cyber sleuth some IPs for me

[Sonic dB]

Can anyone track these IP addresses for me and get any detailed
information more than what I already have?

I realize that these may be dynamic IPs and difficult to track,
however a couple of them point to specific companies. Can any
more info be learned about these IPS other than what I have
below? thx.

66.180.82.81, 66.180.82.85 & 66.180.82.89

3 seperate log ins...all from this company, which makes
virus software....hmmm thats very intersting.

66.180.80.0 - 66.180.95.255
CIDR: 66.180.80.0/20
NetName: NET-TRENDMICRO-COM
NetHandle: NET-66-180-80-0-1
Parent: NET-66-0-0-0-0
NetType: Direct Assignment
NameServer: TMNS1.TRENDMICRO.COM
NameServer: TMNS2.TRENDMICRO.COM
Comment:
RegDate: 2005-12-22
Updated: 2005-12-22


64.246.165.180
One log in, and is probably a hosting company so would
be dynamic IP

OrgName: Compass Communications, Inc.
OrgID: CPCM
Address: 2001 6th Avenue
Address: Suite 3205
City: Seattle
StateProv: WA
PostalCode: 98121
Country: US

ReferralServer: rwhois://rwhoisd.ccom.net:4321

NetRange: 64.246.160.0 - 64.246.191.255
CIDR: 64.246.160.0/19
NetName: CCOM-2003
NetHandle: NET-64-246-160-0-1
Parent: NET-64-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.CCOM.NET
NameServer: NS2.CCOM.NET
Comment:
RegDate: 2003-05-16
Updated: 2004-03-10



74.6.72.165

This is from a company that is now Yahoo Seach Sponsorship,
which is very interesting...as why would someone there be
interested in my site.

OrgName: Inktomi Corporation
OrgID: INKT
Address: 701 First Ave
City: Sunnyvale
StateProv: CA
PostalCode: 94089
Country: US

NetRange: 74.6.0.0 - 74.6.255.255
CIDR: 74.6.0.0/16
NetName: INKTOMI-BLK-6
NetHandle: NET-74-6-0-0-1
Parent: NET-74-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.YAHOO.COM
NameServer: NS2.YAHOO.COM
NameServer: NS3.YAHOO.COM
NameServer: NS4.YAHOO.COM
NameServer: NS5.YAHOO.COM
Comment:
RegDate: 2006-02-13
Updated: 2006-02-13

[jeffgrant]

Actually, the WHOIS database is regularly "snarfed" for data, so that the website address (the URL, not the IP) can be spidered for any email addresses to add to spam lists.

This happens to me a ton... I've got about 5 domains that have never been published anywhere, and are used only by me for various purposes (projects that never got released, etc), and each one has a "webserver admin" email address that is listed on it.

Those email addresses start receiving spam, and it's all generated by the Whois Lookup.

Never mind spam to the actual WHOIS database email contact itself.


Personally, I doubt that it's the same person.

[jeffgrant]

Quote:

Originally posted by Sonic dB
3 seperate log ins...all from this company, which makes
virus software....hmmm thats very intersting.

I'm sure you meant anti-virus.


FYI, most of this spidering is done using viruses and malware.

Anti-virus companies, among others, usually operate what are called "honeypots", which basically attract and incubate viruses/malware so that they can be studied, dissected, and an anti-virus developed.

Wikipedia description here: http://en.wikipedia.org/wiki/Honeypot_%28computing%29


Odds are that in the normal process of the virus doing it's thing, it happened to have you in it's sights, but it just happened to be running from within an anti-virus company's honeypot... or they actually have some infected computers in their network. (Cobbler's children and all that).

Most larger anti-virus companies that I've worked with in the past (I do Internet security "stuff" for banks and governments, among other things) usually keep their honeypots Internet location (IP's) as a closely guarded secret, so that it's not easily detectable. This is because some high-tech, uber-smart virus writers make their code NOT go there so that their creations can last a little longer in the wild. Having those boxes be configured in reverse DNS is kind of a "beginner's mistake", if you will.