Can someone tell me the original IP address
Someone has stolen my girl's account and is sending fake emails with bad links in them. I would like to find out original IP and where I should go from here. This will give me a reason to test my blooming hacking skills. Here is the header and let me know if there is anything else you need:
X-Vipre-Scanned: 00EEFCE9001ABF00EEFE36
Received: from cfw2.ipc.local (10.0.233.3) by ***** (*****)
with Microsoft SMTP Server (TLS) id 14.0.702.0; Wed, 8 Sep 2010 12:46:13
-0600
Received: from out13.sjc.mx.trendmicro.com (216.99.131.50) by
****** (********) with Microsoft SMTP Server (TLS) id
14.0.702.0; Wed, 8 Sep 2010 12:46:11 -0600
Received: from in13.sjc.mx.trendmicro.com (unknown [10.30.239.9]) by
out13.sjc.mx.trendmicro.com (Postfix) with ESMTP id EC911980468 for
<********>; Wed, 8 Sep 2010 18:47:04 +0000 (UTC)
Received: from n72.bullet.mail.sp1.yahoo.com (unknown [98.136.44.34]) by
in13.sjc.mx.trendmicro.com (Postfix) with SMTP id A92B0CAB029 for
<******>; Wed, 8 Sep 2010 18:47:04 +0000 (UTC)
Received: from [69.147.84.145] by n72.bullet.mail.sp1.yahoo.com with NNFMP; 08
Sep 2010 18:47:03 -0000
Received: from [69.147.84.34] by t8.bullet.mail.sp1.yahoo.com with NNFMP; 08
Sep 2010 18:47:03 -0000
Received: from [127.0.0.1] by omp210.mail.sp1.yahoo.com with NNFMP; 08 Sep
2010 18:47:03 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: [email protected]
Received: (qmail 92508 invoked by uid 60001); 8 Sep 2010 18:47:02 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1283971622; bh=VV4hkEfU/5GEOu3uIDxPK9+8nvBX/IuzCAfnoSbtjE4=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:To:MIME-Version:Content-Type; b=hR0OxhIozN5Om98Vb+0vqzcLnLTfB4q+HZW0Fij67aMMXi83N/1xtM/t59WY01fiBVrCm9pRjpxSoF7f2i0jIE/8hBxJvQDWZaJmuRIcixxtpRm6IfvI9XGTRq9cfpZChihp1b6tzdnSXo020B0FmDTHKU9J2rPnGtod09ASqUs=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.com;
h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:To:MIME-Version:Content-Type;
b=jy/hACVYF9X6ie7fboMmNcajcN45eeCEdNgGCBYtR1ULoMiwNJcxFBsoXb8zzL+sQZNGtuX7stK/2Rneg5WFTsnF8Uba4FDLwqdW8WiBLsM9XKjYfW6izLQEgg2vne+YfCOdQmYDm/inZf7KVkuaFRhViz6aEXVSj2G0ZIDcWG4=;
Message-ID: <[email protected]>
X-YMail-OSG: EB53S.sVM1nah.3E5t0R_JwnGbIMWy8wUjWd0RzUb8fE8J4
N_dopsFRLZ_31zivxh.GoqtNdAYDf7uP41NhA7TXFcEvvHWmb8r2Glx4Efw9
6p34mfL08IPWPXV1Ea6Y07q8yMwdPr62kasvB1HwCmsj1zVHTGqpsVI_cxwm
9PWHiFb3qxaRAZsy3SBptLrjnAuGHRUFIyaOcCOhbo8kIRhyEDhSRMMgnASI
UxNFjFECymoSbJlAZrhiXjTc74Z5AXVFr1b69zNo9VX9q4O8nnVtPYpZg7tI
YeoYAvj0qHxLN3VMfP7CGrlptV_Kl72J1h_6zx5ivtOC7lBKUTFW8vN__3z6
guIhE5l4eH3t4J30LH9QPfBWuvAFVJFgsYW.7RKQ-
Received: from [94.129.174.168] by web43411.mail.sp1.yahoo.com via HTTP; Wed,
08 Sep 2010 11:47:02 PDT
X-Mailer: YahooMailWebService/0.8.105.279950
Date: Wed, 8 Sep 2010 11:47:02 -0700
From: Caitlin Williams
To: ******
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Subject: Spam> spam>
X-TM-AS-Product-Ver: IMHS-1.0.0.1327-6.5.0.1024-17624.001
X-TM-AS-Result: Yes-26.2442-5.0-31-1
X-TM-AS-Result-Detail: Spam:Yes-Score:26.2442-Baseline:ModeratelyHigh-Other:Lowest
Return-Path: [email protected]
X-MS-Exchange-Organization-AuthSource: cfw2.ipc.local
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Organization-AVStamp-Mailbox: MSFTFF;1;0;0 0 0
X-MS-Exchange-Organization-SCL: 9
- Sorry I removed email addresses of the recipients. If someone could help me that would be great. The [email protected] is the hacked account.