Look-Around Fake IP Jun 2 17:26:12 bunny kernel: AFA04 DEFENSE BANPERM SRC=194.26.29.152 DST=OUR_SERVER LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=50761 PROTO=TCP SPT=58176 DPT=2759 WINDOW=1024 RES=0x00 SYN URGP=0 Jun 2 17:26:17 bunny kernel: AFA04 Syncatch SRC=193.33.231.140 DST=OUR_SERVER LEN=40 TOS=0x00 PREC=0x00 TTL=41 ID=455 PROTO=TCP SPT=27443 DPT=23 WINDOW=56989 RES=0x00 SYN URGP=0 End Trace From 7 EDN-SOVINTE.ear4.Amsterdam1.Level3.net (213.19.197.34) 182.352 ms 182.868 ms 182.122 ms 8 pe01.spb.gldn.net (79.104.229.41) 189.099 ms 183.042 ms pe01.spb.gldn.net (79.104.229.43) 188.044 ms 9 spb-195-190-106-218.sovintel.spb.ru (195.190.106.218) 188.918 ms 188.613 ms 188.739 ms 10 194.26.29.152 (194.26.29.152) 189.209 ms 179.592 ms * [root@bunny httpd]# whois gldn.net [Querying whois.verisign-grs.com] [Redirected to whois.nic.ru] [Querying whois.nic.ru] [whois.nic.ru] Domain Name: GLDN.NET Registry Domain ID: 10989843_DOMAIN_NET-VRSN Registrar WHOIS Server: whois.nic.ru Registrar URL: http://www.nic.ru Creation Date: 1999-10-05T10:48:37Z Registrar Registration Expiration Date: 2022-10-04T21:00:00Z Registrar: Regional Network Information Center, JSC dba RU-CENTER Registrar IANA ID: 463 Registrar Abuse Contact Email: tld-abuse@nic.ru Registrar Abuse Contact Phone: +7.4959944601 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registry Registrant ID: Registrant Name: Public Joint Stock Company "Vimpel-Communications" Registrant Organization: Public Joint Stock Company "Vimpel-Communications" Registrant Street: 8 Marta, 10, stroenie 14 Registrant City: Moscow Registrant Postal Code: 127083 Registrant Country: RU Registrant Phone: +7.4959105956 Registrant Phone Ext: Registrant Fax: +7.4959105943 Registrant Fax Ext: Registrant Email: domain@beeline.ru Registry Admin ID: Admin Name: Public Joint Stock Company "Vimpel-Communications" Admin Organization: Public Joint Stock Company "Vimpel-Communications" Admin Street: 8 Marta, 10, stroenie 14 Admin City: Moscow Admin Postal Code: 127083 Admin Country: RU Admin Phone: +7.4959105956 Admin Phone Ext: Admin Fax: +7.4959105943 Admin Fax Ext: Admin Email: domain@beeline.ru Registry Tech ID: Tech Name: Public Joint Stock Company "Vimpel-Communications" Tech Organization: Public Joint Stock Company "Vimpel-Communications" Tech Street: 8 Marta, 10, stroenie 14 Tech City: Moscow Tech Postal Code: 127083 Tech Country: RU Tech Phone: +7.4959105956 Tech Phone Ext: Tech Fax: +7.4959105943 Tech Fax Ext: Tech Email: domain@beeline.ru Name Server: ns1.gldn.net 194.67.2.108 Name Server: ns2.gldn.net 194.67.2.109 Name Server: ns3.gldn.net 194.67.7.1 DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ For more information on Whois status codes, please visit: https://icann.org/epp >>> Last update of WHOIS database: 2022.06.03T17:24:38Z <<< [root@bunny httpd]# whois spb.ru [Querying whois.tcinet.ru] [whois.tcinet.ru] % By submitting a query to TCI's Whois Service % you agree to abide by the following terms of use: % https://www.tcinet.ru/documents/whois.pdf (in Russian) domain: SPB.RU nserver: ns3-geo.nic.ru. nserver: ns4-geo.nic.ru. nserver: ns8-geo.nic.ru. state: REGISTERED, DELEGATED, VERIFIED org: Foundation for Assistance for Internet Technologies and Infrastructure Development registrar: RU-CENTER-RU admin-contact: https://www.nic.ru/whois created: 1997-03-11T10:18:04Z paid-till: 2023-03-31T21:00:00Z free-date: 2023-05-02 source: TCI Last updated on 2022-06-03T14:21:31Z ### >>> Whois Beeline.ru / ns1.beeline.ru >>> GOVERNMENT OR PRIVATE ENTITY [root@bunny org]# whois beeline.ru [Querying whois.tcinet.ru] [whois.tcinet.ru] % By submitting a query to TCI's Whois Service % you agree to abide by the following terms