Need help with tracing of email address

silverski · 25-06-2001 07:12PM #1

Hey everyone,

I had a friend that recieved some very distrubing emails from someone, I was wondering if anyone had any ideas in how to track the email address.....

Thanks a million in advance for your help.....

chernobyl · 25-06-2001 07:19PM

get the properties of the mail and you can get the send ip, maybe if it was sent recently you could do a tracert of the ip and get the a$$hole.

Britany Spears Looking incredible

Evil Phil · 26-06-2001 02:52PM

or you could mail the postmaster at the senders domain. It's usually one of the following:

postmaster@sender.com
admin@sender.com

maybe even:

abuse@sender.com

But trace the ip first. I've got a few people kicked of servers for spam (hehe) by that method.

[This message has been edited by Evil Phil (edited 26-06-2001).]

Hobbes · 26-06-2001 07:37PM

Post the mail headers. There is a actually a spam server (do a search on tech board) which will list out all the admin contacts based on the mail header informaton in an email.

silverski · 04-07-2001 02:38PM

The emails were sent using a hotmail account can any of these ideas work with this mail format.......

Thanks again for all your help

WhiteWashMan · 04-07-2001 02:42PM

<font face="Verdana, Arial" size="2">Originally posted by silverski:
The emails were sent using a hotmail account can any of these ideas work with this mail format.......

Thanks again for all your help

</font>

theres an option in hotmail that allows you to see the full header of a mail. goes on for about 3 pages, which is why its automatically turned of.
the info that needs to be sorted is probably in there

WhiteWashMan · 04-07-2001 02:44PM

on the other hand, it could only be 3 lines long!
like this

To: wwman@hotmail.com
Date: Wed, 04 Jul 2001 13:40:19 -0000
MIME-Version: 1.0
X-Originating-IP: [194.106.156.137]
Received: from 194.106.156.137 by lw7fd.law7.hotmail.msn.com with HTTP; Wed, 04 Jul 2001 13:40:19 GMT
View E-mail Message Source

MiCr0 · 04-07-2001 02:44PM

yep
post up the headers

MiCr0 · 04-07-2001 03:50PM

from ^^ we know

============================================
VisualRoute (tm) 5.2c report on 04-Jul-01 3:45:53 PM
============================================

Report for 194.106.156.137

Analysis: IP packets are being lost past network "iPcenta" at hop 7. There is insufficient cached
information to determine the next network at hop Connections to HTTP port 80 are being rejected.

---------------------------------------------
| Hop | %Loss | IP Address      | Node Name                             | Location          | Tzone  | ms | Graph      | Network                                   |
---------------------------------------------
| 0   |       | 192.168.101.239 | visualroute.visualware.co.uk          | -                 |        |    |            | (private use)                             |
| 1   |       | 192.168.101.254 | -                                     | ...               |        | 0  | x          | (private use)                             |
| 2   |       | 195.167.164.1   | -                                     | ?London, UK       |    0.0 | 0  | x          | Richmond Software                         |
| 3   |       | 195.167.252.170 | s2-4.access1uk.hep-lon-uk.ipcenta.net | ?(United Kingdom) |    0.0 | 0  | x          | UK-WEB-LONDON-980105                      |
| 4   |       | 195.167.255.1   | fe-0-0.core2uk.hep-lon-uk.ipcenta.net | ?London, UK       |    0.0 | 0  | x          | iPcenta                                   |
| 5   |       | 195.167.255.253 | f0-0-93.core5631.c7206.ipcenta.net    | ?(United Kingdom) |    0.0 | 0  | x          | UK-WEB-LONDON-980105                      |
| 6   |       | 195.167.176.125 | pos-7-3.core1.hep-lon-uk.ipcenta.net  | ?London, UK       |    0.0 | 1  | x-         | iPcenta                                   |
| 7   |       | 195.167.176.30  | fe-0-0.linx1.hep-lon-uk.ipcenta.net   | ?London, UK       |    0.0 | 14 | x--------- | iPcenta                                   |
| ... |       |                 |                                       |                   |        |    |            |                                           |
| ?   |       | 194.106.156.137 | -                                     | ?(Ireland)        |    0.0 |    |            | Computer Manufacturing, Sales and Support |
--------------------------------------------

and

inetnum: 194.106.156.128 - 194.106.156.191
netname: GATEWAY2000-NET
descr: Computer Manufacturing, Sales and Support
country: IE
admin-c: VS362-RIPE
tech-c: VS362-RIPE
status: ASSIGNED PA
notify: karenk@tinet.ie
mnt-by: RIPE-NCC-NONE-MNT
changed: karenk@tinet.ie 19971110
source: RIPE

[This message has been edited by MiCr0 (edited 04-07-2001).]

Trojan · 04-07-2001 06:10PM

<font face="Verdana, Arial" size="2">Originally posted by Hobbes:
Post the mail headers. There is a actually a spam server (do a search on tech board) which will list out all the admin contacts based on the mail header informaton in an email. </font>

Spamcop, http://www.spamcop.net/ , is great for tracking sh!t emails like this.

Hotmail may have added an "X-Originating-IP" line in the header: this, along with the date field (has time) will let you track it to a particular phone number or machine if you talk to their SP.

Al.

Need help with tracing of email address

Comments