Cenzic 232 Patent
Paid Advertising
web application security lab

Find Evan Ratliff Win $5000

I was sent this article today on finding Evan Ratliff. He’s a reporter that wants to be found. Kind of a cool gimmick, and something normally I’d probably get involved with, but there’s just one problem - he’s probably in San Francisco or surrounding areas, and I’m definitely not. So if you happen to be in SF there’s a number of tricks that I’ve just talked about that you can use.

Firstly, you know he’s using Tor and is accessing twitter, social networking and email, so the several de-cloaking methods we’ve talked about will probably come in handy here, like itms and smb. There are lots of others too, but you get the idea. Depending on the type of Tor application he’s using and which browser, it will dramatically change how you’d get his real IP. For instance, Tor button is very good, while Tor Browser is not at protecting against all the JS trickery, since Tor Browser does nothing to actually stop client side technologies from working.

If you do happen to find him, please do some ultra-targeted advertising about his erectile issues, “Evan Ratliff, have trouble satisfying women…?” - because that would cause me to die laughing. Anyway, it’s a cool article, and good luck to you if you happen to want to participate!

8 Responses to “Find Evan Ratliff Win $5000”

  1. suitlocal Says:

    unless you are going to subpoena the ISP associated with his IP i do not see what having his IP will get you. it will not get you a home address. maybe you could CSRF your way into his ISPs administration website but then you would be breaking the law and would thus disqualify yourself from the contest.

  2. RSnake Says:

    IP address is usually enough to narrow down to a city, or part of a city, depending on what provider they are using. But you can also perform a whois on the IP and often it’ll give you the name of whomever runs it. You can correlate that to business, homes, etc… There’s a lot you can do with just an IP address. No need to break the law.

  3. suitlocal Says:

    you already managed to do what geolocation databases would have done for you - you made a fairly educated guess as to where the guy was. and as for everything else…

    http://whois.domaintools.com/67.78.61.227

    road runner. a geolocation database tells me it is in austin, texas. that is not very helpful.

    http://whois.domaintools.com/67.78.60.227

    road runner again.round rock, texas. population: 100,000+ per wikipedia. reverse dns says rrcs-67-78-60-227.sw.biz.rr.com. i guess biz is for business but that still does not tell me much.

  4. RSnake Says:

    If you want to use one data point, sure, that’s not all that helpful. On residential DSL where the person buys business class it will often give you the actual name of the person.

  5. Spider Says:

    Does the java applet thing still work? That’s usually the best way to cut out the proxys, as long as you can trick him into using an applet.

  6. Sheila McNutt Says:

    I believe he is in San Francisco, and visits St. Gregorys Food Pantry.
    Episcopal Church.

  7. Black Hattitude Says:

    Haha nice contest.

    I think that with the IP you find the town. But what if he is moving (doing a roadtrip for instance)?

    I think he probably uses an Iphone. Maybe there exist tricks to localize a given iphone .. any ideas?

  8. dawn Says:

    he probably sitting in newyork