwise make possible,<br />dissemination or collection of this data, in part or in its entirety, for any<br />purpose, such as the transmission of unsolicited advertising and<br />and solicitations of any kind, including spam. You further agree<br />not to use this data to enable high volume, automated or robotic electronic<br />processes designed to collect or compile this data for any purpose,<br />including mining this data for your own personal or commercial purposes. <br /><br />Please note: the registrant of the domain name is specified<br />in the "registrant" section. In most cases, GoDaddy.com, LLC <br />is not the registrant of domain names listed in this database.<br /><br /><br />
<br />
Smurfmonitorhttp://www.blogger.com/profile/16107249324533319448noreply@blogger.com0tag:blogger.com,1999:blog-8623811450826211059.post-84468312867716137852014-11-12T06:00:00.000-08:002014-11-12T06:00:18.900-08:00Domain: svist21.czDomain: svist21.cz <br />
<br />If you are seeing queries for this domain, than you are likely participating in DNS Amplification attacks and your DNS server is probably reachable from the internet and has recursion enabled. <br />
<br />If you are seeing responses for this domain.. unlucky. You are currently beeing DDOS-ed! Good luck. <br /><br />
<h2>
<br /><span style="font-size: large;">IPtables:</span></h2>
<br />There are two iptable rules available. If your distribution supports Iptables 'u32' module pick this one, otherwise use the 'string' rule.<br /><br /><b>U32:</b><br />iptables --insert INPUT -p udp --dport 53 -m u32 --u32 "0x28&0xFFDFDFDF=0x07535649 && 0x2c&0xDFDFFFFF=0x53543231 && 0x30&0xFFDFDFFF=0x02435a00 && 0x34&0xFFFF0000=0x00FF0000" -j DROP -m comment --comment "DROP DNS Q svist21.cz"<br /><br />More U32 rules can be found here:<br /><br /><a href="https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist.txt">https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist.txt</a><br /><br /><b>String:</b><br />iptables --insert INPUT -p udp --dport 53 -m string --from 40 --to 54 --algo bm --hex-string '|077376697374323102637a0000ff|' -j DROP -m comment --comment "DROP DNS Q svist21.cz"<br />More Iptables rules for the STRING module can be found here:<br /><br /><br /><a href="https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist-string.txt">https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist-string.txt</a><br />
<h2>
<span style="font-size: large;">Source:</span></h2>
<br />No IP source for this domain<br /><h2>
<span style="font-size: large;">Name server:</span></h2>
<br />;; ANSWER SECTION:<br />svist21.cz. 1770 IN NS ns5.gransy.com.<br />svist21.cz. 1770 IN NS ns.gransy.com.<br />svist21.cz. 1770 IN NS ns2.gransy.com.<br />svist21.cz. 1770 IN NS ns4.gransy.com.<br />svist21.cz. 1770 IN NS ns3.gransy.com.<br /><br /><br /><h2>
<span style="font-size: large;">Response:</span></h2>
<br />A 15<br /> DNSKEY 5<br /> MX 8<br /> NS 13<br /> NSEC 2<br /> RRSIG 10<br /> SOA 3<br /> SPF 3<br /> TXT 4<br /> Rsize 6800<br /><br /><br /><br /><br />
<br />
Smurfmonitorhttp://www.blogger.com/profile/16107249324533319448noreply@blogger.com0tag:blogger.com,1999:blog-8623811450826211059.post-42372636008561091252014-11-11T13:35:00.000-08:002014-11-11T13:35:43.699-08:00Domain: 067.czDomain: 067.cz <br />
<br />If you are seeing queries for this domain, than you are likely participating in DNS Amplification attacks and your DNS server is probably reachable from the internet and has recursion enabled. <br />
<br />If you are seeing responses for this domain.. unlucky. You are currently beeing DDOS-ed! Good luck. <br /><br />
<h2>
<br /><span style="font-size: large;">IPtables:</span></h2>
