Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Question

Backtracing IP of fraudulent email

Dec 23, 2014 2:51AM PST

Hi all,

This is a bit of a weird one.

a while back (about a year ago) i stupidly opened an email link from an untrused source.
Since then my contacts have been receiving emails with links for sales websites. I deleted my contacts list as thought the email account kept getting hacked (also changed PW a number of times)

A friend of mine notified me the other day he got another email so they must have a saved list of my old contacts.

I did a backtrace on the IP on an email and it routed from Vietnam. I think i found the ISP for the sender but im not sure where to go from there to get these emails to stop. ill post the details below:


This is the headers:

x-store-info:4r51+eLowCe79NzwdU2kR3P+ctWZsO+J
Authentication-Results: hotmail.com; spf=pass (sender IP is 184.173.23.61) smtp.mailfrom=colin@colinmetcalfephotography.co.uk; dkim=none header.d=colinmetcalfephotography.co.uk; x-hmca=pass header.id=colin@colinmetcalfephotography.co.uk
X-SID-PRA: colin@colinmetcalfephotography.co.uk
X-AUTH-Result: PASS
X-SID-Result: PASS
X-Message-Status: n:n
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtHRD0yO1NDTD02
X-Message-Info: 11chDOWqoTlk8uSsQa0bvg5IreBZzQoq0SmPJzw6PwlmDWCdNkvN0D9cqMiBWH4V9Pna1VVOb8Hvfz0kFYbPCi+0ywzs9wVb2VKJq46MiEDu9j0p0P/mzlqHBP1EG8ygj+2hWVMjpCTPb5wSZS5kiHOnNMd66Xr9NiY4s9+nDbr1IeLL5wqkhX9r7JzmQVtX3o4R3elFiifWFA1ETWhxi3mhaQnnkTS9
Received: from server.microlite5.com ([184.173.23.61]) by COL004-MC5F30.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.22751);
Sat, 13 Dec 2014 06:20:40 -0800
Received: (qmail 24191 invoked from network); 13 Dec 2014 14:13:58 +0000
Received: from softdnserror (HELO colinmetcalfephotography.co.uk) (42.112.104.177)
by janika.co.uk with SMTP; 13 Dec 2014 14:13:56 +0000
Message-ID: <f04bffeb25f8$f94ae62e$d9f6a5c8$@colinmetcalfephotography.co.uk>


Below is the information from the ISP after using tracert syntax via CMD
(information obtained by www.whatsmyip.com)

General IP Information

IP: 42.112.104.177
Decimal: 712009905
Hostname: 42.112.104.177
ISP: FPT Telecom Company
Organization: FPT Telecom Company
Services: None detected
Type: Broadband
Assignment: Static IP
Blacklist:
Geolocation Information


Any help would be greatly appreciated

Thanks

Paul

Discussion is locked

- Collapse -
Answer
Dead end really.
Dec 23, 2014 2:58AM PST

If you continue your research on tracing like this you eventually learn that SPOOFING the source is possible so even if you did trace it, the result is unreliable.

Best to delete bad email and move on.
Bob

- Collapse -
reply
Dec 23, 2014 6:47AM PST

The worst thing is, the emails keep coming through. Every 2-3 weeks an email will come through to all my old contacts and myself

- Collapse -
That's not what you asked about.
Dec 23, 2014 7:22AM PST
- Collapse -
google the ascii encoding
Dec 23, 2014 9:09AM PST