Thursday, September 12, 2013

Domain: xplodin.com

Observed a scan for this domain. No response yet, scan from Ecatel range. Registered at Internet BS with whois guard only a month or so ago. Suspicious maybe?

Source:

80.82.65.204 - Ecatel AS 29073

First seen Sept 11

Response:

None yet... Though Iptable rule below will match any.


IPtables rule:

This rule should match any type of query for this domain:
iptables --insert INPUT -p udp --dport 53 -m u32 --u32 "0x28&0xFFDFDFDF=0x0758504c && 0x2c&0xDFDFDFDF=0x4f44494e && 0x30&0xFFDFDFDF=0x03434f4d" -j DROP -m comment --comment "DROP DNS Q xplodin.com"

More rules here

Name servers:

DNS1: ns1.xplodin.com
DNS2: ns2.xplodin.com


Whois:

Domain xplodin.com

 Date Registered: 2013-6-28
Expiry Date: 2014-6-28

 DNS1: ns1.xplodin.com
DNS2: ns2.xplodin.com

 Registrant
    Fundacion Private Whois
    Domain Administrator
    Email:52308847s2zgfym4@5225b4d0pi3627q9.privatewhois.net
    Attn: xplodin.com
    Aptds. 0850-00056
    Zona 15 Panama
    Panama
    Tel: +507.65995877

 Administrative Contact
    Fundacion Private Whois
    Domain Administrator
    Email:52308847ktnbfig6@5225b4d0pi3627q9.privatewhois.net
    Attn: xplodin.com
    Aptds. 0850-00056
    Zona 15 Panama
    Panama
    Tel: +507.65995877

 Technical Contact
    Fundacion Private Whois
    Domain Administrator
    Email:52308847gwgwphk9@5225b4d0pi3627q9.privatewhois.net
    Attn: xplodin.com
    Aptds. 0850-00056
    Zona 15 Panama
    Panama
    Tel: +507.65995877

 Registrar: Internet.bs Corp.
Registrar's Website : <a href='http://www.internetbs.net/'>http://www.internetbs.net/</a>
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)