Track an IP address

[rake1]

Guys I can't find where to post this so here goes. I am in need of finding a way to track an IP address real quick. Is there a way to do this so I can find what computer the email came from. The ip address is 24.222.140.18 real important I find this.

 

[DelJo63]

get a command prompt (run->cmd) and enter
nslookup 24.222.140.18

results: Server: resolver1.opendns.com
Address: 208.67.222.222

Name: static-222-140-18.eastlink.ca
Address: 24.222.140.18
​

if you google for windows whois, this tool will give you the domain info

$ whois -H 24.222.140.18

OrgName: EastLink
OrgID: BRAGG
Address: 6080 Young Street
Address: Suite 801, PO Box 8660, Station A
City: Halifax
StateProv: NS
PostalCode: B3K-5M3
Country: CA

NetRange: 24.222.0.0 - 24.222.255.255
CIDR: 24.222.0.0/16
NetName: EASTLINK-BLK1
NetHandle: NET-24-222-0-0-1
Parent: NET-24-0-0-0-0
NetType: Direct Allocation
NameServer: Z3.EASTLINK.CA
NameServer: M5.EASTLINK.CA
Comment:
RegDate: 1998-05-22
Updated: 2007-03-06

OrgAbuseHandle: AAS50-ARIN
OrgAbuseName: ARIN Abuse Support
OrgAbusePhone: +1-902-453-2800
OrgAbuseEmail: arin-abuse@eastlink.ca

OrgNOCHandle: ANS2-ARIN
OrgNOCName: ARIN NOC Support
OrgNOCPhone: +1-902-453-2800
OrgNOCEmail: arin-noc@eastlink.ca

OrgTechHandle: ATS22-ARIN
OrgTechName: ARIN Technical Support
OrgTechPhone: +1-902-453-2800
OrgTechEmail: arin-tech@eastlink.ca

# ARIN WHOIS database, last updated 2009-09-14 20:00
# Enter ? for additional hints on searching ARIN's WHOIS database.​

 

[rake1]

Yes I saw this before when I went to this site thanks . What I need to know is where the email originated from, and who sent it. I have already found it came from eastlinlk. Is this arin-noc@eastlink.ca the person who sent the email?

 

[DelJo63]

NO. The source of the email is within the email itself AND quite sadly, totally unreliable
(which is why spam still prevails).

View the email headers (ALL of them); you may need to use Save AS and then open with notepad.exe to view this
you will see stuff like

X-Account-Key: account2
X-UIDL: <001d01ca0ae4$1eba0850$5c2e18f0$@net>
X-Mozilla-Status: 0003
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:                                                                                 
Return-Path: [COLOR="Red"]THECULPRIT@AOL.net[/COLOR]
Received: from cdptpa-mxlb.mail.rr.com ([10.127.255.90])
          by cdptpa-imta06.mail.rr.com with ESMTP
          id <20090722155045480.JAJJ8959@cdptpa-imta06.mail.rr.com>
          for <YOU@DOMAIN.com>; Wed, 22 Jul 2009 15:50:45 +0000
Return-Path: [COLOR="Red"]THECULPRIT@AOL.net[/COLOR]
X-Cloudmark-Score: 0
X-RR-Connecting-IP: xxx.xxx.xxx.xxx
Received: from [xxx.xxx.xxx.xxx] ([xxx.xxx.xxx.xxx:44481] helo=n22b.bullet.mail.mud.yahoo.com)
	by cdptpa-iedge09.mail.rr.com (envelope-from [COLOR="Red"]<THECULPRIT@AOL.net>[/COLOR])
	(ecelerity 2.2.2.39 r()) with ESMTP
	id 10/BC-11959-455376A4; Wed, 22 Jul 2009 15:50:45 +0000
Received: from [68.142.200.227] by n22.bullet.mail.mud.yahoo.com with NNFMP; 22 Jul 2009 15:50:42 -0000
Received: from [68.142.201.245] by t8.bullet.mud.yahoo.com with NNFMP; 22 Jul 2009 15:50:42 -0000
Received: from [127.0.0.1] by omp406.mail.mud.yahoo.com with NNFMP; 22 Jul 2009 15:50:42 -0000
X-Yahoo-Newman-Id: 208121.58006.bm@omp406.mail.mud.yahoo.com
Received: (qmail 12786 invoked from network); 22 Jul 2009 15:50:41 -0000
Received: from unknown (HELO ACE) (xxxxxxxxxxx with login)
[COLOR="Red"]From: THECULPRIT@AOL.net>
To: YOU
Subject: 
Date: Wed, 22 Jul 2009 08:50:20 -0700[/COLOR]
Message-ID: <001d01ca0ae4$1eba0850$5c2e18f0$@net>

 

[LNCPapa]

And you can normally cross of anything with -noc or -NOC in the address - that's the Network Operations Center. ARIN is the American Registry of Internet Numbers - the top level DNS server for the US and a few other places.

 

[Ruben]

that's very interesting... I am getting tonnes of spam from a particular IP, can I anyhow send it all back to this person? Assuming they do not use proxy or anything - is this possible?

 

[strategic]

Ruben, I don't understand your question (at least I don't think I do).
You can always send it back, but it may not be all that beneficial, it may make things worse.
You never want to reply to a spam message.

 

[Ruben]

yeah, you are right, I am simply frustrated by that a55h.0.Le that keeps spamming me and I thought it would be great to send all this garbage back, possibly multiplied by factor of 1000 to teach 'em a lesson.... Sort of revengeful, shortsighted thinking took over me for a minute but I had a smoke and a bottle of cold beer and now I think you are right, spam should only be ignored.

 

[DelJo63]

make life easy; create an email filter list called DELETE_THESE
and add joey@badguy.com and any others to it. use the settings

If Source IS any
action = delete msg +
action = delete from pop server​

move this to the top of your filters and enjoy email again.

ANYONE on the DELETE_THESE list will never be seen by you and they never get
any notice that you did/didn't get spammed