Tuesday Mar 06, 2007
Be Confident
See how identity management can help you protect, store, verify, and share identity data.
*
My
Profile*
- My last blog entry for this blog
- OpenSSO Enterprise Policy Agent 3.0: Processing Requests
- The Most Up-To-Date OpenSSO Wildcard Info
- OpenSSO Learning Made Easy: Amazing What a Little Virtualization Can Do
- OpenSSO: Wildcards and Handling Resources with Query Strings
- Wildcards for OpenSSO
- Policy Agent 3.0: Learning About J2EE Agents By Using the Sample Application
- GlassFish Instructions: domain1 for OpenSSO, domain2 for Policy Agent
- Policy Agent 3.0 Ease of Use
- Supported Sun Access Manager Updates More Quickly: OpenSSO Express
- How to Install GlassFish Then Policy Agent 3.0
- Microsoft IIS 6.0 With Outlook Web Access 2007/SharePoint 2007, Access Manager Policy Agent 2.2 for
- OpenSSO Policy Agent Properties: What do you want to know?
- How to install Tomcat 6.x then launch and configure OpenSSO
- Apache Tomcat 6.0, Access Manager Policy Agent 2.2 for
- SAP Enterprise Portal 7.0 and Web Application Server 7.0, Access Manager Policy Agent 2.2 for
- Federated Access Manager: famadm Command Line Utility
Total # of blog entries: 93
Total # of comments: 142
Today's Page Hits: 109
- Another Sun Identity Writer
-
Michael Teger*
- Sun Identity Folks
-
Pat Patterson*
-
Indira Thangasamy*
-
Dennis Seah*
-
Mark Dixon*
- Sun Identity Trainers
-
David Goldsmith*
-
R. Rajesh*
- Cool Sun Blogs
-
Dave Johnson*
-
Dave Levy*
-
Gregory Reimer*
- Sun Odds & Ends
- java.com*
-
java.net*
-
opensolaris.org*
- Sun Software Forums
-
Access Manager
Federation Manager
Policy Agent*
-
Directory Server*
-
Identity Manager*
-
OpenSSO Forum*
Tuesday Mar 06, 2007
Can anyone explain in plain English what static.theplanet.com is? Using StatCounter to analyze my blog traffic, I found my blog was visited from a host name that includes that name. A quick search indicates that it's some sort of robot. And it seems to annoy people at times, but what is it more precisely? Is a 50 word explanation reasonable and available somewhere?
UPDATE 03/26/07
By using the web analytic tool, statcounter.com to which I have a link at the bottom of this blog that anyone can view if he/she so wishes, I have noticed that a lot of people have been visiting this entry because they, too are trying to find out what static.theplanet.com is. I still have no answer to this. I've done a few searches and have still NOT found out what it is. Nobody has commented either, which makes sense; people searching for static.theplanet.com are probably trying to learn about it and aren't in a position to explain it. However, if you ever go on to find out what it is, please come back here and add a comment explaining it. It will be very helpful to many people. Thanks.
UPDATE 04/24/07
I've received two comments to this entry now. Thank you very much to those commenters. One of the comments lists this URL: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_BANLOAD.BEX&VSect=T I'd actually looked at that site before. However, I didn't get it. I think I get it better now that I've read it carefully. It seems a trojan (TROJ_BANLOAD.BEX) gets into a computer system and connects to various URLs. Most of those URLs contain static.theplanet.com. From there, it seems that other bad things are brought into the computer that try to get passwords and such for access into one's bank account(s).
I'm not certain that I'm interpreting that correctly. What I'm less certain of is the significance of static.theplanet.com. What's the break down? What's "static"? What's "theplanet.com"? Is it connected to http://www.theplanet.com/, which is a company that provides managed hosting solutions? Is static.theplanet.com necessarily bad or just sometimes?
Anyway, that's where I'm at now in terms of understanding. Please comment if you have anything to add.
UPDATE 05/15/07
I think the comment from Cameron King clarifies things. I don't know Cameron, but he could probably get a job as a technical writer. His answer seems quite clear to me. He even anticipates future questions and provides info about contacting theplanet.com just in case certain behavior that involves theplanet.com seems suspicious. So, from what I know now, it would seem highly unlikely that a visit to my blog from static.theplanet.com is malicious in any way. Now, I've learned a bit more about how the Internet works. Thanks Cameron.
