08-09-2003, 01:33 PM
|
|
|
Confirmed User
Join Date: Jun 2002
Posts: 871
|
Its kazaa, but its blocking the domains at ip 127.0.0.1 (localhost)
This guy is really bad, i hope they will ddos him or something because i dont like this.
Quote:
Originally posted by Cyberpimp
Well it's not Kazaa lite as I don't have that, and as far as I know
kazaa lite blocks and does not reroute.
OK since everyone is asking who I think it is and if I am wrong then I am sorry and we can look for who is really doing it
I think it's http://sexxbbc.com and here is why I think that.
1. strange hahahahahahahahahaha on site encoded.
SCRIPT language=JScript.Encode #@~^lgAAAAhahahaha@&Jz@!eO @&\mD,2w{JWDm:EI@&NW1;:xYcA.kD+vJ@!kEQawQJ~/Mmx4DYwl&J/n68qyR^K:JmW!xD w4w_l1mxq,0Dmh+(WD9n.'ZP4+ro4O{F~hb[Y4'q@*@!zkEQawQJ@*r#I@&zJOO@*@&3ioAAAhahahaha^#~@ SCRIPT
Can't find out what it is.
2. Ip address found in host file resolves to a dns server he is using
66.159.20.52 resolved to wcg20-balance.host-system.com
DNS Query Results:
; <<>> DiG 8.3 <<>> any wcg20-balance.host-system.com
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 4
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUERY SECTION:
;; wcg20-balance.host-system.com, type = ANY, class = IN
;; AUTHORITY SECTION:
host-system.com. 1H IN SOA ns1.xtraff.com. root.xtraff.com. (
2120858416 ; serial
8H ; refresh
4H ; retry
5w6d16h ; expiry
1H ) ; minimum
------------------------; <<>> DiG 8.3 <<>> any sexbbc.com
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 2
;; QUERY SECTION:
;; sexbbc.com, type = ANY, class = IN
;; ANSWER SECTION:
sexbbc.com. 1d8h41m31s IN NS server2.zihost.com.
sexbbc.com. 1d8h41m31s IN NS ns2.host-system.com.
sexbbc.com. 59m48s IN A 66.117.14.177
;; AUTHORITY SECTION:
sexbbc.com. 1d8h41m31s IN NS server2.zihost.com.
sexbbc.com. 1d8h41m31s IN NS ns2.host-system.com.
;; ADDITIONAL SECTION:
server2.zihost.com. 1d10h24m46s IN A 66.159.20.46
ns2.host-system.com. 1d10h24m46s IN A 66.250.39.23
WWWhois Results:
Connecting to whois.crsnic.net...
Deferred to specific whois server: whois.dotster.com...
Registrant:
Marsh Madness LLC
29 off 8 Street
ALDIE, VA 20105
US
Registrar: DOTSTER
Domain Name: SEXBBC.COM
Created on: 14-MAY-03
Expires on: 14-MAY-04
Last Updated on: 14-MAY-03
Administrative, Technical Contact:
Gaiter, Mark [email protected]
Marsh Madness LLC
29 off 8 Street
ALDIE, VA 20105
US
+1-702-224-64-66
Domain servers in listed order:
SERVER2.ZIHOST.COM
NS2.HOST-SYSTEM.COM
End of Whois Information
IP Whois Results:
Connecting to whois.arin.net...
OrgName: New Horizon Collocations
OrgID: NHC-34
Address: 603 Wilshire
Address: Suite 911
City: Los Angeles
StateProv: CA
PostalCode: 90017
Country: US
NetRange: 66.117.0.0 - 66.117.31.255
CIDR: 66.117.0.0/19
NetName: NHI-COLO
NetHandle: NET-66-117-0-0-1
Parent: NET-66-0-0-0-0
NetType: Direct Allocation
NameServer: DNS1.NHICOLO.COM
NameServer: DNS2.NHICOLO.COM
Comment:
RegDate: 2002-09-30
Updated: 2003-06-20
OrgTechHandle: HOSTM44-ARIN
OrgTechName: HOSTMASTER
OrgTechPhone: +1-877-322-5188
OrgTechEmail: [email protected]
# ARIN WHOIS database, last updated 2003-08-08 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.
IP Whois Results:
Connecting to whois.arin.net...
Williams Communications, Incorporated WCG-BLK-2 (NET-66-159-0-0-1)
66.159.0.0 - 66.159.31.255
IIC Internet WLCO-TWC874610-IICINT (NET-66-159-16-0-1)
66.159.16.0 - 66.159.20.255
# ARIN WHOIS database, last updated 2003-08-08 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.
Checking Port 80...
Port 80 is open and accepting connections.
Ping Results:
PING 66.159.20.52 (66.159.20.52) from 217.17.139.169 : 56(84) bytes of data.
64 bytes from wcg20-balance.host-system.com (66.159.20.52): icmp_seq=0 ttl=237 time=162.1 ms
64 bytes from wcg20-balance.host-system.com (66.159.20.52): icmp_seq=1 ttl=237 time=160.0 ms
64 bytes from wcg20-balance.host-system.com (66.159.20.52): icmp_seq=2 ttl=237 time=160.1 ms
64 bytes from wcg20-balance.host-system.com (66.159.20.52): icmp_seq=3 ttl=237 time=160.0 ms
64 bytes from wcg20-balance.host-system.com (66.159.20.52): icmp_seq=4 ttl=237 time=163.3 ms
Now if it's not him I would really like to know who is doing it
thanks
|
|
|
|