How much do I know about you?

Hai!

Lets see what we can dig up about you...

You're reading this in Ashburn which is located in the Virginia in United States and your country code is US

That isn't too exciting How about your longitude and latitude is -77.4728, 39.0481 Which should put you around:

All of that came from your IP address which is 54.198.205.153

I also get your user agent string of

CCBot/2.0 (https://commoncrawl.org/faq/)

You're most likely running Hmm, not sure, not one of the conventional ones, but that's not too surprising, I'm not too bright, but that is a guess. I could take a similiar guess and figure out your OS which would let me customise a possible attack vector on your machine, but I'm too nice for that

Moving on, you have a hostname of ec2-54-198-205-153.compute-1.amazonaws.com Which is probably quite meaningless to you, but your domain is amazonaws.com which, most likely is your ISP. Their information is:

amazonaws.com domain lookup results from whois.verisign-grs.com server:

   Domain Name: AMAZONAWS.COM
   Registry Domain ID: 197784869_DOMAIN_COM-VRSN
   Registrar WHOIS Server: whois.markmonitor.com
   Registrar URL: http://www.markmonitor.com
   Updated Date: 2018-03-08T21:43:34Z
   Creation Date: 2005-08-18T02:10:45Z
   Registry Expiry Date: 2020-01-16T04:59:59Z
   Registrar: MarkMonitor Inc.
   Registrar IANA ID: 292
   Registrar Abuse Contact Email: abusecomplaints@markmonitor.com
   Registrar Abuse Contact Phone: +1.2083895740
   Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
   Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
   Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
   Domain Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited
   Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited
   Domain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited
   Name Server: R1.AMAZONAWS.COM
   Name Server: R2.AMAZONAWS.COM
   Name Server: U1.AMAZONAWS.COM
   Name Server: U2.AMAZONAWS.COM
   DNSSEC: unsigned
   URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2018-09-25T09:28:37Z <<<

For more information on Whois status codes, please visit https://icann.org/epp

NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar.  Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.

TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability.  VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.

The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.

Again, this is probably quite meaningless, but it does mean I now know who to contact. I have your IP and the time you connected, your ISP is obliged to keep logs, so they should be able to find you quite easily in their billing records

One of the more interesting things is this was all done with free tools and information freely provided by your computer when it makes a connection.

Geolocation by geoPlugin
The map is from Google via the map API
Reverse lookup is inbuilt in PHP
Your ISP info comes from your local whois rep and a poked whois script from php.easycode.com (Why code when you can grab a pre-made one?) :)

The next step is to start moving into the grey and black hat area - scanning your ports to find out what you have open, or trying some browser exploits to see if its possible to snag some additional information.

This took about 3hrs to code up, it only took about 30 minutes to get the base stuff working, the remainder of the time was mainly spent with small tweaks. Imagine what information could be gathered if some of the larger pay-access databases were used.

Alternatively you may be feeling smug because the information isn't correct? Well, as I said, it is the free tools and it was coded up in a very short space of time, not to mention this page is calculated on the fly, so doesn't store any information. Give me a large supply of chocolate and I'll see what I can do.

Just a thought to leave you with...

Return to Madphin