This tutorial is well explained and makes a lot of sense of a lot of technical stuff that I wouldn't have otherwise understood. The commentary is also helpful in demonstrating how to evaluate the information you obtain and how to form an opinion about the authenticity of any e-mail you may receive. It's one I am going to have come back to and view a couple of times as there is a lot in it. Recommended.
Very informative. Subscribed and thanks! The dots in the trace route doesn't mean the route is dead, it just means it could be a firewall or a tunnel of some kind at that point.
just a follow up. if you owed money from anywhere you will be contacted and receive the money without any upfront charges. if they want a fee then they are scamming you. if it is to good to be true then it is. DON'T send any money if you do they will ask for more. the emails are scams, don't fall for the cute photo's of a young lady what needs help, all scams. i live in the UK and i got one who gave a address in the UK 2 miles where i live big mistake. don't be conned please. NEVER send money.
don't want to be a bore, all i am trying to do is to stop anyone getting ripped of by the low life who try and scam you. please be aware the chances you are owed millions of $ is greater than you winning the lottery. stay safe don't respond, unless like me to string the bastards on. if just one person reads this and takes heed and strings the low life on before telling him what you think. then my efforts are not in vain. stay safe everyone who reads this.
Hello, thanks for the video. I followed the procedure and it showed the email was sent from the States which I know very well its not true. Can you please help???
It depends on which service was used (some do not include IP addresses of the X-Originating IP) and if it was sent from a computer that was possibly compromised by a virus. If you want me to look at the headers please send them to netcladsecurity@netclad.com
Hi, i have excess to my wife's email. i need to know where she was when she was sending those emails. is that possible? All i know she was sending it with her Iphone hotmail.
Appreciate Video clip! Sorry for chiming in, I would love your initial thoughts. Have you thought about - Tarbbatigan Ascertain Email Tip (Sure I saw it on Google)? It is an awesome exclusive product for learning how to find out information about a person simply by knowing their email without the headache. Ive heard some unbelievable things about it and my close friend Aubrey got excellent results with it.
This video is really helpful instruction. Just wondering is there is a chance that someone can email from South Africa on yahoo, and the IP Address turns up in California? Or is that just impossible?
It is possible depending on the mail server sending the mail - if it does not retain the originating IP then it would be possible. I am not certain but I strongly suspect Yahoo retains this information and it would be applied consistently on all of their mail servers. There is another possibility, that is if someone in South Africa has remote access to another computer using something like Remote Desktop, SSH, Telnet, etc then the IP address retained would be the IP address of the machine they are sending the email from. It is not hard to do, however most people do not know how to cover their tracks in this manner. Anyone with a bit of computer skills (especially networking understanding) could. Hope this helps.
NetcladSecurity I'm not sure yet but the email from yahoo, says from California, but the person tells me they are writing from S Africa. I was also sent an SMS number, it seems to be a S Africa SMS number. I'm not familiar with this SMS. What is it? and is it possible to have a S. African number and be in California?
i don't know about having a S Africa number outside of S Africa, but I do know that with Google Voice numbers you can get a US number from virtually any area code, also with services like Vonage you can take a device anywhere in the world and have a number from somewhere else. According to this site it is possible. www.voipvoip.com/virtual-phone-number/south-africa.html
is this the same for all email services because i use hotmail and in the headers next to recieved, it shows the IP address of their email service, or mine, i don't know. anyway, is this old info or am i just doing something wrong?
i think, i don't know much about outlook but i think they told the hotmail team to hide the senders ip address for 'security'. personally, i think they blocked the IP so scamers buy more account info
It certainly appears that Microsoft disabled this feature for outlook.com. answers.microsoft.com/en-us/outlook_com/forum/osettings-oemailset/how-can-i-find-the-option-to-view-the-senders-ip/e92990ef-9b95-4890-88ad-3377455b95b3 I am not sure if they remove it or just omit it for the online version. One thing you could try (I don't have an outlook.com account) is to download your email in a local client like Outlook or Thunderbird. I suggest IMAP and leaving your messages on the server) and see if the senders ip address is available when downloaded. www.howto-outlook.com/howto/accountsettings.htm#outlookcom-imap
Thank you man. This is excellent information unfortunately it came late for me. I subscribed to your channel and gave you a thumbs up. Will be checking back with you.
