Trojan Blocked

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I blocked a trojan and am wondering where it came from.
It appears it's come from  How do I find out where/what this
address is.


Re: Trojan Blocked

"Mickey Mouse" <.> wrote in

Quoted text here. Click to load it

You enter the IP into the box and hit the Search WhoIs button.

Duane :)

Re: Trojan Blocked

From: "Mickey Mouse" <.>

| I blocked a trojan and am wondering where it came from.
| It appears it's come from  How do I find out where/what this
| address is.
| Mickey
| /


Re: Trojan Blocked

On Mon, 9 May 2005, Mickey Mouse wrote:

Quoted text here. Click to load it

First look it up at the ARIN site.  That may give you the information you
want (if the IP address is a North American one) or may refer you to
another registry site.  If you get a reference to another registry, repeat
the lookup on their site.  You could get referred again.  For example,
ARIN could refer you to APNIC who could in return refer you to KRNIC for a
Korean IP address.

ARIN's home page is at: /
and their "WHOIS Help" page,
has links to:
    "AfriNIC WHOIS"  (primarily African addresses)
    "APNIC WHOIS"  (primarily Asian-Pacific addresses, including Australia)
    "LACNIC WHOIS"  (primarily Latin American addresses)
    "RIPE WHOIS"  (primarily European addresses) /
    "DoDNIC"  (you don't want to mess with these guys) /

In the case of, when a whois lookup is made for that IP
address ARIN points to APNIC:

:   Output from ARIN WHOIS
:    Search results for:
: OrgName:    Asia Pacific Network Information Centre
: OrgID:      [5] APNIC
: Address:    PO Box 2131
: City:       Milton
: StateProv:  QLD
: PostalCode: 4064
: Country:    AU
: ReferralServer: whois://
: NetRange:   [6] - [7]
: NetName:    [8] APNIC-CIDR-BLK
: NetHandle:  [9] NET-202-0-0-0-1
: Parent:
: NetType:    Allocated to APNIC

Another lookup, this time on the APNIC site, identifies the IP address as
belonging to @Home Network Australia with abuse reports to be sent to
Optus Internet:

: trouble:      Send spam/abuse reports to abuse [at]

('@' in email addresses below all changed to " [at] " to reduce spammer

: % [ node-2]
: % Whois data copyright terms    [14]
: inetnum: -
: netname:      ATHOME-AU
: descr:        @Home Network Australia
: descr:        @Home Network Australia intial HE and
: descr:        Infrastructure allocations
: country:      AU
: admin-c:      [15] OI3-AP
: tech-c:       [16] OI3-AP
: remarks:      For abuse issues, please email abuse [at]
: mnt-by:       [17] APNIC-HM
: mnt-lower:    [18] MAINT-AU-ATHOME
: changed:      hostmaster [at] 20000619
: changed:      hostmaster [at] 20000901
: changed:      hostmaster [at] 20010720
: changed:      hostmaster [at] 20020319
: status:       ALLOCATED PORTABLE
: source:       APNIC
: role:         Optus Internet
: address:      Level 3, 11 Help Street
: address:      Chatswood, NSW 2067
: country:      AU
: phone:        +61-2-9027-1127
: fax-no:       +61-2-9027-1035
: e-mail:       oie-netops [at]
: trouble:      Send spam/abuse reports to abuse [at]
: admin-c:      [19] OI1-AP
: tech-c:       [20] OI1-AP
: nic-hdl:      OI3-AP
: notify:       oie-netops [at]
: mnt-by:       [21] MAINT-AU-OPTUSINTERNET
: changed:      oie-netops [at] 20040502
: changed:      hm-changed [at] 20041020
: changed:      hm-changed [at] 20041020
: source:       APNIC

">> consider moving away from Front Page...."
">To what? Any suggestions?"
"Naked bungee-jumping. It's less humiliating <g>"
             -- Matt Probert in alt.www.webmaster, March 20, 2005

Re: Trojan Blocked

On that special day, Norman L. DeForest, ( said...

Quoted text here. Click to load it

There are certain free meta Whois query sites, which do a query not
only at the ARIn server, but several more.

For English speaking people, this might be (if it is up, that is)

For Germans, an excellent address is

French people can try
although that one is very simplistic, it just displays the first thing
that contains a AT sign in the Whois result

I use the first two constantly; IKS Jena for IP numbers and SamSpade
for domain names; and the combo will find *everything', if it is
connected to net. Well, except for cases where the DNS server is
broken, and a traceroute has to be done.

Gabriele Neukam

Ah, Information. A property, too valuable these days, to give it away,
just so, at no cost.

Re: Trojan Blocked

On Tue, 10 May 2005 19:44:02 +0200 Gabriele Neukam wrote:

Quoted text here. Click to load it
If you use a version of MS Windows Sam Spade V1.14 can be downloaded
from < .  It has a good help file,
requires minimal set up and can do things that the web-based program
can't do.
Ernie B.

Communication:  The art of moving an idea from one mind to another,
hopefully without distortion.

Site Timeline