<br />There are two iptable rules available. If your distribution supports Iptables 'u32' module pick this one, otherwise use the 'string' rule.<br /><br /><b>U32:</b><br />iptables --insert INPUT -p udp --dport 53 -m u32 --u32 "0x28=0x03303637 && 0x2c&0xFFDFDFFF=0x02435a00 && 0x30&0xFFFF0000=0x00FF0000" -j DROP -m comment --comment "DROP DNS Q 067.cz"<br /><br />More U32 rules can be found here:<br /><br /><a href="https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist.txt">https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist.txt</a><br /><br /><b>String:</b><br />iptables --insert INPUT -p udp --dport 53 -m string --from 40 --to 50 --algo bm --hex-string '|0330363702637a0000ff|' -j DROP -m comment --comment "DROP DNS Q 067.cz"<br />More Iptables rules for the STRING module can be found here:<br /><br /><br /><a href="https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist-string.txt">https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist-string.txt</a><br />
<h2>
<span style="font-size: large;">Source:</span></h2>
<br />No IP source for this domain<br /><h2>
<span style="font-size: large;">Name server:</span></h2>
<br />;; ANSWER SECTION:<br />067.cz. 958 IN NS ns4.gransy.com.<br />067.cz. 958 IN NS ns5.gransy.com.<br />067.cz. 958 IN NS ns3.gransy.com.<br />067.cz. 958 IN NS ns.gransy.com.<br />067.cz. 958 IN NS ns2.gransy.com.<br /><br /><br /><h2>
<span style="font-size: large;">Response:</span></h2>
<br />A 14<br /> DNSKEY 5<br /> MX 4<br /> NS 12<br /> NSEC 2<br /> RRSIG 10<br /> SOA 3<br /> SPF 3<br /> TXT 4<br /> Rsize 6684<br /><br /><br /><h2>
<span style="font-size: large;">Whois</span></h2>
<br />% (c) 2006-2014 CZ.NIC, z.s.p.o.<br />% <br />% Intended use of supplied data and information<br />% <br />% Data contained in the domain name register, as well as information<br />% supplied through public information services of CZ.NIC association,<br />% are appointed only for purposes connected with Internet network<br />% administration and operation, or for the purpose of legal or other<br />% similar proceedings, in process as regards a matter connected<br />% particularly with holding and using a concrete domain name.<br />% <br />% Full text available at:<br />% http://www.nic.cz/page/306/intended-use-of-supplied-data-and-information/<br />% <br />% See also a search service at http://www.nic.cz/whois/<br />% <br />% <br />% Whoisd Server Version: 3.10.0<br />% Timestamp: Tue Nov 11 22:32:56 2014<br /><br />domain: 067.cz<br />registrant: A24CONTACT-53436<br />admin-c: SB:SVIST21-S<br />nsset: NSS:GRANSY:3<br />registrar: REG-GRANSY<br />registered: 07.02.2013 15:06:26<br />changed: 11.01.2014 14:56:04<br />expire: 07.02.2015<br /><br />contact: A24CONTACT-53436<br />org: Petr Koubský<br />name: Petr Koubský<br />address: Chvalova 1202/8<br />address: Praha 3<br />address: 130 00<br />address: CZ<br />registrar: REG-ACTIVE24<br />created: 01.12.2011 14:26:48<br /><br />contact: SB:SVIST21-S<br />org: Svist 21 s.r.o.<br />name: Svist 21 s.r.o.<br />address: Dobrovskeho 36<br />address: Praha 7<br />address: 17000<br />address: CZ<br />registrar: REG-GRANSY<br />created: 05.10.2005 11:55:00<br />changed: 30.07.2014 09:47:05<br /><br />nsset: NSS:GRANSY:3<br />nserver: ns.gransy.com <br />nserver: ns2.gransy.com <br />nserver: ns3.gransy.com <br />nserver: ns4.gransy.com <br />nserver: ns5.gransy.com <br />tech-c: GRANSY<br />registrar: REG-GRANSY<br />created: 01.10.2007 02:00:00<br />changed: 16.08.2010 00:39:13<br /><br />contact: GRANSY<br />org: Gransy s.r.o.<br />name: Jan Horák<br />address: BoÅivojova 878/35<br />address: Praha 3<br />address: 130 00<br />address: CZ<br />phone: +420.732954549<br />fax-no: +420.226517341<br />e-mail: info@gransy.com<br />registrar: REG-MOJEID<br />created: 23.08.2004 17:35:00<br />changed: 20.04.2011 14:22:45<br /><br /><br /><br /><br />
<br />