+NetcladSecurity can you anlyse for me for this email abuser at my work place with this heeaderGmail one........................................................................................................................................................................... Return-Path: Delivered-To: pzarura@znfpc.org.zw Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.znfpc.org.zw (Postfix) with ESMTP id C9BD27E2477; Mon, 16 Mar 2015 14:21:54 +0200 (CAT) X-Virus-Scanned: by amavisd-new-2.10.1 (20141025) (Debian) at znfpc.org.zw X-Spam-Flag: NO X-Spam-Score: 3.384 X-Spam-Level: *** X-Spam-Status: No, score=3.384 required=5 tests=[BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DNS_FROM_AHBL_RHSBL=2.699, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, SUBJ_ALL_CAPS=1.506] autolearn=no autolearn_force=no Authentication-Results: mail.znfpc.org.zw (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.znfpc.org.zw ([127.0.0.1]) by localhost (mail.znfpc.org.zw [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7Xw5nF4vjhOE; Mon, 16 Mar 2015 14:21:49 +0200 (CAT) Received: from mail-wi0-f194.google.com (mail-wi0-f194.google.com [209.85.212.194]) by mail.znfpc.org.zw (Postfix) with ESMTPS id 3F0B07E2452; Mon, 16 Mar 2015 14:21:29 +0200 (CAT) Received: by wibbs8 with SMTP id bs8so5842598wib.0; Mon, 16 Mar 2015 05:21:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:cc:content-type; bh=S4P0uV3w7Bux4xurdhY/4/nw8DiErDjdssvUUItj9VY=; b=hcgQHajlDn3k08YIk2RHrfxbQ2YVrT8y6PSZxIr15E0yWGPjeHUtUerR+6UaY4dqCG wG7NI3cUxKgz53ruwcNd17WEbd6IdYttMs/JUoOEg8apdtwbjUecvrmcCj/5HEJ0Cfr2 kB1T4rmJHr553LtwS6yb3dHujKno+CWIll0t5X7Q/1JI3KCT8+iAQG33E0Lm1LIS/p/t vFUwXldlhZvbU28YxDhpspyFpOLMWPL194Bj2xbcfYc/TVeHabyqKkmTw8Y9svGijApy 4wg+q9aBDz7tJ5oEjA8AIxDg40c4TB5+GExCL2mbrS1G8PvBLkgufOrHqtF3b4bh1KnQ ScKg== MIME-Version: 1.0 X-Received: by 10.194.95.4 with SMTP id dg4mr65433604wjb.81.1426332376543; Sat, 14 Mar 2015 04:26:16 -0700 (PDT) Received: by 10.28.11.140 with HTTP; Sat, 14 Mar 2015 04:26:16 -0700 (PDT) Date: Sat, 14 Mar 2015 13:26:16 +0200
This tutorial is well explained and makes a lot of sense of a lot of technical stuff that I wouldn't have otherwise understood. The commentary is also helpful in demonstrating how to evaluate the information you obtain and how to form an opinion about the authenticity of any e-mail you may receive. It's one I am going to have come back to and view a couple of times as there is a lot in it. Recommended.
Very informative. Subscribed and thanks!
The dots in the trace route doesn't mean the route is dead, it just means it could be a firewall or a tunnel of some kind at that point.
That is correct.
And... glad you liked it!
You need the original email or the email headers from the original email.
