HQ

Whoever is behind this IP, 64.105.235.252, is trying to hack me. What's the best way to look up info on an IP?

HQ

63.225.201.208 too.

JFPdude

whois ip.num.ber

pr0

He's probably watching you post asking this question & laughing

__________________
__________
Loadedca$h - get sum! - Revengebucks - mmm rebills! - webair (gotz sErVrz)

Gary

Ya, thats me. sorry dude, i'll stop

__________________

Up to 35$ per join...!

JFPdude

whois 64.105.235.252
Covad Communications (NETBLK-COVAD-IP-1-NET)
3420 Central Expressway
Santa Clara, CA 95051
US

Netname: COVAD-IP-1-NET
Netblock: 64.105.0.0 - 64.105.255.255
Maintainer: CVAD

Domain System inverse mapping provided by:

NS1.COVAD.NET 66.134.199.11
NS2.COVAD.NET 66.134.199.12

HQ

NP, thanks for all that porn you uploaded!

Chris R

Covad Communications (NETBLK-COVAD-IP-1-NET)
3420 Central Expressway
Santa Clara, CA 95051
US

Netname: COVAD-IP-1-NET
Netblock: 64.105.0.0 - 64.105.255.255
Maintainer: CVAD

Coordinator:
Boggan, Rick (RB1873-ARIN) [email protected]
(408) 616-6766 (FAX) (408) 616-6501

Domain System inverse mapping provided by:

NS1.COVAD.NET 66.134.199.11
NS2.COVAD.NET 66.134.199.12

ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE

for abuse issues, please contact [email protected]
Reassignment information for this block of addresses can
be found at rwhois://rwhois.laserlink.net:4321/

Record last updated on 06-Jun-2002.
Database last updated on 21-Aug-2002 20:01:34 EDT.

quiet

Server used for this query: [ whois.arin.net ]




Covad Communications (NETBLK-COVAD-IP-1-NET)
3420 Central Expressway
Santa Clara, CA 95051
US

Netname: COVAD-IP-1-NET
Netblock: 64.105.0.0 - 64.105.255.255
Maintainer: CVAD

Coordinator:
Boggan, Rick (RB1873-ARIN) [email protected]
(408) 616-6766 (FAX) (408) 616-6501

Domain System inverse mapping provided by:

NS1.COVAD.NET 66.134.199.11
NS2.COVAD.NET 66.134.199.12

ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE

for abuse issues, please contact [email protected]

__________________
we'll miss you our friend. RIP

JFPdude

whois 63.225.201.208
U S WEST Communications Services, Inc (NETBLK-USW-INTERACT99)
600 Stinson Blvd NE
Minneapolis, MN 55413
US

Netname: USW-INTERACT99
Netblock: 63.224.0.0 - 63.231.255.255
Maintainer: USW

Coordinator:
U S WEST ISOps (ZU24-ARIN) [email protected]
612-664-4689

Domain System inverse mapping provided by:

NS1.USWEST.NET 204.147.80.5
NS2.DNVR.USWEST.NET 206.196.128.1

Cogitator

I use www.samspade.org

Click there and take a look

__________________
- this space intentionally left blank -

Fletch XXX

<h3>BaaaZZZZaaam!!!!!</h3>

__________________

Want an Android App for your tube, membership, or free site?

Need banners or promo material? Hit us up (ICQ Fletch: 148841377) or email me fletchxxx at gmail.com - recent work - About me

HQ

Does not work for me.

No match for "64.105.235.252".

TheFLY

This topic cracks me up...

Sincerely,

204.53.21.121

Auslander

Spade rocks!

HQ

Kick-ass!

"for abuse issues, please contact [email protected]"

HQ

And this mother fucker is a hitbot: 212.77.204.34 Crazy what you find in your error logs.

salsbury

what's he trying to hack you with?

__________________

boldy

I think they do it just for fun, my servers are under attack 24/7 by some dumbasses in Dubai. my servers are double firewalled ... Checkpoint and Astaro ... good luck Dubiaian fuckers

__________________
MacDaddy Coder.

-=HOAX=-

nmap is a good way to snoop around in what he's got going on...

__________________
Insert Value Here.

boldy

nmap 4 life ... decoy scanning and shit ...

__________________
MacDaddy Coder.

HQ

Just searching for well-known files on my system. I think they were windows too. Barking up the wrong tree there!

-=HOAX=-

Wed Aug 21 12:40:36 2002] [error] [client 66.28.236.25] File does not exist: /usr/local/www/data/scripts/root.exe
[Wed Aug 21 12:40:36 2002] [error] [client 66.28.236.25] File does not exist: /usr/local/www/data/MSADC/root.exe
[Wed Aug 21 12:40:36 2002] [error] [client 66.28.236.25] File does not exist: /usr/local/www/data/c/winnt/system32/cmd.exe
[Wed Aug 21 12:40:36 2002] [error] [client 66.28.236.25] File does not exist: /usr/local/www/data/d/winnt/system32/cmd.exe
[Wed Aug 21 12:40:36 2002] [error] [client 66.28.236.25] File does not exist: /usr/local/www/data/scripts/..%5c../winnt/system32/cmd
[Wed Aug 21 12:40:36 2002] [error] [client 66.28.236.25] File does not exist: /usr/local/www/data/_vti_bin/..%5c../..%5c../..%5c../w
[Wed Aug 21 12:40:36 2002] [error] [client 66.28.236.25] File does not exist: /usr/local/www/data/_mem_bin/..%5c../..%5c../..%5c../w
[Wed Aug 21 12:40:36 2002] [error] [client 66.28.236.25] File does not exist: /usr/local/www/data/msadc/..%5c../..%5c../..%5c/..Á^.
[Wed Aug 21 12:40:36 2002] [error] [client 66.28.236.25] File does not exist: /usr/local/www/data/scripts/..Á^\../winnt/system32/cmd
[Wed Aug 21 12:40:37 2002] [error] [client 66.28.236.25] File does not exist: /usr/local/www/data/scripts/..À¯../winnt/system32/cmd.
[Wed Aug 21 12:40:37 2002] [error] [client 66.28.236.25] File does not exist: /usr/local/www/data/scripts/..Á?../winnt/system32/cmd.
[Wed Aug 21 12:40:43 2002] [error] [client 66.28.236.25] File does not exist: /usr/local/www/data/scripts/..%5c../winnt/system32/cmd
[Wed Aug 21 12:40:43 2002] [error] [client 66.28.236.25] File does not exist: /usr/local/www/data/scripts/..%2f../winnt/system32/cmd



like this...

__________________
Insert Value Here.

Libertine

It's nothing personal. He's probably scanning a few thousand servers to get a few win IIS ones which still have a major security hole.
You can get full control over a few hundred servers in an hour or so that way.

salsbury

its probably not even a person, we have that shit in our logs all over the place. that's how a particular worm propogates.

of course, the person running the server should be notified, but chances are, at this point, they don't care to fix it. sadly.

__________________

HQ

I wonder what "activate.php" is for? What script is this guy trying to exploit?