[URGENT] Expert Hacker Needed. - Page 2 - maemo.org

AMD | # 11 | 2013-03-18, 18:31 | Report

The hacker's ID is 63.216.126.1
And the location is in Milan, Italy.

juiceme | # 12 | 2013-03-18, 20:04 | Report

Originally Posted by AMD View Post

The hacker's ID is 63.216.126.1
And the location is in Milan, Italy.

I don't think so... tracerouting from finland it appears that that IP address routes to lebanon.

stickymick | # 13 | 2013-03-18, 20:27 | Report

If it's a keylogger it'll be running as a background task. These are normally not scanned by an anti-virus or malware scanner.

You could give Avira Antivir Rescue System a try. This is a linux based boot CD that can scan the whole Windows installation because nothing in Windows is running at all.

minimos | # 14 | 2013-03-18, 22:39 | Report

Originally Posted by AMD View Post

The hacker's ID is 63.216.126.1

Also to me it seems that the IP is located in Lebanon.
But anyway, a search with 'whois' reveals that it belongs to 'Beyond The Network America' which is a shady operator at best and a nest of spammers & spybots at worst.
Terminate their connections with extreme prejudice.

fongo | # 15 | 2013-03-18, 23:43 | Report

Disable all apps & sites that use your FB login; and definitely do not use the same login/email password on FB as your email.

Verssetti | # 16 | 2013-03-19, 01:27 | Report

How do you connect by wifi or ethernet?

AMD | # 17 | 2013-03-19, 04:49 | Report

I connect by both. But WiFi is faster so I use WiFi more frequently. And since I might be watched, I changed my pass yesterday to something that does not have any meaning from any language. And since that change nothing happened. And I think because my passwords were so simple, the hacker could trace the password easily but now no matter how much I type it he'll get lost.. Well, let's test it this time and when I come back from school I will leave a reply.

Verssetti | # 18 | 2013-03-19, 05:07 | Report

Enter in the portal of your router and change the name of your wifi and the password maybe sniffing your account by your wifi.

dadaniel | # 19 | 2013-03-19, 11:07 | Report

well, it could be a keylogger, but honestly, i dont think so ...

... first check your facebook login history to find out who logged into your account: https://www.facebook.com/settings?ta...ction=sessions

... then check your applications under facebook: http://www.facebook.com/settings?tab=applications

... a friend of mine and me once tried to spoof logins through fb applications and it worked!

oh yeah ... if the ip 63.216.126.1 is the right one - here's the whois query and some other checks:

Code:

zeus:~# whois 63.216.126.1
#
# Query terms are ambiguous.  The query is assumed to be:
#     "n 63.216.126.1"
#
# Use "?" to get help.
#

#
# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=63...showARIN=false                                              &ext=netref2
#

NetRange:       63.216.0.0 - 63.223.255.255
CIDR:           63.216.0.0/13
OriginAS:
NetName:        BTN-CIDR5
NetHandle:      NET-63-216-0-0-1
Parent:         NET-63-0-0-0-0
NetType:        Direct Allocation
Comment:        ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate:        1999-12-09
Updated:        2012-03-02
Ref:            http://whois.arin.net/rest/net/NET-63-216-0-0-1

OrgName:        Beyond The Network America, Inc.
OrgId:          BNA-42
Address:        450 Springpark PL
Address:        Suite 100
City:           Herdon
StateProv:      VA
PostalCode:     20170
Country:        US
RegDate:        2004-05-25
Updated:        2012-05-24
Ref:            http://whois.arin.net/rest/org/BNA-42

OrgNOCHandle: PUN6-ARIN
OrgNOCName:   PCCW US NOC
OrgNOCPhone:  +1-703-621-1637
OrgNOCEmail:  usnoc@pccwglobal.com
OrgNOCRef:    http://whois.arin.net/rest/poc/PUN6-ARIN

