Solved distrowatch@"triolan" ISP (ua) -> Unable to connect. tor-browser only?

USerID

USerID

This is the first time I see a site unavailable in browsers (Firefox, Falkon). Console links browser --> "connection refused".
The site is only visible through tor-browser.
Has the provider overdone it with security?
Here are the details:
# ping distrowatch.com
Bash: 
PING distrowatch.com (82.103.129.71): 56 data bytes
64 bytes from 82.103.129.71: icmp_seq=0 ttl=57 time=44.952 ms

# nmap -sn distrowatch.com
Bash: 
Starting Nmap 7.94 ( https://nmap.org ) at 2025-08-16 08:32 EEST
Nmap scan report for distrowatch.com (82.103.129.71)
Host is up (0.045s latency).
Other addresses for distrowatch.com (not scanned): 2a00:9080:1:58a::1
rDNS record for 82.103.129.71: e82-103-129-71s.asergo.com
Nmap done: 1 IP address (1 host up) scanned in 0.16 seconds

# dig distrowatch.com
Code: 
; <<>> DiG 9.20.11 <<>> distrowatch.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 643
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;distrowatch.com.        IN    A

;; ANSWER SECTION:
distrowatch.com.    9823    IN    A    82.103.129.71

;; Query time: 19 msec
;; SERVER: 8.8.8.8#53(8.8.8.8) (UDP)
;; WHEN: Sat Aug 16 08:33:02 EEST 2025
;; MSG SIZE  rcvd: 60

# netstat -rn
Code: 
Routing tables

Internet:
Destination        Gateway            Flags         Netif Expire
default            172.28.234.254     UGS             re0
127.0.0.1          link#2             UH              lo0
172.28.234.0/24    link#1             U               re0
172.28.234.142     link#2             UHS             lo0

Internet6:
Destination                       Gateway                       Flags         Netif Expire
::/96                             link#2                        URS             lo0
::1                               link#2                        UHS             lo0
::ffff:0.0.0.0/96                 link#2                        URS             lo0
fe80::%lo0/10                     link#2                        URS             lo0
fe80::%lo0/64                     link#2                        U               lo0
fe80::1%lo0                       link#2                        UHS             lo0
ff02::/16                         link#2                        URS             lo0

# traceroute distrowatch.com
Code: 
traceroute to distrowatch.com (82.103.129.71), 64 hops max, 40 byte packets
 1  172.28.234.254 (172.28.234.254)  0.176 ms  0.171 ms  0.207 ms
 2  10.96.100.254 (10.96.100.254)  4.920 ms  0.278 ms  0.228 ms
 3  ams-ix.1-ix.net (185.1.254.7)  40.238 ms  40.328 ms  81.123 ms
 4  ams-ix.gc-net.eu (80.249.208.96)  40.400 ms  40.144 ms  40.117 ms
 5  194.182.97.204 (194.182.97.204)  41.539 ms  41.629 ms  41.442 ms
 6  194.182.97.202 (194.182.97.202)  40.960 ms  41.066 ms  40.898 ms
 7  ae0-0.hamb2p1de.gc-net.eu (212.98.119.123)  42.401 ms  42.251 ms  43.870 ms
 8  be2.taas11p2dk.gc-net.eu (194.182.97.240)  42.286 ms  42.411 ms  42.278 ms
 9  be2.glos57p2dk.gc-net.eu (194.182.97.243)  42.880 ms  42.887 ms  42.944 ms
10  e82-103-129-71s.asergo.com (82.103.129.71)  45.268 ms  45.036 ms  45.314 ms
 
Yes, thank you! I understand you. But there is one more thing...

Even large providers often commit the following sin:
when we connected to the national operator "Ukrtelecom" and asked
to rent 1 public IP, they gave us a "red" IP (on the black list).
That is, this "red" IP was already owned by someone, then they refused the address, but the provider or company did not dare to "pull"
this address from the database.
I asked for another one. I immediately checked this address on spamhaus.org. Again - "on the black lists".
F*ck, and now I looked:
# host myip.opendns.com resolver1.opendns.com
Code: 
^[[DUsing domain server:
Name: resolver1.opendns.com
Address: 208.67.222.222#53
Aliases:

myip.opendns.com has address 185.19.6.14

Code: 
185.19.6.14 has 1 listing
185.19.6.0/24 is listed on the Policy Block List (PBL)

I am not a participant in mailings, trojans, or botnets, because I work 99% only in FreeBSD.
Maybe the distrowatch.com administrator closed himself off from us for this very reason?
 
