IP Help, new at this (its for a court case)

Post your questions about IP address geolocation here.
Post Reply
Universed
New Member
Posts: 1
Joined: Sat Sep 09, 2017 10:54 am

IP Help, new at this (its for a court case)

Post by Universed » Sat Sep 09, 2017 11:12 am

Basic Story:

A person had access to a Persons Email (intermediary) email address laronjurik@gmail.com

They created a spoof email address pretending to be someone else dassasunn@gmail.com

Sent a made up email from dassasunn@gmail.com to laronjurik@gmail.com pretending to be the persons sister, then logged into laronjurik@gmail.com and forwarded the email to susanevanko@yahoo.com. She is now using this as evidence in a court filing.

Below is the header of the email received from dassasunn@gmail.com to laronjurik@gmail.com and below that is the header of the email forwarded from laronjurik@gmail.com to susanevanko@yahoo.com

I am trying to find something that shows they are from the same location or computer or something (they are only 4 mins apart)


I have access given to me to the mail address laronjurik@gmail.com in order to figure out how to track the origin of the original email or the location of where the emails were received and sent from, as they are only 4 mins apart i think they were received and sent from the same place.



Message ID <CAHj67_FXaMPpF+n8DNg6aD4cKipLCo-U6tHmsH=5fGXuwgs-Wg@mail.gmail.com>
Created at: Wed, May 20, 2015 at 8:09 PM (Delivered after 0 seconds)
From: Dassa Sun <dassasunn@gmail.com>
To: laron jurik <laronjurik@googlemail.com>
Subject:
SPF: PASS with IP 2607:f8b0:4002:c07:0:0:0:22d Learn more
DKIM: PASS with domain gmail.com Learn more
DMARC: PASS Learn more

Delivered-To: laronjurik@gmail.com
Received: by 10.194.156.168 with SMTP id wf8csp1573449wjb;
Wed, 20 May 2015 11:09:31 -0700 (PDT)
X-Received: by 10.236.61.110 with SMTP id v74mr20777720yhc.115.1432145370912;
Wed, 20 May 2015 11:09:30 -0700 (PDT)
Return-Path: <dassasunn@gmail.com>
Received: from mail-yk0-x22d.google.com (mail-yk0-x22d.google.com. [2607:f8b0:4002:c07::22d])
by mx.google.com with ESMTPS id h186si10230247ykf.154.2015.05.20.11.09.30
for <laronjurik@gmail.com>
(version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Wed, 20 May 2015 11:09:30 -0700 (PDT)
Received-SPF: pass (google.com: domain of dassasunn@gmail.com designates 2607:f8b0:4002:c07::22d as permitted sender) client-ip=2607:f8b0:4002:c07::22d;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of dassasunn@gmail.com designates 2607:f8b0:4002:c07::22d as permitted sender) smtp.mail=dassasunn@gmail.com;
dkim=pass header.i=@gmail.com;
dmarc=pass (p=NONE dis=NONE) header.from=gmail.com
Received: by mail-yk0-x22d.google.com with SMTP id o186so18569461yke.0
for <laronjurik@googlemail.com>; Wed, 20 May 2015 11:09:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20120113;
h=mime-version:date:message-id:subject:from:to:content-type;
bh=yTQOuQHRQptGxfhyahEHQceiEC9KNOeHxNiGeGyUN4o=;
b=DufRB4sNbRnCu4QxU9op4Y/Dpfy+2JjNKhcWX70bHZPGRDDaYe/NycjNGoyYa9mk9S
u9yx4M/j9AAp2oAa3DXy0udkd/fpftRFcMdiP9glaaW5WPmf3uGT9Ck8KvM9rd1OlLQ5
kBI3nVevRiNVSrHGWcxoJ6/rR6hcc88mW29+GcIsL/ZUmVkhAJQR27CPTYbkyMR6jkDW
6Le4KoQoBVXzgjJ34QRbLmfpZc9pIpLXjg7AbYZ4fI7vMT6heLlrIr19cTUVtv7X0QJp
Sk799DThfLu+XDoRsmygAn9NKbYpO3gp4rwBLxOo8rLTJCA09+U6DuV5fcgsvyhzvIy9
30ug==
MIME-Version: 1.0
X-Received: by 10.236.67.7 with SMTP id i7mr32618907yhd.183.1432145370463; Wed, 20 May 2015 11:09:30 -0700 (PDT)
Received: by 10.129.15.211 with HTTP; Wed, 20 May 2015 11:09:30 -0700 (PDT)
Received: by 10.129.15.211 with HTTP; Wed, 20 May 2015 11:09:30 -0700 (PDT)
Date: Wed, 20 May 2015 11:09:30 -0700
Message-ID: <CAHj67_FXaMPpF+n8DNg6aD4cKipLCo-U6tHmsH=5fGXuwgs-Wg@mail.gmail.com>
Subject:
From: Dassa Sun <dassasunn@gmail.com>
To: laron jurik <laronjurik@googlemail.com>
Content-Type: multipart/alternative; boundary=089e013a09ae12c3f905168754a6

