IP address search

Status
Not open for further replies.
Pablo

Pablo

Joined
Oct 28, 2002
Messages
60,026
Location
Everson WA - Pacific NW USA
Folks - what is that website that tells you who these weasels are.....I can't remember, I'm not a hacker...

71.201.187.85
12.158.34.245

These folkers have been sending me viruses, crap, etc....
 
NO Postini is the real thing. Postini caught the stuff, so they are working. Makes sense....I just copied the two IP addresses from the header. Postini, whom my ISP uses, allows you to view the message and header on their website....so the nasty is:

IP Address: 71.201.187.85
Location: Inglewood (33.978N, 118.450W)
Network: RESERVED-7
Registrant contact information is not available.

Postini works nice, actually. Make sense?
 
That makes a lot of sense. I wouldn't have guessed that from the previous postings. Strike my previous message about Postini.

I would still bet that the source of this is some unprotected cable modem or DSL user, though. Good argument for having a router with firewall if you have broadband.
 
Check this URL for information on IP address abuse:

http://www.iana.org/faqs/abuse-faq.htm

In the "hints for finding a person responsible for a given IPv4 address" section, there is an e-mail address you can use to report this. I checked the four whois services they list there and nothing came up, but you could still report the offending address to them.
 
Thanks - you guys are great!
smile.gif


SPAM is one thing but sending viruslinked websites (Paypal) is another....
 
It's entirely possible that these are unregistered IP addresses. In fact, I would bet money that they belong to some yahoo with a cable modem and an unprotected computer who is completely unaware that hackers have taken over his system and are using it for viruses and spam.

The site you might be thinking of is whois - www.whois.org

Edit: I did find some info that seems to support my theory above. The entire 12.x.x.x range is owned by AT&T Worldnet. The 12.158.34.245 address shows ownership by a Postini corporation. I found this at www.swhois.net. They didn't have any info for the 71.201.187.85 address, though.

[ March 25, 2004, 12:40 PM: Message edited by: Matt_S ]
 
the first one shows up nothing basically.
Name: Unknown
IP Address: 71.201.187.85
Location: Inglewood (33.978N, 118.450W)
Network: RESERVED-7
Registrant contact information is not available.


the second one shows up this:
domain: psmtp.com
status: production
organization: Postini, Inc.
email: [email protected]
address: 510 Veterans Blvd.
city: Redwood City
state: CA
postal-code: 94063
country: US
admin-c: [email protected] 0
tech-c: [email protected] 0
billing-c: [email protected] 0
nserver: ns1.ns.postini.com
nserver: ns2.ns.postini.com
nserver: ns3.ns.postini.com
nserver: ns4.ns.postini.com
nserver: ns5.ns.postini.com
registrar: JORE-1
created: 2000-09-20 21:21:16 UTC core
modified: 2002-11-04 12:30:04 UTC JORE-1
expires: 2004-09-20 21:21:15 UTC
source: joker.com

AT&T WorldNet Services ATT (NET-12-0-0-0-1)
12.0.0.0 - 12.255.255.255
POSTINI CORPORATION POSTINI-85-34 (NET-12-158-34-0-1)
12.158.34.0 - 12.158.34.255


for the second ip, just block the range 12.158.34.0 to 12.158.34.255 in youre email client.
thatll block out the whole subnet. then email the admin address and tell em whats going on.

p.s get neo trace pro, its the best thing sence , well its just the best.
click me for screenshot

[ March 25, 2004, 12:43 PM: Message edited by: cryptokid ]
 
Here's the funny (or scary) part. I went to postini.com. The title of thier home page is "Postini - Stop Spam and Viruses Before They Reach Your Network". Hah!! Looks like they're actually the source of those viruses and SPAM.
 
I used to have some software in the past that could locate exactly where attempted break-ins were coming from. It was kind of frightening because attempts were being made on my computer from all over the world. You have people in China trying to get into your computer!

If these email viruses and Spam are coming from certain sites, how do I go about blocking them on my computer (I have a Mac using 10.3)?
 
Zonealarm will tell you what IP is making attempts on your PC and as other have linked there are sites to look up who the server belongs to. Most are meaningless names, but I hear many of them belong to a certain HUGE dialup provider just pinging for info.

