How much do I know about you?

Hai!

Lets see what we can dig up about you...

You're reading this in Ashburn which is located in the VA in United States and your country code is US

That isn't too exciting How about your longitude and latitude is -77.4728, 39.0481 Which should put you around:

All of that came from your IP address which is 107.22.46.150

I also get your user agent string of

CCBot/2.0 (http://commoncrawl.org/faq/)

You're most likely running Hmm, not sure, not one of the conventional ones, but that's not too surprising, I'm not too bright, but that is a guess. I could take a similiar guess and figure out your OS which would let me customise a possible attack vector on your machine, but I'm too nice for that

Moving on, you have a hostname of ec2-107-22-46-150.compute-1.amazonaws.com Which is probably quite meaningless to you, but your domain is amazonaws.com which, most likely is your ISP. Their information is:

amazonaws.com domain lookup results from whois.markmonitor.com server:

Domain Name: amazonaws.com
Registry Domain ID: 197784869_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.markmonitor.com
Registrar URL: http://www.markmonitor.com
Updated Date: 2016-05-05T16:11:07-0700
Creation Date: 2005-08-17T19:10:45-0700
Registrar Registration Expiration Date: 2020-01-15T00:00:00-0800
Registrar: MarkMonitor, Inc.
Registrar IANA ID: 292
Registrar Abuse Contact Email: abusecomplaints@markmonitor.com
Registrar Abuse Contact Phone: +1.2083895740
Domain Status: clientUpdateProhibited (https://www.icann.org/epp#clientUpdateProhibited)
Domain Status: clientTransferProhibited (https://www.icann.org/epp#clientTransferProhibited)
Domain Status: clientDeleteProhibited (https://www.icann.org/epp#clientDeleteProhibited)
Domain Status: serverUpdateProhibited (https://www.icann.org/epp#serverUpdateProhibited)
Domain Status: serverTransferProhibited (https://www.icann.org/epp#serverTransferProhibited)
Domain Status: serverDeleteProhibited (https://www.icann.org/epp#serverDeleteProhibited)
Registry Registrant ID: 
Registrant Name: Legal Department
Registrant Organization: Amazon.com, Inc.
Registrant Street: PO BOX 81226
Registrant City: Seattle
Registrant State/Province: WA
Registrant Postal Code: 98108-1226
Registrant Country: US
Registrant Phone: +1.2062664064
Registrant Phone Ext: 
Registrant Fax: +1.2062667010
Registrant Fax Ext: 
Registrant Email: hostmaster@amazon.com
Registry Admin ID: 
Admin Name: Legal Department
Admin Organization: Amazon.com, Inc.
Admin Street: PO BOX 81226
Admin City: Seattle
Admin State/Province: WA
Admin Postal Code: 98108-1226
Admin Country: US
Admin Phone: +1.2062664064
Admin Phone Ext: 
Admin Fax: +1.2062667010
Admin Fax Ext: 
Admin Email: hostmaster@amazon.com
Registry Tech ID: 
Tech Name: Abuse, Amazon Webservices
Tech Organization: Amazon.com, Inc.
Tech Street: P.O. Box 81226, 
Tech City: Seattle
Tech State/Province: Washington
Tech Postal Code: 98108
Tech Country: US
Tech Phone: +1.2062664064
Tech Phone Ext: 
Tech Fax: +1.2062667010
Tech Fax Ext: 
Tech Email: abuse@amazonaws.com
Name Server: u1.amazonaws.com
Name Server: r2.amazonaws.com
Name Server: u2.amazonaws.com
Name Server: r1.amazonaws.com
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2017-06-23T04:53:16-0700 <<<

The Data in MarkMonitor.com's WHOIS database is provided by MarkMonitor.com for
information purposes, and to assist persons in obtaining information about or
related to a domain name registration record.  MarkMonitor.com does not guarantee
its accuracy.  By submitting a WHOIS query, you agree that you will use this Data
only for lawful purposes and that, under no circumstances will you use this Data to:
 (1) allow, enable, or otherwise support the transmission of mass unsolicited,
     commercial advertising or solicitations via e-mail (spam); or
 (2) enable high volume, automated, electronic processes that apply to
     MarkMonitor.com (or its systems).
MarkMonitor.com reserves the right to modify these terms at any time.
By submitting this query, you agree to abide by this policy.

MarkMonitor is the Global Leader in Online Brand Protection.

MarkMonitor Domain Management(TM)
MarkMonitor Brand Protection(TM)
MarkMonitor AntiPiracy(TM)
MarkMonitor AntiFraud(TM)
Professional and Managed Services

Visit MarkMonitor at http://www.markmonitor.com
Contact us at +1.8007459229
In Europe, at +44.02032062220

For more information on Whois status codes, please visit
 https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en
--

Again, this is probably quite meaningless, but it does mean I now know who to contact. I have your IP and the time you connected, your ISP is obliged to keep logs, so they should be able to find you quite easily in their billing records

One of the more interesting things is this was all done with free tools and information freely provided by your computer when it makes a connection.

Geolocation by geoPlugin
The map is from Google via the map API
Reverse lookup is inbuilt in PHP
Your ISP info comes from your local whois rep and a poked whois script from php.easycode.com (Why code when you can grab a pre-made one?) :)

The next step is to start moving into the grey and black hat area - scanning your ports to find out what you have open, or trying some browser exploits to see if its possible to snag some additional information.

This took about 3hrs to code up, it only took about 30 minutes to get the base stuff working, the remainder of the time was mainly spent with small tweaks. Imagine what information could be gathered if some of the larger pay-access databases were used.

Alternatively you may be feeling smug because the information isn't correct? Well, as I said, it is the free tools and it was coded up in a very short space of time, not to mention this page is calculated on the fly, so doesn't store any information. Give me a large supply of chocolate and I'll see what I can do.

Just a thought to leave you with...

Return to Madphin