what the heck is this all about?

Post your questions about tracing the source IP address of an email here.
Locked
grino66
New Member
Posts: 1
Joined: Wed May 17, 2017 5:20 am

what the heck is this all about?

Post by grino66 » Fri May 19, 2017 5:03 pm

Hi Admin.
i am trying to figure out all i can about this email (person that sent it) that i can. they are claiming to be in dubai. what i cant seem to figure out is....Why is this so dang long. i know privacy laws prevent actual real names etc. i am just trying to find out if this person is lying and if i may be being scammed for something . person has not asked for anything from me. If this is something fishy or decitful is there a particular agency it can be reported to? oh, almost forgot the email address [email protected] is also come to my attention and somehow connected. any help or advise is greatly appreciated.

Received: from BL2NAM02HT242.eop-nam02.prod.protection.outlook.com
(10.162.170.27) by CY1PR16MB0329.namprd16.prod.outlook.com with HTTPS via
CY1PR0101CA0017.PROD.EXCHANGELABS.COM; Fri, 19 May 2017 12:28:26 +0000
Received: from BL2NAM02FT064.eop-nam02.prod.protection.outlook.com
(10.152.76.56) by BL2NAM02HT242.eop-nam02.prod.protection.outlook.com
(10.152.77.141) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.1075.5; Fri, 19
May 2017 12:28:25 +0000
Authentication-Results: spf=pass (sender IP is 209.85.218.42)
smtp.mailfrom=gmail.com; hotmail.com; dkim=pass (signature was verified)
header.d=gmail.com;hotmail.com; dmarc=pass action=none header.from=gmail.com;
Received-SPF: Pass (protection.outlook.com: domain of gmail.com designates
209.85.218.42 as permitted sender) receiver=protection.outlook.com;
client-ip=209.85.218.42; helo= mail-oi0-f42.google.com;
Received: from SNT004-MC4F18.hotmail.com (10.152.76.58) by
BL2NAM02FT064.mail.protection.outlook.com (10.152.77.119) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
15.1.1075.5 via Frontend Transport; Fri, 19 May 2017 12:28:25 +0000
X-IncomingTopHeaderMarker: OriginalChecksum:3306F9323A570CC2B6621B6CE67960E9E809D6C8872CCA47295234078C9C1255;UpperCasedChecksum:437653EB56DA2FE83CE117644EB9DE279E943530FBC3D406B2CEB5E66B6460B5;SizeAsReceived:2360;Count:16
Received: from mail-oi0-f42.google.com ([209.85.218.42]) by SNT004-MC4F18.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.23143);
Fri, 19 May 2017 05:28:20 -0700
Received: by mail-oi0-f42.google.com with SMTP id h4so89775255oib.3
for <{removed}@hotmail.com>; Fri, 19 May 2017 05:28:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20161025;