Smurfmonitorhttp://www.blogger.com/profile/16107249324533319448noreply@blogger.com0tag:blogger.com,1999:blog-8623811450826211059.post-83640839418968621442014-10-23T10:30:00.000-07:002014-10-23T10:30:59.309-07:00Domain: domenamocy.plDomain: domenamocy.pl <br />
<br />If you are seeing queries for this domain, than you are likely participating in DNS Amplification attacks and your DNS server is probably reachable from the internet and has recursion enabled. <br />
<br />If you are seeing responses for this domain.. unlucky. You are currently beeing DDOS-ed! Good luck. <br /><br />
<h2>
<br /><span style="font-size: large;">IPtables:</span></h2>
<br />There are two iptable rules available. If your distribution supports Iptables 'u32' module pick this one, otherwise use the 'string' rule.<br /><br /><b>U32:</b><br />iptables --insert INPUT -p udp --dport 53 -m u32 --u32 "0x28&0xFFDFDFDF=0x0a444f4d && 0x2c&0xDFDFDFDF=0x454e414d && 0x30&0xDFDFDFFF=0x4f435902 && 0x34&0xDFDFFFFF=0x504c0000 && 0x38&0xFF000000=0xFF000000" -j DROP -m comment --comment "DROP DNS Q domenamocy.pl"<br /><br />More U32 rules can be found here:<br /><br /><a href="https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist.txt">https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist.txt</a><br /><br /><b>String:</b><br />iptables --insert INPUT -p udp --dport 53 -m string --from 40 --to 57 --algo bm --hex-string '|0A646f6d656e616d6f637902706c0000ff|' -j DROP -m comment --comment "DROP DNS Q domenamocy.pl"<br />More Iptables rules for the STRING module can be found here:<br /><br /><br /><a href="https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist-string.txt">https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist-string.txt</a><br />
<h2>
<span style="font-size: large;">Source:</span></h2>
<br />No IP source for this domain<br /><h2>
<span style="font-size: large;">Name server:</span></h2>
<br />;; ANSWER SECTION:<br />domenamocy.pl. 21599 IN NS dns30.hosteam.pl.<br />domenamocy.pl. 21599 IN NS dns22.hosteam.pl.<br />domenamocy.pl. 21599 IN NS dns9.hosteam.pl.<br />domenamocy.pl. 21599 IN NS dns31.hosteam.pl.<br />domenamocy.pl. 21599 IN NS dns.hosteam.pl.<br />domenamocy.pl. 21599 IN NS dns6.hosteam.pl.<br />domenamocy.pl. 21599 IN NS dns24.hosteam.pl.<br />domenamocy.pl. 21599 IN NS dns15.hosteam.pl.<br />domenamocy.pl. 21599 IN NS dns21.hosteam.pl.<br />domenamocy.pl. 21599 IN NS dns4.hosteam.pl.<br />domenamocy.pl. 21599 IN NS dns26.hosteam.pl.<br />domenamocy.pl. 21599 IN NS dns13.hosteam.pl.<br />domenamocy.pl. 21599 IN NS fns2.42.pl.<br />domenamocy.pl. 21599 IN NS dns14.hosteam.pl.<br />domenamocy.pl. 21599 IN NS dns5.hosteam.pl.<br />domenamocy.pl. 21599 IN NS dns27.hosteam.pl.<br />domenamocy.pl. 21599 IN NS dns18.hosteam.pl.<br />domenamocy.pl. 21599 IN NS dns3.hosteam.pl.<br />domenamocy.pl. 21599 IN NS fns1.42.pl.<br />domenamocy.pl. 21599 IN NS dns25.hosteam.pl.<br />domenamocy.pl. 21599 IN NS dns17.hosteam.pl.<br />domenamocy.pl. 21599 IN NS dns8.hosteam.pl.<br />domenamocy.pl. 21599 IN NS dns10.hosteam.pl.<br />domenamocy.pl. 21599 IN NS dns32.hosteam.pl.<br />domenamocy.pl. 21599 IN NS dns29.hosteam.pl.<br />domenamocy.pl. 21599 IN NS dns16.hosteam.pl.<br />domenamocy.pl. 21599 IN NS dns11.hosteam.pl.<br />domenamocy.pl. 21599 IN NS dns28.hosteam.pl.<br />domenamocy.pl. 21599 IN NS dns7.hosteam.pl.<br />domenamocy.pl. 21599 IN NS dns12.hosteam.pl.<br />domenamocy.pl. 21599 IN NS dns2.hosteam.pl.<br />domenamocy.pl. 21599 IN NS dns19.hosteam.pl.<br />domenamocy.pl. 21599 IN NS dns23.hosteam.pl.<br />domenamocy.pl. 21599 IN NS dns20.hosteam.pl.<br /><br /><br /><h2>
<span style="font-size: large;">Response:</span></h2>
<br />NS 34<br /> SOA 1<br /> Rsize 760<br /><br /><br /><h2>
<span style="font-size: large;">Whois</span></h2>
