Results 1 to 23 of 23
  1. #1
    Join Date
    Oct 2004
    Posts
    182

    Need help debunking posters impersonating celebrities

    Someone is coming onto a site I write for saying that they are a prominent celebrity couple. I had written something about one member of the couple. They are getting increasingly inflamatory and accusatory. I traced their IP number to Riverside California, a college town that is not in the greater LA area, as far as I know. (It's about 50-60 miles out of the greater LA area, I think.) As far as I know there is nothing of interest there besides the college.

    Four out of five commenters on my threads who claimed to be celebrities or to associate with them had IP numbers traced to Riverside California. The remaining one seemed to be a teenage boy in Jacksonville Tennessee.

    The person[s] I'm dealing with now claim that the server is in Riverside but that they live elsewhere, presumably in a more likely area.

    Is that so? If I trace IP's for people living in Malibu, Beverly Hills, Santa Monica, Brentwood, etc. would they trace to Riverside California? How does this work? I'm giving the IP number here in hopes that someone can help me with this.

    XX.XXX.XXX.XXX
    (removed as per request by original thread starter)

    I have two emails from them. I can't find any mention of the email addresses online. One is AOL. I can't find a way into the AOL directory. If someone has any ideas about this let me know.

    Thanks for any help you can give about this.
    Last edited by alpha; 07-12-2005 at 08:29 PM.
    complete novice/consumer

  2. #2
    Join Date
    Oct 2002
    Posts
    5,177
    It looks like the IP address is part of a dialup pool. I doubt a major celebrity would limit him/herself to plain old dialup.

    If you're certain the person is a fraud block 69.237.200.0 - 69.237.201.255 in your message board. That should blacklist the dialup pool without blocking an excessive number of users. There are celebrities that post online, have blogs, etc. But what you posted doesn't sound like a legit person. More like a troll.
    If you have to operate your company behind the scenes or under a fake name, maybe it's time to leave the industry and start something fresh.

  3. #3
    Join Date
    Oct 2004
    Posts
    182
    Thank you, thank you, thank you!

    Is the person indeed physically located in Riverside Ca?
    complete novice/consumer

  4. #4
    Join Date
    Oct 2002
    Posts
    5,177
    Irvine, CA. The IP's PTR record (reverse DNS) is xxx.dsl.irvnca.pacbell.net
    (removed part of reverse dns for the sake of privacy)
    Last edited by alpha; 07-12-2005 at 08:31 PM.
    If you have to operate your company behind the scenes or under a fake name, maybe it's time to leave the industry and start something fresh.

  5. #5
    Join Date
    Oct 2004
    Posts
    182
    Muchas gracias
    complete novice/consumer

  6. #6
    Originally posted by CTG
    It looks like the IP address is part of a dialup pool. I doubt a major celebrity would limit him/herself to plain old dialup.

    If you're certain the person is a fraud block 69.237.200.0 - 69.237.201.255 in your message board. That should blacklist the dialup pool without blocking an excessive number of users. There are celebrities that post online, have blogs, etc. But what you posted doesn't sound like a legit person. More like a troll.
    Just out of curiosity how did you come up with it being plane old dialup after you did a reverse lookup and saw:

    xxx.dsl.irvnca.pacbell.net
    (removed reverse dns partially for the sake of privacy)

    That dsl is there for a reason (meaning the person has dsl). I highly doubt a celebirty would be wasteing their time on some forum though but you can never be sure.

    Anyway there are other ways to can track this person down but I don't see why you would care.
    Last edited by alpha; 07-12-2005 at 08:31 PM.

  7. #7
    Join Date
    Oct 2002
    Posts
    5,177
    Originally posted by RossH
    Just out of curiosity how did you come up with it being plane old dialup after you did a reverse lookup and saw:
    xxx.dsl.irvnca.pacbell.net
    Oopsie, first I looked at the ARIN database and saw it was assigned to a "PPP" block from Pacbell. Usually that indicates dialup. The PTR record obviously showed otherwise.
    Last edited by alpha; 07-12-2005 at 08:31 PM.
    If you have to operate your company behind the scenes or under a fake name, maybe it's time to leave the industry and start something fresh.

