Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can someone Find Out What this is???


  • Please log in to reply
19 replies to this topic

#1 epicdig07

epicdig07

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 27 July 2016 - 03:15 PM

Hello, I was running wire shark and saw a single request from 69.172.216.111. I "read" it to it and found there's a URL that is "http://69.172.216.111//admin" theres a couple links in there. Could someone track this down for me and let me know what is found. Thanks and the Reward for doing it is the felling of tracking someone down. I love the felling!



BC AdBot (Login to Remove)

 


#2 Naught McNoone

Naught McNoone

  • Members
  • 304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Great White North
  • Local time:06:19 PM

Posted 27 July 2016 - 03:44 PM

You might what to start with googling "Peer 1 Network."

Are you using any of their services?

 

The console command "whois 69.172.216.111" returned the following:

 

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/public/whoisinaccuracy/index.xhtml
#


#
# The following results may also be obtained via:
# https://whois.arin.net/rest/nets;q=69.172.216.111?showDetails=true&showARIN=false&showNonArinTopLevelNet=false&ext=netref2
#


# start

NetRange:       69.172.192.0 - 69.172.255.255
CIDR:           69.172.192.0/18
NetName:        PEER1-BLK-14
NetHandle:      NET-69-172-192-0-1
Parent:         NET69 (NET-69-0-0-0-0)
NetType:        Direct Allocation
OriginAS:       
Organization:   Peer 1 Network (USA) Inc. (PER1)
RegDate:        2009-03-17
Updated:        2012-02-24
Ref:            https://whois.arin.net/rest/net/NET-69-172-192-0-1


OrgName:        Peer 1 Network (USA) Inc.
OrgId:          PER1
Address:        75 Broad Street
Address:        2nd Floor
City:           New York
StateProv:      NY
PostalCode:     10004
Country:        US
RegDate:        
Updated:        2015-08-24
Ref:            https://whois.arin.net/rest/org/PER1


OrgTechHandle: ZP55-ARIN
OrgTechName:   PEER 1 Network Inc
OrgTechPhone:  +1-866-484-2588
OrgTechEmail:  net-admin@peer1.net
OrgTechRef:    https://whois.arin.net/rest/poc/ZP55-ARIN

OrgAbuseHandle: NSA-ARIN
OrgAbuseName:   Peer 1 Network AUP Enforcement
OrgAbusePhone:  +1-604-484-2588
OrgAbuseEmail:  abuse@peer1.net
OrgAbuseRef:    https://whois.arin.net/rest/poc/NSA-ARIN

RAbuseHandle: NSA-ARIN
RAbuseName:   Peer 1 Network AUP Enforcement
RAbusePhone:  +1-604-484-2588
RAbuseEmail:  abuse@peer1.net
RAbuseRef:    https://whois.arin.net/rest/poc/NSA-ARIN

RNOCHandle: ZP55-ARIN
RNOCName:   PEER 1 Network Inc
RNOCPhone:  +1-866-484-2588
RNOCEmail:  net-admin@peer1.net
RNOCRef:    https://whois.arin.net/rest/poc/ZP55-ARIN

RTechHandle: ZP55-ARIN
RTechName:   PEER 1 Network Inc
RTechPhone:  +1-866-484-2588
RTechEmail:  net-admin@peer1.net
RTechRef:    https://whois.arin.net/rest/poc/ZP55-ARIN

# end


# start

NetRange:       69.172.216.0 - 69.172.216.255
CIDR:           69.172.216.0/24
NetName:        PEER1-SAFEROUTE-01
NetHandle:      NET-69-172-216-0-1
Parent:         PEER1-BLK-14 (NET-69-172-192-0-1)
NetType:        Reassigned
OriginAS:       
Organization:   Saferoute Incorporated (SAFER-1)
RegDate:        2009-08-06
Updated:        2009-08-06
Ref:            https://whois.arin.net/rest/net/NET-69-172-216-0-1


OrgName:        Saferoute Incorporated
OrgId:          SAFER-1
Address:        15 Cliff Street
Address:        #12B
City:           New York
StateProv:      NY
PostalCode:     10038
Country:        US
RegDate:        2009-03-09
Updated:        2011-09-24
Ref:            https://whois.arin.net/rest/org/SAFER-1