<br /><br />DOMAIN NAME: domenamocy.pl<br />registrant type: individual<br />nameservers: fns1.42.pl. [79.98.145.34]<br /> fns2.42.pl. [2a02:2978::a503:4209:2][195.80.237.194]<br />created: 2014.10.19 02:37:25<br />last modified: 2014.10.19 03:59:36<br />renewal date: 2015.10.19 02:37:25<br /><br />no option<br /><br />dnssec: Unsigned<br /><br /><br />REGISTRAR:<br />nazwa.pl S.A.(dawniej NetArt Spolka Akcyjna S.K.A.) <br />ul. Cystersow 20A <br />31-553 Krakow<br />Polska/Poland<br />+48.801 33 22 33<br />+48.12 297 88 10 <br />+48.12 297 88 08<br />kontakt@nazwa.pl<br />www.nazwa.pl<br /><br />WHOIS displays data with a delay not exceeding 15 minutes in relation to the .pl Registry system<br />Registrant data available at http://dns.pl/cgi-bin/en_whois.pl<br /><br /><br />
<br />
Smurfmonitorhttp://www.blogger.com/profile/16107249324533319448noreply@blogger.com0tag:blogger.com,1999:blog-8623811450826211059.post-73451737774674088242014-10-17T11:57:00.000-07:002014-10-17T11:57:11.357-07:00Domain: oggr.ruDomain: oggr.ru <br />
<br />If you are seeing queries for this domain, than you are likely participating in DNS Amplification attacks and your DNS server is probably reachable from the internet and has recursion enabled. <br />
<br />If you are seeing responses for this domain.. unlucky. You are currently beeing DDOS-ed! Good luck. <br /><br />
<h2>
<br /><span style="font-size: large;">IPtables:</span></h2>
<br />There are two iptable rules available. If your distribution supports Iptables 'u32' module pick this one, otherwise use the 'string' rule.<br /><br /><b>U32:</b><br />iptables --insert INPUT -p udp --dport 53 -m u32 --u32 "0x28&0xFFDFDFDF=0x044f4747 && 0x2c&0xDFFFDFDF=0x52025255 && 0x30&0xFFFFFF00=0x0000FF00" -j DROP -m comment --comment "DROP DNS Q oggr.ru"<br /><br />More U32 rules can be found here:<br /><br /><a href="https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist.txt">https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist.txt</a><br /><br /><b>String:</b><br />iptables --insert INPUT -p udp --dport 53 -m string --from 40 --to 51 --algo bm --hex-string '|046f6767720272750000ff|' -j DROP -m comment --comment "DROP DNS Q oggr.ru"<br />More Iptables rules for the STRING module can be found here:<br /><br /><br /><a href="https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist-string.txt">https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist-string.txt</a><br />
<h2>
<span style="font-size: large;">Source:</span></h2>
<br />No IP source for this domain<br /><h2>
<span style="font-size: large;">Name server:</span></h2>
<br />;; ANSWER SECTION:<br />oggr.ru. 21599 IN NS ns2.reg.ru.<br />oggr.ru. 21599 IN NS ns1.reg.ru.<br /><br /><br /><h2>
<span style="font-size: large;">Response:</span></h2>
<br />A 245<br /> NS 2<br /> SOA 1<br /> Rsize 4016<br /><br /><br /><h2>
<span style="font-size: large;">Whois</span></h2>
<br />% By submitting a query to RIPN's Whois Service<br />% you agree to abide by the following terms of use:<br />% http://www.ripn.net/about/servpol.html#3.2 (in Russian) <br />% http://www.ripn.net/about/en/servpol.html#3.2 (in English).<br /><br />domain: OGGR.RU<br />nserver: ns1.reg.ru.<br />nserver: ns2.reg.ru.<br />state: REGISTERED, DELEGATED, UNVERIFIED<br />person: Private Person<br />registrar: REGRU-RU<br />admin-contact: http://www.reg.ru/whois/admin_contact<br />created: 2014.04.14<br />paid-till: 2015.04.14<br />free-date: 2015.05.15<br />source: TCI<br /><br />Last updated on 2014.10.17 22:51:33 MSK<br /><br /><br /><br />
<br />
Smurfmonitorhttp://www.blogger.com/profile/16107249324533319448noreply@blogger.com0tag:blogger.com,1999:blog-8623811450826211059.post-77237587485736038512014-10-17T08:22:00.001-07:002014-10-17T08:22:45.271-07:00Domain: nlhosting.nlDomain: nlhosting.nl <br />
