Help identifying Origin of Email

Post your questions about tracing the source IP address of an email here.
Locked
oracledragoness
New Member
Posts: 2
Joined: Fri Apr 12, 2019 6:26 am

Help identifying Origin of Email

Post by oracledragoness » Fri Apr 12, 2019 7:04 am

Good morning,

I was presented with this email reagarding a package being sent through diplomatic courier/DHL. I would like to confirm if this is a scammer email Below is the full email header.

X-Apparently-To: {removed}@yahoo.com; Fri, 12 Apr 2019 01:24:28 +0000
Return-Path: <{removed}@diplomats.com>
X-YahooFilteredBulk: 74.208.4.200
Received-SPF: pass (domain of diplomats.com designates 74.208.4.200 as permitted sender)
X-YMailISG: htQ1MdgWLDvYuaa8AiYB3szt4gyUXSdNvTWyrp04lmFud2YJ
panFicILQbTuPYRXb.tmZ9Hhp1RPZuHPQXqxQ7zBmMMJwn2n.X7WVqQJF44U
4EuutGMt3qmyqBIYBzjD99jTfzX0XCvlyrZDUGRJPLfZVm35N2bUDHJNFy3L
KLxBEtcScnrGOS.H5EXZYjvqg7YbdXQRq1EuWr1MnszeIgvuCdszNr61PPrO
oPS.Te_21MYvnT7garhkG.blTWa7pnUCjKml7l.3DFi_qxpMXIc77EC4FPas
p9taZAaH_wNIV879fThNon9jTEEMy5wGFccI.TC1hsD4SiRks.ZfzjqxzwsI
CMlkU__GMUc4cYEQHn6ejFbkcj0NOl6vQrrv1E93fQtdsKPqyvzxCI3JxeVG
zZsInxLVBRCvEohdOh2b76TiAvEl_KJtcIPN.cI1Jaes25OpC6TtPlbJX_jC
CE.AvEbUzc9R8pJz4ijFXaWPMERRbPCb8jzQ31m2tUdfEXEveRewvv0cX.Ap
kyEcNrp0V4d28OhZuSsBGoRkkJcxK2rHLKSAlcqReuQypkPuPXfJC8lxPddm
eZK5YaV3XGJdsWcge_LA9N880BE6Vlw6woQx7bWJZ4p_HLyBIXuqPcm7zIhV
T.qrMDIJNmceBwYzmpT9RoS2GkDoJfBkgIrW_0qZfcEL3eH0J2lIi9ydzrHM
rOyfSW0KKqdI01t3Im1_6MEPzRIBbg7hFz1IUL6YQZeOzSis9CUXqAEr.MB0
TbGeI_1kKXQdYFaF3QGi_w2ZZ18Ifl57ZvqGyjapwQT5fbTEwDb.hvWNJQ02
7PhAa0X8UfKCJu1kuaHZKgj5k6rzfq9kGvhcNh9ZUQ6XIRLGxR46Cg96vOzD
Tk1A9b245zjh9uTatLJ1XY4AWAQ0ldmALwp3hgGUozt7spjZ6uFO7mICh6aq
uLXw2RGmq5nSU1e9NPxK5shhvYiZLkhnhr.WevTMpybQDi7a9enT6vHndbPg
YhKQVi3Np7QA8cCMBR0XacuCrwxYJfpYDiyFHAMz3G3bbCQn6r8jXXxUw2VR
I6ieRrp9iN1zcuIZ3i98GyyN.0OYXMkGEkwli7Z_PepPmsbspNDCXfYzJzkd
RFxyoqVchMbemA8EdeKWcEsauORDMHNZeMSRm6IilE66CcjKS8g0rMnpoypo
HbjqaRcsm8MH5ivc.Rl9B8R0fDEPlerc_0SgVUAoFoAk42xP1kLv6XQS9Wij
BmJDjZuk7bOg99Iyw9sjE7kNmE6f
X-Originating-IP: [74.208.4.200]
Authentication-Results: mta4326.mail.gq1.yahoo.com
header.i=@mail.com; header.s=dbd5af2cbaf7; dkim=pass (ok)
Received: from 127.0.0.1 (EHLO mout.gmx.com) (74.208.4.200)
by mta4326.mail.gq1.yahoo.com with SMTPS; Fri, 12 Apr 2019 01:24:28 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mail.com;
s=dbd5af2cbaf7; t=1555032267;
bh=qsnCJca5mTtsOfGACbwF671YO40dHODioKl6zp/wTqU=;
h=X-UI-Sender-Class:From:To:Subject:Date;
b=OzSZO8C1DCsyDXEv3bHDdWfXFtvVaDnYdBbEyABJlyBUg4XkzXYg/hIx+Sl3iG0gy
sv/jPpqt6/ImhPzt+iAZxDWjNMhT7TPd9PqHgO//6610iJXNy5TQ4qZg+8ptMY4oR7
NrD2vpq/P9nZQwq/fwqvGOqq2dXGBw9jgO0sjL+c=
X-UI-Sender-Class: 214d933f-fd2f-45c7-a636-f5d79ae31a79
Received: from [142.234.157.20] ([142.234.157.20]) by web-mail.mail.com
(3c-app-mailcom-lxa03.server.lan [10.76.45.4]) (via HTTP); Fri, 12 Apr 2019
03:24:27 +0200
MIME-Version: 1.0
Message-ID: <trinity-6ddf6408-1fde-41fb-9715-29c4c59fb8ac-1555032267761@3c-app-mailcom-lxa03>
From: "Raheem Richard" <{removed}@diplomats.com>
To: {removed}@yahoo.com
Subject: FEES
Content-Type: multipart/related;
boundary=kenitram-a03fb498-19c5-47c8-a9b5-80ce43fc0bc0
Date: Fri, 12 Apr 2019 03:24:27 +0200
Importance: normal
Sensitivity: Normal
X-Priority: 3
X-Provags-ID: V03:K1:VWuw+z0ZlrqQjc7WFmzOgtj04UZhuB3XM7Y6YWck0vUQ1ppE+4GL5V/es0VptSOhOMHLu
b+nRfealRW77XnYqj28C0n3yIVdY2/3ikGuQZvfKdTQIUvPWFnf1oLFFat3VsBeoB+gY8ROppexN
V4YRFo/ADoYO9TLCfLCNF7ckJKwTs8cHJbYB7QqdwX3wyP6FzmbNRvp2LG+ZhZsTAVt0QyIklgzL
hcEI2k3jNpxyIKCLaNWj0iDfdKG5hmyRfbRoLefeigHQMl54sp7shUSFvaRjPQg7AJSTGImcvDor
7A=
X-Spam-Flag: NO
X-UI-Out-Filterresults: notjunk:1;V03:K0:CNVVDdVXV5U=:R0DVR40nQwoM4DdSHXqYee
Z0+XkBx5R9Yz+T1KfOo9vOgMtS9P2A7w1lOItOv4kvCSMtKBnhY2mhgMkyzn6aKhjwOO4/bqt
n+4HqjHwe0mlSV2x1wWbzuSdU5RlHsDr8X2QaEjHIzIMnDlVkUInAzHLsoBpOPxKeWHd5kFeV
PU/BRKE8RzHx2GVeXNis9Cxm9ilcfOb+EWd11ijJXV9sKny06K8zV8ee12AiVI/Pnx7OR0rms
7pufz5cE0Z6mMpLAGyUgt3T2j53HBXWcRyOK64u1UViWCsbNFmSXGq09w80DI1DgEVrzEEv4X
UyQ2qmxnkvRoHEc7ZCpF6QFQeRuMQbyUqLkow1gHQleQv2DC733AQRr+tY8T2mCQW63i2oFAR
0ByubE1tL2S54CUhXgvrGmkh+hGJRLCwpWPWesg4bHGLs0eYn7u5PkgD/07LVqPBTxCjqCUDH
VQkyKP7vuLuHiYyRfF8ertC8SnMPIa2ucTm92wMHuUSP9g84qGlOpeA4ROgEX4Ezwp6lBWKxR
Jw6s42RKYgsI/sjF094YeuM83XXke++6Q8gVsZLwQ9aamjd3JATptHqTSGFi8uS7BpL78XGDP
h63/QhC6rPalXPpO7IK6O2Jmk0dcEde2V+
Content-Length: 21684

