Customize

85.223.214.130 <-- this IP trying to hack Austin Heap

Discussion in 'News And Current Events' started by Unregistered, Jun 18, 2009.

  1. 85.223.214.130 <-- this IP has been trying to hack Austin Heap.

    Austin Heap has been instrumental in helping get proxies and secure internet connections setup for people trying to get news out about Iran. He's ensured Iranians have had secure connections they can trust.

    And someone is trying to hack his site.

    Hivemind, you know what to do.

    85.223.214.130
  2. IP Address: 85.223.214.130
    ISP: GoldenTelecom LLC
    Organization: Infoprostir Poznyaki LLC
    Region: Kiev (UA)
  3. RadioFreeGab Member

    Software publishers and computer programmers from Ukraine.
  4. Here is what I found after doing a little work. All the data is down below. Essentially this IP is attached to a person named Arthur Torosyan. His address is Lesi Ukrainki av. 30 B. He is from Kiev, Ukraine. His email is arthur@pjs.kiev.ua and his phone number is +380 44 5691823.

    Well here you go!

    All the technical data is below:


    Country code: UA
    Region code:UAKC
    City code:UAKCKIEV
    City id:4846
    latitude:50.4330
    Capital city: Kiev
    National singular:Ukranian
    National plural: Ukranians
    CIA map reference: Commonwealth of Independent States


    Country: Ukraine
    Region: Misto Kyyiv
    City: Kiev
    Certainty: 95
    longitude:30.5170
    Timezone:+02:00
    population:48760474
    is proxy: false
    currency code: UAH


    Distance to nearby cities (km, mi, City, Region, Country)


    0 0 Kiev, KC, UA
    20 12 Brovary, KV, UA


    -------------------------------------------------------------------------

    whois data

    from ripe:

    inetnum: 85.223.214.128 - 85.223.214.255
    netname: INFOPROSTIR-POZNYAKI-GTUA
    descr: Infoprostir Poznyaki LLC
    descr: Lesi Ukrainki av. 30 B
    descr: Kiev, Ukraine
    country: UA
    admin-c: AT4704-RIPE
    tech-c: AT4704-RIPE
    status: ASSIGNED PA
    remarks: Please send abuse notification to abuse@svitonline.com
    mnt-by: GTUA-WO-MNT
    source: RIPE # Filtered

    person: Arthur Torosyan
    address: Lesi Ukrainki av. 30 B
    address: Kiev, Ukraine
    phone: +380 44 5691823
    e-mail: arthur@pjs.kiev.ua
    nic-hdl: AT4704-RIPE
    source: RIPE # Filtered
    % Information related to '85.223.128.0/17AS12530'
    route: 85.223.128.0/17
    descr: SOL Network
    origin: AS12530
    mnt-by: GTUA-RT-MNT
    source: RIPE # Filtered
  5. RadioFreeGab Member

    E-mailed the address, and this is what I got:


    This message was created automatically by mail delivery software.

    A message that you sent could not be delivered to one or more of its
    recipients. This is a permanent error. The following address(es) failed:

    save to /var/mail/pjs.kiev.ua/arthur
    generated by arthur@pjs.kiev.ua
    mailbox is full: retry timeout exceeded
  6. hmmm. It could be an old email that he has not checked in a long time if it is saying his box is full.


    No worries. Anyone brave enought to try the phone number?
  7. Tehran Member

    Do what needs to be done - protect our resources at ALL COST
    that is all.
  8. LOIC the Ukranian IP?
  9. Toxic Rose Member

    Could do- what do I say?
  10. Well assuming the both of you speak a mutual language. You could mention his name, address, phone number email address etc... and mention that we know what he has been up to and that it needs to stop.

    If you could word all that in a way that is not a direct threat but still scares him that would be pretty good. Also if you call him you may want to block your caller ID from showing up before you do. So *67 and then the number.

