HTML Report

Identification and Registration Summary

The top section of the report summarizes the primary trace results: the IP address and estimated location, registration information for the target's domain (if any), and the network provider, or ISP, providing Internet service for the target.


Fig 7.1 Report Summary

Estimated location : The geographical location is a key piece of information for identifying fraudsters, hackers etc. If an email message, website or IP address is located in a country or region different from what you expect, and/or from a country known for high fraud rates such as China and Russia , the intentions of the target could well be sinister.

The network trace results report section shows the location of network hops leading to the destination and reports the known locations of these hops when available. This helps to confirm the final destination where applicable. If destination locations are not available for confirmation then the location of the destination ISP is provided. The destination ISP is nearly always located in the same country as the target, but may not be in the same city.

Network Contact Information: The network owner, or ISP, providing Internet access for an IP address or web site, is the company responsible for reviewing and taking action on abuse reports under the terms of their 'Acceptable Use Policy'. In addition, ISPs are normally located in the same area or region as their users, so the location of the network provider is often a good estimation of the end-user location.

Domain Contact Information : A domain is the name registered by a company, organization or individual that is used for web site or email addresses, such as 'visualware.com'. The domain registration provides details about who has registered a web site address, helpful information for verifying a web site owner.

Additional identification details are provided to help the identifying process when available, including the time zone, the type of Internet applications running on the target system, and copyright information from the target system web page.

The map section of the report shows the Internet route between your location and the target being traced.


Fig 7.2

A solid line represents a known location in the Visualware database, and a dotted line represents an estimated location which is derived from the registration details for the target's ISP. The Internet route is an important piece of evidence when tracking a target's location as it represents a trail to the destination. While the estimated location is usually correct at a country level, any city locations identified as 'known' that are close to the target destination further help to qualify the target's physical location at the city level.

The route table shows each segment, or network 'hop' of the Internet route between your location and the target being traced. While both the Route Map and Route Table show the Internet route, the Route Table provides more detail that can be examined for clues to the target's location.


Fig 7.3

While the Network and Domain Owner details are summarized in the top summary section of the Identification Report, the complete registration records are provided in this section as they often contain additional contact information that may be helpful in tracking and reporting a target.

This section is reported when tracing an email message you have received, and includes helpful information for identifying the sender of an email message, and/or evaluating the validity of an email message.


Fig 7.4

The in-depth details include the IP address of the computer where the email message originate, the email address and other pieces of information that may be helpful in identifying the sender or the sender's intent. For example, a common trick deployed by the originators of email abuse (such as SPAM, phishing and virus emails) is to insert false headers into the email in an attempt to hide the source of the message and thus confuse the recipient. The real headers and false headers get muddled together, creating a sort of 'digital smoke screen ' so it is difficult to know which header is the originating header. This process of trying to hide the originator is called misdirection  and is considered illegal in many countries. eMailTrackerPro sees through this technique, identifies which headers are real and false, and reports the act of misdirection . Any email with misdirection should not be trusted.

In certain circumstances the in-depth details can also report the name of the computer used to author the email when available. This is another very important clue to the target's identity as it is common for computer owners to use their own name or online alias for their computer name.

The 'Network Owner' section provides the complete registration information for the target's ISP and domain (when available).


Fig 7.5

While the Network and Domain Owner details are summarized in the top summary section of the Identification Report, the complete registration records are provided in this section as they often contain additional contact information that may be helpful in tracking and reporting a target.

The 'Application Analysis ' section provides a report detailing any Internet services that may be running on the target computer being traced (see fig 7.6 below)

The type of applications running on a target system is useful information as it can provide insight into the ownership and geographical location of the target system. The most common applications on the Internet are web servers (websites, HTTP), mail servers (email, SMTP) and file transfer servers (file downloads, FTP). As an example, web server applications (such as www.visualware.com) are particularly useful because web pages along the lines of 'contact us' often exist to provide details such as names, phone numbers and other contact related information.


Fig 7.6

Home | Contact Us | About Us