UPDATE 09/05/07
The three most recent entries (Aug 08, Aug 10, and Sep 5, 2007) bring up specific security issues that involve a host that includes "static.theplanet.com." From what I gather at this point, the "static.theplanet.com" part is not the real issue here. Yes, bad things can be coming from such a host as well as just about any host anywhere. Kellie asks why 6 active guests have the IP address of a.f.5746.static.theplanet.com and if something malicious might be going on. I honestly don't know if this should be taken as suspicious behavior or not. Can anyone add anything here? Cameron King's comment does provide an email address where one can voice concerns. Does Kellie's scenario warrant this?
UPDATE 05/28/08
Quite a few comments have come in for this blog entry since I last added an update on 09/05/07. My impression is the same as it has been for a while. I'm relying a lot on the info that commenter Cameron King's left, which I believe implies that the bad things people are reporting from theplanet.com are simply viruses (or something similar) that were able to get into servers connected to theplanet.com network. It seems reasonable to me that theplanet.com doesn't have a higher percentage of these sort of nefarious activities than any other such network. Are there people out there thinking that there's something more wrong with theplanet.com network than, say AOL's? So, when people are reporting efforts to stop bad behavior from servers on theplanet.com network, I imagine the procedures to actually stop the badness would be similar if the badness were coming from some other network. Does that make sense. I just get the feeling that theplanet.com part of the problem is not that significant. Yes, no? Agree, disagree?
View My StatCounter.com Stats
Posted by 128.143.230.24 on April 02, 2007 at 01:18 PM PDT #
Posted by gerty on April 05, 2007 at 02:14 PM PDT #
Posted by Juan Daugherty on April 30, 2007 at 04:38 PM PDT #
The Planet is the #1 privately held, dedicated server hosting provider in the world (second only to publicly held IBM). What you are seeing are the reverse DNS entries for IP addresses of servers on their network that may be visiting your blog. Some possibilities might include an administrator logged into his server browsing the web or, a search engine operated by a customer of The Planet, or even non-Planet customers making use of a proxy service offered by one of these customers.
"Static" refers to the static IP addresses assigned to these customers. It is quite common for larger companies to include some sort of identifier in the RDNS entry to indicate the type of network this server belongs to, as a conveniance to those browsing their logs.
To answer your question about whether a particular server or IP address is connected with The Planet.... The Planet is the internet service provider for these customers, and is only minimally involved with the day-to-day activities on any given server. They are connected to their customers' servers in the same way that you are connected to AOL, Comcast, Time Warner, or you local telephone company. The Planet provides the network, and you, like The Planet's customers, are responsible for what you do with that connectivity. (Unless you begin to break the law or your contract... in this case, The Planet would take appropriate actions, just like any of the other aforementioned entities.)
It's not anything to be worried about really. Just because some virus somewhere was created and made use of a few servers on the network, does not offer any insight to the quality of the network as a whole or indicate that these servers are even still on the network serving the same purpose. Additionally, The Planet does have a staffed abuse team which investigates any reports of innapropriate activity taking place on the network. If you have any concerns along these lines, simply send an email to abuse@theplanet.com with any relevent logs you may have, and they will take a look at it for you.
If you have any further questions about The Planet, you should be able to reach them through the contact information available at http://www.theplanet.com.
Posted by Cameron King on May 12, 2007 at 07:21 AM PDT #
today an ip from this host tried to hack into one of my forum accounts. they did not succeed in 5 attempts and I was sent a warning by email.
Posted by adbox on August 08, 2007 at 08:53 AM PDT #
Hi Somebody did the same on my internet business site.. I hope it will not create any problem... in explorer, I type that name and it seem to be not a good thing. I saw your question there too... Hoping my '' virus protection'' will stand it !!
Very strange !! I am am from Montreal, Quebec, Canada.
Posted by Claire Latendresse on August 10, 2007 at 07:32 AM PDT #
Hmm...I looked up this static.the planet because I am an admin on a vBulletin forum. I was browsing our currently active users and was surprised to see activity from 6 guests, all of whom had the IP address: a.f.5746.static.theplanet.com.
