tracing an email from a yahoo account?

Discussion in 'OT Technology' started by burn__, Jul 7, 2008.

  1. burn__

    burn__ New Member

    Joined:
    Mar 21, 2006
    Messages:
    10,673
    Likes Received:
    0
    posted in the main forum but didnt get any views/help.

    company got a weird email today from who they suspect is a competitor thats been trying to fuck us over for awhile. i dont really give a shit but they asked if there was a way to trace the email back to an IP or something. i have the header information but it was sent from a fake yahoo account. dont know if the header information kicks out the IP from the computer it was sent from, or just the yahoo servers it was sent from :dunno:

    here is the header info

    Code:
       Return-Path: <[email protected]>
      Delivery-Date: Mon, 07 Jul 2008 14:08:23 -0400
      Received: from mxw02.daemonmail.net (mxw02.daemonmail.net [216.104.161.12])
                  by mx.perfora.net (node=mxus1) with ESMTP (Nemesis)
                  id 0MKoXI-1KFv8L3cRV-0004BA for [EMAIL="[email protected]"][email protected][/EMAIL]; Mon, 07 Jul 2008 14:08:23 -0400
      Received: from localhost (localhost [127.0.0.1])
                  by mxw02.daemonmail.net (Postfix) with ESMTP id 7AB41619F1F
                  for <[email protected]>; Mon,  7 Jul 2008 11:08:16 -0700 (PDT)
      X-Virus-Scanned: Debian amavisd-new at mxw02.daemonmail.net
      X-Spam-Score: -2.598
      X-Spam-Level: 
      X-Spam-Status: No, score=-2.598 tagged_above=-20 required=10
                  tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001]
      Received: from mxw02.daemonmail.net ([127.0.0.1])
                  by localhost (mxw02.daemonmail.net.daemonmail.net [127.0.0.1]) (amavisd-new, port 10024)
                  with ESMTP id E6IU4-Ek+G1p for <[email protected]>;
                  Mon,  7 Jul 2008 11:08:14 -0700 (PDT)
      Received: from n5a.bullet.mail.ac4.yahoo.com (n5a.bullet.mail.ac4.yahoo.com [76.13.13.68])
                  by mxw02.daemonmail.net (Postfix) with SMTP id 03A2B619E23
                  for <[email protected]>; Mon,  7 Jul 2008 11:08:08 -0700 (PDT)
      Received: from [76.13.13.26] by n5.bullet.mail.ac4.yahoo.com with NNFMP; 07 Jul 2008 10:01:32 -0000
      Received: from [76.13.10.166] by t3.bullet.mail.ac4.yahoo.com with NNFMP; 07 Jul 2008 18:08:09 -0000
      Received: from [127.0.0.1] by omp107.mail.ac4.yahoo.com with NNFMP; 07 Jul 2008 18:08:09 -0000
      X-Yahoo-Newman-Property: ymail-3
      X-Yahoo-Newman-Id: [EMAIL="[email protected]"][email protected][/EMAIL]
      Received: (qmail 54238 invoked by uid 60001); 7 Jul 2008 18:08:08 -0000
      DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=s1024; d=yahoo.com;
        h=Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type:Message-ID;
        b=vorjaBJb6B2QcyDnAbn2M0sFUmq20Td9lGzjSjEVVAouPt4CS8lfMI4lNdbEvi2Puf+XwlNJArqwxvrc7rj3ceOHVH5TLBiD4zsmTpMSkBYToBiQSfPyJkfl5Cf8T2qGel38pz+HpJtyHFTHoPZdLqkJgaMC5PSguIc9Qx7l6Y8=;
      Received: from [24.251.157.171] by web59606.mail.ac4.yahoo.com via HTTP; Mon, 07 Jul 2008 11:08:08 PDT
      X-Mailer: YahooMailRC/1042.33 YahooMailWebService/0.7.199
      Date: Mon, 7 Jul 2008 11:08:08 -0700 (PDT)
      From: Kevork Diaz <[email protected]>
      Subject: Hello Abe
      To: [EMAIL="[email protected]"][email protected][/EMAIL]
      MIME-Version: 1.0
      Content-Type: multipart/alternative; boundary="0-515463560-1215454088=:52539"
      Message-ID: <[email protected]>
      Envelope-To: [EMAIL="[email protected]"][email protected][/EMAIL]
    
     
  2. burn__

    burn__ New Member

    Joined:
    Mar 21, 2006
    Messages:
    10,673
    Likes Received:
    0
    whelp, did a few tests and compared headers. turns out this is the IP address for the computer it was coming from in case someone else has this problem in the future

    Code:
    Received: from [[B]24.251.157.171[/B]] by web59606.mail.ac4.yahoo.com via HTTP; Mon, 07 Jul 2008 11:08:08 PDT
    
     
  3. trouphaz

    trouphaz New Member

    Joined:
    Sep 22, 2003
    Messages:
    2,666
    Likes Received:
    0
    Wirelessly posted via wap.offtopic.com (Mozilla/2.0 (compatible; MSIE 3.02; Windows CE; PPC; 240x320) BlackBerry8703e/4.1.0 Profile/MIDP-2.0 Configuration/CLDC-1.1 VendorID/105)

    Wow, nice. So, from that are you able to see where it came from? Like, is it registered to a particular ISP or something? I wonder if you can do anything knowing where it came from.
     
  4. burn__

    burn__ New Member

    Joined:
    Mar 21, 2006
    Messages:
    10,673
    Likes Received:
    0
    i went to http://www.ipaddresslocation.org/ip-address-location.php to get the location of where the IP is coming from. of the 2 possible people this email could have been sent from (the way the email address name is, its a narrow number of people) they both live on opposite sides of the city. got the approx location for the IP, so now we know who did it :bigthumb:
     
  5. burn__

    burn__ New Member

    Joined:
    Mar 21, 2006
    Messages:
    10,673
    Likes Received:
    0
    now i know how the OT e-detectives must feel. :mamoru:
     
  6. dorkultra

    dorkultra OT's resident crohns dude OT Supporter

    Joined:
    Oct 14, 2005
    Messages:
    22,743
    Likes Received:
    27
    Location:
    yinzer / nilbog, trollhio
    lol, it says i live in beachwood. that is about a 40 minute drive from here. i would have thought that it would find the first hop station up the street instead...
     
  7. burn__

    burn__ New Member

    Joined:
    Mar 21, 2006
    Messages:
    10,673
    Likes Received:
    0
    i used another when i was at work (cant find the link) but it pinpointed his exact address. pulled it up on google maps and it matches the photos he showed us awhile ago of his house. my IP at work though shows me as being in North Dakota...no idea why though.
     

Share This Page