64.105.235.252 is trying to hack me
 

Whoever is behind this IP, 64.105.235.252, is trying to hack me. What's the best way to look up info on an IP?

63.225.201.208 too.

whois ip.num.ber

He's probably watching you post asking this question & laughing :1orglaugh

Ya, thats me. sorry dude, i'll stop

whois 64.105.235.252
Covad Communications (NETBLK-COVAD-IP-1-NET)
3420 Central Expressway
Santa Clara, CA 95051
US

Netname: COVAD-IP-1-NET
Netblock: 64.105.0.0 - 64.105.255.255
Maintainer: CVAD

Domain System inverse mapping provided by:

NS1.COVAD.NET 66.134.199.11
NS2.COVAD.NET 66.134.199.12

NP, thanks for all that porn you uploaded! :thumbsup

Covad Communications (NETBLK-COVAD-IP-1-NET)
3420 Central Expressway
Santa Clara, CA 95051
US

Netname: COVAD-IP-1-NET
Netblock: 64.105.0.0 - 64.105.255.255
Maintainer: CVAD

Coordinator:
Boggan, Rick (RB1873-ARIN) [email protected]
(408) 616-6766 (FAX) (408) 616-6501

Domain System inverse mapping provided by:

NS1.COVAD.NET 66.134.199.11
NS2.COVAD.NET 66.134.199.12

ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE

for abuse issues, please contact [email protected]
Reassignment information for this block of addresses can
be found at rwhois://rwhois.laserlink.net:4321/

Record last updated on 06-Jun-2002.
Database last updated on 21-Aug-2002 20:01:34 EDT.

Server used for this query: [ whois.arin.net ]




Covad Communications (NETBLK-COVAD-IP-1-NET)
3420 Central Expressway
Santa Clara, CA 95051
US

Netname: COVAD-IP-1-NET
Netblock: 64.105.0.0 - 64.105.255.255
Maintainer: CVAD

Coordinator:
Boggan, Rick (RB1873-ARIN) [email protected]
(408) 616-6766 (FAX) (408) 616-6501

Domain System inverse mapping provided by:

NS1.COVAD.NET 66.134.199.11
NS2.COVAD.NET 66.134.199.12

ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE

for abuse issues, please contact [email protected]

whois 63.225.201.208
U S WEST Communications Services, Inc (NETBLK-USW-INTERACT99)
600 Stinson Blvd NE
Minneapolis, MN 55413
US

Netname: USW-INTERACT99
Netblock: 63.224.0.0 - 63.231.255.255
Maintainer: USW

Coordinator:
U S WEST ISOps (ZU24-ARIN) [email protected]
612-664-4689

Domain System inverse mapping provided by:

NS1.USWEST.NET 204.147.80.5
NS2.DNVR.USWEST.NET 206.196.128.1

I use www.samspade.org

Click there and take a look :)

<h3>BaaaZZZZaaam!!!!!</h3>

Does not work for me.

No match for "64.105.235.252".

This topic cracks me up...

Sincerely,

204.53.21.121

Spade rocks!

Kick-ass!

"for abuse issues, please contact [email protected]"

And this mother fucker is a hitbot: 212.77.204.34 Crazy what you find in your error logs.

what's he trying to hack you with?

I think they do it just for fun, my servers are under attack 24/7 by some dumbasses in Dubai. my servers are double firewalled ... Checkpoint and Astaro ... good luck Dubiaian :eek7 fuckers

nmap is a good way to snoop around in what he's got going on...

nmap 4 life ... decoy scanning and shit ...

Just searching for well-known files on my system. I think they were windows too. Barking up the wrong tree there! :)

Wed Aug 21 12:40:36 2002] [error] [client 66.28.236.25] File does not exist: /usr/local/www/data/scripts/root.exe
[Wed Aug 21 12:40:36 2002] [error] [client 66.28.236.25] File does not exist: /usr/local/www/data/MSADC/root.exe
[Wed Aug 21 12:40:36 2002] [error] [client 66.28.236.25] File does not exist: /usr/local/www/data/c/winnt/system32/cmd.exe
[Wed Aug 21 12:40:36 2002] [error] [client 66.28.236.25] File does not exist: /usr/local/www/data/d/winnt/system32/cmd.exe
[Wed Aug 21 12:40:36 2002] [error] [client 66.28.236.25] File does not exist: /usr/local/www/data/scripts/..%5c../winnt/system32/cmd
[Wed Aug 21 12:40:36 2002] [error] [client 66.28.236.25] File does not exist: /usr/local/www/data/_vti_bin/..%5c../..%5c../..%5c../w
[Wed Aug 21 12:40:36 2002] [error] [client 66.28.236.25] File does not exist: /usr/local/www/data/_mem_bin/..%5c../..%5c../..%5c../w
[Wed Aug 21 12:40:36 2002] [error] [client 66.28.236.25] File does not exist: /usr/local/www/data/msadc/..%5c../..%5c../..%5c/..Á^.
[Wed Aug 21 12:40:36 2002] [error] [client 66.28.236.25] File does not exist: /usr/local/www/data/scripts/..Á^\../winnt/system32/cmd
[Wed Aug 21 12:40:37 2002] [error] [client 66.28.236.25] File does not exist: /usr/local/www/data/scripts/..À¯../winnt/system32/cmd.
[Wed Aug 21 12:40:37 2002] [error] [client 66.28.236.25] File does not exist: /usr/local/www/data/scripts/..Á?../winnt/system32/cmd.
[Wed Aug 21 12:40:43 2002] [error] [client 66.28.236.25] File does not exist: /usr/local/www/data/scripts/..%5c../winnt/system32/cmd
[Wed Aug 21 12:40:43 2002] [error] [client 66.28.236.25] File does not exist: /usr/local/www/data/scripts/..%2f../winnt/system32/cmd



like this...

It's nothing personal. He's probably scanning a few thousand servers to get a few win IIS ones which still have a major security hole.
You can get full control over a few hundred servers in an hour or so that way.

its probably not even a person, we have that shit in our logs all over the place. that's how a particular worm propogates.

of course, the person running the server should be notified, but chances are, at this point, they don't care to fix it. sadly.

I wonder what "activate.php" is for? What script is this guy trying to exploit?