Reply
Thread Tools
AMD's Avatar
Posts: 1,390 | Thanked: 710 times | Joined on May 2012 @ Beirut, Lebanon
#11
The hacker's ID is 63.216.126.1
And the location is in Milan, Italy.
__________________
Twitter: @ahmadmdaher

Originally Posted by Dave999
I will vote AMD for president next time if I'm having any shares during next meeting.


Do good for a human being and like my art page!
 
Community Council | Posts: 4,920 | Thanked: 12,867 times | Joined on May 2012 @ Southerrn Finland
#12
Originally Posted by AMD View Post
The hacker's ID is 63.216.126.1
And the location is in Milan, Italy.
I don't think so... tracerouting from finland it appears that that IP address routes to lebanon.
 
stickymick's Avatar
Posts: 1,079 | Thanked: 1,019 times | Joined on Mar 2010
#13
If it's a keylogger it'll be running as a background task. These are normally not scanned by an anti-virus or malware scanner.

You could give Avira Antivir Rescue System a try. This is a linux based boot CD that can scan the whole Windows installation because nothing in Windows is running at all.
__________________
Mick has just punched the cr@p out of the "Unlike" button on the Official Nokia Facebook Page.
 
Posts: 646 | Thanked: 1,124 times | Joined on Jul 2010 @ Espoo, Finland
#14
Originally Posted by AMD View Post
The hacker's ID is 63.216.126.1
Also to me it seems that the IP is located in Lebanon.
But anyway, a search with 'whois' reveals that it belongs to 'Beyond The Network America' which is a shady operator at best and a nest of spammers & spybots at worst.
Terminate their connections with extreme prejudice.
 
Posts: 30 | Thanked: 13 times | Joined on Feb 2012 @ NC USA
#15
Disable all apps & sites that use your FB login; and definitely do not use the same login/email password on FB as your email.
 
Verssetti's Avatar
Posts: 67 | Thanked: 54 times | Joined on Nov 2010 @ Spain
#16
How do you connect by wifi or ethernet?
__________________
Restart Phone
..::Phonesfera::.. Maemo and other OS Thanks Maemo.org
 
AMD's Avatar
Posts: 1,390 | Thanked: 710 times | Joined on May 2012 @ Beirut, Lebanon
#17
I connect by both. But WiFi is faster so I use WiFi more frequently. And since I might be watched, I changed my pass yesterday to something that does not have any meaning from any language. And since that change nothing happened. And I think because my passwords were so simple, the hacker could trace the password easily but now no matter how much I type it he'll get lost.. Well, let's test it this time and when I come back from school I will leave a reply.
__________________
Twitter: @ahmadmdaher

Originally Posted by Dave999
I will vote AMD for president next time if I'm having any shares during next meeting.


Do good for a human being and like my art page!
 
Verssetti's Avatar
Posts: 67 | Thanked: 54 times | Joined on Nov 2010 @ Spain
#18
Enter in the portal of your router and change the name of your wifi and the password maybe sniffing your account by your wifi.
__________________
Restart Phone
..::Phonesfera::.. Maemo and other OS Thanks Maemo.org
 
dadaniel's Avatar
Posts: 20 | Thanked: 46 times | Joined on Apr 2012 @ Austria
#19
well, it could be a keylogger, but honestly, i dont think so ...


... first check your facebook login history to find out who logged into your account: https://www.facebook.com/settings?ta...ction=sessions

... then check your applications under facebook: http://www.facebook.com/settings?tab=applications

... a friend of mine and me once tried to spoof logins through fb applications and it worked!



oh yeah ... if the ip 63.216.126.1 is the right one - here's the whois query and some other checks:

Code:
zeus:~# whois 63.216.126.1
#
# Query terms are ambiguous.  The query is assumed to be:
#     "n 63.216.126.1"
#
# Use "?" to get help.
#

#
# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=63...showARIN=false                                              &ext=netref2
#

NetRange:       63.216.0.0 - 63.223.255.255
CIDR:           63.216.0.0/13
OriginAS:
NetName:        BTN-CIDR5
NetHandle:      NET-63-216-0-0-1
Parent:         NET-63-0-0-0-0
NetType:        Direct Allocation
Comment:        ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate:        1999-12-09
Updated:        2012-03-02
Ref:            http://whois.arin.net/rest/net/NET-63-216-0-0-1

OrgName:        Beyond The Network America, Inc.
OrgId:          BNA-42
Address:        450 Springpark PL
Address:        Suite 100
City:           Herdon
StateProv:      VA
PostalCode:     20170
Country:        US
RegDate:        2004-05-25
Updated:        2012-05-24
Ref:            http://whois.arin.net/rest/org/BNA-42

