How to find out the location of a user, knowing only his email address
The article describes a very simple and banal method that allows you to determine the IP address of the recipient of the letter. As we all know, having an IP address, it’s easy to figure out the person behind it, especially if you are an employee of the Ministry of Truth.
The article will not reveal anything new for people familiar with the principle of
Everyone knows that in the modern world you can send a letter with the heading
Moreover, many email clients on PC, Mac and mobile devices upload attached files in advance, that is, at the time of receiving the letter and before the user actually opens and reads it, for example, when connecting to Wi-Fi or 3G (depending on the email client and its settings).
')
The fact is that when accessing an attached file, an HTTP request to the server occurs, where the file is physically located. When an incoming call, both hosts exchange information about themselves, including IP addresses, respectively - the email client, contacting a ccs-file or a graphic image attached to a letter, instantly transmits the IP address of the recipient of the letter.
For Habrazhiteley this issue is not relevant, but nevertheless I will explain. Having the IP-address, you can send it to the Ministry of Truth, then they will sort it out further.
Additionally, you can use the search by IP addresses (whois) and find out who it belongs to, rarely, but it may turn out that the IP address we are looking for is issued to an individual. Further, as with a domain, all appearances (name, address, and other data) are indicated in the whois information. If the IP address belongs to the Internet provider (including the mobile operator), behind which our recipient of the letter is hidden, you can contact the operator directly or through the Ministry of Internal Affairs (in case of assistance in any investigation or his conduct).
When accessing the ISP, in addition to the IP address and the reason for the request, you must specify the exact time when this IP address was associated with the user.
Having an IP address through whois you can always find out the city, and often the administrative district in which the recipient of the letter is located.
To compose a letter, take any text that will look like “spam” for the recipient of the letter, so that he would not pay attention to it. But you should not take the text from the “spam” letter that came to your mail, and even more so to the “spam” folder - to minimize the chances of the letter sent by us in the field of view of the “spam” filter on the recipient side.
To send a letter, use any service that provides the possibility of anonymous sending letters. At the same time, I recommend to go online using various anonymizers, VPN, Tor and browser inporn private-mode (without saving cookies, localStorage, etc.), and with public Wi-Fi (in a cap, glasses and dark inconspicuous clothes ).
You need access to a publicly accessible server or hosting. It is desirable with an unnecessary IP-address or domain name, which is not a pity to change or which does not apply to you. You can use a dynamic DNS, which will temporarily redirect all requests from a temporary IP address to your host.
On the server, we have some kind of route (route), which upon incoming HTTP request saves all headers to a file or database, or anywhere else at your discretion. In the letter I recommend inserting links to two files. One file in the letter header is a css-file, the other on a graphic image in the body of the letter (due to the different work of mail clients).
To reduce suspicion, we return real files with the correct headers and
When sending emails to multiple addresses, you can attach a
In 70% of cases, when the recipient uses the letter of the mail client on a mobile device, the benefit of the number of users of smartphones and mobile Internet is growing.
Thank. Observe Internet hygiene and register your personal data.
The article will not reveal anything new for people familiar with the principle of
HTML , HTTP and mail clients, but it will probably show how this can be used from another point of view. For “just” software users, mobile devices and email, an article can show how important it is to maintain Internet hygiene and protect your personal data (to which the email address belongs) on the Internet.Method
Everyone knows that in the modern world you can send a letter with the heading
Content-Type: text/html; that allows you to give the letter a “correct” look, connect styles and images. Styles and images can be both nested and refer to external resources. If the sent letter passes by the “spam” filter, the attached files will be loaded automatically when opening the letter.Moreover, many email clients on PC, Mac and mobile devices upload attached files in advance, that is, at the time of receiving the letter and before the user actually opens and reads it, for example, when connecting to Wi-Fi or 3G (depending on the email client and its settings).
')
The fact is that when accessing an attached file, an HTTP request to the server occurs, where the file is physically located. When an incoming call, both hosts exchange information about themselves, including IP addresses, respectively - the email client, contacting a ccs-file or a graphic image attached to a letter, instantly transmits the IP address of the recipient of the letter.
What to do with the received IP address
For Habrazhiteley this issue is not relevant, but nevertheless I will explain. Having the IP-address, you can send it to the Ministry of Truth, then they will sort it out further.
Additionally, you can use the search by IP addresses (whois) and find out who it belongs to, rarely, but it may turn out that the IP address we are looking for is issued to an individual. Further, as with a domain, all appearances (name, address, and other data) are indicated in the whois information. If the IP address belongs to the Internet provider (including the mobile operator), behind which our recipient of the letter is hidden, you can contact the operator directly or through the Ministry of Internal Affairs (in case of assistance in any investigation or his conduct).
When accessing the ISP, in addition to the IP address and the reason for the request, you must specify the exact time when this IP address was associated with the user.
Having an IP address through whois you can always find out the city, and often the administrative district in which the recipient of the letter is located.
How to issue a letter and where to send it
To compose a letter, take any text that will look like “spam” for the recipient of the letter, so that he would not pay attention to it. But you should not take the text from the “spam” letter that came to your mail, and even more so to the “spam” folder - to minimize the chances of the letter sent by us in the field of view of the “spam” filter on the recipient side.
To send a letter, use any service that provides the possibility of anonymous sending letters. At the same time, I recommend to go online using various anonymizers, VPN, Tor and browser in
What you need to save the header REMOTE_ADDR
You need access to a publicly accessible server or hosting. It is desirable with an unnecessary IP-address or domain name, which is not a pity to change or which does not apply to you. You can use a dynamic DNS, which will temporarily redirect all requests from a temporary IP address to your host.
On the server, we have some kind of route (route), which upon incoming HTTP request saves all headers to a file or database, or anywhere else at your discretion. In the letter I recommend inserting links to two files. One file in the letter header is a css-file, the other on a graphic image in the body of the letter (due to the different work of mail clients).
To reduce suspicion, we return real files with the correct headers and
Content-Type corresponding requested files (some email clients and their browser versions check the attached files for consistency).When sending emails to multiple addresses, you can attach a
GET parameter to identify each recipient.In what cases it does not work
- If the recipient of the letter uses any anonymizer, VPN or Tor;
- Most browser versions of email clients cache attachments on their side — in this case, you will receive the IP address of the email service;
- When you get a letter in the "spam".
When it works
In 70% of cases, when the recipient uses the letter of the mail client on a mobile device, the benefit of the number of users of smartphones and mobile Internet is growing.
Thank. Observe Internet hygiene and register your personal data.
Source: https://habr.com/ru/post/250587/
All Articles