Question:
is this a spoof IP address?
David Hell
2009-04-11 04:00:20 UTC
this persons IP address changes to different locations. I want to locate the real address, but i think the person could be using spoof IP to hide real IP address. Any suggestions?
Here is a selection of full headers.

From eva_stella31 Thu Feb 19 12:56:57 2009
Return-Path:
Authentication-Results: mta119.mail.re1.yahoo.com from=yahoo.com; domainkeys=fail (bad sig); from=yahoo.com; dkim=neutral (no sig)
Received: from 68.142.237.123 (HELO n10.bullet.re3.yahoo.com) (68.142.237.123)
by mta119.mail.re1.yahoo.com with SMTP; Thu, 19 Feb 2009 05:01:45 -0800
Received: from [68.142.237.88] by n10.bullet.re3.yahoo.com with NNFMP; 19 Feb 2009 13:01:41 -0000
Received: from [216.252.111.167] by t4.bullet.re3.yahoo.com with NNFMP; 19 Feb 2009 13:01:41 -0000
Received: from [127.0.0.1] by omp102.mail.re3.yahoo.com with NNFMP; 19 Feb 2009 13:01:41 -0000
Received: (qmail 20039 invoked from network); 19 Feb 2009 13:01:41 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.com;
h=Received:X-YMail-OSG:X-Yahoo-Newman-Property:Date:From:X-Mailer:X-Priority:Message-ID:To:Subject:In-Reply-To:References:MIME-Version:Content-Type:Content-Transfer-Encoding;
b=YyBn3L11NTNoele7FOlcwXOdYKV5R/Mm625j2j4sFAlBzpEdOmA2GhptZI16pWWlI3koko3RYLTPUtwqrsfJb5/eXDEdDJoLXbCbzr4jU201O1garrDfz8sJTF7GL1Yt1Xej8l2DOESgSlxzlyk/3DPRucI4iNnO51mV53HeVYo= ;
Received: from unknown (HELO COMP-4) (eva_stella31@76.170.109.99 with plain)
by smtp111.plus.mail.re1.yahoo.com with SMTP; 19 Feb 2009 13:01:33 -0000
Date: Thu, 19 Feb 2009 15:56:57 +0300
From: eva_stella31
Message-ID: <779783943.20090219155657@yahoo.com>
To: Ray Micheli
Subject:
In-Reply-To: <540686.61819..qm@web110103.mail.gq1.yahoo.com>
References: <540686.61819.qm@web110103.mail.gq1.yahoo.com>
MIME-Version: 1.0
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Length: 3520

From eva_stella31 Fri Dec 19 00:01:50 2008
Return-Path:
Authentication-Results: mta168.mail..re2.yahoo.com from=yahoo.com; domainkeys=fail (bad sig)
Received: from 68.142.237.123 (HELO n10.bullet.re3.yahoo.com) (68.142.237.123)
by mta168.mail.re2.yahoo.com with SMTP; Fri, 19 Dec 2008 00:02:42 -0800
Received: from [68.142.237.90] by n10.bullet.re3.yahoo.com with NNFMP; 19 Dec 2008 08:02:43 -0000
Received: from [66.196.97.154] by t6.bullet.re3.yahoo.com with NNFMP; 19 Dec 2008 08:02:43 -0000
Received: from [127.0.0.1] by omp207.mail.re3.yahoo.com with NNFMP; 19 Dec 2008 08:02:43 -0000
Received: (qmail 7378 invoked from network); 19 Dec 2008 08:02:43 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.com;
h=Received:X-YMail-OSG:X-Yahoo-Newman-Property:Date:From:X-Mailer:X-Priority:Message-ID:To:Subject:In-Reply-To:References:MIME-Version:Content-Type:Content-Transfer-Encoding;
b=kiQCqlDjy2CdfqgQ21kY+juNKZI9bavwILvTsdLmNnoXzQsFGoOv1O2T7d7k7v46g2aX9YG6Xc+KJRQVTBRncFxgtzMSw2XMed2dPkh0LTx2KP/nNBW/gN3mAeT4uisqNqtYMbuQRp0/fXy6NYWAuNdbMhS0SxG12JP0ML8SOvw= ;
Received: from unknown (HELO COMP-4) (eva_stella31@76.123.103.34 with plain)
by smtp111..plus.mail.re1.yahoo.com with SMTP; 19 Dec 2008 08:02:43 -0000
Date: Fri, 19 Dec 2008 11:01:50 +0300
From: eva_stella31
Message-ID: <1991074550.20081219110150@yahoo.com>
To: Ray Micheli
Subject:
In-Reply-To: <65533.65487.qm@web110107.mail.gq1.yahoo.com>
References: <65533.65487.qm@web110107.mail.gq1.yahoo.com>
MIME-Version: 1.0
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Length: 5031