h=mime-version:from:date:message-id:subject:to;
bh=amX33TqLTz0Rp63ZuB8ddAqSk37AwqGjfzvOhLTER6o=;
b=oWFHYhhNDEV5fDNnvXGbAvqzUfP5HPAPWUoocl4HGTUeoiayNz66RSgRHZ0h8cMaH7
cUrwy8SO6qmYC7vF4qZe6p3HvYmHaI/Pv0FU2J4VTKX2dN860oDD4c9s/sdaxlQWcBaL
C0rc2mY2BncEX4ughSTEjHkXzBqHCJhEtcpwggDX2y/JlVU9Fpb+8WEcgyqxfMZf1K4o
Y0joz0LULiYPeTIBtUfmjpMu40m/ebUk0HVjXQpqw1Fwwa9uWyvLYO9v0xF6wZHLbtqE
k9hv3ryeerUX7qbeF/I0cJO2+EPQH/9FzRq3eukz50tb63jnICpt8c5TlnKGPhsk6SHN
G/VQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
bh=amX33TqLTz0Rp63ZuB8ddAqSk37AwqGjfzvOhLTER6o=;
b=eFFPhMXykXjTJ802yjguUEclC/LRbNiSLYphZi1gOD1VFs+07IyUKtMsWlTR2NyHwC
ZtcSPRwuK/qMoSXr7fD5Fii2HNZY7z5boBFGUD1N54n7BLux0ti358JAQu7y8GjIiwzH
8BobpRMEnCgLDeHRPRUxyniiw1hokmGqvBGi9yFWC91KQADXbbI+U7zOOCAQaKwd07Py
yIGJ7Jj5l1G0aJU8FJDV9ABwpzhbOegJEfU6Um3p5d31t9wtuNtsUCvqqX9OypHbeRMi
5ZQPFAJsgp9zV5LNzLPRfbGOAcL2Stuubyihpz7AlKxeErkDFLKZcSK62OINy2WX+LTx
jf2Q==
X-Gm-Message-State: AODbwcDPXH/ap+I+UG2TdZJ9kR5Bxc4SL7/pyUnWnFJ0zt20NuoRx7cf
r3C1yWtm5JxTF1VOydfOl1zlnGopkn+6
X-Received: by 10.157.56.140 with SMTP id p12mr5209780otc.206.1495196900142;
Fri, 19 May 2017 05:28:20 -0700 (PDT)
Received: by 10.182.50.5 with HTTP; Fri, 19 May 2017 05:28:19 -0700 (PDT)
From: Juanita Ramos <[email protected]>
Date: Fri, 19 May 2017 08:28:19 -0400
Message-ID: <[email protected]om>
Subject: I AM IN LOVE WITH YOU!
To: "t. geir" <{removed}@hotmail.com>
Content-Type: multipart/alternative; boundary="001a11c017b21a36f2054fdfa8d8"
Return-Path: [email protected]
X-OriginalArrivalTime: 19 May 2017 12:28:20.0917 (UTC) FILETIME=[66BA7650:01D2D09B]
X-IncomingHeaderCount: 16
X-MS-Exchange-Organization-Network-Message-Id: 82bf39dc-f359-469b-10b1-08d49eb28c14
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa:0
X-MS-Exchange-Organization-MessageDirectionality: Incoming
CMM-sender-ip: 209.85.218.42
CMM-sending-ip: 209.85.218.42
CMM-Authentication-Results: hotmail.com; spf=pass (sender IP is
209.85.218.42; identity alignment result is pass and alignment mode is
relaxed) smtp.mailfrom=[email protected]; dkim=pass (identity
alignment result is pass and alignment mode is relaxed) header.d=gmail.com;
x-hmca=pass header.id=[email protected]
CMM-X-SID-PRA: [email protected]
CMM-X-AUTH-Result: PASS
CMM-X-SID-Result: PASS
CMM-X-Message-Status: n:n
CMM-X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0xO0Q9MTtHRD0xO1NDTD0w