    Be careful though.
  11. I don't suppose anyone around here either lives in the Kiev Ukraine area or knows some one who does... Do they?
  12. RadioFreeGab Member


    This.

    You can also stay stuff on the lines of "stay away, lives are on the line" and "we are asking you nicely".
  13. Absolutley! Be sure to use the word WE! make sure they know there is a WE.

    So mention name, address, email, phone number etc, and that we know what he is doing and that it needs to stop because lives are at stake. Make sure to say all this in a way that is not a direct threat but still scares him.

    Dial *67 before calling to block your number.

    Good luck to you my friend. Let us know how it goes.
  14. Amen, my fellow human!

    This man must be stopped. We must protect what resources we have and we must ensure that we are able to get proxies and safe connections to the people of Iran.

    That said, I wonder how that phone call that that other guy is making to this Arthur....
  15. tim new Member

    You guys are good

    I only knew it was from Kiev

    Remind me not to make enemies of you all :)
  16. Idris Member

    If Austin is accepting help verifying proxies, etc., I'd like to volunteer, if only I could establish my bona fides with him somehow. I offered a couple of Tier 1 proxy machines for him to use but he said it'd take a week to verify them... so clearly he's under-resourced at this crucial time.
  17. haha, No worries my friend. You are here to offer help and support so you are alright by me!:)
  18. Geraldanthro Member

    Friends working on it

    Friends working on it

    G
  19. Friends working on what?

    Everything has been found out right down to his exact address. Now we are just waiting to hear back from the guy who is calling him to scare him off.
  20. So what is the latest? Has this guy been taken care of or what?

    We had a person saying they would call him and scare him a bit but have not heard back. Whats up?
  21. Idris Member

    I'd suggest you don't click on that link -- that just provides counter-intel for them.
  22. RadioFreeGab Member

    Any updates?
  23. Toxic Rose Member

    Number is no good.
  24. Toxic Rose Member

    ^^^^this^^^
  25. Dereklowe Member

    Just tried the number as well - no answer. I let the thing ring a few dozen times - figure that it's about 3 AM over in Kiev about now, so it couldn't hurt. I know enough Russian to say hello (no Ukranian, though), so I was looking forward to a chat. Too bad.
  26. Could it be this guy: Arthur Torosyan is a photojournalist working for Armenia Now - Armenia's main independent newspaper covering the country of Armenia today.

    Arthur's images are poignant and to the point. They offer a great insight into the lives and times of the people in this great country, which was once part of the USSR.

    Profotos - Member / Arthur Torosyan - Member Profile

    Strange coincidence if it's not....
  27. Anyone have a link to a clean copy of LOIC? I am on a fresh OS install, cant find my flash drive with my tools, and every link I find is trojan'd


  28. Iran Deckard Member

    Is there any confirmation that the person who's name/address/phone is attached to the IP, has any connection at all with the people who've been haxing?

    Isn't it at least possible (if not, extremely likely) the box has been haxd? And the badguys you're looking for, are some hops away?

    If you're contacting him, I'd advise the strategy of

    "Hai. We're calling to let you know some fucktard haxd you and is using your box to hax Iran. Plz fix it."

    anyone who is actually interested in bothering the Persian community in this sort of fashion would be more likely to proxy-hide than to expose themselves.

    If you want to make the proxy go away, goforit.

    If you think the guy sitting in front of his 'puter in Kiev is the madhacker, I suggest you could be mistaken.
  29. Yes, that is the name that came up in my search although it had him listed in Kiev Ukraine. Not Armenia.

    For whatever reason the Email and phone number are not working. I wonder if it is possible to change the whois info so it gives a fake name address etc....

    I know a bit about this stuff but not much.
  30. I believe you are correct my friend. The Phone number and email address have both proven to be crap so I am thinking along the same lines you are....
  31. Ok so how do we get around the proxy to see who is really behind the hacking? Because if he is hiding behind a proxy ( Any intelligent person would) That means the contact info we have obtained about some guy in Kiev Ukraine is complete BS....

