Menu

Main Menu
Talk Get Daily Search

Member's Online

    User Name
    Password

    [URGENT] Expert Hacker Needed.

    Reply
    Page 2 of 17 | Prev |   1   2   3     4   12 | Next | Last
    AMD | # 11 | 2013-03-18, 18:31 | Report

    The hacker's ID is 63.216.126.1
    And the location is in Milan, Italy.

    Edit | Forward | Quote | Quick Reply | Thanks

     
    juiceme | # 12 | 2013-03-18, 20:04 | Report

    Originally Posted by AMD View Post
    The hacker's ID is 63.216.126.1
    And the location is in Milan, Italy.
    I don't think so... tracerouting from finland it appears that that IP address routes to lebanon.

    Edit | Forward | Quote | Quick Reply | Thanks

     
    stickymick | # 13 | 2013-03-18, 20:27 | Report

    If it's a keylogger it'll be running as a background task. These are normally not scanned by an anti-virus or malware scanner.

    You could give Avira Antivir Rescue System a try. This is a linux based boot CD that can scan the whole Windows installation because nothing in Windows is running at all.

    Edit | Forward | Quote | Quick Reply | Thanks

     
    minimos | # 14 | 2013-03-18, 22:39 | Report

    Originally Posted by AMD View Post
    The hacker's ID is 63.216.126.1
    Also to me it seems that the IP is located in Lebanon.
    But anyway, a search with 'whois' reveals that it belongs to 'Beyond The Network America' which is a shady operator at best and a nest of spammers & spybots at worst.
    Terminate their connections with extreme prejudice.

    Edit | Forward | Quote | Quick Reply | Thanks

     
    fongo | # 15 | 2013-03-18, 23:43 | Report

    Disable all apps & sites that use your FB login; and definitely do not use the same login/email password on FB as your email.

    Edit | Forward | Quote | Quick Reply | Thanks

     
    Verssetti | # 16 | 2013-03-19, 01:27 | Report

    How do you connect by wifi or ethernet?

    Edit | Forward | Quote | Quick Reply | Thanks

     
    AMD | # 17 | 2013-03-19, 04:49 | Report

    I connect by both. But WiFi is faster so I use WiFi more frequently. And since I might be watched, I changed my pass yesterday to something that does not have any meaning from any language. And since that change nothing happened. And I think because my passwords were so simple, the hacker could trace the password easily but now no matter how much I type it he'll get lost.. Well, let's test it this time and when I come back from school I will leave a reply.

    Edit | Forward | Quote | Quick Reply | Thanks

     
    Verssetti | # 18 | 2013-03-19, 05:07 | Report

    Enter in the portal of your router and change the name of your wifi and the password maybe sniffing your account by your wifi.

    Edit | Forward | Quote | Quick Reply | Thanks

     
    dadaniel | # 19 | 2013-03-19, 11:07 | Report

    well, it could be a keylogger, but honestly, i dont think so ...


    ... first check your facebook login history to find out who logged into your account: https://www.facebook.com/settings?ta...ction=sessions

    ... then check your applications under facebook: http://www.facebook.com/settings?tab=applications

    ... a friend of mine and me once tried to spoof logins through fb applications and it worked!



    oh yeah ... if the ip 63.216.126.1 is the right one - here's the whois query and some other checks:

    Code:
    zeus:~# whois 63.216.126.1
    #
    # Query terms are ambiguous.  The query is assumed to be:
    #     "n 63.216.126.1"
    #
    # Use "?" to get help.
    #
    
    #
    # The following results may also be obtained via:
    # http://whois.arin.net/rest/nets;q=63...showARIN=false                                              &ext=netref2
    #
    
    NetRange:       63.216.0.0 - 63.223.255.255
    CIDR:           63.216.0.0/13
    OriginAS:
    NetName:        BTN-CIDR5
    NetHandle:      NET-63-216-0-0-1
    Parent:         NET-63-0-0-0-0
    NetType:        Direct Allocation
    Comment:        ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
    RegDate:        1999-12-09
    Updated:        2012-03-02
    Ref:            http://whois.arin.net/rest/net/NET-63-216-0-0-1
    
    OrgName:        Beyond The Network America, Inc.
    OrgId:          BNA-42
    Address:        450 Springpark PL
    Address:        Suite 100
    City:           Herdon
    StateProv:      VA
    PostalCode:     20170
    Country:        US
    RegDate:        2004-05-25
    Updated:        2012-05-24
    Ref:            http://whois.arin.net/rest/org/BNA-42
    
    OrgNOCHandle: PUN6-ARIN
    OrgNOCName:   PCCW US NOC
    OrgNOCPhone:  +1-703-621-1637
    OrgNOCEmail:  usnoc@pccwglobal.com
    OrgNOCRef:    http://whois.arin.net/rest/poc/PUN6-ARIN
    
