Need Help

Post your questions about tracing the source IP address of an email here.
Locked
Volvoartictech
New Member
Posts: 2
Joined: Thu Apr 09, 2020 4:29 pm

Need Help

Post by Volvoartictech » Thu Apr 09, 2020 4:33 pm

Can this be tracked? Email trying to extor money for an account I dont have but ended up with my hotmail address and an older password I use to use, claims to have hacked my computer with a webcam, my computer doesnt have a webcam threating to release videos to my contact list and my facbook list, would love to catch up to him

Email header

Reported email headers:
Received: from CO1NAM11HT168.eop-nam11.prod.protection.outlook.com
(2603:10b6:903:12b::23) by CY4PR07MB3157.namprd07.prod.outlook.com with HTTPS
via CY4PR21CA0037.NAMPRD21.PROD.OUTLOOK.COM; Thu, 9 Apr 2020 21:42:28 +0000
ARC-Seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass;
b=ejkYwxz7HKkMHWOAU6tXWD11K5jqj9jfL2N4fbPrnn+AyUO/W6tU7NwHaAf5Pd1mntXwPkCF8o1lkynyV1Qbp0A942TG+5aiuuzTkok/R3D8JqAJo3cPDoDCnjDkxWXXa51TOSjELdl4/cISa8rgbDLHF/0S6UOi7Dk0JSmZO3Nf4SNQIhYDHB9gVCTRUg/Qt9qNmMhlaXYpG1HMOVSlEUU6Wj5mXau/1mAT6p3VMhaj6QVp/vwE4UnluLCX0EfW/w1vKhPbnPRgo6C43ItVyAjp8fXsKOgp0yXc2Z4F+oYWcbnm6/23bNPO469XLK9x9Fr/rsLR3bh6H8pxtjAxOg==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=xh+KBUiab/ZdNzH86Mok2fcMoN34lwUjMydErMa/SIQ=;
b=FeOzV9FBaYB047GmwE1geX3yonvo8NQpp2ihqbOwaPQuy/Rg5zmhBILq7FZU2Yn399LWKddn50b7NChYl4h+lj/nbE/W30un2tlcla7UkO8QhV79fV4YzlxDHFWJlEVcTtzul2RBzL6HJOjfbsXCHBT2gVT0Ern7USkDbAGZawwDiIVep3WCKjmVi3uJIEByyLVPnRAtwCe6p6ePExzHQ6Q5vzI8LCoB/RfQjJbPYnHrEpUw/HDDYYgxI3vitbY/oYrPxJc4f7g1kj0yybeU1qwbTFFM05pjJCoya5+61eXMG6YPNaqWRv2aZxCPz+nNQa/U1nQO9gdg03Kyzbv45g==
ARC-Authentication-Results: i=2; mx.microsoft.com 1; spf=pass (sender ip is
40.92.3.37) smtp.rcpttodomain=hotmail.com smtp.mailfrom=outlook.com;
dmarc=pass (p=none sp=quarantine pct=100) action=none
header.from=outlook.com; dkim=pass (signature was verified)
header.d=outlook.com; arc=pass (0 oda=0 ltdi=1)
Received: from CO1NAM11FT065.eop-nam11.prod.protection.outlook.com
(2a01:111:e400:3861::48) by
CO1NAM11HT168.eop-nam11.prod.protection.outlook.com (2a01:111:e400:3861::113)
with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2900.18; Thu, 9 Apr
2020 21:42:27 +0000
Authentication-Results: spf=pass (sender IP is 40.92.3.37)
smtp.mailfrom=outlook.com; hotmail.com; dkim=pass (signature was verified)
header.d=outlook.com;hotmail.com; dmarc=pass action=none
header.from=outlook.com;compauth=pass reason=100
Received-SPF: Pass (protection.outlook.com: domain of outlook.com designates
40.92.3.37 as permitted sender) receiver=protection.outlook.com;