Usually this kind of activity is reserver for webcrawlers. After reading your blog (and being tech dumb) why are they at our site en force, and do they have any ability to harm our membership? Should I put out a warning?
Thanks so much.
Posted by Kellie on September 05, 2007 at 03:37 PM PDT #
Hi I came here because in a recent upload of some php files to my server when I clicked a routine that would have updated a database table I was denied with the following message:
UPDATE command denied to user 'rrobot_donny'@'7a.87.5546.static.theplanet.com' for table 'firm' " which is totally confusing to me and freaking me out.
I have only uploaded three files into the directory and wrote all of the code in them myself. So I am unsure of how this "user" was being created and attempting to access my database through the update that I coded. When I went to the previously mentioned trojan, I followed the directions and didn't seem to have it. So now I am not sure what to do as my update.php no longer works.
Posted by Don on September 18, 2007 at 07:45 PM PDT #
they just tried me 27 times (10/1, 1:56 PM EDT to 2:10 PM EDT) but my security picked them up. All attempts were TCP.
Posted by Mort on October 01, 2007 at 11:37 AM PDT #
Hi - I found your blog the way many others have in trying to track down what static.theplanet.com is. I develop and admin a site which is a search engine and repository of scholarly research information. We are being hit by 12.f3.354a.static.theplanet.com up to 200 times per hour today. I would have to assume it is a webcrawler of some description run by a company which is hosted by theplanet.
Posted by Adrian Richardson on December 21, 2007 at 03:11 AM PST #
Hi I found this website looking for an answer to what "static.theplanet.com" is.. currently when I type netstat into the command prompt it says my computer has etablished a connection to
75.6.5746.static.theplanet.com:http
port 1099
75.6.5746.static.theplanet.com:http port 1100
75.6.5746.static.theplanet.com:http port kpop
75.6.5746.static.theplanet.com:http port 1110
I'm wondering what it could be..
Posted by Anonymous on January 07, 2008 at 08:36 PM PST #
I had this happen when I had Firefox installed, I kept on getting a "Bad Request" error on this forum I'm a member of along with this:
72.6c.5646.static.theplanet.com
This showed up in my profile and a few other places in the site, but only on Firefox, every so often, not on Internet Explorer.
Posted by Anonymous on January 22, 2008 at 12:25 PM PST #
Did a check in my command prompt with netstat, and it came up with that same static.theplanet.com address that I just posted. I am so ticked right now.
Posted by Anonymous on January 22, 2008 at 12:30 PM PST #
My website has been getting visits from: 92.f5.344a.static.theplanet.com
Every week or so for 3 years.
http://92.f5.344a.static.theplanet.com
Which has a login / password.
And 3a.72.5546.static.theplanet.com
http://3a.72.5546.static.theplanet.com
Which is http://www.incauda.com
Any idea the site is?
Posted by Anonymous on January 23, 2008 at 10:14 AM PST #
Just got my computer back and the said address isn't showing up anymore.
The computer person was able to get rid of it.
Posted by Anomyous on February 11, 2008 at 07:42 AM PST #
Last week, my internet connection slowed down and everytime I entered a url and hit enter in ie, I would be directed to some other site. I started getting warnings on my computer shortly after that about a virus/malware. I ran ALL KINDS of diagnostics and came up with very little help. Then, the next time I rebooted, it prompted me for a password!! I don't ever use a password to log on as I have, in the past, locked myself out. So, I was locked out of my computer. I reinstalled windows and zone alarm (love it) and spybot sd, and my alerts go CRAZY! Granted my computer is pretty safe, but zone alarm has alerted me to dozens of attempts to access my personal computer from variations of the same ip block. When I looked it up...static.theplanet.com! Yeah, it can do some serious damage. Thank goodness I back up regularly.
Posted by Bythesea on April 01, 2008 at 10:50 AM PDT #
Hi, I'm from the UK and know little about website admin. But like many others I have found your blog by google searching for static.theplanet.com. I spotted the issue because the users IP etc' has stretched one of our blocks on the home page. I then found them as a guest with the IP 74.55.37.146 and host name 92.25.374a.static.theplanet.com. Not sure how to get rid of them yet but I'll try blocking the IP or something similar.
