[outages] NameCheap down, was it hacked?
Filip Hruska
fhr at fhrnet.eu
Fri Feb 20 12:45:18 EST 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
It didn't work for me two minutes ago. Same CloudFlare error. Now it
works.
I live in Czech Republic.
To the notification:
It is weird. It looks like the change came from their private network
(judging by the fact that it states "IP Address : 192.168.1.10")
On 20.2.2015 18:18, Chuck Anderson via Outages wrote:
> It looks like NameCheap is down. It may have been hacked, because
> I got a Security Notification from them about a domain I have.
>
> https://www.namecheap.com/
>
> Website is offline
>
> No cached version of this page is available. Error 522 Ray ID:
> 1bbc4b52c02609be Connection timed out
>
>
>
> http://downforeveryoneorjustme.com/www.namecheap.com
>
> It's not just you! http://www.namecheap.com looks down from here.
>
> Check another site?
>
>
>
> The e-mail says:
>
> Received: from mta.messagebus.com (mba1056.namecheap.messagebus.com
> [108.175.18.57]) From: "Namecheap.com - Security Notification"
> <support at namecheap.com> Subject: Security Notification
>
> ----------------------------------------------------------------------
>
>
Namecheap.com
> Activity Notification
> ----------------------------------------------------------------------
>
>
Dear <name>
>
> There was some activity in your namecheap account. Information on
> what type of change occurred is available below.
>
> Notification For : HOSTS Date : 2/20/2015 11:36:09 AM IP Address :
> 192.168.1.10 Username : <username> Domain (if relevant) :
> <domain>.org
>
>
> Old Details -----------
>
> Host Information ------------------
>
> New Details -----------
>
> Host Information ------------------
>
> Name: www Type: CNAME Address:parkingpage.namecheap.com. Name: @
> Type: URL Address: http://www.<domain>.org/?from=@
>
> Additional Information ---------------------- N/A
>
>
> Thanks, Namecheap.com http://www.namecheap.com
>
>
>
>> host 108.175.18.57
> 57.18.175.108.in-addr.arpa domain name pointer
> mba1056.namecheap.messagebus.com.
>> whois 108.175.18.57
> [Querying whois.arin.net] [Redirected to
> whois.messagebus.com:4321] [Querying whois.messagebus.com]
> [whois.messagebus.com] %rwhois V-1.5:003fff:00
> rwhois.messagebus.com (by Network Solutions, Inc. V-1.5.10-pre6)
> network:Class-Name:network
> network:ID:MESSAGEBUS-BLOCK1.108.175.16.0/20
> network:Auth-Area:108.175.16.0/20
> network:Network-Name:MESSAGEBUS-BLOCK1.108.175.106.0
> network:IP-Network:108.175.16.0/20
> network:IP-Network-Block:108.175.16.0-108.175.24.0
> network:Organization;I:Message Bus
> network:Tech-Contact;I:hostmaster at labs.messagebus.com
> network:Admin-Contact;I:hostmaster at labs.messagebus.com
> network:Created:20120706 network:Updated:20130313
> network:Updated-By:hostmaster at labs.messagebus.com
>
> %referral
> rwhois://whois.messagebus.com:4321/auth-area=108.175.16.0/20
> _______________________________________________ Outages mailing
> list Outages at outages.org
> https://puck.nether.net/mailman/listinfo/outages
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJU53KuAAoJEObs12Sa+0zUKeQP/1x1V5lN1Ho8OrEuWAO7KXSm
CFQWkL8oLtVRAPs4XOu/vjg0AeN6nREPC9Szh/t/OdNx1JS7fixvraGmLNo7eRkE
bE7yjobqshgA2D4OG1eGajBG3e20aq+R11msKnx0TtAVlJevSHUlOZxhAiKbVjjW
RQzpEx+IQ853G2Eg7o0IUK7L/5r7OVviBNghKKh6L5bGip++Xr1dIlJqzry162J/
UC1DdyyFi0ySFA/LtbBI4f3rQJ/lGzCSLKQkJaD1+Q8KdLAUz/LG/rYCkLucg57f
OKvc+ZxoBt9LMpK3+50VkbPnXBbA1Zt1iNimIO06JLPyAQpFqiT4orESuxtxcMMb
+zR69rF60BvE/56Y5s3Un96BfQbYrKBv3FIlqqR08Hqh3h++KzExyb4QLVsBx7Lf
vAdCVBt1/j1DWGw29/A3h9i/1yD56IkKwl6LpcjeFIMs6dfZXaB0hbCZ4m2u+3ew
0tZ79ZPQi4ZCA59u7OKGngmF05Q3ISazxl7DqyT28W5/n+GXDpdh6+dwYGVqDmVT
EGxCCsHukybcBJZNv3Uemia3Dn0qfUAY5HvLwCakvByJbyaBSNOG+y9DRos/0NaH
CNRAZxz7q2VhGzc3Jr/uuJxUTjhxWFJBk56A+g1VpmlohgsTn6+2XQKyLD3Lc5g9
2mYvSq0bJkmRAYNpvORB
=RJJV
-----END PGP SIGNATURE-----
More information about the Outages
mailing list