dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
60

NetFixer
From My Cold Dead Hands
Premium Member
join:2004-06-24
The Boro
Netgear CM500
Pace 5268AC
TRENDnet TEW-829DRU

1 edit

NetFixer to norwegian

Premium Member

to norwegian

Re: What are these 2 IP's up to?

said by norwegian:

Ah, do you have Charter as your ISP, as that was the lookup I was getting, the second was not giving me a lot back on it, but games/p2p would be my guess too. Obtain a new IP off your ISP due to turning off routers etc and you are dynamic ip with the ISP and you will see traffic like this, I usually turn off for half hour and obtain another IP when you have that much chatter. That is nothing unusual.

I don't know what you used for your DNS/whois query, but the 2 destination IP addresses (which would indicate the OP's ISP) posted by the OP (50.92.135.9 and 207.216.30.143) both unequivocally point to Telus when I do either a whois or DNS query.


C:\>whois 50.92.135.9
 
Whois v1.11 - Domain information lookup utility
Sysinternals - www.sysinternals.com
Copyright (C) 2005-2012 Mark Russinovich
 
Connecting to NET.whois-servers.net...
Connecting to whois.markmonitor.com...
 
MarkMonitor is the Global Leader in Online Brand Protection.
 
Domain Management
MarkMonitor Brand ProtectionΓäó
MarkMonitor AntiPiracyΓäó
MarkMonitor AntiFraudΓäó
Professional and Managed Services
 
Visit MarkMonitor at www.markmonitor.com
Contact us at 1 (800) 745-9229
In Europe, at +44 (0) 203 206 2220
 
The Data in MarkMonitor.com's WHOIS database is provided by MarkMonitor.com
for information purposes, and to assist persons in obtaining information
about or related to a domain name registration record.  MarkMonitor.com
does not guarantee its accuracy.  By submitting a WHOIS query, you agree
that you will use this Data only for lawful purposes and that, under no
circumstances will you use this Data to: (1) allow, enable, or otherwise
support the transmission of mass unsolicited, commercial advertising or
solicitations via e-mail (spam); or  (2) enable high volume, automated,
electronic processes that apply to MarkMonitor.com (or its systems).
MarkMonitor.com reserves the right to modify these terms at any time.
By submitting this query, you agree to abide by this policy.
 
Registrant:
        Domain Administrator
        TELUS Corporation
        25 York St. 28th floor
         Toronto ON M5J 2V5
        CA
        domain.registration@telus.com +1.4162551331 Fax: +1.4162554706
 
    Domain Name: telus.net
 
        Registrar Name: Markmonitor.com
        Registrar Whois: whois.markmonitor.com
        Registrar Homepage: http://www.markmonitor.com
 
    Administrative Contact:
        Domain Administrator
        TELUS Corporation
        25 York St. 28th floor
         Toronto ON M5J 2V5
        CA
        domain.registration@telus.com +1.4162551331 Fax: +1.4162554706
    Technical Contact, Zone Contact:
        Domain Administrator
        TELUS Corporation
        25 York St. 28th floor
         Toronto ON M5J 2V5
        CA
        domain.registration@telus.com +1.4162551331 Fax: +1.4162554706
 
    Created on..............: 1996-05-17.
    Expires on..............: 2013-05-18.
    Record last updated on..: 2012-06-21.
 
    Domain servers in listed order:
 
    clgrps03.telus.net
    edtnps16.telus.net 
 
C:\>whois 207.216.30.143
 
Whois v1.11 - Domain information lookup utility
Sysinternals - www.sysinternals.com
Copyright (C) 2005-2012 Mark Russinovich
 
Connecting to NET.whois-servers.net...
Connecting to whois.markmonitor.com...
 
MarkMonitor is the Global Leader in Online Brand Protection.
 
Domain Management
MarkMonitor Brand ProtectionΓäó
MarkMonitor AntiPiracyΓäó
MarkMonitor AntiFraudΓäó
Professional and Managed Services
 
Visit MarkMonitor at www.markmonitor.com
Contact us at 1 (800) 745-9229
In Europe, at +44 (0) 203 206 2220
 
The Data in MarkMonitor.com's WHOIS database is provided by MarkMonitor.com
for information purposes, and to assist persons in obtaining information
about or related to a domain name registration record.  MarkMonitor.com
does not guarantee its accuracy.  By submitting a WHOIS query, you agree
that you will use this Data only for lawful purposes and that, under no
circumstances will you use this Data to: (1) allow, enable, or otherwise
support the transmission of mass unsolicited, commercial advertising or
solicitations via e-mail (spam); or  (2) enable high volume, automated,
electronic processes that apply to MarkMonitor.com (or its systems).
MarkMonitor.com reserves the right to modify these terms at any time.
By submitting this query, you agree to abide by this policy.
 
Registrant:
        Domain Administrator
        TELUS Corporation
        25 York St. 28th floor
         Toronto ON M5J 2V5
        CA
        domain.registration@telus.com +1.4162551331 Fax: +1.4162554706
 
    Domain Name: telus.net
 
        Registrar Name: Markmonitor.com
        Registrar Whois: whois.markmonitor.com
        Registrar Homepage: http://www.markmonitor.com
 
    Administrative Contact:
        Domain Administrator
        TELUS Corporation
        25 York St. 28th floor
         Toronto ON M5J 2V5
        CA
        domain.registration@telus.com +1.4162551331 Fax: +1.4162554706
    Technical Contact, Zone Contact:
        Domain Administrator
        TELUS Corporation
        25 York St. 28th floor
         Toronto ON M5J 2V5
        CA
        domain.registration@telus.com +1.4162551331 Fax: +1.4162554706
 
    Created on..............: 1996-05-17.
    Expires on..............: 2013-05-18.
    Record last updated on..: 2012-06-21.
 