I got kind of freaked out right after I installed a firewall because within an hour or two it registed like 500 attempts.
 
pablo - there are two responses on this one.

first one:
net-63-64-0-0-1 (Other)

OrgName: UUNET Technologies, Inc.
OrgID: UU
Address: 22001 Loudoun County Parkway
City: Ashburn
StateProv: VA
PostalCode: 20147
Country: US

NetRange: 63.64.0.0 - 63.127.255.255
CIDR: 63.64.0.0/10
NetName: UUNET63
NetHandle: NET-63-64-0-0-1
Parent: NET-63-0-0-0-0
NetType: Direct Allocation
NameServer: AUTH03.NS.UU.NET
NameServer: AUTH00.NS.UU.NET
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 1999-01-22
Updated: 2003-01-23

TechHandle: OA12-ARIN
TechName: UUnet Technologies, Inc., Technologies
TechPhone: +1-800-900-0241
TechEmail: [email protected]

OrgAbuseHandle: ABUSE3-ARIN
OrgAbuseName: abuse
OrgAbusePhone: +1-800-900-0241
OrgAbuseEmail: [email protected]

OrgNOCHandle: OA12-ARIN
OrgNOCName: UUnet Technologies, Inc., Technologies
OrgNOCPhone: +1-800-900-0241
OrgNOCEmail: [email protected]

OrgTechHandle: SWIPP-ARIN
OrgTechName: swipper
OrgTechPhone: +1-800-900-0241
OrgTechEmail: [email protected]

the second one:
CustName: Shehadi Toyota
Address: 1855 Lake Tahoe Boulevard
City: S. Lake Tahoe
StateProv: CA
PostalCode:
Country: US
RegDate: 2001-05-04
Updated: 2003-05-30

NetRange: 63.115.169.0 - 63.115.169.15
CIDR: 63.115.169.0/28
NetName: UU-63-115-169
NetHandle: NET-63-115-169-0-1
Parent: NET-63-64-0-0-1
NetType: Reassigned
Comment:
RegDate: 2001-05-04
Updated: 2003-05-30

TechHandle: OA12-ARIN
TechName: UUnet Technologies, Inc., Technologies
TechPhone: +1-800-900-0241
TechEmail: [email protected]

OrgAbuseHandle: ABUSE3-ARIN
OrgAbuseName: abuse
OrgAbusePhone: +1-800-900-0241
OrgAbuseEmail: [email protected]

OrgNOCHandle: OA12-ARIN
OrgNOCName: UUnet Technologies, Inc., Technologies
OrgNOCPhone: +1-800-900-0241
OrgNOCEmail: [email protected]

OrgTechHandle: SWIPP-ARIN
OrgTechName: swipper
OrgTechPhone: +1-800-900-0241
OrgTechEmail: [email protected]

are you getting this through email? you could try forwarding body of the email to the abuse ([email protected]) address (which is the same for both hits). if you're running windows xp i highly recommend getting a firewall and good antivirus software. also be sure that you are running the latest service pack.
 
mystic - you are currently fairly safe running osx. as i don't know what browser / email you're running, i'll make a couple of suggestions. you can go to a site like tucows and get some anti-spam software. there is a firewall built into osx, but i run os9.2.2 and i don't know squat about it.

also go to the apple support page and do a search. the built-in mail program in osx has filtering capabilities.

you can also get antivirus software for osx, but for now you'd be paying a lot for little.

cheers.gif


quote:
Originally posted by Mystic:
I used to have some software in the past that could locate exactly where attempted break-ins were coming from. It was kind of frightening because attempts were being made on my computer from all over the world. You have people in China trying to get into your computer!

If these email viruses and Spam are coming from certain sites, how do I go about blocking them on my computer (I have a Mac using 10.3)?
Click to expand...
 
I got three pieces of highly suspicious email today, I don't even give the anti-virus a chance to catch anything I can see what looks bad and delete, and then delete deleted.
 
Status
Not open for further replies.

Similar threads

John Galt
Company “23 and me” hacked. DNA information on members and relatives released to web hackers
2 3 4
Replies
77
Views
3K
Al
Donald
Opt out of data brokers
Replies
0
Views
293
Donald
Zee09
The Crackers Case Unsolved
Replies
10
Views
687
Zee09
Jdeere562
Foreign Accent Telephone Reps
2
Replies
35
Views
1K
y_p_w
BISCUT
Help Me with Chrome & Search Engine
Replies
8
Views
221
Pew
Back
Top