How do I find out where someone is based on their IP?

[b0mbrman]

I've been getting personal-sounding emails...I think it's a friend of mine from Virginia but I have no way to tell short of asking him...if it is him, I'd like to screw with him but if it's not, I don't want to screw with this person who claims to be my cousin...

So now, I'd like to now what to do with the originating IP addy from the email headers...is there some way I can use that to find where the email is coming from?

 

[Pepsi90919]

if you give me the IP i can resolve and trace it in a jiffy

 

[b0mbrman]

I can't PM for some reason...do you mind if I email it to you? There's no real general way to do it?

 

[Dark4ng3l]

Just post it here...

 

[Pepsi90919]

sure go ahead

 

[Pepsi90919]

oh and yeah there is b0mberman but i just assumed you didn't want to hassle with downloading sh1t

 

[b0mbrman]

ok...well, here

Gone! Do not post IP addresses here

Don't go making his computer catch fire now

 

[Pepsi90919]

It seems to point to near San Jose, CA. It doesn't resolve.

 

[MooseKnuckle]

Hey...that's my IP!!!!!

 

[b0mbrman]

mmm...San Jose, eh? How did you get that?

 

[Sugadaddy]

It's done:

I made his hard drive spin at 30,000rpm, destroying everything in his case, and his monitor melted because I set the refresh rate to 450Hz.


You're welcome.



ME=hAx0rZ

 

[Pepsi90919]

used NeoTrace...the last few hops in the trace belong to Exodus.net and have a geographical location in San Jose.

 

[vtqanh]

Exodus Communications Inc. - SantaClara2 (SC2) (NETBLK-EC10-1)
2831 Mission College Blvd.
Santa Clara, CA 95112
US

Netname: EC10-1
Netblock: 216.104.224.0 - 216.104.255.255
Maintainer: EC10

Coordinator:
Center, Network Control (NOC44-ARIN) CompServ@Exodus.net
(888) 239-6387 (FAX) (888) 239-6387

Domain System inverse mapping provided by:

NS.EXODUS.NET 206.79.230.10
NS2.EXODUS.NET 207.82.198.150

ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
* Rwhois reassignment information for this block is available at:
* rwhois.exodus.net 4321

Record last updated on 19-Dec-2000.
Database last updated on 8-Sep-2001 23:09:15 EDT

 

[b0mbrman]

I made his hard drive spin at 30,000rpm, destroying everything in his case, and his monitor melted because I set the refresh rate to 450Hz.

:< What if I found at that it was my grandma?

 

[xyyz]

<< I've been getting personal-sounding emails...I think it's a friend of mine from Virginia but I have no way to tell short of asking him...if it is him, I'd like to screw with him but if it's not, I don't want to screw with this person who claims to be my cousin...

So now, I'd like to now what to do with the originating IP addy from the email headers...is there some way I can use that to find where the email is coming from? >>



NeoTrace baby... NeoTrace

 

[veryape]

If they are on dial-up I don't think they can be traced because their ip changes everytime they log on. All other types of connections can be traced though.

Someone correct me if i'm wrong,as I am so often.

 

[spanky]

<< What if I found at that it was my grandma? >>



then it must've been a virus or something...hehe

 

[b0mbrman]

What if he used something like an IP masker? Or maybe a better question is, do IP maskers exist?

 

[Harvey]

216.104.228.119

Arin/Whois reports:

Exodus Communications Inc. - SantaClara2 (SC2) (NETBLK-EC10-1)
2831 Mission College Blvd.
Santa Clara, CA 95112
US

Netname: EC10-1
Netblock: 216.104.224.0 - 216.104.255.255
Maintainer: EC10

Coordinator:
Center, Network Control (NOC44-ARIN) CompServ@Exodus.net
(888) 239-6387 (FAX) (888) 239-6387

* * *

Unfortunately, Exodus is a backbone that services lots of ISP's, including some anonymizers. Fortunately, they have a toll-free number, so you may be able to call and ask which ISP is assigned that particular IP address.

Good luck.

 

[tweakmm]

<< What if he used something like an IP masker? Or maybe a better question is, do IP maskers exist? >>


there is no real IP masker. If you are using linux(which correctly impliments the tcp/ip stack)or win2k which I think correctly implements the stack, you can tell your NIC to send out a different IP address with the packet header. Its a bit more complicated than this (i dont know much about it myself) but that basicly how it works

 

[b0mbrman]

Ok, so now I know with little doubt that these emails are coming from California, right?

 

[spanky]

no...

exodus is a backbone. it can still be from anywhere.

 

[b0mbrman]

doh!

 

[j0lly]

Maybe a bit OT but this has been bugging me for a while now. What is stopping people who are skilled enough to hack into a bank/exchange and transfer a buncha money into various accounts worldwide? If the internet security is as weak as some of the people make it sound, why not capitalize on it (for the criminal minded individuals). I ask this because a 16 yr. old kid from somewhere in Russia hacked into the IBM servers and was able decrypt over a 100 CC's. I did not follow up on the story but he/she had some kind of ransom demand for IBM.

 

[TonyH]

IP Address to locate: 216.104.228.119

CountryID 254
Country United States
RegionID 167
Region Virginia
CityID 22660
City Chester
Weighting 10
Certainty 77
Latitude 37.3431
Longitude -77.408
TimeZone EST