    So is it possible to get around a proxy to see who is REALLY hacking?
  32. Man, I probably am not even on the right track anymore. Searching the IP brought me to this page which still attaches this IP (although it is probably a BS IP) again to Kiev Ukraine although THIS time it also has a company name attached to it.


    Here is the sight that I first saw the IP on when searching again.

    VisualRoute Database Reporting

    Here also is the link within the site regarding this IP

    VisualRoute Connectivity Test Detail

    the company name is Infoprostir Poznyaki LLC

    Doing a search of that company on whois.com brings forth THIS info


    What we are looking at NOW is a communications company also in Kiev Ukraine.

    The address is Klinicheskaya str., 23-25, Kiev, 03110, Ukraine. the phone number is + 38 (044) 5691823. the Email address is noc@ip-elite.net

    [Querying whois.ripe.net]
    [whois.ripe.net]
    inetnum: 195.216.204.0 - 195.216.205.255
    netname: INFOSPACE
    descr: Infoprostir Poznyaki LTD
    descr: Kiev
    country: UA
    org: ORG-IP15-RIPE
    admin-c: IPEL-RIPE
    tech-c: IPEL-RIPE
    status: ASSIGNED PI
    mnt-by: IPEL-MNT
    mnt-by: RIPE-NCC-HM-PI-MNT
    mnt-lower: RIPE-NCC-HM-PI-MNT
    mnt-routes: IPEL-MNT
    mnt-domains: IPEL-MNT
    source: RIPE # Filtered

    organisation: ORG-IP15-RIPE
    org-name: Infoprostir Poznyaki
    org-type: OTHER
    remarks: Communication Company
    address: Klinicheskaya str., 23-25
    address: Kiev
    address: Ukraine
    e-mail: office@ip-elite.net
    admin-c: IPEL-RIPE
    tech-c: IPEL-RIPE
    mnt-ref: IPEL-MNT
    mnt-by: IPEL-MNT
    source: RIPE # Filtered

    role: INFOSPACE network coordinators
    address: Klinicheskaya str., 23-25, Kiev, 03110, Ukraine
    e-mail: noc@ip-elite.net
    phone: + 38 (044) 5691823
    admin-c: KAA88-RIPE
    tech-c: YCA1-RIPE
    nic-hdl: IPEL-RIPE
    source: RIPE # Filtered
    route: 195.216.204.0/23
    descr: Infoprostir Poznyaki LTD
    origin: AS44519
    mnt-by: IPEL-MNT
    mnt-routes: IPEL-MNT
    source: RIPE # Filtered


    Once again, lets have at it and see what comes of these contacts!
  33. UGH! The email address bounces back with this message

    Technical details of permanent failure:
    Google tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 550 550 sorry, mail to that recipient is not accepted (#5.7.1) (state 14).

    the fact that they do not accept email makes me wonder.....

    once again, anyone brave enough to call the number?
  34. RadioFreeGab Member

    We need to get this guy out of the way as soon as possible, because Heap is one of our only ways in and out of Iran.
  35. icecadavers Member

    Hey

    I know this could likely be wrong, but has anybody wondered

    A) about the fact that the topic was started by Unregistered

    B) how a random anon would know about attempted hax against austin heap

    or C) why there is no confirmation of an attempt from heap himself?

    I don't see why anyone would bother falsely claiming hax unless they either wanted us to take down that IP for another reason, or so that we could waste time and resources chasing a red herring that may even be set up to track the source of any attacks on it.

    Also given Austin Heap's wicked internets powers, I would be very surprised if he didn't have his servers locked down like Iran and/or have a way of detecting and tracking any incoming hax. The latter especially is relatively easy.

    I'm gonna tweet him and see if he can confirm, since no one else seems to have thought of this.

Share This Page

Customize Theme Colors

Close

Choose a color via Color picker or click the predefined style names!

Primary Color :

Secondary Color :
Predefined Skins