We need to find this person

Post your questions about tracing the source IP address of an email here.
Locked
BeardedBastardsSC
New Member
Posts: 1
Joined: Wed Mar 22, 2017 3:34 pm

We need to find this person

Post by BeardedBastardsSC » Wed Mar 22, 2017 3:39 pm

Hello,

We think someone may have purchased product from our website using a stolen credit card. We need to figure this out ASAP.

Thank you,
Aaron
Bearded Bastards Supply Co, LLC

-----------------------------------------


Delivered-To: {removed}@gmail.com
Received: by 10.80.175.34 with SMTP id g31csp802499edd;
Thu, 16 Mar 2017 11:29:06 -0700 (PDT)
X-Received: by 10.223.171.23 with SMTP id q23mr9208873wrc.163.1489688946655;
Thu, 16 Mar 2017 11:29:06 -0700 (PDT)
Return-Path: <{removed}@gmail.com>
Received: from mail-wm0-x231.google.com (mail-wm0-x231.google.com. [2a00:1450:400c:c09::231])
by mx.google.com with ESMTPS id s15si7573592wrc.222.2017.03.16.11.29.06
for <{removed}@gmail.com>
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Thu, 16 Mar 2017 11:29:06 -0700 (PDT)
Received-SPF: pass (google.com: domain of {removed}@gmail.com designates 2a00:1450:400c:c09::231 as permitted sender) client-ip=2a00:1450:400c:c09::231;
Authentication-Results: mx.google.com;
dkim=pass [email protected];
spf=pass (google.com: domain of {removed}@gmail.com designates 2a00:1450:400c:c09::231 as permitted sender) smtp.mailfrom={removed}@gmail.com;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmail.com
Received: by mail-wm0-x231.google.com with SMTP id u132so41422429wmg.0
for <{removed}@gmail.com>; Thu, 16 Mar 2017 11:29:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20161025;
h=mime-version:in-reply-to:references:from:date:message-id:subject:to;
bh=aVBOWP2874lwR2QxWiTwrJpNhLbyMCWsq2mUskj87vE=;
b=fjcHKhKfpStS5uqQvPtcRvat8qjX2XLqBdjJfe2k74ipx5uWBsWakx8ZqTI4C/DCG8
7tKKhx9IVJJO6BEnbZFwMRq3VCzxxjpzR8Fel0XuSQ82rx+PcdLhiECPtoSQZIYXtbnx
Wiq4AmCyWyeA1uEpvgRplA+0HxAtKCqeZvRAtQfMyFNm46iyIxZaUg42epqChASzEQiJ
Z0Sy0avyNLnNmJ4ML5Lh4j2MFFj+K0TqTw/QC1r01TjUvBgmBRUxTpgAngxNjAdhbZMF
l6aJKKqWXId85q/YwelFZpM9xp1nZQM5vix9Hvd1a1YZv7jZnSu7zPw01+4MjRP/rJJD
m5qw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:in-reply-to:references:from:date
:message-id:subject:to;
bh=aVBOWP2874lwR2QxWiTwrJpNhLbyMCWsq2mUskj87vE=;
b=JMf3MPu/HPzopTN6qMn4wmFXRYDGMqss3cGHU9fdTU3L21aLMKju3bdLQFUkxug5T1
x2JBL8D70m+nfvXesot78lMvPCeEPNlqjZz2UwsHzdFqKNSXas16wTgNL21TLEGmgPXF
1RkJlayw0YbbqFFHqo4koNSU05MVZYRWKkh5ADL5WijZEHnJe9pkEgYXo1nwhgFZnk6r
x+A5ampVffPYnmHeLZViF3ZEkE/l1wIW9+3ODzqBXtVQ3HrC3nGwbDQWjZM4l4FHCGLj
3Hf4kxN3DAMMxj1ZzkDkIF10yedoPwDaReupryCQuGTpH4lPlmGkIg2g/DUtmitC3fV1
Bz1g==
X-Gm-Message-State: AFeK/H2IJ6nc8/lGCC2z9fPH1dC3idmngxP4wWokGqy9EmHLNwVsWWX9xdxmeb9G/Aq14Q6IIXqO7A0MwvLz7w==
X-Received: by 10.28.20.70 with SMTP id 67mr26978008wmu.86.1489688946123; Thu, 16 Mar 2017 11:29:06 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.28.26.18 with HTTP; Thu, 16 Mar 2017 11:29:05 -0700 (PDT)
In-Reply-To: <CANHK4HNj7kuDfVfUE1f=[email protected]>
References: <CANHK4HNj7kuDfVfUE1f=[email protected]>
From: damien law <{removed}@gmail.com>
Date: Thu, 16 Mar 2017 14:29:05 -0400
Message-ID: <CAPsQxUCs2U9Thh_=[email protected]>
Subject: Re: Your Order
To: "Bearded Bastards Supply Co." <{removed}@gmail.com>
Content-Type: multipart/alternative; boundary=001a1145a83675aa56054add3cc6

--001a1145a83675aa56054add3cc6
Content-Type: text/plain; charset=UTF-8

Ship to my bill

On Monday, March 13, 2017, Bearded Bastards Supply Co. <
{removed}@gmail.com> wrote:

> Good morning!
> First of all, thank you for your order. We are reaching about the order
> for the scope. It looks like the shipping address you provided is for a
> shipping hub. Unfortunately we do not ship to hubs or out of the country at
> this time. May we use the billing address to ship this order? Please
> advise.
>
> Thank you
> Aaron Ames
> Bearded Bastards Supply Co, LLC.
Last edited by Chrispcritters on Wed Mar 22, 2017 4:35 pm, edited 1 time in total.
Reason: removed email addresses

User avatar
Chrispcritters
Forum Administrator
Posts: 2536
Joined: Tue Mar 02, 2010 5:41 pm
Location: 127.0.0.1 | ::1
Contact:

Re: We need to find this person

Post by Chrispcritters » Wed Mar 22, 2017 4:37 pm

Unfortunately Google no longer includes the sender's IP address in the headers. I think I noticed that the sender's name didn't match the spelling in the email address. This would be a red flag to me. Have you tried calling them?

Do you have an IP address from your ordering system?

I suggest that you contact the credit card company and verify the order through them.
Founder & CEO of WhatIsMyIPAddress.com.
You can follow me on Twitter and Facebook for some behind the scenes info.

DjLyon
New Member
Posts: 1
Joined: Wed May 24, 2017 4:25 pm

Re: We need to find this person

Post by DjLyon » Wed May 24, 2017 4:49 pm

Actually, you can still find them. Unsure if this is a Ghost, but this could very well be it. Dublin, Ireland. :lol: :lol: :lol:




Don't mess with me, you will be found.

Locked

Who is online

Users browsing this forum: No registered users and 4 guests