of use: % https://www.tcinet.ru/documents/whois.pdf (in Russian) domain: BEELINE.RU nserver: ns1.beelinegprs.ru. nserver: ns1.beeline.ru. 217.118.84.9 nserver: ns2.beelinegprs.ru. nserver: ns2.beeline.ru. 217.118.84.65 state: REGISTERED, DELEGATED, VERIFIED org: Vimpel-Communications Public Joint Stock Company registrar: BEELINE-RU admin-contact: http://whois.beeline.ru created: 1997-08-12T16:00:20Z paid-till: 2022-08-31T21:00:00Z free-date: 2022-10-02 source: TCI Last updated on 2022-06-03T14:26:31Z [root@bunny org]# whois beelinegprs.ru. [Querying whois.internic.net] [whois.internic.net] No match for partial domain "BEELINEGPRS.RU". >>> Last update of whois database: 2022-06-03T14:27:58Z <<< NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. [root@bunny org]# nslookup ns1.beelinegprs.ru Server: 24.116.0.53 Address: 24.116.0.53#53 Non-authoritative answer: Name: ns1.beelinegprs.ru Address: 217.118.66.243 [root@bunny org]# traceroute 217.118.66.243 traceroute to 217.118.66.243 (217.118.66.243), 30 hops max, 60 byte packets 1 160-3-25-233.cpe.sparklight.net (160.3.25.233) 2.108 ms 2.828 ms 3.207 ms 2 10.117.178.1 (10.117.178.1) 17.230 ms 19.071 ms 19.908 ms 3 192.168.7.97 (192.168.7.97) 20.182 ms 20.794 ms 20.896 ms 4 10.224.252.217 (10.224.252.217) 36.894 ms 41.861 ms 42.783 ms 5 * * * 6 * * * 7 EDN-SOVINTE.ear4.Amsterdam1.Level3.net (213.19.197.34) 188.307 ms 188.156 ms 188.592 ms 8 pe17.Moscow.gldn.net (79.104.225.133) 178.089 ms 178.487 ms 177.844 ms 9 62.141.73.26 (62.141.73.26) 183.014 ms 183.346 ms 183.446 ms 10 62.141.73.26 (62.141.73.26) 172.508 ms !X * * [root@bunny org]# whois 217.118.66.243 [Querying whois.ripe.net] [whois.ripe.net] % This is the RIPE Database query service. % The objects are in RPSL format. % % The RIPE Database is subject to Terms and Conditions. % See http://www.ripe.net/db/support/db-terms-conditions.pdf % Note: this output has been filtered. % To receive output for a database update, use the "-B" flag. % Information related to '217.118.64.0 - 217.118.67.255' % Abuse contact for '217.118.64.0 - 217.118.67.255' is 'Internet.abuse@beeline.ru' inetnum: 217.118.64.0 - 217.118.67.255 netname: BEEGPRS descr: JSC "VimpelCom" descr: Moscow Russia country: RU admin-c: VLAC1-RIPE tech-c: VLTC1-RIPE status: ASSIGNED PA remarks: ------------ A T T E N T I O N !!! ------------ remarks: Please use remarks: internet.abuse@beeline.ru remarks: fraud@beeline.ru remarks: info@beeline.ru remarks: e-mail addresses for spam and abuse complaints. remarks: Messages to other addresses will be ignored! remarks: ----------------------------------------------- mnt-by: BEE-MNT mnt-lower: BEE-MNT created: 2002-06-19T16:58:34Z last-modified: 2021-10-19T09:57:06Z source: RIPE # Filtered role: VimpelCom LIR Administrative Contact address: JSC "VimpelCom" 8 Marta st., house 10, bldg. 14 127083, Moscow, Russia org: ORG-JA8-RIPE admin-c: DM3740-RIPE admin-c: IAI1-RIPE tech-c: DM3740-RIPE tech-c: IAI1-RIPE nic-hdl: VLAC1-RIPE mnt-by: BEE-MNT created: 2005-07-15T16:04:32Z last-modified: 2021-10-19T09:08:27Z source: RIPE # Filtered role: VimpelCom LIR Technical Contact address: JSC "VimpelCom" 8 Marta st., house 10, bldg. 14 127083, Moscow, Russia org: ORG-JA8-RIPE admin-c: DM3740-RIPE admin-c: IAI1-RIPE tech-c: DM3740-RIPE tech-c: IAI1-RIPE nic-hdl: VLTC1-RIPE mnt-by: BEE-MNT created: 2005-07-15T16:09:14Z last-modified: 2021-10-19T09:09:06Z source: RIPE # Filtered % Information related to '217.118.66.0/24AS16345' route: 217.118.66.0/24 descr: JSC "VimpelCom" origin: AS16345 mnt-by: BEE-MNT created: 2005-05-04T14:34:41Z last-modified: 2005-07-15T17:49:40Z source: RIPE # Filtered % This query was served by the RIPE Database Query Service version 1.103 (ANGUS)