<br />If you are seeing queries for this domain, than you are likely participating in DNS Amplification attacks and your DNS server is probably reachable from the internet and has recursion enabled. <br />
<br />If you are seeing responses for this domain.. unlucky. You are currently beeing DDOS-ed! Good luck. <br /><br />
<h2>
<br /><span style="font-size: large;">IPtables:</span></h2>
<br />There are two iptable rules available. If your distribution supports Iptables 'u32' module pick this one, otherwise use the 'string' rule.<br /><br /><b>U32:</b><br />iptables --insert INPUT -p udp --dport 53 -m u32 --u32 "0x28&0xFFDFDFDF=0x094e4c48 && 0x2c&0xDFDFDFDF=0x4f535449 && 0x30&0xDFDFFFDF=0x4e47024e && 0x34&0xDFFFFFFF=0x4c0000FF" -j DROP -m comment --comment "DROP DNS Q nlhosting.nl"<br /><br />More U32 rules can be found here:<br /><br /><a href="https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist.txt">https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist.txt</a><br /><br /><b>String:</b><br />iptables --insert INPUT -p udp --dport 53 -m string --from 40 --to 56 --algo bm --hex-string '|096e6c686f7374696e67026e6c0000ff|' -j DROP -m comment --comment "DROP DNS Q nlhosting.nl"<br />More Iptables rules for the STRING module can be found here:<br /><br /><br /><a href="https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist-string.txt">https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist-string.txt</a><br />
<h2>
<span style="font-size: large;">Source:</span></h2>
<br />No IP source for this domain<br /><h2>
<span style="font-size: large;">Name server:</span></h2>
<br />;; ANSWER SECTION:<br />nlhosting.nl. 10799 IN NS ns.nlhosting.net.<br />nlhosting.nl. 10799 IN NS ns1.nlhosting.net.<br /><br /><br /><h2>
<span style="font-size: large;">Response:</span></h2>
<br />A 14<br /> DNSKEY 4<br /> MX 4<br /> NS 9<br /> NSEC3PARAM 2<br /> RRSIG 9<br /> SOA 2<br /> TXT 2<br /> TYPE65534 3<br /> Rsize 3635<br /><br /><br /><h2>
<span style="font-size: large;">Whois</span></h2>
<br />Domain name: nlhosting.nl<br />Status: active<br /><br />Registrar:<br /> NL Hosting Internet Solutions bv<br /> Kerkstraat 1<br /> 6669DA DODEWAARD<br /> Netherlands<br /><br />DNSSEC: yes<br /><br />Domain nameservers:<br /> ns.nlhosting.net<br /> ns1.nlhosting.net<br /><br />Record maintained by: NL Domain Registry<br /><br />Copyright notice<br />No part of this publication may be reproduced, published, stored in a<br />retrieval system, or transmitted, in any form or by any means,<br />electronic, mechanical, recording, or otherwise, without prior<br />permission of the Foundation for Internet Domain Registration in the<br />Netherlands (SIDN).<br />These restrictions apply equally to registrars, except in that<br />reproductions and publications are permitted insofar as they are<br />reasonable, necessary and solely in the context of the registration<br />activities referred to in the General Terms and Conditions for .nl<br />Registrars.<br />Any use of this material for advertising, targeting commercial offers or<br />similar activities is explicitly forbidden and liable to result in legal<br />action. Anyone who is aware or suspects that such activities are taking<br />place is asked to inform the Foundation for Internet Domain Registration<br />in the Netherlands.<br />(c) The Foundation for Internet Domain Registration in the Netherlands<br />(SIDN) Dutch Copyright Act, protection of authors' rights (Section 10,<br />subsection 1, clause 1).<br /><br /><br />
<br />
Smurfmonitorhttp://www.blogger.com/profile/16107249324533319448noreply@blogger.com1tag:blogger.com,1999:blog-8623811450826211059.post-78021781492690931832014-10-16T16:42:00.000-07:002014-10-16T16:42:08.029-07:00Domain: doleta.govDomain: doleta.gov <br />
<br />If you are seeing queries for this domain, than you are likely participating in DNS Amplification attacks and your DNS server is probably reachable from the internet and has recursion enabled. <br />