--089e013a09ae12c3f905168754a6
Content-Type: text/plain; charset=UTF-8

Hi Loran I got your email I will help you out you are my brother but I need
you help also I have proof Susan made you sell your sheers when you were
incompetent when she knew because she sent you money for your doctor she is
a scanner help me help us will you come to court too

--089e013a09ae12c3f905168754a6
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<p dir=3D"ltr">Hi Loran I got your email I will help you out you are my bro=
ther but I need you help also I have proof Susan made you sell your sheers =
when you were incompetent when she knew because she sent you money for your=
doctor she is a scanner help me help us will you come to court too</p>

--089e013a09ae12c3f905168754a6--










----------------------------------------------------------------------------------------------------------------------------------------

Original Message
Message ID <CAFYZkq_Yo9=JJmhPyJ22v=P2qLzGwxEMUCuMcUz6vMwhiUQHow@mail.gmail.com>
Created at: Wed, May 20, 2015 at 8:13 PM (Delivered after 0 seconds)
From: "laronjurik ." <laronjurik@gmail.com>
To: susanevanko@yahoo.com
Subject: Fwd:


MIME-Version: 1.0
Received: by 10.194.124.174 with HTTP; Wed, 20 May 2015 11:13:00 -0700 (PDT)
Received: by 10.194.124.174 with HTTP; Wed, 20 May 2015 11:13:00 -0700 (PDT)
In-Reply-To: <CAHj67_FXaMPpF+n8DNg6aD4cKipLCo-U6tHmsH=5fGXuwgs-Wg@mail.gmail.com>
References: <CAHj67_FXaMPpF+n8DNg6aD4cKipLCo-U6tHmsH=5fGXuwgs-Wg@mail.gmail.com>
Date: Wed, 20 May 2015 19:13:00 +0100
Delivered-To: laronjurik@gmail.com
Message-ID: <CAFYZkq_Yo9=JJmhPyJ22v=P2qLzGwxEMUCuMcUz6vMwhiUQHow@mail.gmail.com>
Subject: Fwd:
From: "laronjurik ." <laronjurik@gmail.com>
To: susanevanko@yahoo.com
Content-Type: multipart/alternative; boundary=089e0122f5cc9934e805168760fd

--089e0122f5cc9934e805168760fd
Content-Type: text/plain; charset=UTF-8

---------- Forwarded message ----------
From: "Dassa Sun" <dassasunn@gmail.com>
Date: May 20, 2015 1:09 PM
Subject:
To: "laron jurik" <laronjurik@googlemail.com>
Cc:

Hi Loran I got your email I will help you out you are my brother but I need
you help also I have proof Susan made you sell your sheers when you were
incompetent when she knew because she sent you money for your doctor she is
a scanner help me help us will you come to court too

--089e0122f5cc9934e805168760fd
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div class=3D"gmail_quote">---------- Forwarded message ----------<br>From:=
&quot;Dassa Sun&quot; &lt;<a href=3D"mailto:dassasunn@gmail.com">dassasunn=
@gmail.com</a>&gt;<br>Date: May 20, 2015 1:09 PM<br>Subject: <br>To: &quot;=
laron jurik&quot; &lt;<a href=3D"mailto:laronjurik@googlemail.com">laronjur=
ik@googlemail.com</a>&gt;<br>Cc: <br><br type=3D"attribution"><p dir=3D"ltr=
">Hi Loran I got your email I will help you out you are my brother but I ne=
ed you help also I have proof Susan made you sell your sheers when you were=
incompetent when she knew because she sent you money for your doctor she i=
s a scanner help me help us will you come to court too</p>
</div>

--089e0122f5cc9934e805168760fd--

User avatar
Chrispcritters
Forum Administrator
Posts: 2283
Joined: Tue Mar 02, 2010 5:41 pm
Location: 127.0.0.1 | ::1
Contact:

Re: IP Help, new at this (its for a court case)

Post by Chrispcritters » Sat Sep 09, 2017 3:14 pm

Forwarded messages do not include the original headers.

Gmail and Yahoo headers do not include the sender's IP address. Your lawyer should be able to subpoena the access records of the accounts to find out what IP addresses were used to access those accounts. From there your lawyer can subpoena the appropriate ISP to get the records for which customer the IP addresses was assigned to at the time the email accounts were accessed.
Founder and Chief Marketing Technologist of WhatIsMyIPAddress.com.
You can follow me on Facebook and Twitter for some behind the scenes info.

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest