1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Track an IP address

By rake1 ยท 8 replies
Sep 15, 2009
  1. Guys I can't find where to post this so here goes. I am in need of finding a way to track an IP address real quick. Is there a way to do this so I can find what computer the email came from. The ip address is real important I find this.
  2. jobeard

    jobeard TS Ambassador Posts: 10,432   +801

    get a command prompt (run->cmd) and enter
    results: Server: resolver1.opendns.com

    Name: static-222-140-18.eastlink.ca
    if you google for windows whois, this tool will give you the domain info
    $ whois -H

    OrgName: EastLink
    OrgID: BRAGG
    Address: 6080 Young Street
    Address: Suite 801, PO Box 8660, Station A
    City: Halifax
    StateProv: NS
    PostalCode: B3K-5M3
    Country: CA

    NetRange: -
    NetName: EASTLINK-BLK1
    NetHandle: NET-24-222-0-0-1
    Parent: NET-24-0-0-0-0
    NetType: Direct Allocation
    NameServer: Z3.EASTLINK.CA
    NameServer: M5.EASTLINK.CA
    RegDate: 1998-05-22
    Updated: 2007-03-06

    OrgAbuseHandle: AAS50-ARIN
    OrgAbuseName: ARIN Abuse Support
    OrgAbusePhone: +1-902-453-2800
    OrgAbuseEmail: arin-abuse@eastlink.ca

    OrgNOCHandle: ANS2-ARIN
    OrgNOCName: ARIN NOC Support
    OrgNOCPhone: +1-902-453-2800
    OrgNOCEmail: arin-noc@eastlink.ca

    OrgTechHandle: ATS22-ARIN
    OrgTechName: ARIN Technical Support
    OrgTechPhone: +1-902-453-2800
    OrgTechEmail: arin-tech@eastlink.ca

    # ARIN WHOIS database, last updated 2009-09-14 20:00
    # Enter ? for additional hints on searching ARIN's WHOIS database.​
  3. rake1

    rake1 TS Rookie Topic Starter

    Yes I saw this before when I went to this site thanks . What I need to know is where the email originated from, and who sent it. I have already found it came from eastlinlk. Is this arin-noc@eastlink.ca the person who sent the email?
  4. jobeard

    jobeard TS Ambassador Posts: 10,432   +801

    NO. The source of the email is within the email itself AND quite sadly, totally unreliable
    (which is why spam still prevails).

    View the email headers (ALL of them); you may need to use Save AS and then open with notepad.exe to view this
    you will see stuff like
    X-Account-Key: account2
    X-UIDL: <001d01ca0ae4$1eba0850$5c2e18f0$@net>
    X-Mozilla-Status: 0003
    X-Mozilla-Status2: 00000000
    Return-Path: [COLOR="Red"]THECULPRIT@AOL.net[/COLOR]
    Received: from cdptpa-mxlb.mail.rr.com ([])
              by cdptpa-imta06.mail.rr.com with ESMTP
              id <20090722155045480.JAJJ8959@cdptpa-imta06.mail.rr.com>
              for <YOU@DOMAIN.com>; Wed, 22 Jul 2009 15:50:45 +0000
    Return-Path: [COLOR="Red"]THECULPRIT@AOL.net[/COLOR]
    X-Cloudmark-Score: 0
    X-RR-Connecting-IP: xxx.xxx.xxx.xxx
    Received: from [xxx.xxx.xxx.xxx] ([xxx.xxx.xxx.xxx:44481] helo=n22b.bullet.mail.mud.yahoo.com)
    	by cdptpa-iedge09.mail.rr.com (envelope-from [COLOR="Red"]<THECULPRIT@AOL.net>[/COLOR])
    	(ecelerity r()) with ESMTP
    	id 10/BC-11959-455376A4; Wed, 22 Jul 2009 15:50:45 +0000
    Received: from [] by n22.bullet.mail.mud.yahoo.com with NNFMP; 22 Jul 2009 15:50:42 -0000
    Received: from [] by t8.bullet.mud.yahoo.com with NNFMP; 22 Jul 2009 15:50:42 -0000
    Received: from [] by omp406.mail.mud.yahoo.com with NNFMP; 22 Jul 2009 15:50:42 -0000
    X-Yahoo-Newman-Id: 208121.58006.bm@omp406.mail.mud.yahoo.com
    Received: (qmail 12786 invoked from network); 22 Jul 2009 15:50:41 -0000
    Received: from unknown (HELO ACE) (xxxxxxxxxxx with login)
    [COLOR="Red"]From: THECULPRIT@AOL.net>
    To: YOU
    Date: Wed, 22 Jul 2009 08:50:20 -0700[/COLOR]
    Message-ID: <001d01ca0ae4$1eba0850$5c2e18f0$@net>
  5. LNCPapa

    LNCPapa TS Special Forces Posts: 4,247   +448

    And you can normally cross of anything with -noc or -NOC in the address - that's the Network Operations Center. ARIN is the American Registry of Internet Numbers - the top level DNS server for the US and a few other places.
  6. Ruben

    Ruben TS Rookie Posts: 100

    that's very interesting... I am getting tonnes of spam from a particular IP, can I anyhow send it all back to this person? Assuming they do not use proxy or anything - is this possible?
  7. strategic

    strategic TechSpot Paladin Posts: 1,020

    Ruben, I don't understand your question (at least I don't think I do).
    You can always send it back, but it may not be all that beneficial, it may make things worse.
    You never want to reply to a spam message.
  8. Ruben

    Ruben TS Rookie Posts: 100

    yeah, you are right, I am simply frustrated by that a55h.0.Le that keeps spamming me and I thought it would be great to send all this garbage back, possibly multiplied by factor of 1000 to teach 'em a lesson.... Sort of revengeful, shortsighted thinking took over me for a minute but I had a smoke and a bottle of cold beer and now I think you are right, spam should only be ignored.
  9. jobeard

    jobeard TS Ambassador Posts: 10,432   +801

    make life easy; create an email filter list called DELETE_THESE
    and add joey@badguy.com and any others to it. use the settings
    If Source IS any
    action = delete msg +
    action = delete from pop server​
    move this to the top of your filters and enjoy email again.

    ANYONE on the DELETE_THESE list will never be seen by you and they never get
    any notice that you did/didn't get spammed
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...