<br />If you are seeing responses for this domain.. unlucky. You are currently beeing DDOS-ed! Good luck. <br /><br />
<h2>
<br /><span style="font-size: large;">IPtables:</span></h2>
<br />There are two iptable rules available. If your distribution supports Iptables 'u32' module pick this one, otherwise use the 'string' rule.<br /><br /><b>U32:</b><br />iptables --insert INPUT -p udp --dport 53 -m u32 --u32 "0x28&0xFFDFDFDF=0x06444f4c && 0x2c&0xDFDFDFFF=0x45544103 && 0x30&0xDFDFDFFF=0x474f5600 && 0x34&0xFFFF0000=0x00FF0000" -j DROP -m comment --comment "DROP DNS Q doleta.gov"<br /><br />More U32 rules can be found here:<br /><br /><a href="https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist.txt">https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist.txt</a><br /><br /><b>String:</b><br />iptables --insert INPUT -p udp --dport 53 -m string --from 40 --to 54 --algo bm --hex-string '|06646f6c65746103676f760000ff|' -j DROP -m comment --comment "DROP DNS Q doleta.gov"<br />More Iptables rules for the STRING module can be found here:<br /><br /><br /><a href="https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist-string.txt">https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist-string.txt</a><br />
<h2>
<span style="font-size: large;">Source:</span></h2>
<br />No IP source for this domain<br /><h2>
<span style="font-size: large;">Name server:</span></h2>
<br />;; ANSWER SECTION:<br />doleta.gov. 899 IN NS ns06.dol.gov.<br />doleta.gov. 899 IN NS ns4.dol.gov.<br />doleta.gov. 899 IN NS ns2.dol.gov.<br />doleta.gov. 899 IN NS ns1.dol.gov.<br />doleta.gov. 899 IN NS ns05.dol.gov.<br />doleta.gov. 899 IN NS dino.doleta.gov.<br /><br /><br /><h2>
<span style="font-size: large;">Response:</span></h2>
<br />A 15<br /> AAAA 2<br /> DNSKEY 4<br /> MX 7<br /> NS 14<br /> NSEC3PARAM 2<br /> RRSIG 9<br /> SOA 2<br /> TXT 2<br /> Rsize 3691<br /><br /><br /><br /><br /><br />
<br />
Smurfmonitorhttp://www.blogger.com/profile/16107249324533319448noreply@blogger.com0tag:blogger.com,1999:blog-8623811450826211059.post-14432458447286282382014-10-16T16:04:00.000-07:002014-10-16T16:04:28.194-07:00Domain: bmw.digmehl.cu.ccDomain: bmw.digmehl.cu.cc <br />
<br />If you are seeing queries for this domain, than you are likely participating in DNS Amplification attacks and your DNS server is probably reachable from the internet and has recursion enabled. <br />
<br />If you are seeing responses for this domain.. unlucky. You are currently beeing DDOS-ed! Good luck. <br /><br />
<h2>
<br /><span style="font-size: large;">IPtables:</span></h2>
<br />There are two iptable rules available. If your distribution supports Iptables 'u32' module pick this one, otherwise use the 'string' rule.<br /><br /><b>U32:</b><br />iptables --insert INPUT -p udp --dport 53 -m u32 --u32 "0x28&0xFFDFDFDF=0x03424d57 && 0x2c&0xFFDFDFDF=0x07444947 && 0x30&0xDFDFDFDF=0x4d45484c && 0x34&0xFFDFDFFF=0x02435502 && 0x38&0xDFDFFF00=0x43430000" -j DROP -m comment --comment "DROP DNS Q bmw.digmehl.cu.cc"<br /><br />More U32 rules can be found here:<br /><br /><a href="https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist.txt">https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist.txt</a><br /><br /><b>String:</b><br />iptables --insert INPUT -p udp --dport 53 -m string --from 40 --to 59 --algo bm --hex-string '|03626d77076469676d65686c02637502636300|' -j DROP -m comment --comment "DROP DNS Q bmw.digmehl.cu.cc"<br />More Iptables rules for the STRING module can be found here:<br /><br /><br /><a href="https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist-string.txt">https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist-string.txt</a><br />
<h2>
<span style="font-size: large;">Source:</span></h2>
