[Coco] CoCo Forums hacker Hunt-Down Begins

DJ dj at isectran.com
Mon Dec 4 01:29:38 EST 2006 

http://www.dnsstuff.com is an excellent source of research tools for
tracking down IP addresses.

I found the following: 

Using 30+ day old  [STALE - being deleted now] cached answer (or, you can
get fresh results).
Hiding E-mail address (you can get results with the E-mail address).


OrgName:    ThePlanet.com Internet Services, Inc. 
OrgID:      TPCM
Address:    1333 North Stemmons Freeway
Address:    Suite 110
City:       Dallas
StateProv:  TX
PostalCode: 75207
Country:    US

ReferralServer: rwhois://rwhois.theplanet.com:4321

NetRange:   69.56.128.0 - 69.56.255.255 
CIDR:       69.56.128.0/17 
NetName:    NETBLK-THEPLANET-BLK-6
NetHandle:  NET-69-56-128-0-1
Parent:     NET-69-0-0-0-0
NetType:    Direct Allocation
NameServer: NS1.THEPLANET.COM
NameServer: NS2.THEPLANET.COM
Comment:    
RegDate:    2003-06-10
Updated:    2003-09-29

RTechHandle: PP46-ARIN
RTechName:   Pathos, Peter 
RTechPhone:  +1-214-782-7800
RTechEmail:  ******@theplanet.com 

OrgAbuseHandle: ABUSE271-ARIN
OrgAbuseName:   Abuse 
OrgAbusePhone:  +1-214-782-7802
OrgAbuseEmail:  *****@theplanet.com

OrgNOCHandle: TECHN33-ARIN
OrgNOCName:   Technical Support 
OrgNOCPhone:  +1-214-782-7800
OrgNOCEmail:  ******@theplanet.com

OrgTechHandle: TECHN33-ARIN
OrgTechName:   Technical Support 
OrgTechPhone:  +1-214-782-7800
OrgTechEmail:  ******@theplanet.com

# ARIN WHOIS database, last updated 2006-10-23 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.


Which, using the rwhois found this: 

%rwhois V-1.5:003eff:00 whois.theplanet.com (by Network Solutions, Inc.
V-1.5.9.5)
network:Class-Name:network
network:ID:THEPLANET-BLK-17
network:Auth-Area:69.56.128.0/17
network:Network-Name:TPIS-BLK-69-56-245-0
network:IP-Network:69.56.245.168/29
network:IP-Network-Block:69.56.245.168 - 69.56.245.175
network:Organization-Name:Evelyn Joyce Logrono
network:Organization-City:Aliso Viejo
network:Organization-State:CA
network:Organization-Zip:92656
network:Organization-Country:US
network:Description-Usage:customer
network:Server-Pri:ns1.theplanet.com
network:Server-Sec:ns2.theplanet.com
****************************@theplanet.com
*****************************@theplanet.com
network:Created:20040423
network:Updated:20050713

network:Class-Name:network
network:ID:THEPLANET-BLK-6
network:Auth-Area:69.56.128.0/17
network:Network-Name:69.56.128.0
network:IP-Network:69.56.128.0/17
network:IP-Network-Block:69.56.128.0 - 69.56.255.255
network:Organization;I:The Planet
******************************@theplanet.com
network:Admin-Contact;I:PP46-ARIN.0.0.0.0/0
network:Created:20030904
network:Updated:20030904

%referral rwhois://root.rwhois.net:4321/auth-area=.
%ok

 

Enjoy!



-----Original Message-----
From: coco-bounces at maltedmedia.com [mailto:coco-bounces at maltedmedia.com] On
Behalf Of Roger Taylor
Sent: Saturday, December 02, 2006 2:16 PM
To: cocolist for Color Computer Enthusiasts
Subject: [Coco] CoCo Forums hacker Hunt-Down Begins

The reason I'm posting this information is because without a doubt 
the following IP address was the one used to hack the CoCo3.com 
forums and I feel confident that this person can be exposed in a 
short time.  The forum log ends with a line showing the IP address of 
69.56.245.170 performing a delete operation on 225 members by the 
prune operation.

I'm not sure if ISPs can give out names behind IP addresses used at a 
certain time, but if this person has an IP address that doesn't 
change frequently, maybe Google can throw up some other references to 
the same IP and this person can be identified quicker.

Anyway, if needed, using days, weeks, or years of cross referencing, 
I plan to find you...  and smoke you out of your cave (computer 
chair) like Bush did to Saddam.

So, I start with:

http://whois.domaintools.com/69.56.245.170

I've got to convert some video for the CoCo DVD tonight so I'll have 
to get back to this a little later, but if anybody wants to help out, 
be my guest.  Actually, I have a few hacker-threat e-mails to look at 
from a few months ago, so I'll post more news soon.

Thanks

Roger


-- 
Roger Taylor



-- 
Coco mailing list
Coco at maltedmedia.com
http://five.pairlist.net/mailman/listinfo/coco

More information about the Coco mailing list