Why is my traceroute going to a hacker site?

When I do a traceroute on my website: springfield-ohio-post.com why does it go to a hack site?

Here is the output of the traceroute (notice that cloudflare doesn’t seem to be in the loop:
hacked

Recently someone had hacked my manta, google, 4 yandex accounts, and about half-a-dozen other accounts (must have been a job) so I’m playing catch-up this week.
Any help would be much appreciated.

Hacker site? What do you mean?

You domain is proxied, so a traceroute should go to 104.28.4.102.

Where did you check that, respectively post a complete screenshot.

I performed the traceroute within my own server as the screenshot should indicate (i.e. 192.168.1.254 is my modem).
Did you get something different than this?
hacked
I already rebooted the modem and left off a few devices to no avail. I don’t see cloudflare in the loop. There is only 6 hops from my location to the end which is gtt.net and not cloudflare.

Again

Is that output the full output?

Is that a desktop application?

Yes, 6 hops is the full output.
Yes, it is a desktop application.
It is from within the server itself which only allows cloudflare connections in (to the best of my knowledge)

In that case run these two commands and post their output here.

ping springfield-ohio-post.com
nslookup springfield-ohio-post.com

It would seem as if your domain does not resolve properly.

ping springfield-ohio-post.com
PING springfield-ohio-post.com (104.28.4.102) 56(84) bytes of data.
64 bytes from 104.28.4.102: icmp_seq=1 ttl=55 time=36.8 ms
64 bytes from 104.28.4.102: icmp_seq=2 ttl=55 time=33.3 ms
64 bytes from 104.28.4.102: icmp_seq=3 ttl=55 time=33.7 ms
64 bytes from 104.28.4.102: icmp_seq=4 ttl=55 time=32.0 ms
64 bytes from 104.28.4.102: icmp_seq=5 ttl=55 time=33.6 ms
64 bytes from 104.28.4.102: icmp_seq=6 ttl=55 time=31.9 ms
64 bytes from 104.28.4.102: icmp_seq=7 ttl=55 time=33.9 ms
64 bytes from 104.28.4.102: icmp_seq=8 ttl=55 time=34.0 ms
64 bytes from 104.28.4.102: icmp_seq=9 ttl=55 time=33.1 ms
64 bytes from 104.28.4.102: icmp_seq=10 ttl=55 time=32.4 ms
64 bytes from 104.28.4.102: icmp_seq=11 ttl=55 time=32.6 ms
64 bytes from 104.28.4.102: icmp_seq=12 ttl=55 time=32.7 ms
64 bytes from 104.28.4.102: icmp_seq=13 ttl=55 time=33.8 ms
64 bytes from 104.28.4.102: icmp_seq=14 ttl=55 time=31.8 ms

nslookup springfield-ohio-post.com
Server: 127.0.1.1
Address: 127.0.1.1#53

Non-authoritative answer:
Name: springfield-ohio-post.com
Address: 104.28.4.102
Name: springfield-ohio-post.com
Address: 104.28.5.102

This appears to be fine, right?

Yes, that looks all right.

Lets try next a command line traceroute

traceroute springfield-ohio-post.com

1 192.168.1.254 (192.168.1.254) 0.576 ms 1.135 ms 1.534 ms
2 76-243-32-1.lightspeed.cntmoh.sbcglobal.net (76.243.32.1) 24.249 ms 24.813 ms 35.280 ms
3 75.14.96.61 (75.14.96.61) 27.751 ms 28.216 ms 29.175 ms
4 12.123.159.246 (12.123.159.246) 45.316 ms 45.853 ms 46.414 ms
5 cgcil403igs.ip.att.net (12.122.133.33) 42.142 ms 46.992 ms 43.748 ms
6 ae16.cr7-chi1.ip4.gtt.net (173.241.128.29) 44.508 ms 32.134 ms 32.827 ms
7 cloudflare-gw.cr8-chi1.ip4.gtt.net (69.174.23.14) 34.225 ms 35.133 ms 36.157 ms
8 104.28.4.102 (104.28.4.102) 35.660 ms 36.503 ms 38.069 ms

This appears fine also? I don’t get it…why would there be different results from a program that comes pre-installed on the os and why would it yeild different results?
I still see gtt.net in the loop

Well, the screenshot you posted seems to show the same path, though incomplete.

So it all looks all right.

1 Like

THANKS AGAIN SANDRO!

You must live on here ":wink:

This topic was automatically closed after 30 days. New replies are no longer allowed.