client-ip=40.92.3.37; helo=NAM02-BL2-obe.outbound.protection.outlook.com;
Received: from NAM02-BL2-obe.outbound.protection.outlook.com (40.92.3.37) by
CO1NAM11FT065.mail.protection.outlook.com (10.13.174.62) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.2900.18 via Frontend Transport; Thu, 9 Apr 2020 21:42:27 +0000
X-IncomingTopHeaderMarker:
OriginalChecksum:A37107A56CFF19ED078260FC2C35AC37FCFAC6E64FE9A3F9A9825054110B8A31;UpperCasedChecksum:F2C23FF1E0998AA111D18724A6B40572AB8D67EE9346A60D924965AEA7A461AE;SizeAsReceived:5576;Count:41
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=YJmgC4uiKJJoJqnPTPG4inXj0EWDfy/wuksVBR73lS/vqzHBKwwp6EY7BY0sSPXHvXcM1TKL5xGg+B7O6OxAhl6I56xd5ceUB32vcKcVWBNAP9b/fnChfzBhhvAvVplBcQRxZ7i9jmx+DGpECkvDWisUoXhKy5/aaKCHL0BXH14XVkLAk4uhtJNEkpKt9J6xdH1Ra72Zy+gBtaTa2DqdC6PpI6giegbPOcz5v0zrkY3KzHIYBx55KCBWpCjmfcAU5QP2zjnJPHSCVEvKKRpSobAb2NLk0f8kd8JSMOZTPAFnMEqSb5Dngzf2NoCF7hi08xVbbD2Hq5sNql9Pg77hJw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=xh+KBUiab/ZdNzH86Mok2fcMoN34lwUjMydErMa/SIQ=;
b=A2cQXTnnW7xrviJVESujZ492Ab7pmRfSfPhk+31O0R7x/TeF5yWGOeEqDNJm+QMM6DbXPwA6fz1avMYFn9nIt9Zubw1j6EXJ+hI4sx5GPxBZP+mqrKxAeNEDRDPXHnYiZhe3ncIJ8oJpqMy23L9Dw3+kH9Mab+zTmyATYzjBlJnYob5UOsJbdHpw0pX2pfC9M7o5hNfuy4XKBl0C9M3cByaQjPMEwinZq69mP9GZtzbyQumN8n8GFDBhOww7ilc8m6F16hIa2zWLAb0YAa+wKyomvRR0Ulq4MrTAQzHpP/llXf+LcLdsZDukZOBPe9/pyTpm96fFlzZc7FnZCaGk6A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;
dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com;
s=selector1;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=xh+KBUiab/ZdNzH86Mok2fcMoN34lwUjMydErMa/SIQ=;
b=WODfp7Uv4osqpGddGqZ8khsGaF3myrnKXPvqEWRNkDnJEKfXcQBXkWGYfJe6mBKfPDlJ6Y3DF4bnc3wKOyTVt1ntRzXNP5P0tdI3llr86uhlf/vSJmU8LBAXFcBQs397YD+ZIcAgb5x6wrcEjKIFmXVlpA98dSZiG3VCCbICQWuXLIjvVLUDaAEM9YcKPKIdWEaQ8yz/WdvAOSy8lPND1SQVqx+0JGxTdRzEw8gO6fl2U0TMmqX2uoRh7cDbfOww+dF/xkaBQa+s3sfpCMgJS+IAkcKvQdONFBUqT6GaFNO552HGVv/vFs5wb6I0C2DKsmxre/734ugGjZI8S35f2A==
Received: from CY1NAM02FT014.eop-nam02.prod.protection.outlook.com
(10.152.74.57) by CY1NAM02HT205.eop-nam02.prod.protection.outlook.com
(10.152.75.238) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2900.15; Thu, 9 Apr
2020 21:42:26 +0000
Received: from BN6PR0101MB3042.prod.exchangelabs.com (2a01:111:e400:7e45::46)
by CY1NAM02FT014.mail.protection.outlook.com (2a01:111:e400:7e45::398) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2900.15 via Frontend
Transport; Thu, 9 Apr 2020 21:42:26 +0000
Received: from BN6PR0101MB3042.prod.exchangelabs.com
([fe80::64b7:ceb0:7aab:7b04]) by BN6PR0101MB3042.prod.exchangelabs.com
([fe80::64b7:ceb0:7aab:7b04%6]) with mapi id 15.20.2878.023; Thu, 9 Apr 2020
21:42:26 +0000