  8. #8
    Join Date
    Apr 2003
    Location
    NC
    Posts
    3,080
    The only way you would be able to know for sure is for somebody to login to the customer records and check that ip at that time. You may be lucky to find somebody that can do it for you but regardless that has to be illegal.

    As others have said it is hard to know for sure, they are probably not a celebrity but it is possilbe. If you really wanted could always have them post a picture holding a sign with the forum name in it. Who knows you may get lucky
    John W, CISSP, C|EH
    MS Information Security and Assurance
    ITEagleEye.com - Server Administration and Security
    Yawig.com - Managed VPS and Dedicated Servers with VIP Service

  9. #9
    Join Date
    Oct 2004
    Posts
    182
    Thanks, so they have DSL?

    Every search I did of them said that they are in Riverside California. Someone here says they are in Irvine. Which is it? Are they physically in those towns? That would make any celebrity status unlikely.

    It is important because the thread is about one of these celebrities and they are saying that I'm slandering them and attacking my research, and journalistic skills. If I can show they are frauds, I can get them banned and their postings removed.

    Can someone address the point that the trolls made that IP searches don't find where the person is, just where their server is. Would that be a hundred miles away in another town?
    complete novice/consumer

  10. #10
    Join Date
    Apr 2003
    Location
    NC
    Posts
    3,080
    http://dnsstuff.com/tools/ptr.ch?ip=XXXXXXXXX

    Location: United States [City: Riverside, California]
    Answer:
    XX.XXX.XXX.XXX PTR record: xxx.dsl.irvnca.pacbell.net. [TTL 7200s] [A=XXX]


    I would probably trust the PTR record more. You cannot put complete trust in that because they have had to shift around some of the ips and forgot to update the database. Any of the dns tools are great for the general area but are not perfect.
    Last edited by alpha; 07-12-2005 at 08:37 PM.
    John W, CISSP, C|EH
    MS Information Security and Assurance
    ITEagleEye.com - Server Administration and Security
    Yawig.com - Managed VPS and Dedicated Servers with VIP Service

  11. #11
    Join Date
    Oct 2002
    Posts
    5,177
    You should have the moderators or admins of the website look into it. Here at WHT for example we have that "Report this post to a Community Liaison" link so the mods can investigate things. I doubt any website would want somebody falsely impersonating another individual -- famous or otherwise -- as a member.
    If you have to operate your company behind the scenes or under a fake name, maybe it's time to leave the industry and start something fresh.

  12. #12
    Join Date
    Oct 2004
    Posts
    182

    Eth, is it Riverside or Irvine?

    Eth, would you guess Riverside or Irvine?
    complete novice/consumer

  13. #13
    Join Date
    Mar 2004
    Location
    New Jersey
    Posts
    793

    Re: Eth, is it Riverside or Irvine?

    Originally posted by Bluegirl
    Eth, would you guess Riverside or Irvine?
    Bluegirl, as eth pointed out, it's not perfect but I think he tends to believe it's Riverside (as do I). As he said, they move IPs around so the IP2Location system can get behind a little. Right now ip2location tells me that I am residing 40 miles from my actual town! But what the isp reports is likely more accurate. HTH

  14. #14
    Join Date
    Jan 2003
    Location
    Lake Arrowhead, CA
    Posts
    789

    Re: Eth, is it Riverside or Irvine?

    Are they physically in those towns?
    A traceroute shows ".irvnca." in the names of the last three hops so by standard naming conventions, yes. The post is very likely coming from Irvine.

    Can someone address the point that the trolls made that IP searches don't find where the person is, just where their server is.
    That CAN be true, but that would mean their "server" (proxy server or otherwise) is on a what appears to be a residential DSL line in Irvine. That would be highly improbable and likely breaking Pac Bell's terms of service if it were true.


    As for debunking: You are correct that Irvine can be called a "college town" and is too far from LA for working celebrities to be posting from on a daily basis, however the very fact that the individuals are posting on a message board at all (specifically: a board not of their own or their studio's ownership) very likely excludes the possibility of them being who they say they are regardless of where they are posting from.
    http://www.srohosting.com
    Stability, redundancy and peace of mind

  15. #15
    Join Date
    Oct 2004
    Posts
    182
    Thanks a lot! They are looking less and less credible but at first, they really worked on their first postings and I wasn't sure.
    complete novice/consumer

  16. #16
    Join Date
    Jun 2000
    Location
    Southern California
    Posts
    12,121

    Re: Re: Eth, is it Riverside or Irvine?