USerID said:
Code: 
185.19.6.14 has 1 listing
185.19.6.0/24 is listed on the Policy Block List (PBL)

I am not a participant in mailings, trojans, or botnets, because I work 99% only in FreeBSD.
Maybe the distrowatch.com administrator closed himself off from us for this very reason?
Click to expand...

the spamhaus lists are - as the name implicates - intended for spam filtering. Pretty much *all* dynamically assigned prefixes are listed on those lists, usually by the providers themselves if they act responsibly.
The reasoning behind it is, that 99% of mails originating from an MTA on a prefix used for end user assignment is spam from infested windows boxes, so it is absolutely correct that responsible providers have those prefixes listed at all major RBLs.
 
You could ask the site administrator to remove your ip from their blocklist.
But yeah this is a blocklist for mail stuff, nothing to do with connecting to a webserver.
Of course if you wanted to do mail hosting and sending from your home, this would be a challenge (especially for the sending part).
 
Okay. Then there is only one thing left to do - write to the provider. Most likely,
they messed up something with security. Thanks for your help. The issue can be considered resolved.
 
USerID said:
Okay. Then there is only one thing left to do - write to the provider. Most likely,
they messed up something with security. Thanks for your help. The issue can be considered resolved.
Click to expand...
why? according to your ping and traceroute everything is fine on your end.
 
sko said:
why?
Click to expand...
Okay. I marked this topic as normal (not completely solved).
Yes, I'm OK.
But here's what I noticed. I'll describe the situation to you.
Ukraine is a country where the so-called:
https://en.wikipedia.org/wiki/Splinternet
Providers restrict access to Russian sites.
When the provider closes access, then when you enter an address, for example, mail.ru,
the browser "thinks for a very long time" (several minutes) and displays the message:
Code: 
The connection has timed out
The server at mail.ru is taking too long to respond.
The site could be temporarily unavailable or too busy. Try again in a few moments.
If you are unable to load any pages, check your computer's network connection.
If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the web.

But when I enter distrowatch.com - the exact same message is displayed, but it is displayed instantly!
That's where the dog is buried!
It's not critical for me (there is a tor browser), but still...
I haven't talked to the provider. There are stupid girls there (who answer all questions with the standard phrase - "Reboot your router" (c)(tm), and to bother the administrators with such trifles you have to put in a lot of effort.
 
USerID said:
Providers restrict access to Russian sites.
Click to expand...

distrowatch.com is registered via gandi.net (French) and the ip belongs to ASERGO Scandinavia (Denmark).

You are able to ping via hostname, so there is no (useless) DNS-blacklist in place and the route to that server is perfectly fine.
Again: There is nothing wrong at your ISPs side. If any, distrowatch has some blacklist on their *webserver* (ports) preventing you from accessing the site.
 
USerID said:
Yes. OK. For what?
Click to expand...
Sometimes people will block based on blacklists generated by others.

Now why would your specific IP be on that blacklist?
Most of the time it's not YOUR IP, it's your ip falls in a block that is on a blacklist because some percentage of the IPs in that block are tied to spam, phishing, etc. I think some of the IPs owned by Comcast have been on blacklists in the past.

I'm assuming you're on a broadband connection of some sort, you should be able to figure out what your public IP is, there may ways to look up on blacklists "why is my IP a.b.c.d being blacklisted"
 
USerID said:
# host myip.opendns.com resolver1.opendns.com
Click to expand...
With this command I found an external address. There may be a lot of interesting things and a lot of computers hanging on it.
mer said:
I'm assuming you're on a broadband connection of some sort, you should be able to figure out what your public IP is, there may ways to look up on blacklists "why is my IP a.b.c.d being blacklisted"
Click to expand...
Let me clarify a bit. This is not my address. I do not rent. This is the address of the provider and its gateway/router/firewall/etc.
The provider's address was blocked. I have a regular dynamic non-routed IP from the network 172.xxx.xxx.xxx/255.xxx.xxx.xxx
 
USerID said:
This is the address of the provider and its gateway/router/firewall/etc.
Click to expand...
Understood. That is basically what I meant.
Your network stops where the provider network starts, at some point there is a public facing IP associated with you. It may not be on equipment at your location, it may be upstream at the provider.

The provider's address being blocked could be for the exact same reason I stated:
Someone, some where decided that a block of IP addresses that covered the public facing IP address associated with you was bad and should be blacklisted.
My understanding/experience is the blacklisting often is done in blocks of addresses, not singly because it's easier to write the "default deny all" followed by specific "allow this one"
 
You must log in or register to reply here.
Back
Top