finding IP address of a file

[BBONVINI]

Is it possible to retrieve the IP address of a file? I find a file in my pc after some sign of hacking and I heard that it would be posible to get the source IP address of file with windows x86.

 

[kanewolf]

Files don't have IP addresses, computers do. Your computer wrote that file (unless you have the folder shared). If you have a firewall enabled on the computer you may be able to see what IP addresses interacted with the computer.

You need to start with basic anti-virus and anti-malware scans.

 

[BBONVINI]

Files don't have IP addresses, computers do. Your computer wrote that file (unless you have the folder shared). If you have a firewall enabled on the computer you may be able to see what IP addresses interacted with the computer.

You need to start with basic anti-virus and anti-malware scans.

ok the windows firewall is and was on; when I retrieved signs of hacking (I needed to re-input password and the antivirus option for mail was unchecked) I found this file whose date and time is prior my connection through internet, so it was not downloade my me even by mistake. I found in any case this page which actually (as far as I understand) it would be possible to get IP address of a file with linux, ad also I found a video in youtube on the same topic; I do not know if you can explain them to me and to help how to retreive useful details in order to report hacking and abusive file to the police. http://unix.stackexchange.com/questions/296596/how-to-check-if-any-ip-address-is-present-in-a-file-using-shell-scripting

https://youtu.be/6UHa61Y0zgY

 

[kanewolf]

That video uses a hex editor to search the contents of a file for an IP that the file reports back to and assumes that the IP address will be in plain text.

Personally, I am skeptical that an individual is ever randomly "hacked". What is the motivation and what is the payoff for the attacker? Crypto lockers and malware like that make sense there is a potential monetary return. But a random file, which would require to be run, to do anything seems unlikely to me.

 

[BBONVINI]

That video uses a hex editor to search the contents of a file for an IP that the file reports back to and assumes that the IP address will be in plain text.

Personally, I am skeptical that an individual is ever randomly "hacked". What is the motivation and what is the payoff for the attacker? Crypto lockers and malware like that make sense there is a potential monetary return. But a random file, which would require to be run, to do anything seems unlikely to me.

You are right to be skeptical , so I would be; You are right to say that there no potential monetary return generally speaking; I can not tell you the whole story, only that there is actually a controversy on behind the hacking between me and another subject. I need just to track the source of the file; with the ip address I may get confirmation about the entity/person who retrieved mine from my complaint emails.

 

[popatim]

That video isn't showing you anything but what a hex editor can read. The IP address in that video is in plain text and would the destination IP at best, not the source. (btw - 192.168... would he his home network as almost everyone's home networks starts with those)

If a hacker left a file that was going to 'phone home' hopefully they wouldn't be that stupid to make it so easy to locate and report to authorities where his server is. LOL

Good luck to you sir.

 

[BBONVINI]

That video isn't showing you anything but what a hex editor can read. The IP address in that video is in plain text and would the destination IP at best, not the source. (btw - 192.168... would he his home network as almost everyone's home networks starts with those)

If a hacker left a file that was going to 'phone home' hopefully they wouldn't be that stupid to make it so easy to locate and report to authorities where his server is. LOL

Good luck to you sir.

you can laugh as much as you want; of course that I know that a file should not so be so easy to find and as a matter of fact I did not located it just few days after but more than a month later; furthermore as already explained before, its date and time of acquisition, is prior my access to my local network and internet, considering the administrative events in windows. If you can help , I would be pleased also if you can stop making fun about this problem since I should not explain you all what is behind all this, as it is not the right place but I was seriously offended by a person who did not even consider I could track the hacking and the abusive file and who foolishly has understimated this act which is potentially criminal.

 

[BBONVINI]

That video isn't showing you anything but what a hex editor can read. The IP address in that video is in plain text and would the destination IP at best, not the source. (btw - 192.168... would he his home network as almost everyone's home networks starts with those)

If a hacker left a file that was going to 'phone home' hopefully they wouldn't be that stupid to make it so easy to locate and report to authorities where his server is. LOL

Good luck to you sir.

have you checked also what is showed in this site ? woud linux help? or can I track the due detials in order to report the police? : http://unix.stackexchange.com/questions/296596/how-to-check-if-any-ip-address-is-present-in-a-file-using-shell-scripting

 

[kanewolf]

have you checked also what is showed in this site ? woud linux help? or can I track the due detials in order to report the police? : http://unix.stackexchange.com/questions/296596/how-to-check-if-any-ip-address-is-present-in-a-file-using-shell-scripting

grep is just a different tool. I believe there are grep implementations for Windows. The concept is no different.
If you want to use linux, then use a bootable CD or USB device.