ISP location help

Post your questions about tracing the source IP address of an email here.
Locked
Ella58
New Member
Posts: 1
Joined: Sun Dec 18, 2016 2:12 pm

ISP location help

Post by Ella58 » Sun Dec 18, 2016 2:22 pm

Hi,
I'm new here and not tech savvy at all but I'm pretty sure I have a scammer after me. How can I tell where this email originated?
Thank you!!!

Delivered-To: {removed}@gmail.com
Received: by 10.129.58.10 with SMTP id h10csp1344059ywa;
Fri, 28 Oct 2016 17:32:02 -0700 (PDT)
X-Received: by 10.129.135.198 with SMTP id x189mr14610480ywf.341.1477701122606;
Fri, 28 Oct 2016 17:32:02 -0700 (PDT)
Return-Path: <{removed}@engineer.com>
Received: from mout.gmx.com (mout.gmx.com. [74.208.4.201])
by mx.google.com with ESMTPS id b65si6121291ywd.442.2016.10.28.17.32.02
for <{removed}@gmail.com>
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Fri, 28 Oct 2016 17:32:02 -0700 (PDT)
Received-SPF: pass (google.com: domain of {removed}@engineer.com designates 74.208.4.201 as permitted sender) client-ip=74.208.4.201;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of {removed}@engineer.com designates 74.208.4.201 as permitted sender) smtp.mailfrom={removed}@engineer.com
Received: from [108.213.15.158] by 3capp-mailcom-lxa12.server.lan (via
HTTP); Sat, 29 Oct 2016 02:32:02 +0200
MIME-Version: 1.0
Message-ID: <trinity-c802deb3-f473-4234-a3da-bc49b5b50c07-1477701121995@3capp-mailcom-lxa12>
From: "Frank Wells" <{removed}@engineer.com>
To: "Ellen Childs" <{removed}@gmail.com>
Subject: For you
Content-Type: text/html; charset=UTF-8
Date: Sat, 29 Oct 2016 02:32:02 +0200
Importance: normal
Sensitivity: Normal
In-Reply-To: <51A47FEF-D8FE-483A-B517-923DCBF30C4A@gmail.com>
References: <51A47FEF-D8FE-483A-B517-923DCBF30C4A@gmail.com>
X-UI-Message-Type: mail
X-Priority: 3
X-Provags-ID: V03:K0:KUORwZGMav+GdnzWY/XKrKVoZAfEN5JGnbgCeHt+C3F
RbIlcjEMfx946QFuBKF99u/R3j86nLAgEUCpncybHmYU/R7gd6
h98obHhcXULMIYpMMPYpqO24+FXiZjWGK/P/L7CxOntyv//MUA
M2cqH2IFdgXqtucoc0BSm0OMvU4ptB/YygzHVa96JRDdSnujY6
dCZ44slMAiITI7PDQ6B2BeCtcJthYM9xT1HUisncIdk1zJvyXI
RVQKikDJSEHrEj6K4sKjAz/tv1nfRkp+BYqyyDXG40z0FfHDU9
RTFVTXtRnUMaXlS/w41B2BDoQC9
X-UI-Out-Filterresults: notjunk:1;V01:K0:Gi9gekysb84=:SJdC4S4+QhOnFY12SGLvom
HNCcDNn2SLNs7GuvtvP/NL8KfIrprNpgAaBcr46yJ4bf6fhxzXEJ/Ftphq5TRIznA9Kxyh3Ga
20/bFlRLLRCHzKKo4GtrrXlXvrzkl206BjD5wi+bWyeMbB7NPlrgdkWjhIngL4xL9ccJMh0sO
4pIqys6UwDkSsZC3LONkzPHuacQrNcFXEiK+UQQ6U7MqmAikGSN+XoBhYKN71f2gToRHt1koE
+yticuNygrSfVusAywzMq3YuXMCpPGLKqc6g0+QCxgHyRxFwW49OCIbX/PbSHQXVt5oEhSEkw
pmN0SfhmNh0Vn7ogtZGX6gYky3uIASAmpCwmw5z6RSFdsDaWWSve5QIyIwK1LFlPnfn3z72AS
Mnc/LQNoZELm0v5MLohXrJlkhQQdwA5zKLDzeigoXfnm4Bk7HFhKZ7mMf2Pm7czrtS+dVzKy2
JRqAGeoPUA==
Last edited by Chrispcritters on Mon Dec 19, 2016 7:26 am, edited 1 time in total.
Reason: Removed email addresses

lisati
Active Member
Posts: 1134
Joined: Fri Apr 15, 2011 2:25 pm
Location: The Couch
Contact:

Re: ISP location help

Post by lisati » Tue Dec 20, 2016 9:09 pm

According to http://whatismyipaddress.com/trace-email the origin of the email appears to be through IP address 108.213.15.158.

nielsencl1
Active Member
Posts: 337
Joined: Sun Dec 23, 2012 5:47 pm
Location: Minneapolis, MN

Re: ISP location help

Post by nielsencl1 » Tue Dec 27, 2016 7:15 pm

From what I can tell the sender was in or near Youngstown, Ohio using "ISP: AT&T U-verse", but the email was routed via an email server hosted at 1and1.com.

If you think you are dealing with a scammer then you probably are.

Locked

Who is online

Users browsing this forum: No registered users and 3 guests