<br />No IP source for this domain<br /><h2>
<span style="font-size: large;">Name server:</span></h2>
<br />;; ANSWER SECTION:<br />digmehl.cu.cc. 21599 IN NS ken.ns.cloudflare.com.<br />digmehl.cu.cc. 21599 IN NS chan.ns.cloudflare.com.<br /><br /><br /><h2>
<span style="font-size: large;">Response:</span></h2>
<br />TXT 1<br /> Rsize 4095<br /><br /><br /><br /><br /><br />
<br />
Smurfmonitorhttp://www.blogger.com/profile/16107249324533319448noreply@blogger.com0tag:blogger.com,1999:blog-8623811450826211059.post-71653493052465350312014-10-13T16:04:00.002-07:002014-10-13T16:04:41.432-07:00Domain: guessinfosys.comDomain: guessinfosys.com <br />
<br />If you are seeing queries for this domain, than you are likely participating in DNS Amplification attacks and your DNS server is probably reachable from the internet and has recursion enabled. <br />
<br />If you are seeing responses for this domain.. unlucky. You are currently beeing DDOS-ed! Good luck. <br /><br />
<h2>
<br /><span style="font-size: large;">IPtables:</span></h2>
<br />There are two iptable rules available. If your distribution supports Iptables 'u32' module pick this one, otherwise use the 'string' rule.<br /><br /><b>U32:</b><br />iptables --insert INPUT -p udp --dport 53 -m u32 --u32 "0x28&0xFFDFDFDF=0x0c475545 && 0x2c&0xDFDFDFDF=0x5353494e && 0x30&0xDFDFDFDF=0x464f5359 && 0x34&0xDFFFDFDF=0x5303434f && 0x38&0xDFFFFFFF=0x4d0000FF" -j DROP -m comment --comment "DROP DNS Q guessinfosys.com"<br /><br />More U32 rules can be found here:<br /><br /><a href="https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist.txt">https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist.txt</a><br /><br /><b>String:</b><br />iptables --insert INPUT -p udp --dport 53 -m string --from 40 --to 60 --algo bm --hex-string '|0C6775657373696e666f73797303636f6d0000ff|' -j DROP -m comment --comment "DROP DNS Q guessinfosys.com"<br />More Iptables rules for the STRING module can be found here:<br /><br /><br /><a href="https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist-string.txt">https://github.com/smurfmonitor/dns-iptables-rules/blob/master/domain-blacklist-string.txt</a><br />
<h2>
<span style="font-size: large;">Source:</span></h2>
<br />No IP source for this domain<br /><h2>
<span style="font-size: large;">Name server:</span></h2>
<br />;; ANSWER SECTION:<br />guessinfosys.com. 1461 IN NS ns72.domaincontrol.com.<br />guessinfosys.com. 1461 IN NS ns71.domaincontrol.com.<br /><br /><br /><h2>
<span style="font-size: large;">Response:</span></h2>
<br />A 6<br /> MX 2<br /> NS 2<br /> SOA 1<br /> TXT 7<br /> Rsize 3195<br /><br /><br /><h2>
<span style="font-size: large;">Whois</span></h2>
<br /><br />Whois Server Version 2.0<br /><br />Domain names in the .com and .net domains can now be registered<br />with many different competing registrars. Go to http://www.internic.net<br />for detailed information.<br /><br /> Domain Name: GUESSINFOSYS.COM<br /> Registrar: GODADDY.COM, LLC<br /> Whois Server: whois.godaddy.com<br /> Referral URL: http://registrar.godaddy.com<br /> Name Server: NS71.DOMAINCONTROL.COM<br /> Name Server: NS72.DOMAINCONTROL.COM<br /> Status: clientDeleteProhibited<br /> Status: clientRenewProhibited<br /> Status: clientTransferProhibited<br /> Status: clientUpdateProhibited<br /> Updated Date: 12-sep-2014<br /> Creation Date: 12-sep-2014<br /> Expiration Date: 12-sep-2015<br /><br />>>> Last update of whois database: Mon, 13 Oct 2014 23:04:03 GMT <<<<br /><br />NOTICE: The expiration date displayed in this record is the date the <br />registrar's sponsorship of the domain name registration in the registry is <br />currently set to expire. This date does not necessarily reflect the expiration <br />date of the domain name registrant's agreement with the sponsoring <br />registrar. Users may consult the sponsoring registrar's Whois database to <br />view the registrar's reported date of expiration for this registration.