Grabbed the IP address of a fascist possibly or I didn't? Need tips if its allowed here?
Submitted by GammaAssassin in Antifa (edited )
Can I post about this here and if not can somebody send me a link to somewhere I can ask people or show them? I used what's called grabify in a post towards a notorious neoliberalist fascist on reddit. This guy believes that the 'poor', disabled have 'inferior genetics' and 'need to be removed/driven to extinction so the rich who have superior genes can take over'. Essentially as somebody on this raddle forum said, a Social-Darwinist.
So I wanted to deal with this reddit user, put the link at the top of my post and I saw a click that shows 9 IPs all from the same location despite being different. All being in the same state from the USA in Ashburn with the same ISP (Being Amazon.com) any idea what this means? Message me in private if you want to know the specific link.
Some of the host names are different also. Is this normal for several different IPs to display? How do I know which is "The one" and if I got him to click on it? Because it showed one that was accessed from iphone and another from computer, laptop or mac.
Update, I sent him a message to confirm if it was his and he clicked on the link. I got these results. I can be sure this is definitely his click:
Date/Time 2019-03-06 08:47:12
IP Address 107.77.211.188
Country United States, Oakland
Timezone America/Los_Angeles PST
Language en-US
Browser Mobile Safari ()
Operating System iOS 11.2.5
Device Apple iPhone
User Agent Mozilla/5.0 (iPhone; CPU iPhone OS 11_2_5 like Mac OS X)
AppleWebKit/604.5.6 (KHTML, like Gecko) Mobile/15D60
Referring URL no referrer
Host Name mobile-107-77-211-188.mobile.att.net
ISP AT&T Wireless
Details from other places regarding his IP:
107.77.211.188 IP Address Location
Reverse IP (PTR) mobile-107-77-211-188.mobile.att.net ASN 20057 (AT&T Mobility LLC)
ISP / Organization AT&T Wireless
IP Connection Type Cellular [internet speed test]
IP Location Burlingame, California, 94010, United States
IP Continent North America
IP Country United States (US)
IP State California (CA)
IP City Burlingame
IP Postcode 94010
IP Latitude 37.5659 / 37°33′57″ N
IP Longitude -122.3661 / 122°21′57″ W
IP Timezone America/Los_Angeles
IP Local Time Tue, 05 Mar 2019 20:08:27 -0800
Second IP website:
IP Location United States United States Clovis AT&T Mobility Llc
ASN United States AS20057 ATT-MOBILITY-LLC-AS20057 - AT&T Mobility LLC, US (registered Mar 20, 2001)
Resolve Host mobile-107-77-211-188.mobile.att.net
Whois Server whois.arin.net
IP Address 107.77.211.188
NetRange: 107.64.0.0 - 107.127.255.255
CIDR: 107.64.0.0/10
NetName: ATT-MOBILITY-LLC
NetHandle: NET-107-64-0-0-1
Parent: NET107 (NET-107-0-0-0-0)
NetType: Direct Allocation
OriginAS:
Organization: AT&T Mobility LLC (ATTMO-3)
RegDate: 2011-02-04
Updated: 2012-03-20
Ref: https://rdap.arin.net/registry/ip/107.64.0.0
OrgName: AT&T Mobility LLC
OrgId: ATTMO-3
Address: 16631 NE 72nd Way
Address: ATTN: IP Management
City: Redmond
StateProv: WA
PostalCode: 98052
Country: US RegDate: 2008-10-10
Updated: 2018-08-03
Comment: For policy abuse issues contact:
Comment:
Comment: Send all legal requests to:
Comment:
Comment: ATT National Compliance Center
Comment: 11760 US Hwy 1, Suite 600
Comment: North Palm Beach, FL 33408
Comment: Phone Number: 1-800-635-6840
Comment: Fax Number: 1-888-938-4715
Comment: Email:
Ref: https://rdap.arin.net/registry/entity/ATTMO-3
OrgAbuseHandle: CINGU-ARIN
OrgAbuseName: Cingular DNS
OrgAbusePhone: +1-317-265-8902
OrgAbuseEmail:
OrgAbuseRef: https://rdap.arin.net/registry/entity/CINGU-ARIN
OrgTechHandle: CINGU-ARIN
OrgTechName: Cingular DNS
OrgTechPhone: +1-317-265-8902
OrgTechEmail:
OrgTechRef: https://rdap.arin.net/registry/entity/CINGU-ARIN
OrgTechHandle: IPADM2-ARIN
OrgTechName: IPAdmin ATT Internet Services
OrgTechPhone: +1-888-510-5545
OrgTechEmail:
OrgTechRef: https://rdap.arin.net/registry/entity/IPADM2-ARIN Iris Investigation Platform
[deleted] wrote
GammaAssassin OP wrote
How about the one via PM I posted in the edit?
Raven wrote
Those are your target's IPs. I've tested Grabify on myself with Tor Browser
https://grabify.link/track/OP0TS8
And the accessed IP is a reserved IP
I thought that was Raddle IP, so I tested it once again with a web proxy, and result proved that the third IP was from the proxy.
So, yes, your grabbed IPs are indeed target's IP. Also your target is an idiot, so you can phish them with more crafty stuff.
GammaAssassin OP wrote
See the one posted in the edit I got via a message or pm to him that he clicked. How is this one?
throwaway wrote
I don't know anything about grabify, but let's say you got the IP; what are you going to do with it? Chances are good that it won't lead to anything.
Raven wrote
Grabify is a service that allows you to create redirect URL on based link or domain. IIRC it's a softcore phishing service that record connection, UA and timestamp accessing the generated target URL. I had tested it on myself (Tor Browser) and it does show target's IP. Indeed, OP's recorded IPs were from their target.
rot wrote
probably not their real ip. I would check on where it comes from and confirm that it isn't an ip from a proxy or reddit itself.
bryl wrote
This is the first I've heard of Grabify. Nice! Another tool in the toolbox.
GammaAssassin OP wrote (edited )
I sent him a message, he clicked on it and got 1 result so far but it shows it being from his iPhone:
Date/Time 2019-03-06 08:47:12
IP Address 107.77.211.188
Country United States, Oakland
Timezone America/Los_Angeles PST
Language en-US
Browser Mobile Safari ()
Operating System iOS 11.2.5
Device Apple iPhone
User Agent Mozilla/5.0 (iPhone; CPU iPhone OS 11_2_5 like Mac OS X)
AppleWebKit/604.5.6 (KHTML, like Gecko) Mobile/15D60
Referring URL no referrer
Host Name mobile-107-77-211-188.mobile.att.net
ISP AT&T Wireless
geegaw wrote
Oh hey this looks like a pretty useful tool, thanks