OrgNOCHandle: PUN6-ARIN
OrgNOCName:   PCCW US NOC
OrgNOCPhone:  +1-703-621-1637
OrgNOCEmail:  usnoc@pccwglobal.com
OrgNOCRef:    http://whois.arin.net/rest/poc/PUN6-ARIN

OrgAbuseHandle: PAD13-ARIN
OrgAbuseName:   PCCW AUP Department
OrgAbusePhone:  +1-703-621-1637
OrgAbuseEmail:  abuse.ops@pccwglobal.com
OrgAbuseRef:    http://whois.arin.net/rest/poc/PAD13-ARIN

OrgTechHandle: PUN6-ARIN
OrgTechName:   PCCW US NOC
OrgTechPhone:  +1-703-621-1637
OrgTechEmail:  usnoc@pccwglobal.com
OrgTechRef:    http://whois.arin.net/rest/poc/PUN6-ARIN

OrgTechHandle: MCKAY9-ARIN
OrgTechName:   McKay, Ian
OrgTechPhone:  +1-703-673-1012
OrgTechEmail:  usnoc@pccwglobal.com
OrgTechRef:    http://whois.arin.net/rest/poc/MCKAY9-ARIN

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#


zeus:~# nmap -PN -sS 63.216.126.1

Starting Nmap 4.62 ( http://nmap.org ) at 2013-03-19 12:15 CET
Stats: 0:05:37 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 97.38% done; ETC: 12:21 (0:00:09 remaining)
All 1715 scanned ports on 63.216.126.1 are filtered

Nmap done: 1 IP address (1 host up) scanned in 347.784 seconds

... when i check the IP on robtex.com it tells me:
Code:
63.218.12.1
	
Summary

Cr01.ldn01.pccwbtn.net point to 63.218.12.1.
Which servers does 63.218.12.1 use?

63.218.12.1 uses the reverse pointer cr01.ldn01.pccwbtn.net only.

It is not listed in any blacklists.

... so once again a whois against pccwbtn.net:

Code:
zeus:~# whois pccwbtn.net

   Domain Name: PCCWBTN.NET
   Registrar: GODADDY.COM, LLC
   Whois Server: whois.godaddy.com
   Referral URL: http://registrar.godaddy.com
   Name Server: NS-CORP.CAIS.NET
   Name Server: NS-CORP2.CAIS.NET
   Name Server: NS-CORP3.CAIS.NET
   Status: clientDeleteProhibited
   Status: clientRenewProhibited
   Status: clientTransferProhibited
   Status: clientUpdateProhibited
   Updated Date: 28-apr-2011
   Creation Date: 07-may-2001
   Expiration Date: 07-may-2014
   Registered through: GoDaddy.com, LLC (http://www.godaddy.com)
   Domain Name: PCCWBTN.NET
      Created on: 07-May-01
      Expires on: 07-May-14
      Last Updated on: 27-Apr-11

   Registrant:
   PCCW-HKT DataCom Services Limited
   39/F PCCW Tower, Taikoo Place
   979 Kings Road
   Quarry Bay,  0
   Hong Kong

   Administrative Contact:
      Ralph, David  domain.admin@pccw.com
      PCCW-HKT DataCom Services Limited
      11/F East Exchange Tower
      38-40 Leighton Road
      Causeway Bay,  0
      Hong Kong
      +852.28836774      Fax -- +852.29625858

   Technical Contact:
      Ralph, David  domain.admin@pccw.com
      PCCW-HKT DataCom Services Limited
      11/F East Exchange Tower
      38-40 Leighton Road
      Causeway Bay,  0
      Hong Kong
      +852.28836774      Fax -- +852.29625858

   Domain servers in listed order:
      NS-CORP2.CAIS.NET
      NS-CORP3.CAIS.NET
      NS-CORP.CAIS.NET

after some googling - for me it looks like it's a torrent-server (or something similar - a kind of p2p network)

cheers!
__________________
------------------------------------------------------------------------------
-- www.true-binary.com
------------------------------------------------------------------------------
-- aptitude -vvvvvv moo
-- What is it? It's an elephant being eaten by a snake, of course.
------------------------------------------------------------------------------

Last edited by dadaniel; 2013-03-19 at 11:30. Reason: stupidy!
 
stickymick's Avatar
Posts: 1,079 | Thanked: 1,019 times | Joined on Mar 2010
#20
Originally Posted by AMD View Post
And I think because my passwords were so simple, the hacker could trace the password easily......
Errrm... TBH, you were asking for trouble, then. A long as possible complicated combination of letters and numbers is always the best.

Something that means something to you...... even if it's 3 words typed as 1 with the date when it happened is a good combination for a password.

i.e: arrowin1066theeye.
__________________
Mick has just punched the cr@p out of the "Unlike" button on the Official Nokia Facebook Page.
 
Reply

Thread Tools

 
Forum Jump


All times are GMT. The time now is 13:51.