MESSAGE ID:
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-incomingtopheadermarker:
OriginalChecksum:B0B8F5555B92153C7BA332B4BEFDDB7A7E09D15C26ABC5A1BBBF19B3A88F7A8F;UpperCasedChecksum:AC2481DF7AF7362E735871FD3CD236E7758F2391675D95E3A4BDD6D2EAA880F0;SizeAsReceived:6795;Count:44
x-tmn: [CM1MlcTo0nu5r3WElLN8OpU+xs8gafZC]
x-ms-publictraffictype: Email
x-incomingheadercount: 44
x-eopattributedmessage: 1
X-MS-Office365-Filtering-Correlation-Id: c5a3c86a-ac2f-4204-b399-08d7dccee61f
x-ms-exchange-slblob-mailprops:
DJLbvgWm8MbvYnJdn03KPN23KbEXfWKmunDq1LQk5NYlM2LiaAUa4xIfHnqCtsxseKjuesqbmnI0uYjxg60NPwDsgRou4x6fgIMWM18+LtktjIOCB1XYGoCk7VRdh7wO752wmXzSwNnGZdyjy5p6yvB3Vfgri7jFdAeCqSNIt1CaatQ8PtX1gnfkBbpznmue7on/PcW3/YswBseWk7MH6RxEBjInuSF3eJcbrDRlTeJAjXPK8Jot0eeNyBWN1dIGCwvl1qIhwznOoLUg+4cAUoL/YI+YxPIcA7UHKF22h0KbpgYRbhH9B4AYdg/3CNTgEc9Cn6iKRmDNaEmk2mqWSBww05Wfhrio0/O7EMV+4fH2jNknBygUBLJvE+o2I5NwRdbxRu8UAIBoddPLTelg9HRX5am8yZRtEt3CFzeGmbbS3v4oSA97KGTe5ahaVVL0bWccFQK2N8DU65uL61mEaSCCnl3OdiZtHw2869HMv5etf/IWMplcCrt3Y59V2E9CiIWAD6AyAXiSpK6eV6S44b3i9k7+kGyvCnN7sA18aC36tgL9ElSGhUcJ5RPwluiH4BQ/Z5q/EieFgSwyREQKDvuBAXFPwek41657MyLt9/fAWgI8KLlIBG9+ac9DckH+OCD5m0FHYtkxB3IDyEAcxTm/SjMA2/ikm0fAkUfmhErwnXbwi4A6zgYz1dWYpm1oNItLfJQQgTfxaVhn7tV1Vg==
x-ms-traffictypediagnostic: CY1NAM02HT205:|CO1NAM11HT168:
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original:
Z2UXh9O8EGq9pzQ3sjU6/AgQSanNZ1Afe9uSw6W29j1iVyWK0xLcKVirAFbv9r1rT/hQ6GHEG4NH96P44nsoJtZ88LwVib+gvNPYkHs+VsYDsQu5qp4VtJ31i8zIYkazlsuz8Qn952Y8I0V7C4FxKYYspgfc08ArkhI4GEr0nlJkjPYWy7HmZ+FKMfYiij8P
X-Forefront-Antispam-Report-Untrusted:
CIP:255.255.255.255;CTRY:;LANG:en;SCL:0;SRV:;IPV:NLI;SFV:NSPM;H:BN6PR0101MB3042.prod.exchangelabs.com;PTR:;CAT:NONE;SFTY:;SFS:;DIR:OUT;SFP:1901;
x-ms-exchange-antispam-messagedata:
JR53gOB/GXg0OKliNWSIKk9FcXe69iRgmx1VEil4HG+iR3B3kuj6zRbVYQV1E3ZBMbWLleiFD0gv6AEtJ0CvphJIDot2KU+vJx4DUq3N20AaauT8j6Hn+JwVOGDS72sKmvCxwRWmL/oCrYvm23oS+A==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative;
boundary="_000_BN6PR0101MB3042F026EC5B04FBEF2DC82ADAC10BN6PR0101MB3042_"
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1NAM02HT205
X-IncomingHeaderCount: 41
Return-Path: [email protected]
X-MS-Exchange-Organization-ExpirationStartTime: 09 Apr 2020 21:42:27.8425
(UTC)
X-MS-Exchange-Organization-ExpirationStartTimeReason: OriginalSubmit
X-MS-Exchange-Organization-ExpirationInterval: 1:00:00:00.0000000
X-MS-Exchange-Organization-ExpirationIntervalReason: OriginalSubmit
X-MS-Exchange-Organization-Network-Message-Id:
c5a3c86a-ac2f-4204-b399-08d7dccee61f
X-EOPTenantAttributedMessage: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa:0
X-MS-Exchange-Organization-MessageDirectionality: Incoming