OrgAbuseHandle: PAD13-ARIN
OrgAbuseName:   PCCW AUP Department
OrgAbusePhone:  +1-703-621-1637
OrgAbuseEmail:  abuse.ops@pccwglobal.com
OrgAbuseRef:    http://whois.arin.net/rest/poc/PAD13-ARIN

OrgTechHandle: PUN6-ARIN
OrgTechName:   PCCW US NOC
OrgTechPhone:  +1-703-621-1637
OrgTechEmail:  usnoc@pccwglobal.com
OrgTechRef:    http://whois.arin.net/rest/poc/PUN6-ARIN

OrgTechHandle: MCKAY9-ARIN
OrgTechName:   McKay, Ian
OrgTechPhone:  +1-703-673-1012
OrgTechEmail:  usnoc@pccwglobal.com
OrgTechRef:    http://whois.arin.net/rest/poc/MCKAY9-ARIN

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#


zeus:~# nmap -PN -sS 63.216.126.1

Starting Nmap 4.62 ( http://nmap.org ) at 2013-03-19 12:15 CET
Stats: 0:05:37 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 97.38% done; ETC: 12:21 (0:00:09 remaining)
All 1715 scanned ports on 63.216.126.1 are filtered

Nmap done: 1 IP address (1 host up) scanned in 347.784 seconds

... when i check the IP on robtex.com it tells me:

Code:

63.218.12.1
	
Summary

Cr01.ldn01.pccwbtn.net point to 63.218.12.1.
Which servers does 63.218.12.1 use?

63.218.12.1 uses the reverse pointer cr01.ldn01.pccwbtn.net only.

It is not listed in any blacklists.

... so once again a whois against pccwbtn.net:

Code:

zeus:~# whois pccwbtn.net

   Domain Name: PCCWBTN.NET
   Registrar: GODADDY.COM, LLC
   Whois Server: whois.godaddy.com
   Referral URL: http://registrar.godaddy.com
   Name Server: NS-CORP.CAIS.NET
   Name Server: NS-CORP2.CAIS.NET
   Name Server: NS-CORP3.CAIS.NET
   Status: clientDeleteProhibited
   Status: clientRenewProhibited
   Status: clientTransferProhibited
   Status: clientUpdateProhibited
   Updated Date: 28-apr-2011
   Creation Date: 07-may-2001
   Expiration Date: 07-may-2014
   Registered through: GoDaddy.com, LLC (http://www.godaddy.com)
   Domain Name: PCCWBTN.NET
      Created on: 07-May-01
      Expires on: 07-May-14
      Last Updated on: 27-Apr-11

   Registrant:
   PCCW-HKT DataCom Services Limited
   39/F PCCW Tower, Taikoo Place
   979 Kings Road
   Quarry Bay,  0
   Hong Kong

   Administrative Contact:
      Ralph, David  domain.admin@pccw.com
      PCCW-HKT DataCom Services Limited
      11/F East Exchange Tower
      38-40 Leighton Road
      Causeway Bay,  0
      Hong Kong
      +852.28836774      Fax -- +852.29625858

   Technical Contact:
      Ralph, David  domain.admin@pccw.com
      PCCW-HKT DataCom Services Limited
      11/F East Exchange Tower
      38-40 Leighton Road
      Causeway Bay,  0
      Hong Kong
      +852.28836774      Fax -- +852.29625858

   Domain servers in listed order:
      NS-CORP2.CAIS.NET
      NS-CORP3.CAIS.NET
      NS-CORP.CAIS.NET

after some googling - for me it looks like it's a torrent-server (or something similar - a kind of p2p network)

cheers!

Last edited by dadaniel; 2013-03-19 at 11:30. Reason: stupidy!

stickymick | # 20 | 2013-03-19, 11:53 | Report

Originally Posted by AMD View Post

And I think because my passwords were so simple, the hacker could trace the password easily......

Errrm... TBH, you were asking for trouble, then. A long as possible complicated combination of letters and numbers is always the best.

Something that means something to you...... even if it's 3 words typed as 1 with the date when it happened is a good combination for a password.

i.e: arrowin1066theeye.