Email Tracking - By IP
- by disasm
I am trying to track an Email I received to see where it originated from (harmful scam Email).
Here is the full header:
Received-SPF: pass (domain of aol.com designates 205.188.109.203 as permitted sender)
ZSwgeW91ciBpbmZvcm1hdGlvbiBoYXMgYmVlbiBhY2NlcHRlZCBhbmQgYXBw
cm92ZWQgYnkgb3VyIFJlY3J1aXRpbmcgRGVwYXJ0bWVudC4gWU9VUiBGSVJT
VCBBU1NJR05NRU5UIERFVEFJTFMuIFdlc3Rlcm4gVW5pb24gTW9uZXkgVHJh
bnNmZXIgaGFkIHJlcG9ydHMgYWJvdXQgbGFwc2VzIGluIHRoZSBzZXJ2aWNl
cyBvZiBzb21lIG9mIHRoZWlyIG91dGxldHMgYW5kIHNvbWUgbwEwAQEBAQN0
ZXh0L3BsYWluAwMwAgN0ZXh0L2h0bWwDAzIx
X-YMailISG: HeDj35sWLDvNbQaO2B72kIm7hhiubE2qUysyBFo2m3GE4wsk
FOs6uaYWwBVUBbL_ubGEs5Gitm1b86QFPuQYdS3g5s2f_uY3dyHhXh7DcBIB
Ad4mJBzeRozs5.0s6vbqhsIEYlaKI4EDrsocJEbDbTUiUq2UyxZ7Ery8Iqow
_sBVN0msHJvcI09KwmaXUteV_qCL7qFlj7WNSmdMM.wVUm3pyiWzw1VUZlyD
nwoEzdEImQdwmJqoTM1YE8XU6BE8IkmUkh1Z8XkfLtHqmAsPi1_.Msbi8ubk
QD71BcTABjb7ixELg5NfomsyZKVN.9G.TnuISlX5umByjS701ITyQ2PUYXai
hoVCWg37bKWNR9MAWdogUK8PIV3MWPv5gdglNAKuPdS5Z7.01J39UGyH7R60
aIiIWdAsQ7_3VQBgIi9Seg2YM2j1U5g9QtdcJxBe0.1oigmj7G2sC9.YXNGX
3abQ1EcWVlJLuSuBbQ4Flpbe_Y3_ssz8nZIK2YjKy0U8WWe77vfnxdEBsknf
w2OA_PAzHtuAAuxETnAOU_MeMIssgRAtihKC_26Au1LnKYCGPGADFBLaLNHF
30itI.kBvUjdvUfqV11dnGe50kFVzBGDMJFm8mXvb5WtIKq6qU1ZZmUroCew
EgXjVZ.JKbux2KQmHh2zZbIJO3nOmLGkzuRczYiWCUNBDtmUZE6imuIQ4P6S
RjusSbMITf2fIL_xe.qFCnW563sOdc4u.uXLDx.lq30740l8lWkkLX6KaDMF
k9TY0VQKsMynqa4vXKpkTVNdukAcGd0p2i3newxY4q_9eZLn9czsJimfpKNW
SX1bqjs0iCQHb4FTydf1Zpa2b.6lIhdjVlIM8tiWhfGhlUeM267T3njEM6nz
0vxyjparR_G_s0VnIVhSeLw2F5KpAL226w2yA.WBcqoG2ROSa7fK.0ZYwy36
Qcmk8C.HKj8Fng1qFLtEfaI4F66rCEJi7h1d6EK0Jk4a_TJnBBub1VQVoU.s
SJ2ehs8aDjDqJw27_Ia4vYekKhIU8Oak0vYSmMXhZ5IvJfGfOHYVy4ebkoQf
IDE3lSfex1nHZqcMqq0agPOZUOdznSIGJVx4T8m6MGwrEouvL.grhT6KUJQ5
g8UX6DVTgj.8lHuTyOzj3A3NRwDFs2JqicprOMJRS4UWYX8eQ1y4j.4ora36
LnWYm7k1n6X0lDBW5ZdZlsLy7.0al0G1uCIAZwBNo7FnHr6q2mQNwgFaPkNO
FOiykqFHu0khLO_cZw87MpDslZO_3lFbJGlnchSs81hkESSQsldUxqdNkIV.
