Thursday, December 17, 2015

Clintonemail.com Server Port Scans, DiG DNS Lookups, Nmap Scan


I did these scans on March 23, 2015. I've had this saved in my blogger drafts for awhile, but I thought I would go ahead and release it. Note that there's no RDP port open, as was reported. It was probably closed soon after clintonemail.com reached the news. All ports were closed, apparently.




C:\Documents and Settings\newadmin>dig clintonemail.com any

; <<>> DiG 9.9.5 <<>> clintonemail.com any
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- 61432="" id:="" noerror="" opcode:="" p="" query="" status:="">;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;clintonemail.com.              IN      ANY

;; ANSWER SECTION:
clintonemail.com.       7199    IN      NS      ns16.worldnic.com.
clintonemail.com.       7199    IN      NS      ns15.worldnic.com.
clintonemail.com.       7199    IN      MX      10 clintonemail.com.inbound10.mxlogicmx.net.
clintonemail.com.       7199    IN      SOA     ns15.worldnic.com. namehost.worldnic.com. 114021113 10800 3600 604800 3600

clintonemail.com.       7199    IN      MX      10 clintonemail.com.inbound10.mxlogic.net.
clintonemail.com.       7199    IN      A       208.91.197.27

;; Query time: 78 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mon Mar 23 12:31:50 Eastern Daylight Time 2015
;; MSG SIZE  rcvd: 260






C:\Documents and Settings\newadmin>nslookup -type=mx clintonemail.com
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
clintonemail.com        MX preference = 10, mail exchanger = clintonemail.com.inbound10.mxlogic.net
clintonemail.com        MX preference = 10, mail exchanger = clintonemail.com.inbound10.mxlogicmx.net

C:\Documents and Settings\newadmin>nmap -sT clintonemail.com.inbound10.mxlogicmx.net clintonemail.com.inbound10.mxlogic.ne
t -vv -p 443,110,25,2525,465,587,993,995

Starting Nmap 6.01 ( http://nmap.org ) at 2015-03-23 12:38 Eastern Daylight Time
Warning: Hostname clintonemail.com.inbound10.mxlogicmx.net resolves to 2 IPs. Using 208.65.145.2.
Warning: Hostname clintonemail.com.inbound10.mxlogic.net resolves to 4 IPs. Using 208.65.144.3.
Initiating Ping Scan at 12:38
Scanning 2 hosts [4 ports/host]
Completed Ping Scan at 12:38, 0.27s elapsed (2 total hosts)
Initiating Parallel DNS resolution of 2 hosts. at 12:38
Completed Parallel DNS resolution of 2 hosts. at 12:39, 11.09s elapsed
Initiating Connect Scan at 12:39
Scanning 2 hosts [8 ports/host]
Completed Connect Scan at 12:39, 3.00s elapsed (16 total ports)
Nmap scan report for clintonemail.com.inbound10.mxlogicmx.net (208.65.145.2)
Host is up (0.047s latency).
Other addresses for clintonemail.com.inbound10.mxlogicmx.net (not scanned): 208.65.144.2
rDNS record for 208.65.145.2: mxl145v2.mxlogic.net
Scanned at 2015-03-23 12:38:54 Eastern Daylight Time for 15s
PORT     STATE    SERVICE
25/tcp   filtered smtp
110/tcp  filtered pop3
443/tcp  filtered https
465/tcp  filtered smtps
587/tcp  filtered submission
993/tcp  filtered imaps
995/tcp  filtered pop3s
2525/tcp filtered ms-v-worlds

Nmap scan report for clintonemail.com.inbound10.mxlogic.net (208.65.144.3)
Host is up (0.047s latency).
Other addresses for clintonemail.com.inbound10.mxlogic.net (not scanned): 208.65.145.3 208.65.145.2 208.65.144.2
rDNS record for 208.65.144.3: mxl144v3.mxlogic.net
Scanned at 2015-03-23 12:38:54 Eastern Daylight Time for 14s
PORT     STATE    SERVICE
25/tcp   filtered smtp
110/tcp  filtered pop3
443/tcp  filtered https
465/tcp  filtered smtps
587/tcp  filtered submission
993/tcp  filtered imaps
995/tcp  filtered pop3s
2525/tcp filtered ms-v-worlds

Read data files from: C:\Program Files\Nmap
Nmap done: 2 IP addresses (2 hosts up) scanned in 14.80 seconds
           Raw packets sent: 8 (304B) | Rcvd: 2 (72B)


1 comment:

Kevin Taylor said...

Thats because that is an mxlogic spam service, you are not scanning her personal server.