Identifying an attacker is a key factor to mitigate ongoing attacks. To evade localization, a single compromised machine can hide for months behind millions of available residential ip proxies. Without knowing the ip address of the machine, registration-based geolocation methods cannot be applied.Measurement-based methods have been proposed to estimate the location of a target without using its ip address. These methods use Round Trip Time (rtt) values and network speed modeling. They estimate a distance between the target and other observation points with known locations, called landmarks. However, most of these methods require additional information, whether it is on the topology of the network or the characteristics of the landmarks.In this paper, we present immune, a measurement-based technique which can estimate a location with only a few Round Trip Time measurements between a target and landmarks, even when some of these measures are inflated by temporary network congestion.Leveraging a previously made measurement campaign, we present promising results based on 11 millions tcp connections collected over a period of 4 months.