--kenitram-a03fb498-19c5-47c8-a9b5-80ce43fc0bc0
Content-Type: text/html; charset=UTF-8



Thank you for your assistance.
Last edited by Chrispcritters on Fri Apr 12, 2019 7:52 am, edited 1 time in total.
Reason: Obfuscated email addresses

User avatar
Chrispcritters
Forum Administrator
Posts: 2464
Joined: Tue Mar 02, 2010 5:41 pm
Location: 127.0.0.1 | ::1
Contact:

Re: Help identifying Origin of Email

Post by Chrispcritters » Fri Apr 12, 2019 7:54 am

Unfortunately, the headers do not include the sender's IP address.

I can say, with certainty, that it's a scam.
Founder & CEO of WhatIsMyIPAddress.com.
You can follow me on Twitter and Facebook for some behind the scenes info.

oracledragoness
New Member
Posts: 2
Joined: Fri Apr 12, 2019 6:26 am

Re: Help identifying Origin of Email

Post by oracledragoness » Fri Apr 12, 2019 8:22 am

Thank you very much for your assistance. If you would like to make this public for others to recognize please do.

If the sender is masking their IP address, is there a way to decode it?

User avatar
Chrispcritters
Forum Administrator
Posts: 2464
Joined: Tue Mar 02, 2010 5:41 pm
Location: 127.0.0.1 | ::1
Contact:

Re: Help identifying Origin of Email

Post by Chrispcritters » Fri Apr 12, 2019 11:19 am

It's already public ;)

If there was a source IP address in the headers and it was that of a VPN/Proxy/Tor you would very likely not be able to find the user's real IP address.
Founder & CEO of WhatIsMyIPAddress.com.
You can follow me on Twitter and Facebook for some behind the scenes info.

coolguy12388
New Member
Posts: 3
Joined: Sun May 12, 2019 2:48 am

Re: Help identifying Origin of Email

Post by coolguy12388 » Sun May 12, 2019 2:59 am

142.234.157.20 isn't this the IP address??

It says Burbank California

Locked

Who is online

Users browsing this forum: No registered users and 3 guests