    Originally posted by SROHost
    A traceroute shows ".irvnca." in the names of the last three hops so by standard naming conventions, yes. The post is very likely coming from Irvine.
    They aren't posting from Irvine, that's where PacBell/SBC is located, or runs things through. They might not be from Riverside either (in fact, it is probable that they aren't).

    I have the same DSL and when I run my IP. I do not live in Irvine (almost 35 miles away), nor Anaheim (over 25 miles away)...

    Record Type: IP Address
    IP Location: United States - California - Anaheim - Rback29b.irvnca
    Reverse IP: No websites hosted using this IP address
    Reverse DNS: adsl-xx-xxx-xxx-xxx.dsl.irvnca.pacbell.net

    --------------------------------------------------------------------------------
    Pac Bell Internet Services PBI-NET-021304 (NET-69-224-0-0-1)
    69.224.0.0 - 69.239.255.255
    rback29b.irvnca SBC06923512800020050114120112 (NET-69-235-128-0-1)
    69.235.128.0 - 69.235.143.255
    HostHideout.com - Where professionals discuss web hosting.

    Chicken

  17. #17
    Join Date
    Jun 2000
    Location
    Southern California
    Posts
    12,121
    Here's a picture... lower green arrow is Irvine. Ahaheim is on that map as well.
    Attached Thumbnails Attached Thumbnails not_close.jpg  
    HostHideout.com - Where professionals discuss web hosting.

    Chicken

  18. #18
    Join Date
    Jan 2003
    Location
    Lake Arrowhead, CA
    Posts
    789
    Originally posted by Chicken
    They aren't posting from Irvine
    Lol. There is absolutely no way to say that unless you happen to have access to PacBell records. My point to the original poster was that it really doesn't matter exactly where the IP is. As the lines definitely route through the inland empire, they are not even remotely likely in Beverly Hills. They are very likely closer to Irvine or Riverside.

    If you like to argue for the sake of argument alone (as your comments indicate), then sure: the IP could technically be almost anywhere Pacbell operates in Southern CA. In this case, however, when standard naming conventions, PacBell whois information and multiple IP to city databases (consumer info zip code databases may not be accurate, but they're better than nothing) all say the IP is in Irvine or Riverside, then without some other magical information source, there's no logical reason to zero in on some other random area drawn on a random map.
    http://www.srohosting.com
    Stability, redundancy and peace of mind

  19. #19
    Join Date
    Jun 2000
    Location
    Southern California
    Posts
    12,121
    Well I posted my results on my IP...

    IP Location: United States - California - Anaheim - Rback29b.irvnca
    Reverse IP: No websites hosted using this IP address
    Reverse DNS: adsl-xx-xxx-xxx-xxx.dsl.irvnca.pacbell.net

    So does that mean I am posting from Anaheim or Irvine? I posted the map so you could see that this isn't the case, but if you'd like to think you're right, then I'm glad to let you think so.

    If they are posting from Riverside or Irvine, then that would be nothing more than coincidence, just as if you run a trace on *any* AOL IP (which will always come back to Virginia). Now of course that person could be posting from Virginia, but that would really be a poor guess. It is much more likely that they aren't, and one certainly wouldn't say, "The post is very likely coming from Virginia."

    To me, there's no logical reason to assume that inaccurate whois info and multiple IP to city databases tell you anything more than the person is posting from a 30 mile radius around Riverside (which still may not be accurate, might be more).

    So I'm sorry, but the statement:
    "The post is very likely coming from Irvine."
    -is incorrect, just as a person posting from an AOL IP isn't "very likely" coming from Virginia. As I said, if anything, they most likely aren't.

    Here's another map with all the cities mentioned in this thread. Torrance is the closest area to me (I live just north of that city). Look at what I posted (my results of my IP trace). See me on the map (Torrance red square)? See Irvine (red bullet with square)? See Anaheim (red square)? These cities are not close, unless you consider 30 miles close. Yes it is in SoCal, but besides that, my IP would not give you much information.