CMM-X-Message-Info: gamVN+8Ez8V+RHg+F+brAfDucE0KSMrdGnsXhaNoHIhN39PqqWXv6ebacWpxZlJae2/7H+WAaR/yx7ShpKrTfwLRmvmy3KmGcBr4QhASuKGEksn9BzICBNNxJV88rSMN1Wfvg8LZZw3s4vS4QItFdv5THsv20BCktggYTIk+Ye5WD3sT5wrXYJFSg2C8RvFCeKmjdTVr+EwF2FYQAKII1ugUWiAEyh/8gntqtuk3D9UEVLN/xKBIeQtBjsUJSNIK
X-MS-Exchange-Organization-PCL: 2
X-Microsoft-Exchange-Diagnostics: 1;BL2NAM02FT064;1:Re71P4KYD1RBZld/yeb8roWukmjfgj7YHXrSO0xcamy+19p1piKx4ZvSYTWN0xZ85wQRJ/IkLdeXOkTXuv6hOTdE/2hS2EwM1UF+5vu7omIzsMmgi4Ny4UNSjXwVecymYWo/+ugHOHSohD0OlmTZjgKt6jEmz+HqzKbEBloPCX/IhEHMGDN1E0LYejYRYN0/
X-Forefront-Antispam-Report: EFV:NLI;SFV:NSPM;SFS:(98901004);DIR:INB;SFP:;SCL:1;SRVR:BL2NAM02HT242;H:SNT004-MC4F18.hotmail.com;FPR:;SPF:None;LANG:en;
X-MS-Exchange-Organization-AuthSource: BL2NAM02FT064.eop-nam02.prod.protection.outlook.com
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 82bf39dc-f359-469b-10b1-08d49eb28c14
X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:(22001)(8291500097)(8291501071);SRVR:BL2NAM02HT242;
X-Microsoft-Exchange-Diagnostics: 1;BL2NAM02HT242;3:6cQ2yiY5rIuWNkUvF2UcNNUUci2yQ42X8LhpUOMBZeorW6hJfMTNuokmb9FBiCzkMmr/zmsgGHvtbbV9y+y1zBqYAC2QrBPGuOzFHtPFT9HyXAxGBpgpxMPHuXDMyEI6KW3TA44MLrJ6XBuPBUVRaj22sOniF6pI2e4CcYn8KtfBMiko3IzHgS35FGFaQjEd4BavA0NEOtMxhdDXryivD8hCg2c/kYAlR9Q6VpKHfC1NVdI3ykBIwQt8U5wHD1/LggQwOvWqlZPjV2LeWf561U/FoNA8ObqECA0OTVpvGc0vIuDyMkxIU9gMTtpNkM43A4GbtaIjylSOR+2LKPSF39GuBtBs2Umg81qps7l0plt/VcqPGP9msyC4CBK90MTmG2ftNKovWeD7RZWVAuQy6A==;25:ahsBTZaj4NG2aPxMrx9IrmIGr1w0oKnDGBON+UGQj+XHZao4OLjRQzdg5ZVqXMT8/6xxkE6FQaagBlNPa2ZS8g2vhfkWTlRZ5xXt92ZhVinklvZlFdANBR/i8uNZRpHMPzAzRguQpujqnO0o2CGGZszuiXYALrIQ71XxnP6de4Ls97cEeXGT8AQK+MSL6ptVJKWrrux7N80VIUIRY37M5zRqWQf4Qll0NzO1qOo4YZAFXwK7Sfaivh0A1lHv8k4ZCSLuYgOTFdovtjLTTQvPLU+qRb36BQ0fdU1gz3Jz6KUG+BZTzO4bBU8YAFrKlb+NAPCT4eZV8SUrkjOFMLvgv606WBX/e34yxSS5T+M3aGJuKiSrGikgvonNZhQJyJtgOgFDy9MT5E6WsVlF3LBeZ3CiZqzgplC7ooX+31zHHKNELd8VsBA8JPr+OZuem+SjpifECsVNcwsaV/Y3m1zrw3Na8Pks268uZNVoP5U6tapQ0Q8LWi4RZ1Nr2NO1xoFZ
X-MS-Exchange-Organization-AVStamp-Service: 1.0
X-Microsoft-Exchange-Diagnostics: 1;BL2NAM02HT242;31:J1LVtHSA9IEInjP2mGJq9Uu8jdZvhAjAxVq7DkaK+aWSjUq18rqGG0Uu7rnGXKW1onCxkXIdExKz4CA1iTJyg65cyHVT1bY30JYc/AyEfX3gv8Liagarv8jI82Lqffr+gfIq9mfExP7p1ASEXqYZiC8EOdg7OwRY5MyA30sjG4B4oYf6dR8yF+FPY4txbTx0zwziPZWmKoAcgBNsipm2ifnrNBtrQzCvnm8JyTVZUH8auMpD/gGU7HWdX/VSefhYskmgH4dPfnqQ1nIgR+XhxZg35Zbuzx3MD/lMoJ+MX8KSYbRhER1M7xToWx4CJvXp;4:xxjjFf8tHvdNWEDHiPQfIvt5My+5uL5oaQViJyTSIlJHZ+kw+e/tn0aHGnDsKWBsD+vnm9F+i+bwt2fiiy8AT9Jv+GjitlHG9kdK6e6j8xZdwYbft1JSh4J5jLbJnkjaQyJ1lRBbc3AOSzifIfVCuEe6JuQKkZldULVa9OH7O4oCM98lNc8SxArew7kcvEb2S+pDZ1NvgdxbY4sj19P+LxrHO83zMeM0M++csCjlmL46DLHIgjOjj134MpFCuKVfvh+C66ngeNZE9s46TBAIYzV6UqzSnwsOD3ZdJYbfSNnyfG3LMRZdPlzAzzxGEBdi7teNAyyjNipqZPAKZQ0eZE1TDY+Wo5T+KWB8/LEGSURJSvyL8sHJ+skWip5vGnCxVl/HpfQjCWyZQcvM1J6cvA==;23:2jKeuz753eNWDTkOOtBmUCkrcpvrF1HtLxqh60piZZXNDTm1CrkPhS0ALOwvMjrEZ308oJoMYQTdFyCSPvh7fCWeflMzSPAjF8VWED8hvR+skz3TTe5KGMof3kx30XSzpFeXrbDRR/SKGVeozjF5pbTTyMW+X+BN0AwTHiAIYt4=
