9 replies to this topic

[bruders 338]

Hello as you may already know i got another thread about stolen money from myback.

right i managed to get an IP address but need help with pin pointing where this address is.

i did a search online to only get an area and not a 100% address

hope that make sense

[Guess-Works.com]

Most IP addresses are what is called dynamic, which means when someone connects to their ISP they are given an IP from a range which the ISP has. You will not necessarily have the same IP every time you connect to the internet...

An IP will not give you a person or address, only the point of access to the internet.

Take for example a 'hotspot' that will have one IP address, but there could be 100's of people connected to that one hotspot.

[bruders 338]

Ok thanks for the reply.

[miniQ]

First off:

virus scan your pc
Check for keyloggers
etc etc

Download: hitmanpro 3.5 (it will do a fast job trust me & I guarantee it will find viruses) - http://www.surfright.nl/en/hitmanpro

Secondly...
what type of format is the IP address you have got? e.g (100.333.555.XXX)

etc


The chances are it's just the IP for the local server for that service provider which the guy connects to...

So for example If I was with Virgin I would connect to their local server IP which is nearest my hometown - So if I lived in Walkden (20 miles away from manchester?) Then I would connect to Virgin's main server within Manchester... So a pretty broad area...100,000's of people...

Edited by miniQ, 21 July 2011 - 12:58 AM.

[bruders 338]

First off:

virus scan your pc
Check for keyloggers
etc etc

Download: hitmanpro 3.5 (it will do a fast job trust me & I guarantee it will find viruses) - http://www.surfright.nl/en/hitmanpro

Secondly...
what type of format is the IP address you have got? e.g (100.333.555.XXX)

etc


The chances are it's just the IP for the local server for that service provider which the guy connects to...

So for example If I was with Virgin I would connect to their local server IP which is nearest my hometown - So if I lived in Walkden (20 miles away from manchester?) Then I would connect to Virgin's main server within Manchester... So a pretty broad area...100,000's of people...

yep thats the type of Ip i was given by the company

also just did the scan i i had hundreds of tracking cookies.

[miniQ]

Tracking cookies arn't much of a threat...They used for webpage memory...
Let me explain...

Say your looking around at adverts on a website such as gumtree...
Once you leave that site it may save a tracking cookie on your computer..
So once your on another webpage an advertisment might be on screen showing the items you were looking at...

Also if you add something to a shopping basket online, a cookie will be used to remember that information for if you leave that webpage & come back to it later...

It's a way for webpages to keep track of you in a way...

Not harmfull though.

Edited by miniQ, 21 July 2011 - 02:10 PM.

[bruders 338]

Ok i understand. i'm so bad with computers i can do the the usual stuff but thats it.....

so what do you think a bank will do to find out if a card been used for fraud??
if i phoned the internet provider would they tel me where the ip address came from.

im trying to do alittle police work myself A to find out who did it and B to hopefully prevent it happening again

[Ruckus]

if i phoned the internet provider would they tel me where the ip address came from.

no that would need a warrant...

PM me the IP i'd like to have a dig... you never know

(20 year IT Pro by the way)

[Timify]

An IP address can be traced back as far as the exchange. The exchange serves a pretty wide area, and with multiple people using the same exchange (note: they will not be using the same IP)

The only chance you really have of getting them, without getting the fuzz involved would be to find somewhere else that IP address has been, and by association narrow it down. But this will only work if their IP is static and not Dynamic. You should be able to determine this quite easily.

You may also find they will have used a proxy / tor node to access your account. Making tracing them even harder, as you have to try and get people in other countries to cough up details. Some take privacy of users they serve very series and nothing short of a court order will get it, others the basic threat of legal will get you the details you need. If they have chained their connection, through server proxies, this needs to be done for each link until you reach the source.

Its a small shot, but worth a try. Your details more then likely where harvested, then sold on (sometimes in bulk) to someone willing to perform the actual 'steal' of funds/property.

The seller, you have next to no chance of catching, they'll be very smart in their methods. The buyer can be of any technical level. Perhaps stupid enough or simply complacent enough to think they needed bother covering their on-line tracks.

Best of luck to you. (Coming from an OSCP)

[coopedup1980]

Hi,

I would recommend two things.

Raise a report to you bank asking them to raise a case to their counter fraud team. They will be then obliged to provide an update of interactions to your account and hopefuly investigate is this was a hack or not.

Raise a police report and request a crime reference number, also ask which unit thecase would be raised too. If you are lucky its'll go to serious crime and not a bobby on the street.


Once you know who has the police case then request that obtain IP and usage records from your ISP. The ISP is required to have an IDU team (Information Disclosure Unit) and keep subscriber type details (including IP allcoation) for 12months. The police should then be able to take appropriate action based on this informatio.

If you don't have these but magically identify who gained access to your account what do you do?

Best of luck. Neil