    Likewise, the OP's posted IP also has Irvine (as I said they all will, think AOL and Virginia) and Riverside (green bullet with triangle).

    Now, if by "The post is very likely coming from Irvine." -you meant that the person is connecting to a SBC server in Irvine, the you are correct. My posts are coming from Irvine too. So is everyone using SBC DSL in SoCal. People posting from AOL accounts post from servers in Virginia.

    If the point is to find out where the person is and not where the server that everyone posts from, then the information posted thus far is useless besides telling you they are located in SoCal (and maybe in Riverside county). Maybe, but maybe not. Anaheim is actually in Orange County, and although the IP trace may indicate I live in OC, I don't. So that "maybe" is a 50-50 yes-no.

    I'm really not interested in arguing with you, only trying to give the OP some information and clarify some incorrect information. Nothing more.
    Attached Thumbnails Attached Thumbnails not_close2.jpg  
    HostHideout.com - Where professionals discuss web hosting.

    Chicken

  20. #20
    Join Date
    Jun 2005
    Location
    Houston, TX
    Posts
    396
    ha ha.. very interesting stuff.

    hi. i'm tom cruise.. use my hosting..

    sounds like some bored students to me.
    Eleven2 Web Hosting is helping the Red Cross
    Eleven2 Hosting - www.eleven2.com
    Help The Red Cross - www.redcross.org

  21. #21
    Join Date
    Oct 2004
    Posts
    182
    Thanks everyone. Thanks Chicken.

    Guess what? It looks like they may be these actual celebrities. One of them sent a candid cell phone picture to the editor of the site and they are more or less accepting them as real for now. Everyone is trashing me for questioning it and for my original posting about them.

    On four ocassions so far I've had posters who seriously claimed to be celebrities or to be associated with celebrities. I traced all their IP's to Riverside, California. At that point, culminating with this latest issue, I started to call them on it, thinking they were pranksters in a college town. I publicly called these two latest posters college kids. Now it looks like they may be these two highly-esteemed celebrities.

    It is looking to me like a lot of IPs in Southern California are routed through Riverside. Most of the people I'm dealing with, if telling the truth, would probably not live anywhere near Riverside, Irvine, or anywhere around there. They'd probably live in Santa Monica, Venice, Malibu, Beverly Hills, etc. Those places are probably more than 60 miles from Riverside and more than 30 miles from Irvine (just guessing off the cuff about distances).

    Thanks everyone for your contribution. We are sussing it out together. I'm always finding out the limits of my knowledge with computers and it can be embarassing. It looks like it is now.

    Jesus. I'm embarassed.

    Welcome, Tom Cruise. Glad you could stop by.
    complete novice/consumer

  22. #22
    Join Date
    Oct 2004
    Posts
    182

    It looks like they are celebrities, not imitators.

    It looks like they are who they say they are. I'm in the cyber-doghouse. I'm considered a borderline stalker on that site because I posted that I traced them (to try to authenticate them). People there don't understand, or don't WANT to understand, that this only locates people within 30-300 miles of their location, if that. They're acting like I found or tried to find their home address.

    From now on, writers on that site can't see the IP numbers of commenters on their posts. They keep my contributions on hold until they review them.

    I'm in the cyber doghouse. I could not even enjoy the posts from some of my favorite celebrities lambasting me because I didn't believe it was them. I thought I was being harassed by a couple of college kids. And my the publisher got the interview with one of the celebrities. He had offered to be interviewed by ME in a sort of hostile gesture, but I was too stressed out, skeptical and emotional to follow up on it. Also, I hate transcribing.

    What's the moral of this story: until we hear different, anyone in Southern California might have their IP appearing to emerge through either Riverside or Irvine. And celebrities walk among us.
    complete novice/consumer

  23. #23
    Join Date
    Dec 2000
    Location
    East Coast
    Posts
    1,747
    As per Bluegirl's request, I went ahead and edited some posts in this thread to remove the actual reverse dns and IP addresses that was originally posted and quoted and re-quoted.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •