1

I received a suspicious email (suspicious body) coming from a legit person. The headers always show the legit adress as if the person in question has been hacked.

But I wanted to go further and checked for the originating IP.

In my first whois query at dig.whois.com.au I have a result telling me IP is from Romania. In another whois query at hackertarget.com/whois-lookup I have a result telling me IP is from US PacketFLip LLC which is actually an anonymous proxies company.

Is it possible that the first whois is able to find the real location of the IP whereas in the second whois, the proxy company act as if this IP comes from its range when it is not or something ?

Thanks a lot,

k1ngstr
  • 11
  • 1

1 Answers1

2

whois on an IP address shows whom this IP address (range) is assigned to. If you get that the address is assigned to some company doing anonymous proxies then this is exactly that, i.e. there is no way to look behind since there is nothing behind. What you would need to look further is the original IP of the user which an anonymous proxy hides by design. And behind the one IP address you see there will probably be many hidden IP addresses you don't see.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424