OrgAbuseHandle: NETWO2984-ARIN
OrgAbuseName:   Network Operations
OrgAbusePhone:  +1-877-447-6883
OrgAbuseEmail:  noc@saferouteinc.net
OrgAbuseRef:    https://whois.arin.net/rest/poc/NETWO2984-ARIN

OrgTechHandle: NETWO2984-ARIN
OrgTechName:   Network Operations
OrgTechPhone:  +1-877-447-6883
OrgTechEmail:  noc@saferouteinc.net
OrgTechRef:    https://whois.arin.net/rest/poc/NETWO2984-ARIN

# end



#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/public/whoisinaccuracy/index.xhtml
#
 



#3 epicdig07

epicdig07
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 27 July 2016 - 03:45 PM

No, absolutely not, its is foreign to me.



#4 Naught McNoone

Naught McNoone

  • Members
  • 304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Great White North
  • Local time:06:19 PM

Posted 27 July 2016 - 03:52 PM

You may have picked something up off of one of the websites that they host.

 

I'm going to suggest you take it over to this forum:

 

BleepingComputer.com → Security → Virus, Trojan, Spyware, and Malware Removal Logs

 

They will be able to help you find out if you have a bug in your system.

 

Cheers!

 

Naught.



#5 Viper_Security

Viper_Security

  • Members
  • 816 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:03:19 PM

Posted 27 July 2016 - 04:03 PM

let me boot my linux, and Peer 1 provides Internet hosting services that include managed hosting, dedicated servers, collocation, and cloud computing.they are based in Vancouver,BC Canada


    IT Auditor & Security Professional

hQBT2G3.png


#6 epicdig07

epicdig07
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 27 July 2016 - 04:04 PM

Thanks mine Linux box is kinda destroyed right now haha

#7 Viper_Security

Viper_Security

  • Members
  • 816 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:03:19 PM

Posted 27 July 2016 - 04:37 PM

Im not finding anything malicious so far. just that its a network provider,  ran maltego, dmitry, and abunch of others, they all said the same thing, Vancouver BC Canada based company with and office in NY.

 

 

yes the coordinates i got from the netblocks are in GA. still searching.


    IT Auditor & Security Professional

hQBT2G3.png


#8 epicdig07

epicdig07
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 27 July 2016 - 04:39 PM

Ah, it's good, as long as it's not a bad things, it's fine think, still wander why there contacting me

#9 Viper_Security

Viper_Security

  • Members
  • 816 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:03:19 PM

Posted 27 July 2016 - 04:40 PM

what was the stream? was it UDP, TCP or ICMP?

 

 

 

also this keeps appearing in my results dt.adsafeprotected......... ( not going to type the rest at it seems malicious)

 

found out who owns that IP.

 

Integral Ad Science

 

Integral Ad Science is known for addressing issues around fraud, view-ability, brand risk and TRAQ, a proprietary media quality score

 

 

has anyone called about your machine POSSIBLY being infected? or has anything popped up on your screen?

 

EDIT: their system is autonomous, meaning it does it's tasks by itself.

IF their system is out of whack they should be notified ASAP.


Edited by Viper_Security, 27 July 2016 - 04:48 PM.

    IT Auditor & Security Professional

hQBT2G3.png


#10 epicdig07

epicdig07
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 27 July 2016 - 04:40 PM

TCP then udp

#11 Viper_Security

Viper_Security

  • Members
  • 816 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:03:19 PM

Posted 27 July 2016 - 04:53 PM

which was the source and which was the destination? (please hide your IP with asterisks for security reasons)


    IT Auditor & Security Professional

hQBT2G3.png


#12 epicdig07

epicdig07
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 27 July 2016 - 04:54 PM

Nothing popped up and nobody called

#13 Viper_Security

Viper_Security

  • Members
  • 816 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:03:19 PM

Posted 27 July 2016 - 04:55 PM

okay well that's a good sign. ill let you know more once i do haha.


    IT Auditor & Security Professional

hQBT2G3.png


#14 epicdig07

epicdig07
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 27 July 2016 - 04:55 PM

69.172.216.111 was source, ***.***.***.*** Was destination

#15 Viper_Security

Viper_Security

  • Members
  • 816 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:03:19 PM

Posted 27 July 2016 - 04:59 PM

69.172.216.111 was source, ***.***.***.*** Was destination

Ouch, Okay, then as Naught McNoone had said  you may have picked something up, so scan your machine just to be safe


    IT Auditor & Security Professional

hQBT2G3.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users