What would be the next step to find out who the scammer is ? Please help
just a follow up. if you owed money from anywhere you will be contacted and receive the money without any upfront charges. if they want a fee then they are scamming you. if it is to good to be true then it is. DON'T send any money if you do they will ask for more. the emails are scams, don't fall for the cute photo's of a young lady what needs help, all scams. i live in the UK and i got one who gave a address in the UK 2 miles where i live big mistake. don't be conned please. NEVER send money.
system wide default typeface: "comic sans" lmao
+Theodore Yamada-Dessert Yup.. using a combination of Ubuntu and Sans now.
don't want to be a bore, all i am trying to do is to stop anyone getting ripped of by the low life who try and scam you. please be aware the chances you are owed millions of $ is greater than you winning the lottery. stay safe don't respond, unless like me to string the bastards on. if just one person reads this and takes heed and strings the low life on before telling him what you think. then my efforts are not in vain. stay safe everyone who reads this.
What is the address is blocked?
Hello, thanks for the video. I followed the procedure and it showed the email was sent from the States which I know very well its not true. Can you please help???
It depends on which service was used (some do not include IP addresses of the X-Originating IP) and if it was sent from a computer that was possibly compromised by a virus. If you want me to look at the headers please send them to netcladsecurity@netclad.com
Thank you for this very useful tutorial...
You are very welcome. Glad you found it useful!
Wow thanks man, I almost got scammed out of 20 Grand LOL
Hi, i have excess to my wife's email. i need to know where she was when she was sending those emails. is that possible? All i know she was sending it with her Iphone hotmail.
Appreciate Video clip! Sorry for chiming in, I would love your initial thoughts. Have you thought about - Tarbbatigan Ascertain Email Tip (Sure I saw it on Google)? It is an awesome exclusive product for learning how to find out information about a person simply by knowing their email without the headache. Ive heard some unbelievable things about it and my close friend Aubrey got excellent results with it.
I always get ip address from California for Yahoo. How can I find the actual location where the email came from? Thank you.
Hung Nguyen contact me , I offer the fastest and most reliable hacking and tracking services ... ivanarish1990 at gmail .com .
This video is really helpful instruction. Just wondering is there is a chance that someone can email from South Africa on yahoo, and the IP Address turns up in California? Or is that just impossible?
It is possible depending on the mail server sending the mail - if it does not retain the originating IP then it would be possible. I am not certain but I strongly suspect Yahoo retains this information and it would be applied consistently on all of their mail servers. There is another possibility, that is if someone in South Africa has remote access to another computer using something like Remote Desktop, SSH, Telnet, etc then the IP address retained would be the IP address of the machine they are sending the email from. It is not hard to do, however most people do not know how to cover their tracks in this manner. Anyone with a bit of computer skills (especially networking understanding) could. Hope this helps.
NetcladSecurity I'm not sure yet but the email from yahoo, says from California, but the person tells me they are writing from S Africa. I was also sent an SMS number, it seems to be a S Africa SMS number. I'm not familiar with this SMS. What is it? and is it possible to have a S. African number and be in California?
i don't know about having a S Africa number outside of S Africa, but I do know that with Google Voice numbers you can get a US number from virtually any area code, also with services like Vonage you can take a device anywhere in the world and have a number from somewhere else. According to this site it is possible.
www.voipvoip.com/virtual-phone-number/south-africa.html
is this the same for all email services because i use hotmail and in the headers next to recieved, it shows the IP address of their email service, or mine, i don't know. anyway, is this old info or am i just doing something wrong?
Do you mean outlook.com?
i think, i don't know much about outlook but i think they told the hotmail team to hide the senders ip address for 'security'. personally, i think they blocked the IP so scamers buy more account info
It certainly appears that Microsoft disabled this feature for outlook.com.
answers.microsoft.com/en-us/outlook_com/forum/osettings-oemailset/how-can-i-find-the-option-to-view-the-senders-ip/e92990ef-9b95-4890-88ad-3377455b95b3
I am not sure if they remove it or just omit it for the online version. One thing you could try (I don't have an outlook.com account) is to download your email in a local client like Outlook or Thunderbird. I suggest IMAP and leaving your messages on the server) and see if the senders ip address is available when downloaded.
www.howto-outlook.com/howto/accountsettings.htm#outlookcom-imap
Thank you man. This is excellent information unfortunately it came late for me. I subscribed to your channel and gave you a thumbs up. Will be checking back with you.
