We need to find this person

Post your questions about tracing the source IP address of an email here.
New Member
Posts: 1
Joined: Wed Mar 22, 2017 3:34 pm

We need to find this person

Post by BeardedBastardsSC »


We think someone may have purchased product from our website using a stolen credit card. We need to figure this out ASAP.

Thank you,
Bearded Bastards Supply Co, LLC


Delivered-To: {removed}@gmail.com
Received: by with SMTP id g31csp802499edd;
Thu, 16 Mar 2017 11:29:06 -0700 (PDT)
X-Received: by with SMTP id q23mr9208873wrc.163.1489688946655;
Thu, 16 Mar 2017 11:29:06 -0700 (PDT)
Return-Path: <{removed}@gmail.com>
Received: from mail-wm0-x231.google.com (mail-wm0-x231.google.com. [2a00:1450:400c:c09::231])
by mx.google.com with ESMTPS id s15si7573592wrc.222.2017.
for <{removed}@gmail.com>
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Thu, 16 Mar 2017 11:29:06 -0700 (PDT)
Received-SPF: pass (google.com: domain of {removed}@gmail.com designates 2a00:1450:400c:c09::231 as permitted sender) client-ip=2a00:1450:400c:c09::231;
Authentication-Results: mx.google.com;
dkim=pass [email protected];
spf=pass (google.com: domain of {removed}@gmail.com designates 2a00:1450:400c:c09::231 as permitted sender) smtp.mailfrom={removed}@gmail.com;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmail.com
Received: by mail-wm0-x231.google.com with SMTP id u132so41422429wmg.0
for <{removed}@gmail.com>; Thu, 16 Mar 2017 11:29:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20161025;
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
X-Gm-Message-State: AFeK/H2IJ6nc8/lGCC2z9fPH1dC3idmngxP4wWokGqy9EmHLNwVsWWX9xdxmeb9G/Aq14Q6IIXqO7A0MwvLz7w==
X-Received: by with SMTP id 67mr26978008wmu.86.1489688946123; Thu, 16 Mar 2017 11:29:06 -0700 (PDT)
MIME-Version: 1.0
Received: by with HTTP; Thu, 16 Mar 2017 11:29:05 -0700 (PDT)
In-Reply-To: <CANHK4HNj7kuDfVfUE1f=[email protected]>
References: <CANHK4HNj7kuDfVfUE1f=[email protected]>
From: damien law <{removed}@gmail.com>
Date: Thu, 16 Mar 2017 14:29:05 -0400
Message-ID: <CAPsQxUCs2U9Thh_=[email protected]>
Subject: Re: Your Order
To: "Bearded Bastards Supply Co." <{removed}@gmail.com>
Content-Type: multipart/alternative; boundary=001a1145a83675aa56054add3cc6

Content-Type: text/plain; charset=UTF-8

Ship to my bill

On Monday, March 13, 2017, Bearded Bastards Supply Co. <
{removed}@gmail.com> wrote:

> Good morning!
> First of all, thank you for your order. We are reaching about the order
> for the scope. It looks like the shipping address you provided is for a
> shipping hub. Unfortunately we do not ship to hubs or out of the country at
> this time. May we use the billing address to ship this order? Please
> advise.
> Thank you
> Aaron Ames
> Bearded Bastards Supply Co, LLC.
Last edited by Chrispcritters on Wed Mar 22, 2017 4:35 pm, edited 1 time in total.
Reason: removed email addresses
User avatar
Forum Administrator
Posts: 2561
Joined: Tue Mar 02, 2010 5:41 pm
Location: | ::1

Re: We need to find this person

Post by Chrispcritters »

Unfortunately Google no longer includes the sender's IP address in the headers. I think I noticed that the sender's name didn't match the spelling in the email address. This would be a red flag to me. Have you tried calling them?

Do you have an IP address from your ordering system?

I suggest that you contact the credit card company and verify the order through them.
Founder & CEO of WhatIsMyIPAddress.com.
You can follow me on Twitter and Facebook for some behind the scenes info.
New Member
Posts: 1
Joined: Wed May 24, 2017 4:25 pm

Re: We need to find this person

Post by DjLyon »

Actually, you can still find them. Unsure if this is a Ghost, but this could very well be it. Dublin, Ireland. :lol: :lol: :lol:

Don't mess with me, you will be found.