Untraceable IP Address

From http//whois.domaintools.com/fallsforum.org
Registry Data
Whois Server whois.pir.org
Server Data
Domain Status Deleted And Available Again
DomainTools Exclusive
NS History 7 changes on 5 unique name servers over 5 years.
IP History 8 changes on 6 unique name servers over 5 years.

The later bit you have to pay for, and is probably what you want (the Nameserver and IP history).
Rich

Martin and Rich, both of you, thank you very much indeed.

Question This query is about visitor to my website. Would the anomaly with the IPaddress be caused by corruption of the original IPaddress, a fake IPaddress or something else?

From a search made on www.google.gr

http//www.google.gr/search?hl=el&q=telephone calls analysis &btnG=%CE%91%CE%BD%CE%B1%CE%B6%CE%AE%CF%84%CE%B7%CF%83%CE%B7 Google&meta=&aq=f&oq=

A link was shown on google.gr to my website. The visitor to my website shows an the IP Address of 1.1.111.33

http//en.utrace.de/?query=1.1.111.33 indicates the origin is not found. I tried other IP look ups as well with similar results of not found.

However, this untraced origin remained at my webblog for over 2 minutes and looking at four threads.

Grateful for any thoughts you might have.

Question This query is about visitor to my website. Would the anomaly with the IPaddress be caused by corruption of the original IPaddress, a fake IPaddress or something else?

From a search made on www.google.gr

http//www.google.gr/search?hl=el&q=telephone calls analysis &btnG=%CE%91%CE%BD%CE%B1%CE%B6%CE%AE%CF%84%CE%B7%CF%83%CE%B7 Google&meta=&aq=f&oq=

A link was shown on google.gr to my website. The visitor to my website shows an the IP Address of 1.1.111.33

Hmm.. can you give a URL of the site where that link was found? I tried to recreate your search, but did not found any reference to that IP address.

http//en.utrace.de/?query=1.1.111.33 indicates the origin is not found. I tried other IP look ups as well with similar results of not found.

However, this untraced origin remained at my webblog for over 2 minutes and looking at four threads.

Grateful for any thoughts you might have.

Very strange.. 1.0.0.0 to 1.255.255.255 is a reserved range, meaning it should not turn up on the public internet.
Theoretically, it should be impossible for your webserver to answer any requests from someone using that IP number. (no route to that address) But than again, in theory, practice and theory should be the same, but in practice, they aren't 😉

Roland

Sounds to me they may be using Hide My IP or some other software that generates a random country/domain/ip address for anon surfing.

anonet.org?

Digintel, LarryDaniel and Jamie, thanks for your replies.

I have no website or location information other than the IP address.

The purpose of raising these matters about IPaddresses is they maybe more common than we think and of a higher frequency of occurrence than realised. I am not looking at the motives of people behind these events, what intrigues me more is smart/high end mobile mobile telephones with browsers have their own IPaddresses so more and more traffic over GPRS/Edge/WCDMA may introduce content from the internet onto mobile telephones that might be untraceable.

Update
Here is another one, this time came through Forensic Focus

www.forensicfocus.com/index.php?name=Forums&file=viewtopic&t=3053

14.153.130.253 - Whois Information

OrgName Internet Assigned Numbers Authority
OrgID IANA
Address 4676 Admiralty Way, Suite 330
City Marina del Rey
StateProv CA
PostalCode 90292-6695
Country US

NetRange 14.0.0.0 - 14.255.255.255
CIDR 14.0.0.0/8
NetName RESERVED-14
NetHandle NET-14-0-0-0-1
Parent
NetType IANA Reserved
Comment
RegDate 2008-01-22
Updated 2008-01-30

OrgAbuseHandle IANA-IP-ARIN
OrgAbuseName Internet Corporation for Assigned Names and Number
OrgAbusePhone +1-310-301-5820
OrgAbuseEmail abuse@iana.org

OrgTechHandle IANA-IP-ARIN
OrgTechName Internet Corporation for Assigned Names and Number
OrgTechPhone +1-310-301-5820
OrgTechEmail abuse@iana.org

# ARIN WHOIS database, last updated 2009-02-03 1910
# Enter ? for additional hints on searching ARIN's WHOIS database.

Digintel, LarryDaniel and Jamie, thanks for your replies.

I have no website or location information other than the IP address.
Update
Here is another one, this time came through Forensic Focus

www.forensicfocus.com/index.php?name=Forums&file=viewtopic&t=3053

14.153.130.253

Trewmte,
you sure know how to keep me awake 😉
I was just wondering if you can't access a system with that IP address, how can a website send a response to that system if it requests a webpage?

- How do you know your visitor came through securityfocus?
(I would guess you'd see the http-refer in the logs?)
- How do you know that this IP number accessed that webserver?
- last question (really) when you say "I cannot trace this IP address",
do you mean that the WHOIS lookup on that IP address fails,
or that you cannot perform a traceroute on that address?

Sorry for all the questions, but I'm intrigued!

Roland

You can use proxy servers to hide your IP address. Tracing via proxy server is not easy task.
Other side who would like to trace you must take a contact with admin of proxy server and then ask for specific details regarding your behavior and must hope that log is not deleted. You can get the ip address from ip-details.com

Roland, sorry I missed your earlier comments and belatedly respond. I do hope in this intervening period you did manage to get some sleep )

I was just wondering if you can't access a system with that IP address, how can a website send a response to that system if it requests a webpage?

That is a good point and one of the queries about how do we establish 'originaility' and 'genuineness' when it comes to IP addressing.

How do you know your visitor came through securityfocus? (I would guess you'd see the http-refer in the logs?)

Yes, you are right, that is what I chose to use at first instance, because it was the first obvious lead I had.

How do you know that this IP number accessed that webserver?

I am not sure I would actually know how to answer this question because the question hits on so many levels I couldn't be sure I would be responding to the question. For instance, do you mean it maybe a spoofed IP and therefore the genuine IP is not know? Or do you mean, beause the IP address is displayed in the stats therefore that is why you think it must have accessed the webserver or, or, or… Your question is most likely clear and it is possibly me, the way I have analysed your question, that has added these variables.

last question (really) when you say "I cannot trace this IP address", do you mean that the WHOIS lookup on that IP address fails,
or that you cannot perform a traceroute on that address?

I ran a WHOIS and a traceroute. For the traceroute all I got was timing dots on the screen waiting for the response. No response was received.