yWsS58p1uuwVNksp4NB.QW41wfBtY5FU.Q80g8KiOZIz0daou3GlzoahcHoQ
GPgSa86GKtSo.ew2xEUKk6c.ffAT9RjqNh5fzyhBdzEYURxJBYgMlL5DQp2G
yYIGhlIS5h9JzPFVkk2XhBoY2NgEAAfJfAfqKoMNNKIW.bEwbgNa9xtSzHNg
YdmDfOSkYkAGZDqwa.uONguq5.jqtnWDnx3GDyuoVg--
X-Originating-IP: [205.188.109.203]
Authentication-Results: mta1343.mail.bf1.yahoo.com from=aol.com; domainkeys=neutral (no sig); from=mx.aol.com; dkim=pass (ok)
Received: from 127.0.0.1 (EHLO omr-d06.mx.aol.com) (205.188.109.203)
by mta1343.mail.bf1.yahoo.com with SMTP; Fri, 18 Oct 2013 10:11:15 -0700
Received: from mtaomg-da05.r1000.mx.aol.com (mtaomg-da05.r1000.mx.aol.com [172.29.51.141])
by omr-d06.mx.aol.com (Outbound Mail Relay) with ESMTP id ACFAD7012DFB4
for <.confidential.; Fri, 18 Oct 2013 13:11:15 -0400 (EDT)
Received: from core-mfb002c.r1000.mail.aol.com (core-mfb002.r1000.mail.aol.com [172.29.47.199])
by mtaomg-da05.r1000.mx.aol.com (OMAG/Core Interface) with ESMTP id 2ADB6E000089
for <.confidential.; Fri, 18 Oct 2013 13:11:15 -0400 (EDT)
References: <[email protected] <[email protected] <[email protected]
To: .confidential.
Subject:.confidential.
In-Reply-To: <[email protected]
X-MB-Message-Source: WebUI
MIME-Version: 1.0
From: .confidential.
X-MB-Message-Type: User
Content-Type: multipart/alternative;
boundary="--------MB_8D09A3C2FD3105D_1338_33A66_webmail-d257.sysops.aol.com"
X-Mailer: AOL Webmail 38109-STANDARD
Received: from 66.199.226.81 by webmail-d257.sysops.aol.com (205.188.17.42) with HTTP (WebMailUI); Fri, 18 Oct 2013 13:11:15 -0400
Message-Id: <[email protected]
X-Originating-IP: [66.199.226.81]
Date: Fri, 18 Oct 2013 13:11:15 -0400 (EDT)
x-aol-global-disposition: G
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mx.aol.com;
s=20121107; t=1382116275;
bh=9TXLF90L8beaMnjNzoKDwcv3Eq06jiZGN40YTBw2YOI=;
h=From:To:Subject:Message-Id:Date:MIME-Version:Content-Type;
b=xHVjoH5AccrOpPZoZZW+b41uJ7nzHDrryGsO6WzvtBOFGWX3xJMO3RB1ILFlJAsF6
P9olk8Gz6LDydX9SOZ4w/yPI8y8eU6z1AauwOPxw9F1lu82goIGwK3jIcvOv72koB5
Izq9By7L6PESEmmJ5nFc4ko9vH2CBMcJKPV95HTg=
x-aol-sid: 3039ac1d338d52616bb37d53
Content-Length: 26445
The Email was from the aol domain, so I understand the IP of aol. My question is, looking at 66.199.226.81 , would it be safe to say that the Email originated from "Access Integrated Technologies"?
Thanks for any help!
