Getting IP Address
-
Paul Carmel
- Posts: 3836
- Joined: Tue Dec 07, 2004 12:25 pm
- Location: Palma Mallorca & Greece
- Contact:
-
Paul Carmel
- Posts: 3836
- Joined: Tue Dec 07, 2004 12:25 pm
- Location: Palma Mallorca & Greece
- Contact:
Bugger,
I don't use Outlook so some one else might be more helpful,
Basically what you are looking for is a set of numbers like the following 65.54.246.81 these it will be in square brackets at the end of a line saying "Received: from" you then copy and past the number and run it though a IP Locater like the one on the link below.
To find the number you should be looking for a command saying show original or something along those lines.
http://www.ip2location.com/free.asp
Sorry I could not have been more helpful.
I don't use Outlook so some one else might be more helpful,
Basically what you are looking for is a set of numbers like the following 65.54.246.81 these it will be in square brackets at the end of a line saying "Received: from" you then copy and past the number and run it though a IP Locater like the one on the link below.
To find the number you should be looking for a command saying show original or something along those lines.
http://www.ip2location.com/free.asp
Sorry I could not have been more helpful.
Cheers
PC
PC
-
Alan Knighting
- Posts: 4120
- Joined: Mon Oct 18, 2004 7:26 am
- Location: Monflanquin, Lot-et-Garonne, France
Mario,
I don’t use Outlook Express I use Outlook; a similar name a different product, but both Microsoft.
In Outlook the way to find the IP address of the sender is to highlight the message and right click. From the drop-down menu take “options�. On the “options� box go down to “Internet Headers� and scroll through the text. There you will find the IP address of the sender.
Fluffy
I don’t use Outlook Express I use Outlook; a similar name a different product, but both Microsoft.
In Outlook the way to find the IP address of the sender is to highlight the message and right click. From the drop-down menu take “options�. On the “options� box go down to “Internet Headers� and scroll through the text. There you will find the IP address of the sender.
Fluffy
-
Paul Carmel
- Posts: 3836
- Joined: Tue Dec 07, 2004 12:25 pm
- Location: Palma Mallorca & Greece
- Contact:
I have nicked this from www.419eater.com use it!
Reading Email Headers
(a public service announcment from 419weasel, who would like to remind you to "bait safe")
Here is the answer to what is probably THE most asked question when it comes to baiting, "How can I find thier IP address?".
The answer is very simple. Since most scammers use Yahoo!, finding their IP address is fairly simple. First, we will look at a typical header from an email sent to my gmail account from a scammer using Yahoo!. (email addresses have been replaced with "xxxscammer@yahoo.com or xxxbaiter@gmail.com" to prevent box killing)
X-Gmail-Received: 3aea05e30c6ec9798d6c51537eaebadfa6d600fd
Delivered-To: xxxbaiter@gmail.com
Received: by 10.64.27.17 with SMTP id a17cs505121qba;
Fri, 8 Sep 2006 12:02:49 -0700 (PDT)
Received: by 10.70.29.7 with SMTP id c7mr737346wxc;
Fri, 08 Sep 2006 12:02:48 -0700 (PDT)
Return-Path: <xxxscammer@yahoo.com>
Received: from web57215.mail.re3.yahoo.com (web57215.mail.re3.yahoo.com [216.252.111.231])
by mx.gmail.com with SMTP id h40si3005666wxd.2006.09.08.12.02.47;
Fri, 08 Sep 2006 12:02:48 -0700 (PDT)
Received-SPF: pass (gmail.com: domain of xxxscammer@yahoo.com designates 216.252.111.231 as permitted sender)
DomainKey-Status: good (test mode)
Received: (qmail 92842 invoked by uid 60001); 8 Sep 2006 19:02:47 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.com;
h=Message-ID:Received:Date:From:Subject:To:In-Reply-To:MIME-
Version:Content-Type:Content-Transfer-Encoding;
b=FW475h+KQ0l5uOS0HzHoOAYdM5Z3
+htGaFFzrlKhR6BI0ezNCSaB/JfK8fGO
jlwwXSu5gm/kH4R3IpBPImhJLFUqoIfQeA
UdAIQq7nDjsipcFcdw/PdSocGWbe2
DLeSDLiva0hm+KVakxSeSITHHENjF06k4IsndnXsrsqICyXg= ;
Message-ID: <20060908190247.92840.qmail@web57215.mail.re3.yahoo.com>
Received: from [209.159.166.122] by web57215.mail.re3.yahoo.com via HTTP; Fri, 08 Sep 2006 12:02:47 PDT
Date: Fri, 8 Sep 2006 12:02:47 -0700 (PDT)
From: XXX Scammer <xxxscammer@yahoo.com>
Subject: MY IP ADDRESS IS NAKED AS A NEWBORN BABY!
