My IP addy recently changed in a way that concerns me. The first octet changed in a way that surprised me so I did a look up which resulted in two locations. The first location was about 100 miles from me ( ipaddresslabs.com ) and the second showed to be about 1000 miles from me ( ip2location.com ). Historically my look ups have shown only one ip location and that was where a live or a town away. I have done malware scans and nothing showed. What might be going on?
Have you scanned outside windows? ie with a live cd or another windows install More chance of picking up an infection if it doesnt have a chance to hide itself at boot up.
Not sure if its malware. Just better off eliminating the possibility by scanning outside of the affected windows install.
Did both sites show the exact same IP Address? The databases that contain location information for an IP Address can have inaccurate information and/or information arrived at via different means. If an IP Address was recently reassigned, you could theoretically end up with one database showing old location and one showing new location. So at times it can be helpful to check more than two of them. If you lookup the IP Address at http://whois.arin.net/ui, do you see contact information for your ISP? If you traceroute via http://centralops.net/co/Traceroute.aspx, do you see later hops hitting machines with fully qualified domain names associated with your ISP? If you do a reverse DNS lookup via http://rdnslookup.com, is the result consistent with your ISP and its domain name?
Thanks trott3r. Are you saying scan inside of Windows from outside of Windows e.g. Hitman Pro? I have done this. Hello TheWindBringeth.. Item #1 Yes........Item #2 Yes......Item #3 Yes " If an IP Address was recently reassigned, you could theoretically end up with one database showing old location and one showing new location. "..... Interesting....thank you.
My IP has changed three times since last post. My IP is still showing me being at two locations. One is a good 1000 miles from my geo location. Time Warner Cable Internet llc. Any other ideas?
How are you determining what your public IP Address is? One way is to look at things from a physical interface IP Address assignment POV. You'd review how that is being handled and examine the information you are receiving from your ISP. Which might involve logging into an external router and looking over the DHCP information. The objective is to verify what IP Address remote servers SHOULD see when there is no VPN, remote proxy, browser compression feature, IPv6 tunnel, MITM, etc rerouting your traffic through some other IP Address. Another way is to visit http://whatismyipaddress.com or a similar site. This involves browser traffic that could be rerouted (in part because of HTTP). If the IP Address arrived at via this method doesn't match the IP Address arrived at via the earlier method, you'd have to investigate and determine what is causing them to be different. If the IP Addresses are the same, it would suggest that your traffic isn't being rerouted and you are likely just running into some kind of geolocation website/database related issue. For some ISPs, reverse DNS names (shown in traceroutes for example) will shed light on the machine's location. For example, you may see state/city/region information somewhere in the reverse DNS name for a router near an IP Address of interest or the actual IP Address of interest. This can helpful when trying to confirm where an IP Address is being used.