They were trying to get into the forum admin area.
I'll let you know if the ban works, otherwise I will have to get someone else to help me.
Posted by Steve on May 28, 2008 at 07:51 AM PDT #
There is a website on theplanet.com's servers called dnsstuff.com. I joined this and paid a membership but the association with the planet.com is bothering me now. I have noticed that static.theplanet.com hits went up substantially in June 2008 on alexa but not on quantcast.
I need to follow up that they don't spoof the traffic of entire sites and host it there - not sure what's going on. Is there a major website on static.theplanet.com? So easy to spoof a URL these days. Possibly their bots are getting info about analytics accounts and learning what the top keywords are and stealing the links to post their own ads on stolen link. Web site theft is huge these days.
Think someone from the planet.com needs to explain what is going on here.
Maybe time for the FBI CyberPatrol to get involved with this one.
Posted by anonymous on August 21, 2008 at 11:04 AM PDT #
Go to DNSstuff.com and search the ip for the FBI.gov and it trace routs it to 82.3b.354a.static.theplanet.com. What does that mean ?
Posted by Unknown on October 15, 2008 at 11:29 AM PDT #
Hello folks,
I'll add a new twist to this saga. It's called a Russian/Ukrainian marriage scam.
I have been corresponding with an alleged 25-year-old Ukrainian lady in western Ukraine for approximately one month. It started looking highly suspicious after about one week. So I checked the e-mail header and discovered that the apparent origination of these e-mail is this ip address 67.18.118.140 which shows up as ThePlanet.com in Dallas. And yes, I received the "static" stuff, too. Here's what mine looked like:
8c.76.1243.static.theplanet.com
Anyway, the header shows these e-mails bouncing around Russia a couple of times and then arriving in my in-box. Not once did any of the dozen or so e-mails I've received ever run through Ukraine. Not at least by looking at the header anyway.
The hook came just a few days ago when the "Internet Cafe Manager" (yeah, right) in this small Ukrainian town on the Polish border sent me an e-mail. I'm a marketing professional myself, and I have to admit there were some good one-liners in the e-mail. Nonetheless, the Internet cafe manager told me that the holidays are coming up and she could help me send the girl I've been corresponding with some great gifts! The e-mail included a pricing schedule of some of the most inflated prices I've ever seen. Oh yeah, and don't forget to send your money via Western Union.
First of all, there is no 25-year-old woman. It's probably a man. Second, any money sent would all go into someone's bank account. I wish the Russian/Ukrainian authorities would do something about this pervasive problem. It's probably run by the mafia. That's why it won't get fixed anytime soon.
I didn't get taken for any money. I would never send money to people like that over the Interent. However, I do admit, it is kind of fun to play along and then nab these despicable low-lifes.
I reported this one to ThePlanet.com and am in the process of filing complaints with as many relevant authorities as I can.
There's my story and how it relates to what you've been talking about.
I don't know enough about all this Internet stuff...proxies and tricks...but can someone appear to be sending e-mails from Dallas, Texas and actually be operating in Ukraine?
How does this work? I would love to understand the basic methodology behind it.
Thanks!!
Posted by Rich on December 19, 2008 at 11:37 AM PST #
while yall on the subject, best get everyone in sync.
im here for the purpose of fighting an undetectable with all the whistles smart bot with a hacker attached. i get over 1 or 2 thousand an hour attemps that started in febuary. i been fighting this hacker since aug/sep of 2008.
so far, it takes over your drive aka master boot record 1 of 2 in sector zero and copys itself mulitple hidden partitions in all your drives, when i scan deply, i get around 40 per drive.
it also takes a section of your memory and cloaks itself and allows the hacker to do what it wants. sorry to say, but i see them go in and out of every site from a to z through the dns servers.. they seem to mess with HASH and IE cookies. i still cant stop it, and for me, the most sites that come up are comcast, mci, ripe, apnic, msft.net and lately more phone sites. ya, my phone is rerouting also. here is a recent list of what brought me here.
from active sessions of hackers using port 80.