From eva_stella31 Fri Oct 17 18:41:48 2008
Return-Path:
Authentication-Results: mta422.mail.re4.yahoo.com from=yahoo.com; domainkeys=fail (bad sig)
Received: from 68.142.237.123 (HELO n10..bullet.re3.yahoo.com) (68.142.237.123)
by mta422.mail.re4.yahoo.com with SMTP; Fri, 17 Oct 2008 09:05:59 -0700
Received: from [68.142.237.90] by n10.bullet.re3.yahoo.com with NNFMP; 17 Oct 2008 16:05:32 -0000
Received: from [66.196.97.146] by t6.bullet.re3.yahoo.com with NNFMP; 17 Oct 2008 16:05:32 -0000
Received: from [127.0.0.1] by omp204.mail.re3.yahoo.com with NNFMP; 17 Oct 2008 16:05:32 -0000
Received: (qmail 51754 invoked from network); 17 Oct 2008 16:05:32 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.com;
h=Received:X-YMail-OSG:X-Yahoo-Newman-Property:Date:From:X-Priority:Message-ID:To:Subject:In-Reply-To:References:MIME-Version:Content-Type;
b=e2x3Cdxg+qBbkYqinftqUMRxQTVTpDw2+03xndOlC+2k15DfQbm0yijIHIxWWHojScF6HS7JRYZFcppL8d+M0LeiosByq1trSVhggKg6J0nvLffFJBbhDQPmggmPE9sw8BWm8vrWiWjXYjvR1Q2Ec7F8zbuNVdlTBq7Lvtcc8Hg= ;
Received: from unknown (HELO COMP-4) (eva_stella31@69.155.45.226 with plain)
by smtp104.plus.mail.re1.yahoo.com with SMTP; 17 Oct 2008 16:04:55 -0000
Date: Fri, 17 Oct 200
Three answers:
Teco
2009-04-11 04:34:40 UTC
*The only IP Address that matters is the eva_stella31@xxx.xxx.xxx.xxx. All the other IP Addresses are just mail servers talking back and forth with each other.



76.170.109.99

The first header sample was sent from a Road Runner ISP

The nslookup dictates this client is in a southern california residence.

cpe-76-170-109-99.socal.res.rr.com

https://ws.arin.net/whois/?queryinput=76.170.109.99





76.123.103.34

The Second header sample was sent from a Comcast ISP.

The nslookup dictates this client is in Florida

c-76-123-103-34.hsd1.fl.comcast.net

https://ws.arin.net/whois/?queryinput=!%20NET-76-123-96-0-1





69.155.45.226

The third header sample was sent from a private address in Plano Texas registered through Southwestern Bell. The nslookup doesn't reveal much on this address unfortunately as i can't make heads or tails of "wchtks"

adsl-69-155-45-225.dsl.wchtks.swbell.net

https://ws.arin.net/whois/?queryinput=!%20NET-69-155-44-0-1





This is all a little stalkerish to be quite honest with you. Though I'll admit i'm not entirely sure what's up with all the varied IP Addresses, especially a prviate pool. Not to mention any search for eva_stella31 on google bring back a ton of results with Russian locations.



I'd just avoid them honestly.
anonymous
2009-04-11 09:50:23 UTC
is this a spoof IP address?

this persons IP address changes to different locations. I want to locate the real address, but i think the person could be using spoof IP to hide real IP address. Any suggestions?

Here is a selection of full headers.



Why do you want this persons IP address for, did they do something wrong are you a cop? if not then there's no reason why you need to know this information.
. ʌvʌvʌ .
2009-04-11 04:31:06 UTC
68.142.237.123



Hostname: n10.bullet.re3.yahoo.com

ISP: Inktomi Corporation

Organization: Inktomi Corporation

Proxy: None detected

Type: Corporate





Geo-Location Information



Country: United States

State/Region: CA

City: Sunnyvale

Latitude: 37.4249

Longitude: -122.0074

Area Code: 408



OrgName: Inktomi Corporation

OrgID: INKT

Address: 701 First Ave

City: Sunnyvale

StateProv: CA

PostalCode: 94089

Country: US











This content was originally posted on Y! Answers, a Q&A website that shut down in 2021.
Loading...