Thank you for the kind words George and glad to hear you have found at least some of the information I have provided helpful.
lol, how did you almost get scammed?
This Method Doesn't Work !
i got a reserved ip
wow great job
could you make a version that's quicker, just going direct to "how"??
John Bell I could and would be happy to, however I have very little time these days and do not expect to get to this request any time soon.
+NetcladSecurity can you anlyse for me for this email abuser at my work place with this heeaderGmail
one...........................................................................................................................................................................
Return-Path:
Delivered-To: pzarura@znfpc.org.zw
Received: from localhost (localhost.localdomain [127.0.0.1])
by mail.znfpc.org.zw (Postfix) with ESMTP id C9BD27E2477;
Mon, 16 Mar 2015 14:21:54 +0200 (CAT)
X-Virus-Scanned: by amavisd-new-2.10.1 (20141025) (Debian) at znfpc.org.zw
X-Spam-Flag: NO
X-Spam-Score: 3.384
X-Spam-Level: ***
X-Spam-Status: No, score=3.384 required=5 tests=[BAYES_40=-0.001,
DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1,
DNS_FROM_AHBL_RHSBL=2.699, FREEMAIL_FROM=0.001,
RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01,
RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001,
SUBJ_ALL_CAPS=1.506]
autolearn=no autolearn_force=no
Authentication-Results: mail.znfpc.org.zw
(amavisd-new);
dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.znfpc.org.zw
([127.0.0.1])
by localhost (mail.znfpc.org.zw [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 7Xw5nF4vjhOE; Mon, 16 Mar 2015
14:21:49 +0200 (CAT)
Received: from mail-wi0-f194.google.com
(mail-wi0-f194.google.com
[209.85.212.194])
by mail.znfpc.org.zw (Postfix) with ESMTPS id 3F0B07E2452;
Mon, 16 Mar 2015 14:21:29 +0200 (CAT)
Received: by wibbs8 with SMTP id bs8so5842598wib.0;
Mon, 16 Mar 2015 05:21:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com;
s=20120113;
h=mime-version:date:message-id:subject:from:to:cc:content-type;
bh=S4P0uV3w7Bux4xurdhY/4/nw8DiErDjdssvUUItj9VY=;
b=hcgQHajlDn3k08YIk2RHrfxbQ2YVrT8y6PSZxIr15E0yWGPjeHUtUerR+6UaY4dqCG
wG7NI3cUxKgz53ruwcNd17WEbd6IdYttMs/JUoOEg8apdtwbjUecvrmcCj/5HEJ0Cfr2
kB1T4rmJHr553LtwS6yb3dHujKno+CWIll0t5X7Q/1JI3KCT8+iAQG33E0Lm1LIS/p/t
vFUwXldlhZvbU28YxDhpspyFpOLMWPL194Bj2xbcfYc/TVeHabyqKkmTw8Y9svGijApy
4wg+q9aBDz7tJ5oEjA8AIxDg40c4TB5+GExCL2mbrS1G8PvBLkgufOrHqtF3b4bh1KnQ
ScKg==
MIME-Version: 1.0
X-Received: by 10.194.95.4 with SMTP id dg4mr65433604wjb.81.1426332376543;
Sat, 14 Mar 2015 04:26:16 -0700 (PDT)
Received: by 10.28.11.140 with HTTP; Sat, 14 Mar 2015 04:26:16 -0700 (PDT)
Date: Sat, 14 Mar 2015 13:26:16 +0200
wow great jobkhj
Go away!