Who is this? Help me catch my online stalker. [Archive] - Glock Talk

PDA

View Full Version : Who is this? Help me catch my online stalker.


10 Ring Tao
10-04-2004, 11:56
I've been getting harrassing messages from IP 12.167.152.126, if anyone can tell me more about it, than it is linked to mail.ericksonmail.com, I'd greatly appreciate it.

After a bit further digging/googling, it seems ericksonmail.com is the domain email address of Erickson Retirement Communities, http://www.ericksoncommunities.com/contact .

Maybe this person is harassing me from their work?

Network-tools leads me to believe this IP is from texas? That would make sense as there is an Erickson community near houston.

http://www.ericksoncommunities.com/locations.asp

66.98.244.1 gphou-66-98-244-1.ev1.net
66.98.240.4 gphou-66-98-240-4.ev1.net
129.250.10.105 ge-0-1-0-50.r00.hstntx01.us.bb.verio.net
129.250.5.42 p16-1-1-1.r21.dllstx09.us.bb.verio.net
129.250.9.38 p16-0.att.dllstx09.us.bb.verio.net
12.123.17.86 tbr2-p014001.dlstx.ip.att.net
12.122.10.89 tbr2-cl6.sl9mo.ip.att.net
12.122.9.141 tbr1-cl2.sl9mo.ip.att.net
12.122.10.29 tbr1-cl4.wswdc.ip.att.net
12.122.11.170 gbr5-p10.wswdc.ip.att.net
12.123.194.65 ar1-p310.btmmd.ip.att.net
12.126.170.54 -
12.167.152.125 -
Destination host unreachable

After googling the IP, I found a few different people linked to it. Does googling the IP tell me anything?

HerrGlock
10-04-2004, 12:17
Be really careful here. It may not be anyone from that company at all.

You might consider writing root@ericksonmail.com, admin@, abuse@, and tell them someone from their domain is misusing resources. Attach the log files that show the connections or attempted connections.

Find who leases their IP addresses and send CC to the owner of the block.

If they have been cracked, someone may just be screwing with the company via you and your mail would give the admins a head's up about it. If they're at fault, the owner comany of the IP block will want to know. Either way, don't expect to hear back from either of them, but odds are that you'll not hear from the miscreant again.

DanH

Anon1
10-04-2004, 12:35
The very last section has Tech Contact info and in the middle is abuse contact info.



Server Used: [ whois.arin.net ]

12.167.152.126 = [ mail.ericksonmail.com ]

OrgName: AT&T WorldNet Services
OrgID: ATTW
Address: 400 Interpace Parkway
City: Parsippany
StateProv: NJ
PostalCode: 07054
Country: US
NetRange: 12.0.0.0 - 12.255.255.255
CIDR: 12.0.0.0/8
NetName: ATT
NetHandle: NET-12-0-0-0-1
Parent:
NetType: Direct Allocation
NameServer: DBRU.BR.NS.ELS-GMS.ATT.NET
NameServer: DMTU.MT.NS.ELS-GMS.ATT.NET
NameServer: CBRU.BR.NS.ELS-GMS.ATT.NET
NameServer: CMTU.MT.NS.ELS-GMS.ATT.NET
Comment: For abuse issues contact abuse@att.net

RegDate: 1983-08-23
Updated: 2002-08-23
TechHandle: DK71-ARIN
TechName: Kostick Deirdre
TechPhone: 1-919-319-8249
TechEmail: help@ip.att.net

OrgAbuseHandle: ATTAB-ARIN
OrgAbuseName: ATT Abuse
OrgAbusePhone: 1-919-319-8130
OrgAbuseEmail: abuse@att.net

OrgTechHandle: ICC-ARIN
OrgTechName: IP Customer Care
OrgTechPhone: 1-888-613-6330
OrgTechEmail: qhoang@att.com

OrgTechHandle: IPSWI-ARIN
OrgTechName: IP SWIP
OrgTechPhone: 1-888-613-6330
OrgTechEmail: help@ip.att.net

OrgName: ERICKSON RETIREMENT COMMUNITIES
OrgID: ERC-26
Address: 4395 TURKEY POINT RD
City: NORTH EAST
StateProv: MD
PostalCode: 21901
Country: US
NetRange: 12.167.152.64 - 12.167.152.127
CIDR: 12.167.152.64/26
NetName: ERICKSON85-152-64
NetHandle: NET-12-167-152-64-1
Parent: NET-12-0-0-0-1
NetType: Reassigned
Comment:
RegDate: 2003-10-31
Updated: 2003-10-31
OrgTechHandle: MRA10-ARIN
OrgTechName: Rayner Martin
OrgTechPhone: 1-410-402-2663
OrgTechEmail: mrayner@ericksonmail.com

NetNinja
10-04-2004, 12:53
http://www.dnsstuff.com/tools/ptr.ch?ip=12.167.152.126

http://www.dnsstuff.com/tools/whois.ch?ip=http%3A%2F%2Fwww.dnsstuff.com%2Ftools%2Fptr.ch%3Fip%3D12.167.152.126

Time to get in conact with the ISP or the admin.

This person may not even know they are spamming you.

10 Ring Tao
10-04-2004, 13:00
Thanks for all the help guys.

Originally posted by NetNinja
http://www.dnsstuff.com/tools/ptr.ch?ip=12.167.152.126

http://www.dnsstuff.com/tools/whois.ch?ip=http%3A%2F%2Fwww.dnsstuff.com%2Ftools%2Fptr.ch%3Fip%3D12.167.152.126

Time to get in conact with the ISP or the admin.

This person may not even know they are spamming you.

Its not spam, its personal and directed messages based on what they've read in my blog.

jarnld
10-04-2004, 23:17
try using whois.internic.net on telnet or going to www.whois.com and typing in the IP. Nice avatar...who is that? ;f

10 Ring Tao
10-04-2004, 23:53
Originally posted by jarnld
try using whois.internic.net on telnet or going to www.whois.com and typing in the IP. Nice avatar...who is that? ;f

Thanks, I took the pic, and its my GF with the toy she wished she had (my G19).

chevrofreak
10-05-2004, 06:56
How are these messages coming? Via Windows Messenger service thingy?

If so, the person knows your IP address. How would they know your IP address? Do you host your own website? Do you use IRC?

Texas T
10-05-2004, 20:47
Originally posted by HerrGlock
You might consider writing root@ericksonmail.com, admin@, abuse@, and tell them someone from their domain is misusing resources. Of course, that is assuming that root isn't the one sending the messages to begin with. ;)

HerrGlock
10-06-2004, 02:24
Originally posted by Texas T
Of course, that is assuming that root isn't the one sending the messages to begin with. ;)

That's why writing the owner of the IP block as well. If root's innocent, it tells them their machine may be compromised, if root's not, then it tells him you're onto him and the owners of the IP can bring pressure to make it right with the threat of yanking the IP.

DanH