207.46.197.32
192.168.0.101:49217 27037 199.238.166.245:80 TCP EST Out 128 7786
192.168.0.101:49215 57057 65.54.166.122:80 TCP CW Out 128 7779
192.168.0.101:49214 34582 65.54.166.122:80 TCP CW Out 128 7779
192.168.0.101:49213 17607 199.238.166.245:80 TCP CL Out 128 225
192.168.0.101:56669 12933 75.116.63.154:53 UDP - Out 128 234
192.168.0.101:49208 17230 65.54.166.122:80 TCP CL Out 128 160
192.168.0.101:49207 45521 65.54.166.122:80 TCP CL Out 128 160
192.168.0.101:49206 35212 65.54.166.122:80 TCP CL Out 128 160
192.168.0.101:49205 25329 65.54.166.122:80 TCP CL Out 128 160
192.168.0.101:49204 30648 65.54.166.122:80 TCP CL Out 128 160
192.168.0.101:49203 10211 65.54.166.122:80 TCP CL Out 128 160
192.168.0.101:51870 8346 75.116.63.154:53 UDP - Out 128 135
192.168.0.101:49202 52118 207.46.16.252:80 TCP CL Out 128 74
192.168.0.101:54566 36334 75.116.63.154:53 UDP - Out 128 113
192.168.0.101:49201 44273 65.54.152.125:80 TCP CL Out 128 23
192.168.0.101:55832 38744 75.116.63.154:53 UDP - Out 128 53
192.168.0.101:49200 59850 63.88.212.184:80 TCP CL Out 128 160
192.168.0.101:49199 35139 207.46.16.243:80 TCP CL Out 128 21
192.168.0.101:61544 9676 75.116.63.154:53 UDP - Out 128 50
192.168.0.101:49198 5884 65.55.87.165:80 TCP CL Out 128 21
192.168.0.101:56584 10158 75.116.63.154:53 UDP - Out 128 50
192.168.0.101:49197 30093 65.203.229.40:80 TCP CL Out 128 21
192.168.0.101:61903 54989 75.116.63.154:53 UDP - Out 128 49
192.168.0.101:49196 38722 63.88.212.184:80 TCP CL Out 128 160
192.168.0.101:59561 6071 75.116.63.154:53 UDP - Out 128 49
192.168.0.101:49195 20225 65.55.15.122:80 TCP CL Out 128 21
192.168.0.101:57096 49082 75.116.63.154:53 UDP - Out 128 48
192.168.0.101:49194 21496 205.128.84.126:80 TCP CL Out 128 21
192.168.0.101:55978 27276 75.116.63.154:53 UDP - Out 128 48
192.168.0.101:49192 34632 8.14.193.121:80 TCP CL Out 128 21
192.168.0.101:49193 60715 8.14.193.121:80 TCP CL Out 128 21
192.168.0.101:49191 62447 8.14.193.121:80 TCP CL Out 128 21
192.168.0.101:49190 15474 8.14.193.121:80 TCP CL Out 128 27
192.168.0.101:49189 26319 8.14.193.121:80 TCP CL Out 128 21
192.168.0.101:49188 30366 8.14.193.121:80 TCP CL Out 128 21
192.168.0.101:49187 25249 8.14.193.130:80 TCP CL Out 128 21
192.168.0.101:60992 9338 75.116.63.154:53 UDP - Out 128 47
192.168.0.101:49186 31372 8.14.193.130:80 TCP CL Out 128 21
192.168.0.101:49184 54606 8.14.193.130:80 TCP CL Out 128 21
192.168.0.101:49185 7161 8.14.193.130:80 TCP CL Out 128 21
192.168.0.101:50541 60483 75.116.63.154:53 UDP - Out 128 45
192.168.0.101:49183 57681 65.55.12.249:80 TCP CL Out 128 16
192.168.0.101:49182 19112 65.55.12.249:80 TCP CL Out 128 16
192.168.0.101:49181 14391 65.55.12.249:80 TCP CL Out 128 21
192.168.0.101:49180 55612 65.55.12.249:80 TCP CL Out 128 21
192.168.0.101:49179 36519 65.55.12.249:80 TCP CL Out 128 21
192.168.0.101:49178 22278 65.55.12.249:80 TCP CL Out 128 16
192.168.0.101:61633 22187 75.116.63.154:53 UDP - Out 128 44
192.168.0.101:49177 26343 207.46.197.32:80 TCP CL Out 128 16
192.168.0.101:54411 11199 75.116.63.154:53 UDP - Out 128 38
192.168.0.101:55955 53365 75.116.63.154:53 UDP - Out 128 37
192.168.0.101:51799 42071 75.116.63.154:53 UDP - Out 128 35
192.168.0.101:63335 21691 75.116.127.154:53 UDP - Out 128 11
192.168.0.101:63335 21691 75.116.63.154:53 UDP - Out 128 11
98.134.210.16:68 68 *.*.*.*:* UDP - - 128 -
192.168.0.1:8282 8282 *.*.*.*:* TCP NO - 128 -
98.134.210.16 - *.*.*.* ICMP - - 128 -
WHOIS - 207.46.197.32
Location: Unknown
Using 26 day old cached answer (or, you can get fresh results).
Hiding E-mail address (you can get results with the E-mail address).
OrgName: Microsoft Corp
OrgID: MSFT
Address: One Microsoft Way
City: Redmond
StateProv: WA
PostalCode: 98052
Country: US
NetRange: 207.46.0.0 - 207.46.255.255
CIDR: 207.46.0.0/16
NetName: MICROSOFT-GLOBAL-NET
NetHandle: NET-207-46-0-0-1
Parent: NET-207-0-0-0-0
NetType: Direct Assignment
NameServer: NS1.MSFT.NET
NameServer: NS5.MSFT.NET
NameServer: NS2.MSFT.NET
NameServer: NS3.MSFT.NET
NameServer: NS4.MSFT.NET
Comment:
RegDate: 1997-03-31
Updated: 2004-12-09
RTechHandle: ZM39-ARIN
RTechName: Microsoft
RTechPhone: +1-425-882-8080
RTechEmail: ***@microsoft.com
OrgAbuseHandle: ABUSE231-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-425-882-8080
OrgAbuseEmail: *****@hotmail.com
OrgAbuseHandle: HOTMA-ARIN
OrgAbuseName: Hotmail Abuse
OrgAbusePhone: +1-425-882-8080
OrgAbuseEmail: *****@hotmail.com
OrgAbuseHandle: MSNAB-ARIN
OrgAbuseName: MSN ABUSE
OrgAbusePhone: +1-425-882-8080
OrgAbuseEmail: *****@msn.com
OrgNOCHandle: ZM23-ARIN
OrgNOCName: Microsoft Corporation
OrgNOCPhone: +1-425-882-8080
OrgNOCEmail: ***@microsoft.com
OrgTechHandle: MSFTP-ARIN
OrgTechName: MSFT-POC
OrgTechPhone: +1-425-882-8080
OrgTechEmail: ******@microsoft.com
# ARIN WHOIS database, last updated 2009-07-29 20:00
# Enter ? for additional hints on searching ARIN's WHOIS database.
traceroute shows this
Traceroute to
207.46.197.32Hop T1 T2 T3 Best Graph IP Hostname Dist TTL Ctry Time
1 9 3 * 0.6 ms 174.133.202.225 AS21844THEPLANET-AS e1.ca.85ae.static.theplanet.com. 255 US Unix: 23:37:55.431
2 0 0 * 0.6 ms [+0ms] 74.55.252.89 AS21844THEPLANET-AS et4-13.ibr01.hstntx2.theplanet.com. 0 miles [+0] 63 US [Router did not respond]
3 6 6 * 5.9 ms [+5ms] 70.87.253.49 AS21844THEPLANET-AS et5-4.ibr03.dllstx3.theplanet.com. 0 miles [+0] 62 US [Router did not respond]
4 6 6 * 5.9 ms [+0ms] 70.87.253.18 AS21844THEPLANET-AS te7-1.dsr02.dllstx3.theplanet.com. 0 miles [+0] 252 US Unix: 23:37:55.528
5 6 5 * 5.9 ms [+0ms] 70.87.253.25 AS21844THEPLANET-AS et3-2.ibr04.dllstx3.theplanet.com. 0 miles [+0] 61 US [Router did not respond]
6 6 6 * 6.1 ms [+0ms] 206.223.118.17 AS2914NTT-COMMUNICATIONS-2914 8075-dal.msn.net. 0 miles [+0] 251 US Unix: 23:37:55.595