    Domain servers in listed order:
 
    clgrps03.telus.net
    edtnps16.telus.net
 
MarkMonitor is the Global Leader in Online Brand Protection.
 
Domain Management
MarkMonitor Brand ProtectionΓäó
MarkMonitor AntiPiracyΓäó
MarkMonitor AntiFraudΓäó
Professional and Managed Services
 
Visit MarkMonitor at www.markmonitor.com
Contact us at 1 (800) 745-9229
In Europe, at +44 (0) 203 206 2220
 
C:\>dig -x 50.92.135.9
 
; <<>> DiG 9.9.2 <<>> -x 50.92.135.9
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30019
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
 
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1280
;; QUESTION SECTION:
;9.135.92.50.in-addr.arpa.      IN      PTR
 
;; ANSWER SECTION:
9.135.92.50.in-addr.arpa. 86400 IN      PTR     d50-92-135-9.bchsia.telus.net.
 
;; Query time: 125 msec
;; SERVER: 192.168.9.2#53(192.168.9.2)
;; WHEN: Sun Dec 16 17:53:54 2012
;; MSG SIZE  rcvd: 96
 
C:\>dig -x 207.216.30.143
 
; <<>> DiG 9.9.2 <<>> -x 207.216.30.143
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20284
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
 
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1280
;; QUESTION SECTION:
;143.30.216.207.in-addr.arpa.   IN      PTR
 
;; ANSWER SECTION:
143.30.216.207.in-addr.arpa. 86400 IN   PTR     d207-216-30-143.bchsia.telus.net.
 
;; Query time: 125 msec
;; SERVER: 192.168.9.2#53(192.168.9.2)
;; WHEN: Sun Dec 16 17:54:53 2012
;; MSG SIZE  rcvd: 102
 


norwegian
Premium Member
join:2005-02-15
Outback

norwegian

Premium Member

said by NetFixer:

I don't know what you used for your DNS/whois query, but the 2 destination IP addresses (which would indicate the OP's ISP) posted by the OP (50.92.135.9 and 207.216.30.143) both unequivocally point to Telus when I do either a whois or DNS query.

Sorry, confusion is my middle name - those original IP's in the probe of the IP - there is no way they were the receiving IP.
quote:
IP Location: United States Lawrenceville Charter Communications
ASN: AS20115
Resolve Host: 75-139-135-127.dhcp.gwnt.ga.charter.com
IP Address: 75.139.135.127

NetRange: 75.128.0.0 - 75.143.255.255
CIDR: 75.128.0.0/12
OriginAS:
NetName: NETBLK-CHARTER-NET
NetHandle: NET-75-128-0-0-1
Parent: NET-75-0-0-0-0
NetType: Direct Allocation
RegDate: 2006-07-17
Updated: 2012-03-02
Ref: »whois.arin.net/rest/net/ ··· 28-0-0-1

OrgName: Charter Communications
OrgId: CC04
Address: 12405 Powerscourt Dr.
City: St. Louis
StateProv: MO
PostalCode: 63131
Country: US
RegDate:
Updated: 2012-07-03
Ref: »whois.arin.net/rest/org/CC04
quote:
IP Location: Argentina Buenos Aires Prima S.a.
ASN: AS10481
Resolve Host: 65-166-193-190.cab.prima.net.ar
IP Address: 190.193.166.65

inetnum: 190.192/15
status: allocated
aut-num: N/A
owner: Prima S.A.
ownerid: AR-PRSA-LACNIC
responsible: Pablo Crespo
address: Hornos, 690,
address: C1272ACL - Buenos Aires -
country: AR
phone: +54 11 51996100 []
owner-c: MIF
tech-c: NEA
abuse-c: MIF
inetrev: 190.192/15
nserver: O200.PRIMA.COM.AR
nsstat: 20121217 AA
nslastaa: 20121217
nserver: O2000.PRIMA.COM.AR
nsstat: 20121217 AA
nslastaa: 20121217
created: 20090202
changed: 20090212

Cartel
Intel inside Your sensitive data outside
Premium Member
join:2006-09-13
Chilliwack, BC

Cartel

Premium Member

I already googled the IP's.

Blocked incoming UDP packet from 190.193.166.65

Blocked incoming UDP packet from 75.139.135.127

whats the confusion?

NetFixer
From My Cold Dead Hands
Premium Member
join:2004-06-24
The Boro
Netgear CM500
Pace 5268AC
TRENDnet TEW-829DRU

NetFixer to norwegian

Premium Member

to norwegian
said by norwegian:

said by NetFixer:

I don't know what you used for your DNS/whois query, but the 2 destination IP addresses (which would indicate the OP's ISP) posted by the OP (50.92.135.9 and 207.216.30.143) both unequivocally point to Telus when I do either a whois or DNS query.

Sorry, confusion is my middle name - those original IP's in the probe of the IP - there is no way they were the receiving IP...

IP Address: 75.139.135.127...
IP Address: 190.193.166.65...

And therefore (to answer your original question again), no way that they would have been the OP's ISP. The destination IP addresses (which are allocated to Telus) clearly indicate the OP's ISP.

Just in case you are confused about your original question (which I have now answered twice); that question was:
said by norwegian:

Ah, do you have Charter as your ISP, as that was the lookup I was getting...

And you did not mention any specific IP addresses in your original post.