Need Help, Scammed

catsrcool · Post by **catsrcool** » Fri Sep 29, 2023 2:39 pm

Recently scammed with a fake check. It was returned and now I am out $2500 dollars. I checked the ip address which is 209.85.220.41. I looked it up but it seems to be a common address for other scams. If you have any information or could track it further any help is appreciated.

Delivered-To: {removed}@gmail.com
Received: by 2002:a05:7022

b0:69:76e4:90a5 with SMTP id td5csp3282392dlb;
Wed, 20 Sep 2023 11:47:28 -0700 (PDT)
X-Received: by 2002:a19:ca03:0:b0:500:b42f:1830 with SMTP id a3-20020a19ca03000000b00500b42f1830mr2555426lfg.63.1695235648014;
Wed, 20 Sep 2023 11:47:28 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1695235647; cv=none;
d=google.com; s=arc-20160816;
b=avdt6IFiSRLvTBFYRPRpv5yZl4Fl2FOv9BAfL92HlVYn1Jxcrpo+oxSZaq8muB+AMu
ynde5qf21KmmkHVhi7+xqvCLdoyYXRv4CvwTi7GzAvObRnr4izObpSEtv5Fq2DL4xl1o
1CB2apXu/DHnMP4MNHD3CtlD0v1Hm3bRj+v+5jg2PExWTf/UOx+P9t/agPRbG5dJdjmQ
2Lsq8c6jz20tiudLrCT4kKCcD/SyxTzPfjd4A50KvQBnCEzqxa0b/tUhFgiz6iQIMneH
1+QkjqQo6oH2wT/ouEuy97PDLgFI03j46kZqMRAlV032SujV5aiGFxGT/xcAvfYe3ul4
Cyog==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
h=to:subject:message-id

from:mime-version:dkim-signature;
bh=eFzKYbQV+OUVDUKH16grmcar7DThjDYmU4GQEK8iqaI=;
fh=WMbhjayRBZpRAhLGa9zbtB/8ZfrhaG9N2UFEiN5458M=;
b=VUpqsh+XqUhJvzGdYtx8X/wj3evXjLgqMRjlfhJT6EEZHwvyMNONdlwJvShNkvFOhI
lPvxRew24RUCPaU7y3nKAjepIdUcoY5wOI4JaKEgxGrJjDzxheL9dkVywVgiVb5ZCH2I
74HJEoEdxFSFKKmcG/9/s/14dMy8BJoIO2+WpdGGZ76ZjJAOhx1zswKqALz/Bzjs68cZ
YsIDgVVrez1Dw/fbRlKD+/o3rRG8BxedGvR9rdd3IS9HrgYVJbFpvJOn+09sYslXj3eT
4OPfpqwOzV4u6PA4CRhDYZDkMlZ9PM5h4gsYGyTABh9kE4XYksGdA2wf2eRblejyPQ/R
318w==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass [email protected] header.s=20230601 header.b=WjL9FhsI;
spf=pass (google.com: domain of {removed}@gmail.com designates 209.85.220.41 as permitted sender) smtp.mailfrom={removed}@gmail.com;
dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <{removed}@gmail.com>
Received: from mail-sor-f41.google.com (mail-sor-f41.google.com. [209.85.220.41])
by mx.google.com with SMTPS id e11-20020a19674b000000b0050335303682sor1432221lfj.29.2023.09.20.11.47.27
for <{removed}@gmail.com>
(Google Transport Security);
Wed, 20 Sep 2023 11:47:27 -0700 (PDT)
Received-SPF: pass (google.com: domain of {removed}@gmail.com designates 209.85.220.41 as permitted sender) client-ip=209.85.220.41;
Authentication-Results: mx.google.com;
dkim=pass [email protected] header.s=20230601 header.b=WjL9FhsI;
spf=pass (google.com: domain of {removed}@gmail.com designates 209.85.220.41 as permitted sender) smtp.mailfrom={removed}@gmail.com;
dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1695235647; x=1695840447; dara=google.com;
h=to:subject:message-id