7 6 6 * 6.1 ms [+0ms] 207.46.47.198 AS8075MICROSOFT-CORP---MSN-AS-BLOCK unknown.msft.net 0 miles [+0] 249 US [Router did not respond]
8 62 57 * 57 ms [+51ms] 207.46.43.190 AS8075MICROSOFT-CORP---MSN-AS-BLOCK unknown.msft.net 0 miles [+0] 245 US [Router did not respond]
9 57 57 * 57 ms [+0ms] 207.46.43.195 AS8075MICROSOFT-CORP---MSN-AS-BLOCK ge-0-1-0-0.wst-64cb-1a.ntwk.msn.net. 0 miles [+0] 247 US [Router did not respond]
10 58 58 * 58 ms [+0ms] 207.46.43.218 AS8075MICROSOFT-CORP---MSN-AS-BLOCK ge-1-0-0-0.cpk-64c-1a.ntwk.msn.net. 0 miles [+0] 245 US [Router did not respond]
11 120 215 * 58 ms [+0ms] 207.46.47.193 AS8075MICROSOFT-CORP---MSN-AS-BLOCK ten3-4.cpk-76c-1b.ntwk.msn.net. 0 miles [+0] 245 US [Router did not respond]
12 62 58 * 58 ms [+0ms] [10.x.x.x] AS0IANA-RSVD-0 [Internal] -1 miles [+0] 0 miles [+0] 243 [??] [Router did not respond]
13 * * * 99999 ms [+99999ms] [Unknown] [Unknown - Firewall did not respond] -1 miles [+0] 0 miles [+0]
14 * * * 99999 ms [+0ms] [Unknown] [Unknown - Firewall did not respond] -1 miles [+0] 0 miles [+0]
15 * * * 99999 ms [+0ms] [Unknown] [Unknown - Firewall did not respond] -1 miles [+0] 0 miles [+0]
16 * * * 99999 ms [+0ms] [Unknown] [Unknown - Firewall did not respond][4 hops with no response:assuming we hit a firewallthat blocks pings] -1 miles [+0]
17
18
19
20
Analysis:Number of hops: 16
Last hop responding to ICMP: 12, UDP: 12, TCP: 0.
There appears to be a firewall at (hop 13) that blocks ICMP (ping) packets.
There appears to be a firewall at (hop 13) that blocks unwanted UDP packets.
There appears to be a firewall at 174.133.202.225 (hop 1) that blocks unwanted TCP packets.
Legend:
ECN was not used on the TCP packets. To use ECN, click here.
T1/T2/T3 are the round-trip times in milliseconds (1/1000ths of a second).
T1 uses a proper ICMP-based tracert (Microsoft style). T2 uses a UDP-based traceroute (Unix-style). T3 uses a TCP-based traceroute (port 80).
Since many ISPs now block ICMP and/or packets to unknown ports, T3 (rarely used by traceroute programs) typically shows the best results.
Best times may be theoretical (if it takes 80ms to hop 10, and 50ms to hop 11, we say the best time for hop 10 is 50ms).
If no reverse DNS entry is given for an IP, we display 'unknown.example.com' if the domain name is known.
IP Information - 207.46.197.32IP address: 207.46.197.32
Reverse DNS: [Timeout]
Reverse DNS authenticity: [Unknown]
ASN: 8070
ASN Name: MICROSOFT-CORP---MSN-AS-BLOCK
IP range connectivity: 1
Registrar (per ASN): ARIN
Country (per IP registrar): US [United States]
Country Currency: USD [United States Dollars]
Country IP Range: 207.46.0.0 to 207.46.255.255
Country fraud profile: Normal
City (per outside source): Unknown
Country (per outside source): -- []
Private (internal) IP? No
IP address registrar: whois.arin.net
Known Proxy? No
Link for WHOIS: 207.46.197.32
Hop T1 T2 T3 Best Graph IP Hostname Dist TTL Ctry Time 1 0 1 * 0.6 ms 174.133.202.225 AS21844THEPLANET-AS e1.ca.85ae.static.theplanet.com. 255 US Unix: 23:45:03.770 2 0 0 * 0.6 ms [+0ms] 74.55.252.89 AS21844THEPLANET-AS et4-13.ibr01.hstntx2.theplanet.com. 0 miles [+0] 63 US [Router did not respond] 3 6 6 * 6.1 ms [+5ms] 12.88.102.229 AS7018ATT-INTERNET4 unknown.att.net 0 miles [+0] 248 US [Router did not respond] 4 46 35 * 24 ms [+18ms] 12.122.147.138 AS7018ATT-INTERNET4 cr2.hs1tx.ip.att.net. 0 miles [+0] 243 US [Router did not respond] 5 36 35 * 24 ms [+0ms] 12.122.28.157 AS7018ATT-INTERNET4 cr1.dlstx.ip.att.net. 0 miles [+0] 244 US [Router did not respond] 6 36 35 * 24 ms [+0ms] 12.122.1.210 AS7018ATT-INTERNET4 cr2.dlstx.ip.att.net. 0 miles [+0] 245 US [Router did not respond] 7 36 35 * 24 ms [+0ms] 12.122.3.222 AS7018ATT-INTERNET4 cr1.sl9mo.ip.att.net. 0 miles [+0] 246 US [Router did not respond] 8 35 34 * 24 ms [+0ms] 12.122.112.5 AS7018ATT-INTERNET4 gar1.ltrar.ip.att.net. 0 miles [+0] 248 US [Router did not respond] 9 35 35 * 24 ms [+0ms] 12.91.222.166 AS7018ATT-INTERNET4 unknown.att.net 0 miles [+0] 246 US Unix: 23:45:04.110 10 * * * 24 ms [+0ms] [Unknown] [Unknown - Firewall did not respond] 0 miles [+0] 11 30 24 * 24 ms [+0ms] 75.116.238.109 AS2634ALLTEL unknown.windstream.net -1 miles [+0] 0 miles [+0] 246 US [Router did not respond] 12 28 26 * 26 ms [+1ms] 75.116.237.36 AS2634ALLTEL unknown.windstream.net -1 miles [+0] 0 miles [+0] 246 US [Router did not respond] 13 60 56 * 56 ms [+30ms] 98.134.134.120 AS2634ALLTEL h120.134.134.98.ip.windstream.net. -1 miles [+0] 0 miles [+0] 246 US Microsoft: 23:45:04. 78 14 232 187 * 187 ms [+130ms] 98.134.134.120 ASN=2634[Destination Unreachable] h120.134.134.98.ip.windstream.net. -1 miles [+0] 0 miles [+0] 246 Microsoft: 23:45:04.265 15 * * * 99999 ms [+99812ms] [Unknown] [Unknown - Firewall did not respond] -1 miles [+0] 0 miles [+0] 16 * * * 99999 ms [+0ms] [Unknown] [Unknown - Firewall did not respond] -1 miles [+0] 0 miles [+0] 17 * * * 99999 ms [+0ms] [Unknown] [Unknown - Firewall did not respond] -1 miles [+0]
Posted by Loni on August 25, 2009 at 09:56 PM PDT #
I've tracked a real hack. Caught an email set up in the back of my gmail.com account.
There all in there.. DEEP.
e1.ca.85ae.static.theplanet.com
I have tracked an apparent group of Chinese and Nigerian hacks
See the below address. I have facebook profiles. Once Email record traced back to a us. military base in CA. So, what the hell? Don't ask what your not ready for the answer.
http://www.ip-adress.com/ipaddressdistance/index.php?ip1=74.190.109.250&ip2=192.168.1.100
Posted by HF on November 21, 2009 at 03:41 AM PST #
74.190.109.250 is clearly in the string I posted.
Clicking on the string now give a different location of the same IP address. I was in a different location at the time of posting.
Interesting.. How could that be.
OrgName: Internet Assigned Numbers Authority
OrgID: IANA
Address: 4676 Admiralty Way, Suite 330
City: Marina del Rey
StateProv: CA
PostalCode: 90292-6695
Country: US
Seem to me a company selling info.to the Gov. and and high bidder! Hacks included.
Posted by HF on November 21, 2009 at 03:28 PM PST #