QUOTE
Registrant:
Domains by Proxy, Inc.
DomainsByProxy.com
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale, Arizona 85260
United States
Registered through: GoDaddy.com
Domain Name: DEVIL360.COM
Created on: 06-Apr-06
Expires on: 06-Apr-07
Last Updated on: 12-Apr-06
Administrative Contact:
Private, Registration
[email protected] Domains by Proxy, Inc.
DomainsByProxy.com
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale, Arizona 85260
United States
(480) 624-2599
Technical Contact:
Private, Registration
[email protected] Domains by Proxy, Inc.
DomainsByProxy.com
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale, Arizona 85260
United States
(480) 624-2599
Domain servers in listed order:
NS1.DEVIL360.COM
NS2.DEVIL360.COM
Dead end.. DomainsByProxy.com is used to hide the users info.. But then i noticed that they were running their own NS..
QUOTE
[root@xserv root]# ping ns1.devil360.com
PING ns1.devil360.com (217.73.17.126) 56(84) bytes of data.
64 bytes from 217.73.17.126: icmp_seq=0 ttl=45 time=152 ms
64 bytes from 217.73.17.126: icmp_seq=1 ttl=45 time=151 ms
--- ns1.devil360.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 151.270/151.971/152.673/0.802 ms, pipe 2
[root@xserv root]#
[root@xserv root]# ping ns2.devil360.com
PING ns2.devil360.com (217.73.17.128) 56(84) bytes of data.
--- ns2.devil360.com ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 1999ms
Then to see if they were running DNS off their server i pinged the website
QUOTE
[root@xserv root]# ping devil360.com
PING devil360.com (217.73.17.126) 56(84) bytes of data.
64 bytes from 217.73.17.126: icmp_seq=0 ttl=45 time=151 ms
64 bytes from 217.73.17.126: icmp_seq=1 ttl=45 time=173 ms
W00t matchs the 1st name server!..
So who owns 217.73.17.126?
Well according to
http://www.dnsstuff....p=217.73.17.126QUOTE
% This is the RIPE Whois query server #1.
% The objects are in RPSL format.
%
% Note: the default output of the RIPE Whois server
% is changed. Your tools may need to be adjusted. See
%
http://www.ripe.net/...l-20050331.html% for more details.
%
% Rights restricted by copyright.
% See
http://www.ripe.net/db/copyright.html% Information related to '217.73.16.0 - 217.73.23.255'
inetnum: 217.73.16.0 - 217.73.23.255
netname: SK-VNET
descr: VNET s. r. o.
descr: Bratislava
country: SK
admin-c: VN666-RIPE
tech-c: VN666-RIPE
status: ASSIGNED PA
notify: ****@vnet.sk
mnt-by: VNET-MNT
changed: ******@vnet.sk 20030828
source: RIPE
person: Vojtech Nemeth
address: VNET s. r. o.
address: Repasskeho 2
address: Bratislava
address: 84102
address: Slovakia
phone: +421 903 448844
fax-no: +421 2 5292 6151
e-mail: *****@vnet.sk
nic-hdl: VN666-RIPE
mnt-by: VNET-MNT
changed: ******@vnet.sk 20050603
source: RIPE
% Information related to '217.73.16.0/20AS29405'
route: 217.73.16.0/20
descr: VNET s. r. o.
origin: AS29405
mnt-by: VNET-MNT
changed: ******@vnet.sk 20030911
source: RIPE
Hrm Slovakia? Strange...
Lemme dig deeper..
http://www.dnsstuff....n=217.73.17.126QUOTE
IP address: 217.73.17.126
Reverse DNS: [No reverse DNS entry per ns.vnet.sk.]
Reverse DNS authenticity: [Unknown]
ASN: 29405
ASN Name: VNET-AS (VNET ISP Bratislava, Slovakia, SK)
IP range connectivity: 2
Registrar (per ASN): RIPE
Country (per IP registrar): SK [Slovakia]
Country Currency: SKK [Slovakia Koruny]
Country IP Range: 217.73.16.0 to 217.73.31.255
Country fraud profile: High
City (per outside source): Unknown
Private (internal) IP? No
IP address registrar: whois.ripe.net
Known Proxy? No
Well pretty much all i know is they have a high fraud profile.. What ever that means ;-P the company that hosts devil 360 or at least owns the IP address is..
http://ns.vnet.sk/ so there ya go.. Off to bed.. Gnite