|
![]() |
|||||||
![]()
![]()
![]() |
![]() The domain kodulehed.top, owned by Mihail Fortis and used to host spammed content, has Whois with DNS servers shown as ns1.kodulehed.top and ns2.kodulehed.top. Neither of these hostnames exists in DNS for that domain, and neither host resolves. Nonetheless kodulehed.top resolves, as shown by its A and MX records. This is how that trick works: WHOIS: $ whois kodulehed.top [Querying whois.nic.top] [whois.nic.top] Domain Name: kodulehed.top Domain ID: D20160115G10001G_54151101-TOP WHOIS Server: whois.publicdomainregistry.com Referral URL: http://publicdomainregistry.com Updated Date: 2016-07-07T12:17:21Z Creation Date: 2016-01-15T08:27:02Z Registry Expiry Date: 2017-01-15T08:27:02Z Sponsoring Registrar: PDR Ltd Sponsoring Registrar IANA ID: 303 Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited Registrant ID: di_49801441 Registrant Name: Aleksandr Trubin Registrant Organization: Private person Registrant Street: Slavjanskii bulvar 12-4 Registrant City: Moscow Registrant State/Province: Moscow Registrant Postal Code: 121352 Registrant Country: RU Registrant Phone: +7.4957547745 Registrant Phone Ext: Registrant Fax: +7.4957547745 Registrant Fax Ext: Registrant Email: domain.confirmation@secretary.net Admin ID: di_49801441 Admin Name: Aleksandr Trubin Admin Organization: Private person Admin Street: Slavjanskii bulvar 12-4 Admin City: Moscow Admin State/Province: Moscow Admin Postal Code: 121352 Admin Country: RU Admin Phone: +7.4957547745 Admin Phone Ext: Admin Fax: +7.4957547745 Admin Fax Ext: Admin Email: domain.confirmation@secretary.net Tech ID: di_49801441 Tech Name: Aleksandr Trubin Tech Organization: Private person Tech Street: Slavjanskii bulvar 12-4 Tech City: Moscow Tech State/Province: Moscow Tech Postal Code: 121352 Tech Country: RU Tech Phone: +7.4957547745 Tech Phone Ext: Tech Fax: +7.4957547745 Tech Fax Ext: Tech Email: domain.confirmation@secretary.net Name Server: ns2.kodulehed.top Name Server: ns1.kodulehed.top DNSSEC: unsigned SPECIFIED NAMESERVERS DO NOT RESOLVE: $ host ns1.kodulehed.top Host ns1.kodulehed.top not found: 3(NXDOMAIN) $ host ns2.kodulehed.top Host ns2.kodulehed.top not found: 3(NXDOMAIN) DOMAIN A AND MX RECORDDS RESOLVE: $ host kodulehed.top kodulehed.top has address 87.244.183.155 kodulehed.top mail is handled by 20 mail.kodulehed.top. kodulehed.top mail is handled by 10 mail.kodulehed.top. $ host mail.kodulehed.top mail.kodulehed.top has address 87.244.183.155 FINDING .TOP TLD ROOT NAMSERVERS: $ dig top ; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.3 <<>> top ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5668 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;top. IN A ;; AUTHORITY SECTION: top. 3600 IN SOA a.zdnscloud.com. td_dns_gtld.knet.cn. 2460022958 10800 3600 1209600 3600 ;; Query time: 160 msec ;; SERVER: 173.255.243.5#53(173.255.243.5) ;; WHEN: Tue Jul 26 22:14:47 UTC 2016 ;; MSG SIZE rcvd: 102 FINDING .TOP ROOT RECORDS FOR kodulehed.top: $ dig ns @a.zdnscloud.com kodulehed.top ; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.3 <<>> ns @a.zdnscloud.com kodulehed.top ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20520 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 7 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;kodulehed.top. IN NS ;; AUTHORITY SECTION: kodulehed.top. 3600 IN NS ns2.kodulehed.top. kodulehed.top. 3600 IN NS ns1.kodulehed.top. ;; ADDITIONAL SECTION: ns1.kodulehed.top. 3600 IN A 91.203.142.118 ns1.kodulehed.top. 3600 IN A 87.244.183.155 ns1.kodulehed.top. 3600 IN A 91.203.141.192 ns2.kodulehed.top. 3600 IN A 87.244.183.155 ns2.kodulehed.top. 3600 IN A 91.203.141.192 ns2.kodulehed.top. 3600 IN A 91.203.142.118 ;; Query time: 163 msec ;; SERVER: 1.8.240.1#53(1.8.240.1) ;; WHEN: Tue Jul 26 22:15:32 UTC 2016 ;; MSG SIZE rcvd: 174 FINDING DNS FOR kodulehed.top: $ dig ns kodulehed.top ; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.3 <<>> ns kodulehed.top ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34663 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;kodulehed.top. IN NS ;; ANSWER SECTION: kodulehed.top. 3600 IN NS ns1.pirathost.pro. kodulehed.top. 3600 IN NS ns2.pirathost.pro. ;; Query time: 1229 msec ;; SERVER: 173.255.244.5#53(173.255.244.5) ;; WHEN: Tue Jul 26 22:06:47 UTC 2016 ;; MSG SIZE rcvd: 91 |
||||||
![]() The Register of Known Spam Operations (ROKSO) collates information and evidence on entities with a history of spamming or providing spam services, and entities affiliated or otherwise connected with them, for the purpose of assisting ISP Abuse Desks and Law Enforcement Agencies. |
![]() |
|