To: XXX Baiter <xxxbaiter@gmail.com>
In-Reply-To: <1a7adfd70609070650y227ac44al796b19033acbcc30@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-1932846235-1157742167=:91815"
Content-Transfer-Encoding: 8bit
--0-1932846235-1157742167=:91815
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
When reading a header to find the IP address, start from the bottom and work your way up. The sender's IP address is usually the first one from the bottom, sometimes the second. In the case of this header, the sender's IP address is 209.159.166.122.
Now that we have the scammer's IP address, let's see where he is. Copy that IP address and go to http://www.dnsstuff.com . Choose an option that fits your IP (or domain name) tracing needs, paste it in the field and click the button. This will usually show you who OWNS the IP address block. If you are looking for a geographic location, try http://www.ip2location.com/free.asp ...
No IP address lookup is 100% accurate. In the case of this particular scammer, the IP address is located in Nigeria and his ISP is "Direct On PC". However, sometimes this can be deceiving. Alot of scammers use satellite internet providers, which will make them appear to be in Australia, Isreal, Utah and several other locations. Please remember, scammers can come from any country or any walk of life and are just as able to trace IP addresses, which is why it is VERY important to BAIT SAFE!
Reading Email Headers
(a public service announcment from 419weasel, who would like to remind you to "bait safe")
Here is the answer to what is probably THE most asked question when it comes to baiting, "How can I find thier IP address?".
The answer is very simple. Since most scammers use Yahoo!, finding their IP address is fairly simple. First, we will look at a typical header from an email sent to my gmail account from a scammer using Yahoo!. (email addresses have been replaced with "xxxscammer@yahoo.com or xxxbaiter@gmail.com" to prevent box killing)
X-Gmail-Received: 3aea05e30c6ec9798d6c51537eaebadfa6d600fd
Delivered-To: xxxbaiter@gmail.com
Received: by 10.64.27.17 with SMTP id a17cs505121qba;
Fri, 8 Sep 2006 12:02:49 -0700 (PDT)
Received: by 10.70.29.7 with SMTP id c7mr737346wxc;
Fri, 08 Sep 2006 12:02:48 -0700 (PDT)
Return-Path: <xxxscammer@yahoo.com>
Received: from web57215.mail.re3.yahoo.com (web57215.mail.re3.yahoo.com [216.252.111.231])
by mx.gmail.com with SMTP id h40si3005666wxd.2006.09.08.12.02.47;
Fri, 08 Sep 2006 12:02:48 -0700 (PDT)
Received-SPF: pass (gmail.com: domain of xxxscammer@yahoo.com designates 216.252.111.231 as permitted sender)
DomainKey-Status: good (test mode)
Received: (qmail 92842 invoked by uid 60001); 8 Sep 2006 19:02:47 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.com;
h=Message-ID:Received:Date:From:Subject:To:In-Reply-To:MIME-
Version:Content-Type:Content-Transfer-Encoding;
b=FW475h+KQ0l5uOS0HzHoOAYdM5Z3
+htGaFFzrlKhR6BI0ezNCSaB/JfK8fGO
jlwwXSu5gm/kH4R3IpBPImhJLFUqoIfQeA
UdAIQq7nDjsipcFcdw/PdSocGWbe2
DLeSDLiva0hm+KVakxSeSITHHENjF06k4IsndnXsrsqICyXg= ;
Message-ID: <20060908190247.92840.qmail@web57215.mail.re3.yahoo.com>
Received: from [209.159.166.122] by web57215.mail.re3.yahoo.com via HTTP; Fri, 08 Sep 2006 12:02:47 PDT
Date: Fri, 8 Sep 2006 12:02:47 -0700 (PDT)
From: XXX Scammer <xxxscammer@yahoo.com>
Subject: MY IP ADDRESS IS NAKED AS A NEWBORN BABY!
To: XXX Baiter <xxxbaiter@gmail.com>
In-Reply-To: <1a7adfd70609070650y227ac44al796b19033acbcc30@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-1932846235-1157742167=:91815"
Content-Transfer-Encoding: 8bit
--0-1932846235-1157742167=:91815
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
When reading a header to find the IP address, start from the bottom and work your way up. The sender's IP address is usually the first one from the bottom, sometimes the second. In the case of this header, the sender's IP address is 209.159.166.122.
Now that we have the scammer's IP address, let's see where he is. Copy that IP address and go to http://www.dnsstuff.com . Choose an option that fits your IP (or domain name) tracing needs, paste it in the field and click the button. This will usually show you who OWNS the IP address block. If you are looking for a geographic location, try http://www.ip2location.com/free.asp ...
No IP address lookup is 100% accurate. In the case of this particular scammer, the IP address is located in Nigeria and his ISP is "Direct On PC". However, sometimes this can be deceiving. Alot of scammers use satellite internet providers, which will make them appear to be in Australia, Isreal, Utah and several other locations. Please remember, scammers can come from any country or any walk of life and are just as able to trace IP addresses, which is why it is VERY important to BAIT SAFE!
Cheers
PC
PC