X-Exchange-Antispam-Report-Test: UriScan:(194151415913766)(17755550239193);
X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(444111461)(595095)(82015058);SRVR:BL2NAM02HT242;BCL:0;PCL:0;RULEID:;SRVR:BL2NAM02HT242;
X-MS-Exchange-Organization-SCL: 1
X-Microsoft-Exchange-Diagnostics: 1;BL2NAM02HT242;6:vEGT95YlpTmSOoDhUTl9CEgDsN6cdWjUUVF9UxJ2xwfrtfBxuLEVOyLMHd9NDU2wbNnNXkiTuIIK6zR7FCJ9JX092M3d3rIIta+tFtbY5Yoq7PB9fIk692IkaL0S5DBNX+zUFPJzZqOyLdH42BVttFk366abSd+XloAorLdIk6c+C+U+ensH8ubruqGVeOihfFYvtkBUeavy+0NSbGLRmXkxp+RVtVlPbZuPN1Xrxzre8QPaWi91haxWMrD19acdAJP8W11O/0bjr7tzqWrCiyZ9ASonTpk2vjbegiR5JAdqMbV8ZNjx7/8Zuhcdgvk8TPdM+x8O79weGmtG3wAhej4IBTySxbBhosT3uA0FgXeVEi8S/xmnw7A40sRI7S/Q0yAawQNlxWbyRKdBgHsYuQ==;5:wJZKqH/iVhgzF56cSh55yoxvpCca7o4U8ypurlOVVLQfMsbqhm3tfmFdlYCuLkl8Z78PfHtwvseQaDccEcL34f57ctulZyRnUZ8H30REuKFrttw7z726VSfiFS3xaSrbID07uzmeoSR24+2vxIH+7g==;24:53YmZiQ0aLTQ9jc+cJx7ZeyGba4koRkJ6ZgPhYZwoA/vYkyzsVdnNOmueRtb85jrOcKgijFWjm6UskJvdbQL13SrR+zLWdzSZgqL7/pS9u8=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1;BL2NAM02HT242;7:2MPXNEd9g1Xbz9P0QrYQUA+35N4/gyznfwIc17scnzmpAP8jmtZLfwcMJkaOHx5ciBPp7bEJoNx7MbOVojzQJffRXheegbDADGUr4PYWha53SzFe6ZLj3s9C0QSR8NkdY1LtIvHNHtWAw01ydbPxPIDOvQRLg7g42Xv5XVMRICIXgxZNK67y+KXMnTOj3cIevNAkmEt00l7o6fka4INCa6YhaMhlOAEywkAnO4KC52EqO5GhQ063k9CBM6dAC5PhVgDManUZ61PiHz1Pq/5a7ADFCOQ6yY97UFlU5PIsu0HwmoamyrnQGk1S7BQK9z4HeHb3dszgGBXaClE8rq99/w==
X-OriginatorOrg: outlook.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 May 2017 12:28:25.4448
(UTC)
X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL2NAM02HT242
X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.9790153
X-Microsoft-Exchange-Diagnostics:
1;CY1PR16MB0329;27:t34yVBieCRJkLUKxvtGJ0g4fplQpQg8AYI0YaAb1WGC1PBYC73jmGrmvJkAVMHETfEiGBC0xDj3YriVG14nXQMVBFy+o1DhFKA46665r1jY+wnpa2HSvA7Pgp91aMz3fe0DgDYUbWm9WBWNVOqIVDQ==
X-Microsoft-Antispam-Mailbox-Delivery:
abwl:0;wl:0;pcwl:0;kl:0;iwl:0;ijl:0;dwl:0;dkl:0;rwl:0;ex:0;auth:1;dest:I;WIMS-SenderIP:209.85.218.42;WIMS-SPF:gmail%2ecom;WIMS-DKIM:gmail%2ecom;WIMS-822:info%2ejuanitaramos%40gmail%2ecom;WIMS-PRA:info%2ejuanitaramos%40gmail%2ecom;WIMS-AUTH:PASS;ENG:(5061607094)(102400140);
MIME-Version: 1.0