X-MS-Exchange-Transport-CrossTenantHeadersStripped:
CO1NAM11FT065.eop-nam11.prod.protection.outlook.com
X-MS-Exchange-Transport-CrossTenantHeadersPromoted:
CO1NAM11FT065.eop-nam11.prod.protection.outlook.com
X-Forefront-Antispam-Report:
CIP:40.92.3.37;CTRY:US;LANG:en;SCL:0;SRV:;IPV:NLI;SFV:NSPM;H:NAM02-BL2-obe.outbound.protection.outlook.com;PTR:mail-oln040092003037.outbound.protection.outlook.com;CAT:NONE;SFTY:;SFS:;DIR:INB;SFP:;
X-MS-Exchange-Organization-AuthSource:
CO1NAM11FT065.eop-nam11.prod.protection.outlook.com
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-UserLastLogonTime: 4/9/2020 9:38:56 PM
X-MS-Office365-Filtering-Correlation-Id-Prvs:
0387008e-7be7-4566-7ebc-08d7dccee562
X-MS-Exchange-EOPDirect: true
X-Sender-IP: 40.92.3.37
X-SID-PRA: [email protected]
X-SID-Result: PASS
X-MS-Exchange-Organization-SCL: 0
X-Microsoft-Antispam: BCL:0;
X-OriginatorOrg: outlook.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Apr 2020 21:42:27.5297
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: c5a3c86a-ac2f-4204-b399-08d7dccee61f
X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO1NAM11HT168
X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.6799521
X-MS-Exchange-Processed-By-BccFoldering: 15.20.2900.012
X-Message-Info:
5vMbyqxGkddhh69sIkKp9pLi3PfvO4Ny18wihVylw+AvD2k7YUfbGGOpito+b/HwzV0zoPdGVEkURYmbxRSgti6sfBkY4qdJ0JVxXbKGa/nYv8Y86/79dY7V3WFkp1HyCmIgTfQzeJxhDm0Yr3bE1g==
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MTtHRD0xO1NDTD0w
X-Microsoft-Antispam-Mailbox-Delivery:
abwl:0;wl:0;pcwl:0;kl:0;iwl:0;ijl:0;dwl:0;dkl:0;rwl:0;ucf:0;jmr:0;ex:0;auth:1;dest:I;ENG:(5062000262)(9000001)(9010001)(5061607266)(5061608174)(5061609075)(4900115)(8390131)(58390011)(98390011)(4920090)(4950130)(4990090);
X-Microsoft-Antispam-Message-Info:
+djpDKa45plnKnbZPF9K7crZMCegpVZtPg2ShAq0qjnGYaxHyxEbgeLDtRLEY4vghD3Fl03OTmrqul0J9TgE4XHVAq0yynJuC0oxrG6OJXRkSppN45QsxRSVEJGGAn8OR2kiXQrVKBGCdIWSaoQ8m5VWgUtJ1A8d0JpV9KKavHosLH4NgeGgL6atEEkQw3b5IVX1iyzgxJl2xb51xOxm40kXPO1IP0uJHt0CBrhN8xdaZ15w/qabDa35QDARk/sZBYH7FmrZ3YybhJq+aBNTQnWvLGlNtaBxS8ExyLYnQoU+MI//KKmi1H/CQtoUthgB8aVgsFxhYotitbIwmm1V+h3Kef8o/83MqFInEYeYirKfqp15nBMuR+iRp43t1Lo9g9Kvlr7WxDXrJVYubel5s5S1gStUiBthCUCAFPfER+wcDrkB6uksVzXUF/KPMtJh+UwoguSXJkO9DlmJ1k9TFCr4urDuJWik+cBp6/D2GaiKLH8WrdX19uuZv5TsfZxAIBIp61IvRuP2+kAtDQk1gbqY3eMltxvwZkw5yPit2vL8CNbhZFQyvHYkZjtYS8Oelirng44qUISy6o2zzCOqngr1ABQUMu+2EOGAyxAkBmrf9wNQy2dzBOFEwVhjJpHotH1rpMMX4IEwQsUqs8gZfwMafE27SORYv9C21ZpasTBxovphKZkZsogWUADIiQ0eq0xK9b2+y8hh97hWCKtLma7cfOS3EBgxNGcXI646+OGdVPgEs5mvWJFF2zhSmp8LLIo4o+flnXDgnk65XJekFqPQGQRGkyxBlSzWHw7Z9RGwrVUYGyFJT8sRSIZ7yNeAFt86lYLPdWubKMcI0n60uY2RzKvG0+DET+zmIBvJd8uA8jaw8wxfa85Bagau/Vo2

