When a nameserver is vulnerable to DROWn all further “up” becomes vulnerable as well: https://test.drownattack.com/?site=dns1.namecheaphosting.com so reverse DNS is also vulnerable, let’s see: dang! → https://test.drownattack.com/?site=p28.web-hosting.com
Where is this insecurity: http://killmalware.com/klovni.com/ → http://toolbar.netcraft.com/site_report?url=http://klovni.com
So we check this uri: http://p28.web-hosting.com/cgi-sys/defaultwebpage.cgi
See: https://documentation.cpanel.net/display/CKB/How%20To%20Clear%20Your%20DNS%20Cache
See: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fklovni.com%2F
and http://www.domxssscanner.com/scan?url=http%3A%2F%2Fp28.web-hosting.com%2Fcgi-sys%2Fdefaultwebpage.cgi
For IP badness see: https://www.virustotal.com/nl/ip-address/198.54.116.13/information/
polonus