Grabbed the IP address of a fascist possibly or I didn't? Need tips if its allowed here?

Submitted by GammaAssassin in Antifa (edited )

Can I post about this here and if not can somebody send me a link to somewhere I can ask people or show them? I used what's called grabify in a post towards a notorious neoliberalist fascist on reddit. This guy believes that the 'poor', disabled have 'inferior genetics' and 'need to be removed/driven to extinction so the rich who have superior genes can take over'. Essentially as somebody on this raddle forum said, a Social-Darwinist.

So I wanted to deal with this reddit user, put the link at the top of my post and I saw a click that shows 9 IPs all from the same location despite being different. All being in the same state from the USA in Ashburn with the same ISP (Being Amazon.com) any idea what this means? Message me in private if you want to know the specific link.

Some of the host names are different also. Is this normal for several different IPs to display? How do I know which is "The one" and if I got him to click on it? Because it showed one that was accessed from iphone and another from computer, laptop or mac.

Update, I sent him a message to confirm if it was his and he clicked on the link. I got these results. I can be sure this is definitely his click:

Date/Time 2019-03-06 08:47:12

IP Address 107.77.211.188

Country United States, Oakland

Timezone America/Los_Angeles PST

Language en-US

Browser Mobile Safari ()

Operating System iOS 11.2.5

Device Apple iPhone

User Agent Mozilla/5.0 (iPhone; CPU iPhone OS 11_2_5 like Mac OS X)

AppleWebKit/604.5.6 (KHTML, like Gecko) Mobile/15D60

Referring URL no referrer

Host Name mobile-107-77-211-188.mobile.att.net

ISP AT&T Wireless

Details from other places regarding his IP:

107.77.211.188 IP Address Location

Reverse IP (PTR) mobile-107-77-211-188.mobile.att.net ASN 20057 (AT&T Mobility LLC)

ISP / Organization AT&T Wireless

IP Connection Type Cellular [internet speed test]

IP Location Burlingame, California, 94010, United States

IP Continent North America

IP Country United States (US)

IP State California (CA)

IP City Burlingame

IP Postcode 94010

IP Latitude 37.5659 / 37°33′57″ N

IP Longitude -122.3661 / 122°21′57″ W

IP Timezone America/Los_Angeles

IP Local Time Tue, 05 Mar 2019 20:08:27 -0800

Second IP website:

IP Location United States United States Clovis AT&T Mobility Llc

ASN United States AS20057 ATT-MOBILITY-LLC-AS20057 - AT&T Mobility LLC, US (registered Mar 20, 2001)

Resolve Host mobile-107-77-211-188.mobile.att.net

Whois Server whois.arin.net

IP Address 107.77.211.188

NetRange: 107.64.0.0 - 107.127.255.255

CIDR: 107.64.0.0/10

NetName: ATT-MOBILITY-LLC

NetHandle: NET-107-64-0-0-1

Parent: NET107 (NET-107-0-0-0-0)

NetType: Direct Allocation

OriginAS:

Organization: AT&T Mobility LLC (ATTMO-3)

RegDate: 2011-02-04

Updated: 2012-03-20

Ref: https://rdap.arin.net/registry/ip/107.64.0.0

OrgName: AT&T Mobility LLC

OrgId: ATTMO-3

Address: 16631 NE 72nd Way

Address: ATTN: IP Management

City: Redmond

StateProv: WA

PostalCode: 98052

Country: US RegDate: 2008-10-10

Updated: 2018-08-03

Comment: For policy abuse issues contact:

Comment:

Comment: Send all legal requests to:

Comment:

Comment: ATT National Compliance Center

Comment: 11760 US Hwy 1, Suite 600

Comment: North Palm Beach, FL 33408

Comment: Phone Number: 1-800-635-6840

Comment: Fax Number: 1-888-938-4715

Comment: Email:

Ref: https://rdap.arin.net/registry/entity/ATTMO-3

OrgAbuseHandle: CINGU-ARIN

OrgAbuseName: Cingular DNS

OrgAbusePhone: +1-317-265-8902

OrgAbuseEmail:

OrgAbuseRef: https://rdap.arin.net/registry/entity/CINGU-ARIN

OrgTechHandle: CINGU-ARIN

OrgTechName: Cingular DNS

OrgTechPhone: +1-317-265-8902

OrgTechEmail:

OrgTechRef: https://rdap.arin.net/registry/entity/CINGU-ARIN

OrgTechHandle: IPADM2-ARIN

OrgTechName: IPAdmin ATT Internet Services

OrgTechPhone: +1-888-510-5545

OrgTechEmail:

OrgTechRef: https://rdap.arin.net/registry/entity/IPADM2-ARIN Iris Investigation Platform

9

You must log in or register to comment.

Raven wrote

Those are your target's IPs. I've tested Grabify on myself with Tor Browser

https://grabify.link/track/OP0TS8

And the accessed IP is a reserved IP

I thought that was Raddle IP, so I tested it once again with a web proxy, and result proved that the third IP was from the proxy.

So, yes, your grabbed IPs are indeed target's IP. Also your target is an idiot, so you can phish them with more crafty stuff.

3

GammaAssassin OP wrote

See the one posted in the edit I got via a message or pm to him that he clicked. How is this one?

1

throwaway wrote

I don't know anything about grabify, but let's say you got the IP; what are you going to do with it? Chances are good that it won't lead to anything.

2

Raven wrote

Grabify is a service that allows you to create redirect URL on based link or domain. IIRC it's a softcore phishing service that record connection, UA and timestamp accessing the generated target URL. I had tested it on myself (Tor Browser) and it does show target's IP. Indeed, OP's recorded IPs were from their target.

2

rot wrote

probably not their real ip. I would check on where it comes from and confirm that it isn't an ip from a proxy or reddit itself.

1

bryl wrote

This is the first I've heard of Grabify. Nice! Another tool in the toolbox.

1

GammaAssassin OP wrote (edited )

I sent him a message, he clicked on it and got 1 result so far but it shows it being from his iPhone:

Date/Time 2019-03-06 08:47:12

IP Address 107.77.211.188

Country United States, Oakland

Timezone America/Los_Angeles PST

Language en-US

Browser Mobile Safari ()

Operating System iOS 11.2.5

Device Apple iPhone

User Agent Mozilla/5.0 (iPhone; CPU iPhone OS 11_2_5 like Mac OS X)

AppleWebKit/604.5.6 (KHTML, like Gecko) Mobile/15D60

Referring URL no referrer

Host Name mobile-107-77-211-188.mobile.att.net

ISP AT&T Wireless

1

geegaw wrote

Oh hey this looks like a pretty useful tool, thanks

1