User avatar
Chrispcritters
Forum Administrator
Posts: 2535
Joined: Tue Mar 02, 2010 5:41 pm
Location: 127.0.0.1 | ::1
Contact:

Re: Need Help

Post by Chrispcritters » Thu Apr 09, 2020 5:17 pm

Unfortunately, no, Outlook does not include the sender's IP address in the headers.

This "sextortion scam" has been going around for almost two years.

Email addresses that have a password that has been exposed in data breach are being sent these scam emails...
Give me bitcoin or I'll release this embarrassing video. As "proof" that I have hacked your computer, here's your password...
You can check your email addresses at https://whatismyipaddress.com/breach-check
Founder & CEO of WhatIsMyIPAddress.com.
You can follow me on Twitter and Facebook for some behind the scenes info.

Volvoartictech
New Member
Posts: 2
Joined: Thu Apr 09, 2020 4:29 pm

Re: Need Help

Post by Volvoartictech » Thu Apr 09, 2020 8:23 pm

Its an old scam. Was just hoping to be able to trace something back. Went though and changed my passwords just in case, only 3 with that password in it and nothing vital. Thanks for checking it out.

User avatar
Chrispcritters
Forum Administrator
Posts: 2535
Joined: Tue Mar 02, 2010 5:41 pm
Location: 127.0.0.1 | ::1
Contact:

Re: Need Help

Post by Chrispcritters » Thu Apr 09, 2020 8:57 pm

You're welcome. Most likely sent via a compromised machine...
Founder & CEO of WhatIsMyIPAddress.com.
You can follow me on Twitter and Facebook for some behind the scenes info.

Locked

Who is online

Users browsing this forum: No registered users and 1 guest