<br /><br /><br />The Registry database contains ONLY .COM, .NET, .EDU domains and<br />Registrars.<br />Domain Name: GUESSINFOSYS.COM<br />Registry Domain ID: 1875368893_DOMAIN_COM-VRSN<br />Registrar WHOIS Server: whois.godaddy.com<br />Registrar URL: http://www.godaddy.com<br />Update Date: 2014-09-11 23:02:31<br />Creation Date: 2014-09-11 22:52:05<br />Registrar Registration Expiration Date: 2015-09-11 22:52:05<br />Registrar: GoDaddy.com, LLC<br />Registrar IANA ID: 146<br />Registrar Abuse Contact Email: abuse@godaddy.com<br />Registrar Abuse Contact Phone: +1.480-624-2505<br />Domain Status: clientTransferProhibited<br />Domain Status: clientUpdateProhibited<br />Domain Status: clientRenewProhibited<br />Domain Status: clientDeleteProhibited<br />Registry Registrant ID: <br />Registrant Name: paopao sun<br />Registrant Organization: <br />Registrant Street: NO.4-2-401,FengNianCun,DongLi Dist.<br />Registrant City: Tianjin<br />Registrant State/Province: tianjin<br />Registrant Postal Code: 300010<br />Registrant Country: China<br />Registrant Phone: +86.13920258784<br />Registrant Phone Ext: <br />Registrant Fax: +86.13920258784<br />Registrant Fax Ext: <br />Registrant Email: quinnxaa@hotmail.com<br />Registry Admin ID: <br />Admin Name: paopao sun<br />Admin Organization: <br />Admin Street: NO.4-2-401,FengNianCun,DongLi Dist.<br />Admin City: Tianjin<br />Admin State/Province: tianjin<br />Admin Postal Code: 300010<br />Admin Country: China<br />Admin Phone: +86.13920258784<br />Admin Phone Ext: <br />Admin Fax: +86.13920258784<br />Admin Fax Ext: <br />Admin Email: quinnxaa@hotmail.com<br />Registry Tech ID: <br />Tech Name: paopao sun<br />Tech Organization: <br />Tech Street: NO.4-2-401,FengNianCun,DongLi Dist.<br />Tech City: Tianjin<br />Tech State/Province: tianjin<br />Tech Postal Code: 300010<br />Tech Country: China<br />Tech Phone: +86.13920258784<br />Tech Phone Ext: <br />Tech Fax: +86.13920258784<br />Tech Fax Ext: <br />Tech Email: quinnxaa@hotmail.com<br />Name Server: NS71.DOMAINCONTROL.COM<br />Name Server: NS72.DOMAINCONTROL.COM<br />DNSSEC: unsigned<br />URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/<br />Last update of WHOIS database: 2014-10-13T23:00:00Z<br /><br />The data contained in GoDaddy.com, LLC's WhoIs database,<br />while believed by the company to be reliable, is provided "as is"<br />with no guarantee or warranties regarding its accuracy. This<br />information is provided for the sole purpose of assisting you<br />in obtaining information about domain name registration records.<br />Any use of this data for any other purpose is expressly forbidden without the prior written<br />permission of GoDaddy.com, LLC. By submitting an inquiry,<br />you agree to these terms of usage and limitations of warranty. In particular,<br />you agree not to use this data to allow, enable, or otherwise make possible,<br />dissemination or collection of this data, in part or in its entirety, for any<br />purpose, such as the transmission of unsolicited advertising and<br />and solicitations of any kind, including spam. You further agree<br />not to use this data to enable high volume, automated or robotic electronic<br />processes designed to collect or compile this data for any purpose,<br />including mining this data for your own personal or commercial purposes. <br /><br />Please note: the registrant of the domain name is specified<br />in the "registrant" section. In most cases, GoDaddy.com, LLC <br />is not the registrant of domain names listed in this database.<br /><br /><br />
<br />
Smurfmonitorhttp://www.blogger.com/profile/16107249324533319448noreply@blogger.com0