from:mime-version:from:to:cc:subject

message-id:reply-to;
bh=eFzKYbQV+OUVDUKH16grmcar7DThjDYmU4GQEK8iqaI=;
b=WjL9FhsI62hDC6vMbaz18IkHaC32bIW5xLopJ1236yFXkZw8UqkHeA7ysJQ1OoIgZ9
tJgvIF1ukl/z/IX5r4tCw1hybyqEqkoyC8wIJ2MVZ6xiTBuFvX8L4TSGb/UIC0eD6a4n
VMImyq6EAD47Qrpo957swg9GG/v6cO/6BGnCPAzKt4feJQ2PR12SfDN3Lc/4ofIuvTIP
5sHfIWOvA4jEvsIq/67BE5HIIXEsgBpdmS2w7XcnLlsG6K31mNY+BKqiyo16JACj4bG/
krRUJ12JmAYlS+CVmu/2kHn4kKIz8E8K6qylZXJ0ToaRYpR1/ymqLijffGgVZJUTmF/G
9x+A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1695235647; x=1695840447;
h=to:subject:message-id

from:mime-version:x-gm-message-state
:from:to:cc:subject

message-id:reply-to;
bh=eFzKYbQV+OUVDUKH16grmcar7DThjDYmU4GQEK8iqaI=;
b=xMx1UZoPOz3c+ArFKR7CL4CJRPnVSDQyibiYXZhimTiB2IKrQOyvL+8goe0i0ZBaFa
cFPj/ULqtHKG3RQaLylPo3cXC/LpOuXTkNVjWrk8F33GCss6v+m/gZFArWkRcCuLioko
6UyzQpJBdSeFxf9r3/9H3NHojvkX5k+pyswN8EXKpSD7lVl8tEBmnysK6ul1tdHT//Kn
mGKkTGPbUU3xOvXFcsIeMuIqiccqtVqOftwbtrRWEQ7t2B3zgjcPZzz+2XP4+fxetVR5
x3OyRwtzbncq4GvZcRzzYdXD0FBKak9PqbGHyTvzGnIUJTCVJDdfgtc2RNoF8IVG10U7
eSOw==
X-Gm-Message-State: AOJu0Yy5NJxGtr+H4HVHzMEuEIkDZ1AlIhk8pugS0I35kSXpkgt7TCuL cPM3697rqixdR3r53mdyA3SKoqr3oA/t0x2h/0mHebx5hYc=
X-Google-Smtp-Source: AGHT+IFphZ9XakletYw7fSAhlRl1EjjjR1cP5DdaEz4FPlr+R+4UEvjIRpCogWZCAQmx+IP3Lcahgn8ITKZO69vD9cw=
X-Received: by 2002:a05:6512

b0:500:bbd4:970f with SMTP id f10-20020a0565123b0a00b00500bbd4970fmr3986745lfv.5.1695235646658; Wed, 20 Sep 2023 11:47:26 -0700 (PDT)
MIME-Version: 1.0
From: Paige Marshann <{removed}@gmail.com>
Date: Wed, 20 Sep 2023 13:47:15 -0500
Message-ID: <CA[email protected]>
Subject: Paige
To: {removed}@gmail.com
Content-Type: multipart/mixed; boundary="00000000000087c4930605cece96"

--00000000000087c4930605cece96
Content-Type: multipart/alternative; boundary="00000000000087c4910605cece94"

--00000000000087c4910605cece94
Content-Type: text/plain; charset="UTF-8"

--00000000000087c4910605cece94
Content-Type: text/html; charset="UTF-8"

--00000000000087c4910605cece94--
--00000000000087c4930605cece96
Content-Type: image/jpg; name="IMG_7772.jpg"
Content-Disposition: attachment; filename="IMG_7772.jpg"
Content-Transfer-Encoding: base64
Content-ID: <18ab3eada33fad7232e2>
X-Attachment-Id: 18ab3eada33fad7232e2

--00000000000087c4930605cece96
Content-Type: image/jpg; name="IMG_7820.jpg"
Content-Disposition: attachment; filename="IMG_7820.jpg"
Content-Transfer-Encoding: base64
Content-ID: <18ab3eada10e2f7a8281>
X-Attachment-Id: 18ab3eada10e2f7a8281

--00000000000087c4930605cece96--

Post by **Chrispcritters** » Fri Sep 29, 2023 8:35 pm

Unfortunately, the sender's IP address is not included in the headers. The IP is that of a Google mail server, not the other user.

Are you still in correspondence with this person?

WhatIsMyIPAddress.com Community

Need Help, Scammed

Need Help, Scammed

Re: Need Help, Scammed