zlacker

[parent] [thread] 0 comments
1. obitua+(OP)[view] [source] 2023-08-02 16:52:16
Strangely, I get a Russian IP address for an answer when I query 1.1.1.1 for archive.is:

    ┌─(~/Projects/malware/triangulation)(ruby-2.5.0)────────────────────────────────────────────────────────────────────(c@c:s001)─┐
    └─(12:32:59)──> nslookup archive.is 1.1.1.1                                                                          ──(Wed,Aug02)─┘
    Server:        1.1.1.1
    Address:    1.1.1.1#53

    Non-authoritative answer:
    Name:    archive.is
    Address: 89.253.237.217

    ┌─(~/Projects/malware/triangulation)(ruby-2.5.0)────────────────────────────────────────────────────────────────────(c@c:s001)─┐
    └─(12:38:12)──> nslookup archive.is 1.0.0.1                                                                          ──(Wed,Aug02)─┘
    Server:        1.0.0.1
    Address:    1.0.0.1#53

    Non-authoritative answer:
    Name:    archive.is
    Address: 89.253.237.217

    ┌─(~/Projects/malware/triangulation)(ruby-2.5.0)────────────────────────────────────────────────────────────────────(c@c:s001)─┐
    └─(12:38:14)──> whois 89.253.237.217                                                                                 ──(Wed,Aug02)─┘
    % IANA WHOIS server
    % for more information on IANA, visit http://www.iana.org
    % This query returned 1 object

    refer:        whois.ripe.net

    inetnum:      89.0.0.0 - 89.255.255.255
    organisation: RIPE NCC
    status:       ALLOCATED

    whois:        whois.ripe.net

    changed:      2005-06
    source:       IANA

    # whois.ripe.net

    inetnum:        89.253.232.0 - 89.253.239.255
    org:            ORG-RL31-RIPE
    netname:        RU-RUSONYX-NET6
    descr:          Network for Rusonyx infrastructure
    country:        RU
    mnt-lower:      MNT-RUSONYX
    mnt-routes:     MNT-RUSONYX
    admin-c:        VZ1716-RIPE
    admin-c:        VZ1717-RIPE
    tech-c:         VZ1716-RIPE
    status:         ASSIGNED PA
    mnt-by:         MNT-RUSONYX
    created:        2018-10-10T09:53:33Z
    last-modified:  2018-10-16T12:37:40Z
    source:         RIPE # Filtered

    organisation:   ORG-RL31-RIPE
    org-name:       Rusonyx, Ltd.
    country:        RU
    org-type:       LIR
    address:        5th st. Yamskogo Polya, 9, office 19
    address:        125040
    address:        Moscow
    address:        RUSSIAN FEDERATION
    phone:          +74951370701
    fax-no:         +74951370701
    mnt-ref:        RIPE-NCC-HM-MNT
    mnt-ref:        MNT-RUSONYX
    mnt-by:         RIPE-NCC-HM-MNT
    mnt-by:         MNT-RUSONYX
    abuse-c:        AD11015-RIPE
    created:        2006-08-18T09:59:51Z
    last-modified:  2022-10-06T11:18:08Z
    source:         RIPE # Filtered

    person:         Viktor Zverkov
    address:        P.O. Box 19
    address:        127137, Moscow, Russia
    address:        Rusonyx ltd.
    phone:          +7 495 5089959
    nic-hdl:        VZ1716-RIPE
    mnt-by:         MNT-RUSONYX
    created:        2017-09-20T11:29:16Z
    last-modified:  2022-07-05T14:00:10Z
    source:         RIPE

    person:         Viktor Zaytsev
    address:        P.O. Box 19 , Russia
    address:        127137, Moscow
    address:        Rusonyx ltd.
    phone:          +7 495 5089959
    nic-hdl:        VZ1717-RIPE
    mnt-by:         MNT-RUSONYX
    mnt-by:         AM65535-MNT
    created:        2017-09-20T11:54:54Z
    last-modified:  2018-08-02T17:21:31Z
    source:         RIPE

    % Information related to '89.253.232.0/21AS41535'

    route:          89.253.232.0/21
    descr:          RUSONYX-RU
    origin:         AS41535
    mnt-by:         MNT-RUSONYX
    created:        2017-11-24T09:34:37Z
    last-modified:  2017-11-24T09:34:37Z
    source:         RIPE

    % This query was served by the RIPE Database Query Service version 1.107 (DEXTER)
Not sure why this would be happening (looks like at least one other person in the thread is seeing same result).
[go to top]