Quote:
Originally Posted by teckk
https://www.abuseipdb.com/check/5.188.62.26
Why are you on the internet logged in a root?
I don't know what you have.
Try without dns lookup.
Code:
traceroute 5.188.62.26
nmap -Pn --dns-servers 77.88.8.88 projsend4.ru
nmap -Pn --dns-servers 77.88.8.88 5.188.62.26
nslookup 5.188.62.26
dig @77.88.8.88 5.188.62.26
dig @77.88.8.88 projsend4.ru
Give more info.
|
Yes, yo're right regarding the usage of root, but this simplify package installation and some packages require to establish manual the rights on directories.
Here are the results - in same order:
traceroute 5.188.62.26
traceroute to 5.188.62.26 (5.188.62.26), 30 hops max, 60 byte packets
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
nmap -Pn --dns-servers 77.88.8.88 projsend4.ru
Starting Nmap 7.70 (
https://nmap.org ) at 2022-11-14 19:52 EET
Nmap scan report for projsend4.ru (
92.80.234.120)
Host is up (0.0000050s latency).
rDNS record for 92.80.234.120:
mail.mastersystem.ro
Not shown: 989 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
80/tcp open http
389/tcp open ldap
443/tcp open https
465/tcp open smtps
587/tcp open submission
3306/tcp open mysql
7025/tcp open vmsvc-2
8443/tcp open https-alt
Nmap done: 1 IP address (1 host up) scanned in 2.26 seconds
nmap -Pn --dns-servers 77.88.8.88 5.188.62.26
Starting Nmap 7.70 (
https://nmap.org ) at 2022-11-14 19:52 EET
Nmap scan report for projsend4.ru (5.188.62.26)
Host is up (0.061s latency).
Not shown: 997 filtered ports
PORT STATE SERVICE
3306/tcp open mysql
3389/tcp open ms-wbt-server
5357/tcp open wsdapi
Nmap done: 1 IP address (1 host up) scanned in 10.81 seconds
NOTE: seems to be a Windows workstation or server. The port 3389 are accessible with no firewall enabled; I tried to connect and was return me the window to enter the connection credentials. Weak...
nslookup 5.188.62.26
26.62.188.5.in-addr.arpa name = projsend4.ru.
Authoritative answers can be found from:
dig @77.88.8.88 projsend4.ru
; <<>> DiG 9.11.36-RedHat-9.11.36-3.el8_6.1 <<>> @77.88.8.88 projsend4.ru
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 61363
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;projsend4.ru. IN A
;; AUTHORITY SECTION:
ru. 1533 IN SOA a.dns.ripn.net. hostmaster.ripn.net. 4053554 86400 14400 2592000 3600
;; Query time: 75 msec
;; SERVER: 77.88.8.88#53(77.88.8.88)
;; WHEN: Mon Nov 14 19:49:55 EET 2022
;; MSG SIZE rcvd: 102
dig @77.88.8.88 5.188.62.26
; <<>> DiG 9.11.36-RedHat-9.11.36-3.el8_6.1 <<>> @77.88.8.88 5.188.62.26
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 25235
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;5.188.62.26. IN A
;; AUTHORITY SECTION:
. 2042 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2022111401 1800 900 604800 86400
;; Query time: 72 msec
;; SERVER: 77.88.8.88#53(77.88.8.88)
;; WHEN: Mon Nov 14 19:51:34 EET 2022
;; MSG SIZE rcvd: 115
I have no clue what could be. I'm thinking that could be a problem at Cloudflare DNS, since if i stop DNS service and make a interrogation the things are same.
BR
Alex