How to determine the most accurate address by ip?

R

Run Utochkin2014-07-22 12:44:07

Geolocation

Run Utochkin, 2014-07-22 12:44:07

There is an IP address, there are strong suspicions about the Kaliningrad region, but it shows St. Petersburg.
78.25.122.213

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

S

Semyon Voronov, 2014-07-22
@Gineaser

whois services . There are a lot of them. On linux, the whois console utility.

whois cli

Last login: Tue Jul 22 00:06:53 2014 from 192.168.0.51
[email protected]:~$ whois 78.25.122.213
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: this output has been filtered.
%       To receive output for a database update, use the "-B" flag.

% Information related to '78.25.120.0 - 78.25.123.255'

% Abuse contact for '78.25.120.0 - 78.25.123.255' is '[email protected]'

inetnum:        78.25.120.0 - 78.25.123.255
netname:        MF-NWGSM
descr:          North-West Branch of OJSC MegaFon Network
country:        RU
admin-c:        NMNW-RIPE
tech-c:         NMNW-RIPE
status:         ASSIGNED PA
mnt-by:         MNT-MF-NWGSM
mnt-by:         MEGAFON-RIPE-MNT
mnt-lower:      MNT-MF-NWGSM
mnt-domains:    MNT-MF-NWGSM
mnt-routes:     MNT-MF-NWGSM
geoloc:         59.91 30.491
source:         RIPE # Filtered

role:           North-West Branch of OJSC MegaFon Internet Center
address:        10, Karavannaya street
address:        Saint-Petersburg, Russia, 191011
admin-c:        MYK17-RIPE
admin-c:        GMV-RIPE
tech-c:         MYK17-RIPE
tech-c:         GMV-RIPE
nic-hdl:        NMNW-RIPE
mnt-by:         MNT-MF-NWGSM
source:         RIPE # Filtered

% Information related to '78.25.122.0/23AS31213'

route:          78.25.122.0/23
descr:          North-West Branch of OJSC MegaFon
descr:          Saint-Petersburg, Russia, 191011
origin:         AS31213
mnt-by:         MNT-MF-NWGSM
source:         RIPE # Filtered

% This query was served by the RIPE Database Query Service version 1.74.1 (DB-4)

They all operate on the same principle . In fact, the location of the end node can be anywhere. And the range of ip addresses is simply bought out by the provider, whose branch is located in the city you suspect. Then the node IP can be defined as the city where the provider's main DC or head office (for example) is located.
I am in Blagoveshchensk, Amur Region. On different providers, I am defined as Moscow, and as Chita on another.
One option is to try tracing to the node. Perhaps intermediate hops will tell you exactly where your friend is.

V

Vlad Zhivotnev, 2014-07-22
@inkvizitor68sl

No way.
There are public geobases, there is whois. They usually lie shamelessly.
The provider receives addresses by "registering" them to Moscow (at the address of a legal entity). Further, no one forbids him to use these addresses in Vladivostok.
Moreover, traffic for this address can indeed be received by the provider on the border in Moscow, and then chase to Siberia through its own channels.
So the answer is short:
1) trace the address, maybe there will be hints (well, there is the name of the router like hq-bb-be10.msk.corbina.net in the last hop or it will be possible to determine the location of the last hop by other indirect signs).
2) find out the provider
3) ask the provider (if you are the police).
If not the police / no acquaintances - then, in general, nothing. Just rely on a lying public geobase.

S

Sergey Petrikov, 2014-07-22
@RicoX

The most accurate way is to send a lawyer's request to the owner of the addresses. Or through law enforcement. The provider will not give you the data directly, it is bound by the law on the DPA, and whois will show the country at best.