--001a11c017b21a36f2054fdfa8d8
Content-Type: text/plain; charset="UTF-8"
X-Microsoft-Exchange-Diagnostics:
1;CY1PR16MB0329;27:t34yVBieCRJkLUKxvtGJ0g4fplQpQg8AYI0YaAb1WGC1PBYC73jmGrmvJkAVMHETfEiGBC0xDj3YriVG14nXQMVBFy+o1DhFKA46665r1jY+wnpa2HSvA7Pgp91aMz3fe0DgDYUbWm9WBWNVOqIVDQ==
X-Microsoft-Antispam-Mailbox-Delivery:
abwl:0;wl:0;pcwl:0;kl:0;iwl:0;ijl:0;dwl:0;dkl:0;rwl:0;ex:0;auth:1;dest:I;WIMS-SenderIP:209.85.218.42;WIMS-SPF:gmail%2ecom;WIMS-DKIM:gmail%2ecom;WIMS-822:info%2ejuanitaramos%40gmail%2ecom;WIMS-PRA:info%2ejuanitaramos%40gmail%2ecom;WIMS-AUTH:PASS;ENG:(5061607094)(102400140);
Last edited by Chrispcritters on Fri May 19, 2017 5:16 pm, edited 1 time in total.
Reason: Removed your email address so you don't get spammed.

User avatar
Chrispcritters
Forum Administrator
Posts: 2538
Joined: Tue Mar 02, 2010 5:41 pm
Location: 127.0.0.1 | ::1
Contact:

Re: what the heck is this all about?

Post by Chrispcritters » Fri May 19, 2017 5:20 pm

Unfortunately Google no longer includes the sender's IP address in the email headers -- for privacy reasons.

There are a number of ways you can attempt to get the sender's IP address. See http://whatismyipaddress.com/get-ip

In this day and age I suggest that you act out of an abundance of caution in what information you share with this person and absolutely don't send them any money... Trust your gut.
Founder & CEO of WhatIsMyIPAddress.com.
You can follow me on Twitter and Facebook for some behind the scenes info.

Locked

Who is online

Users browsing this forum: No registered users and 2 guests