    OrgAbuseHandle: PAD13-ARIN
    OrgAbuseName:   PCCW AUP Department
    OrgAbusePhone:  +1-703-621-1637
    OrgAbuseEmail:  abuse.ops@pccwglobal.com
    OrgAbuseRef:    http://whois.arin.net/rest/poc/PAD13-ARIN
    
    OrgTechHandle: PUN6-ARIN
    OrgTechName:   PCCW US NOC
    OrgTechPhone:  +1-703-621-1637
    OrgTechEmail:  usnoc@pccwglobal.com
    OrgTechRef:    http://whois.arin.net/rest/poc/PUN6-ARIN
    
    OrgTechHandle: MCKAY9-ARIN
    OrgTechName:   McKay, Ian
    OrgTechPhone:  +1-703-673-1012
    OrgTechEmail:  usnoc@pccwglobal.com
    OrgTechRef:    http://whois.arin.net/rest/poc/MCKAY9-ARIN
    
    #
    # ARIN WHOIS data and services are subject to the Terms of Use
    # available at: https://www.arin.net/whois_tou.html
    #
    
    
    zeus:~# nmap -PN -sS 63.216.126.1
    
    Starting Nmap 4.62 ( http://nmap.org ) at 2013-03-19 12:15 CET
    Stats: 0:05:37 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
    SYN Stealth Scan Timing: About 97.38% done; ETC: 12:21 (0:00:09 remaining)
    All 1715 scanned ports on 63.216.126.1 are filtered
    
    Nmap done: 1 IP address (1 host up) scanned in 347.784 seconds

    ... when i check the IP on robtex.com it tells me:
    Code:
    63.218.12.1
    	
    Summary
    
    Cr01.ldn01.pccwbtn.net point to 63.218.12.1.
    Which servers does 63.218.12.1 use?
    
    63.218.12.1 uses the reverse pointer cr01.ldn01.pccwbtn.net only.
    
    It is not listed in any blacklists.

    ... so once again a whois against pccwbtn.net:

    Code:
    zeus:~# whois pccwbtn.net
    
       Domain Name: PCCWBTN.NET
       Registrar: GODADDY.COM, LLC
       Whois Server: whois.godaddy.com
       Referral URL: http://registrar.godaddy.com
       Name Server: NS-CORP.CAIS.NET
       Name Server: NS-CORP2.CAIS.NET
       Name Server: NS-CORP3.CAIS.NET
       Status: clientDeleteProhibited
       Status: clientRenewProhibited
       Status: clientTransferProhibited
       Status: clientUpdateProhibited
       Updated Date: 28-apr-2011
       Creation Date: 07-may-2001
       Expiration Date: 07-may-2014
       Registered through: GoDaddy.com, LLC (http://www.godaddy.com)
       Domain Name: PCCWBTN.NET
          Created on: 07-May-01
          Expires on: 07-May-14
          Last Updated on: 27-Apr-11
    
       Registrant:
       PCCW-HKT DataCom Services Limited
       39/F PCCW Tower, Taikoo Place
       979 Kings Road
       Quarry Bay,  0
       Hong Kong
    
       Administrative Contact:
          Ralph, David  domain.admin@pccw.com
          PCCW-HKT DataCom Services Limited
          11/F East Exchange Tower
          38-40 Leighton Road
          Causeway Bay,  0
          Hong Kong
          +852.28836774      Fax -- +852.29625858
    
       Technical Contact:
          Ralph, David  domain.admin@pccw.com
          PCCW-HKT DataCom Services Limited
          11/F East Exchange Tower
          38-40 Leighton Road
          Causeway Bay,  0
          Hong Kong
          +852.28836774      Fax -- +852.29625858
    
       Domain servers in listed order:
          NS-CORP2.CAIS.NET
          NS-CORP3.CAIS.NET
          NS-CORP.CAIS.NET

    after some googling - for me it looks like it's a torrent-server (or something similar - a kind of p2p network)

    cheers!

    Edit | Forward | Quote | Quick Reply | Thanks

    Last edited by dadaniel; 2013-03-19 at 11:30. Reason: stupidy!

     
    stickymick | # 20 | 2013-03-19, 11:53 | Report

    Originally Posted by AMD View Post
    And I think because my passwords were so simple, the hacker could trace the password easily......
    Errrm... TBH, you were asking for trouble, then. A long as possible complicated combination of letters and numbers is always the best.

    Something that means something to you...... even if it's 3 words typed as 1 with the date when it happened is a good combination for a password.

    i.e: arrowin1066theeye.

    Edit | Forward | Quote | Quick Reply | Thanks

     
    Page 2 of 17 | Prev |   1   2   3     4   12 | Next | Last
vBulletin® Version 3.8.8
Normal Logout