IP address tracing
 

Anyone know how to trace an email address? Someone has sent me a rather nasty email from a made up hotmail address. They know personal stuff about me so it narrows it down to a few people it could be. I got the IP address from the email header. Can this tell me anything such as the area of the country or the ISP that was used? Can i match it up with normal emails they might have sent me or does it change each time you log on?

I'm not suggesting that its anyone off here by the way, the stuff they have said is stuff that no one on here knows about!!

Tracing
 

Rockhopper
I do not know what the legal situation is in UK, but here the provider of your own ISP has a duty to inform you (if requested) who the sender's ISP is and a contact address. You then take it up with them and they have a duty to either: a) block the sender or b) provide your legal team with the identity of the sender as evidence in proceedings. So why not try this out with your ISP? Good Luck.

Athelstan is right...
Paul...Try this...

http://www.dnsstuff.com/

Once you find out who owns the IP address you can write to them asking for the telephone number if it is a dial up or the address if the IP is fixed.
You can also E-mail the ISP and get the IP address shut down.
If they have used something like ghost surf the IP address you received will have been bounced off anonymous servers from around the world. That makes the IP address fake. So then you wont be able to trace it...
LX

[Edited on 20-3-2004 by kwikbitch]

You'll be able to find out who the ISP is but appart from that, unless you want to contact the ISP there's not really agreat deal of info that you'll be able to find out.

Either ping it from DOS or go and use the tools here.

Cheers guys, and thats a good link Lisa. I dont want to make a fuss about it or anything, just that the address this was sent to is only known by a very few people, all of which i consider to be friends!!

Tried the links and they come up with all sorts of good info but nothing that really means anything to me! Trouble is i dont really know much about how the intenet works. The header of the mail says "x-originating-IP;[195.92.168.168]"

Presumably this is the IP address of the computer that the email was sent from?


[Edited on 20-3-2004 by rockhopper]

this is useful as well


symantec

Cheers Weeksy oh and congrats on the engagement!

The header reads:

MIME-Version: 1.0
X-Originating -IP:[195.92.168.168]
x-Originating-Email: [i'll hide this if you dont mind!!]
x-Sender: same addy as above
Received:from 195.92.168.168 by by14fd.bay14.hotmail.msn.com with HTTP;Fri, 19 Mar 2004 11:55:55 GMT

Means nothing to me i'm afraid but that all that came up.

hope u dont mind rockhopper but i put that ip address into my link right click on the links under node name and network and you will get the information ie: name and email etc


http://security.symantec.com/ssc/vr_...SLHFEPGEVVSDUX

oh didn't work you'll have to enter it yourself you wont be able to copy and paste it in though

[Edited on 20-3-2004 by Nigel C]

Doing a quick WHOIS on the IP address brings it up as an Energis UK number. It also states the address is used by the "Birmingham POP network". It gives an abuse email of abuse@energis.com

Yes, i found the name Energis cropping up lots of times this afternoon, trouble is it comes up if i put my own Ip address in the search as well and I'm with Freeserve. Does that mean that the guilty party is with Freeserve as well?

http://www.pol.co.uk

take a look at this

Beware that it's perfectly possible to insert false headers into an email to make the route of it look different to how it has actually been sent. This usually happens by running a special program when handing off email that has a false trail in it. It does mean though that the real path is in there at some point.

If you're worried or upset by the content of the email then go to the Police. They have a specialist computer crimes unit which deals with exactly this kind of thing. They will be able to trace the source and get the information of the person who sent it. You will then be able to press charges should you wish as it is a crime.

It may be worth doing it anyway - at least you've acted on the first occasion rather than leaving it to escalate - nip it in the bud if you like.

All good points guys. I'm confident that the header is genuine, i dont know anyone (including me) who would be able to fake an email header!!

I thought of the internet cafe thing but it was sent at 11.55 pm on friday night!!

Well i have replied to the email to see if i can get some more info, the next step is to file an abuse report with Energis which i'll do next week!


I'm probably over reacting but the email concerns a very good friend of mine and she is rather upset by it to say the least.

Thanks to everyone who has helped with this. We have a very good idea of who it is now, the Freeserve link up is the main clue.

Unless the computer system is very small, you're very unlikely to get anyones info from an IP Address, even if you do find out the ISP.

I'll admit i dont know much about the internet but tracing the IP address in lots of different ways it always comes back to Energis. Their biggest customer is Freeserve. Energis have a complaints process and they say that they will supply the details if i send them the email in question - lets see if that happens!