For the 'Johny English' in you

JdS · #1 08-May-2003, 07:32

Can anyone tell me anything about this IP address: 64.38.252.18 ?

Garth Farley · #2 08-May-2003, 15:10

Mmmmm, Natalie

Here's some stuff I "accidentally" came across:

Quote:

TraceRoute to 64.38.252.18

Hop (ms) (ms) (ms) IP Address Host name
-------------------------------------------------------
1 0 0 16 66.46.176.3 -
2 0 31 32 216.191.97.45 pos5-2.core2-mtl.bb.attcanada.ca
3 15 32 31 216.191.65.217 srp2-0.core1-mtl.bb.attcanada.ca
4 0 16 31 216.191.65.173 pos2-1.core2-tor.bb.attcanada.ca
5 16 31 31 216.191.65.243 srp2-0.gwy1-tor.bb.attcanada.ca
6 31 32 31 12.125.142.5 -
7 16 47 47 12.123.5.218 gbr5-p80.cgcil.ip.att.net
8 31 47 31 12.122.11.41 tbr1-p013501.cgcil.ip.att.net
9 15 47 32 12.123.6.33 ggr2-p300.cgcil.ip.att.net
10 16 32 31 209.0.227.77 so-1-1-0.edge1.chicago1.level3.net
11 31 31 31 209.244.8.13 so-2-1-0.bbr2.chicago1.level3.net
12 78 78 78 64.159.1.122 so-0-1-0.mp2.phoenix1.level3.net
13 78 78 78 64.159.3.110 gigabitethernet11-0.hsipaccess1.phoenix1.level3.net
14 94 78 78 63.214.160.130 bgp-cwie-cust.level3.net
15 94 93 94 64.38.252.18 -

Trace complete

Network IP address lookup:

whois whois.arin.net 64.38.252.18:

OrgName: CWIE, LLC
OrgID: CWIE
Address: 1125 E. Glendale Avenue
City: Phoenix
StateProv: AZ
PostalCode: 85020
Country: US

NetRange: 64.38.192.0 - 64.38.255.255
CIDR: 64.38.192.0/18
NetName: CWIE-BLK-1
NetHandle: NET-64-38-192-0-1
Parent: NET-64-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.CWIE.NET
NameServer: NS2.CWIE.NET
NameServer: NS3.CWIE.NET
NameServer: NS4.CWIE.NET
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 2000-02-22
Updated: 2002-08-20

TechHandle: RC622-ARIN
TechName: Cadwell, Ron
TechPhone: +1-602-248-4963
TechEmail: hostmaster@cavecreek.net

CaveCreek is a shared server webhosting service. Trying the NameServers, I got

Quote:

Server Name: NS1.CWIE.NET
IP Address: 64.38.192.10
Registrar: TUCOWS, INC.
Whois Server: whois.opensrs.net
Referral URL: www.opensrs.org

OpenSRS is a Tucows sponsered resellers service, and this IP is sitting on their server. So I don't think this Ron is to blame, he only owns the service's domain.

I guess you are being spammed by this address. You're not the only one with this problem, www.geocrawler.com and www.geocrawler.com

I find this address mentioned a bit: wolftam.cavecreek.net, which isn't a URL. The latter article also guessed a woftam.com address, which points to a porn site with services for webmasters. It also contains a whois for this domain.

Garth Farley

JdS · #3 09-May-2003, 05:28

Nice work Agent 1½!

No, it was not spam... actually, I rarely get spammed - only because I become ruthless when I get spammed

but that's another story altogether...

I was curious because this IP was all over the site yesterday but didn't appear on my usual logs / tracking scripts. I just happen to find it on particular log file but not on the others; so I became curious.

Between your info and the broken Deutsch, can I assume it was an email harvesting bot?

Garth Farley · #4 09-May-2003, 05:49

Ah, it must be a harvester then. The German sites were documenting how they were being spammed by the IP, but it's probably the same IP which harvests too.

GF, aka 001.5

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Rate This Thread
Rate This Thread:

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
How a search engine really works (In english)	jrobbio	Open Discussion Forum	0	06-Jul-2003 18:13