Tracking a phished IP address of dead US soldier

[LanguageDoctor]

Hello all: Question: Can one find the address/name or phone from a spammer?

Normally I simply delete spam, but last week I started getting spam from a fallen comrade-U.S. soldier killed in Afghanistan. I have used ip2location.com and www.ipfingerprints.com to determine where the spam is coming from:

IP Address: 189.158.253.162

Location MEXICO, -, -

Latitude, Longitude 19.42705, -99.127571 (19°25'37"W -99°7'39"N)

Connection through GESTIN DE DIRECCIONAMIENTO UNINET

Local Time 22 Mar, 2012 12:00 PM (UTC -06:00)

Net Speed COMP

Area Code -

IDD Code 52

ZIP Code -

Weather Station MEXICO CITY (MXDF0132)

Mobile Country Code (MCC) -

Mobile Network Code (MNC) -

Carrier Name -

When I used ipfingerprints, I found that the IP address is from Tampico, Mexico. When I typed in service provider, I was directed to your site. Any help would be greatly appreciated.

[Farelf]

That's a dynamically-allocated IP address, with the name dsl-189-158-253-162-dyn.prod-infinitum.com.mx. It could be forged (particularly if there appear to be a number of relays or hand-offs in the chain of the "Received:" headers of the spam). Only the spammer's mail service provider would know the actual account details of who or what used the IP address at any given time (assuming the provider's server has not been hacked). If it is a paying account, the financial account used for paying it might be all that is reliable in the e-mail account detail. If the spoofed e-mail address is one on your address book (or vice-versa) or if it is on the address book(s) of one or more shared contacts (or vice-versa) then some sort of account hacking is likely.

Not very positive, I'm afraid. You can't afford to let these flecks of fecency get under your skin. I did, years ago - it drove me to open and use a free SpamCop reporting account in retaliation. Life's not been the same since

P.S. If that geolocation magic is reliable (always a big if), it points to Hotel Loma Real Tapachula in Mexico City, DF (guest or business center user) - or maybe the electronics store behind it (public/hacked WIFI connection). That also is unhelpful.