How JustAnswer Works:

  • Ask an Expert
    Experts are full of valuable knowledge and are ready to help with any question. Credentials confirmed by a Fortune 500 verification firm.
  • Get a Professional Answer
    Via email, text message, or notification as you wait on our site.
    Ask follow up questions if you need to.
  • 100% Satisfaction Guarantee
    Rate the answer you receive.

Ask Kamil Anwar Your Own Question

Kamil Anwar
Kamil Anwar, Computer Support Specialist
Category: Computer
Satisfied Customers: 4540
Experience:  8+ Years of Experience. / CCNA (S), CCNA (W), CCNA (RS), MCTS, MBCs.
69350257
Type Your Computer Question Here...
Kamil Anwar is online now
A new question is answered every 9 seconds

I received a disturbing email and i want to identify who

Customer Question

Hi i received a disturbing email and i want to identify who sent to to me.
the email was sent from
naomi marsh <*****@******.***
appreciate any help
Submitted: 1 year ago.
Category: Computer
Expert:  Kamil Anwar replied 1 year ago.
Hello & Welcome to JustAnswer.
Thank you for your question. I will do my best to assist you.
What does the e-mail says?
Optional Remote Connect Service - Quick Resolution
Would you like me to remotely connect to your computer and fix the issue - The remote service will be an additional service for $39 but will allow me direct access to work on your issue and fix it (while you watch on your screen). If you need remote service, reply with the words "i want remote"
If you do not need the remote service, then simply provide me the requested information above. If you need remote service reply me with the words "i want remote".
Thanks
Customer: replied 1 year ago.
Received: from iout3.hes.trendmicro.com (54.219.191.113) by
mail.solargain.com.au (192.168.1.3) with Microsoft SMTP Server (TLS) id
14.3.224.2; Tue, 2 Jun 2015 12:05:26 +0800
Received: from 209.85.212.176_outmta.starcloud.com (unknown [10.64.10.13]) by
iout3.hes.trendmicro.com (Postfix) with SMTP id(###) ###-####406C; Tue, 2 Jun
2015 04:05:24 +0000 (UTC)
Received: from mail-wi0-f176.google.com (unknown [209.85.212.176]) by
inpre6.hes.trendmicro.com (Postfix) with ESMTPS id A944415F2042; Tue, 2 Jun
2015 04:05:23 +0000 (UTC)
Received: by wizo1 with SMTP id o1so128518990wiz.1; Mon, 01 Jun 2015
21:05:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20120113;
h=mime-version:date:message-id:subject:from:to:cc:content-type;
bh=+FbK3nztzeDt1J3S/ZgVFjQTEL+Y4bC16ymRxfJUj18=;
b=ydBkydblnZLm7Yzwjm8hKPoMjUiYqkkQgnS9UkGrScNr5fAypP+vf4GiGeTn9RFCIp
pO9G/aT4a8CeQz+4VG4GAAUIiw4trA2QcSQbj03L7Qz4u9vXwOLj3H6+RypuAZaAuZUw
zOvlENud3/94UFDISQSPAAie4tiYKv7MhrtUNxmEDZRUrApCAL04gsQ7aRL2OAWFd+Fm
43Yq2wXe+MDa7TF5VcuH0rCDnW7NZ4GxHW4wlZ0ZI6Nw3Ze2nP82mrqGcfoadvvvsr4A
be8EIfUuDIDT4syznP/EQu3E/RU8i34hVLKHb8o98toNV6vrRHk5PjaXOTQcLPYWze1g
sJAQ==
MIME-Version: 1.0
X-Received: by 10.180.94.168 with SMTP id dd8mr26202482wib.76.1433217922238;
Mon, 01 Jun 2015 21:05:22 -0700 (PDT)
Received: by 10.194.164.195 with HTTP; Mon, 1 Jun 2015 21:05:22 -0700 (PDT)
Date: Mon, 1 Jun 2015 21:05:22 -0700
Message-ID:
Subject: Wayne
From: naomi marsh
To:
CC: ,
Content-Type: multipart/alternative; boundary="f46d04448167240cef0517810d47"
X-TMASE-Version: StarCloud-1.3-7.6.1031-21584.004
X-TMASE-Result: 10--0.442200-5.000000
X-TMASE-MatchedRID: S9LcgMMymGvhOvmWLR3/v1Pjo7D4SFg4vvkzqYJBDFbJk8Hku2juVY87
mD4MbtJB4vM1YF6AJbbVZ0g740lL+WJPnVWYCqr4avP8b9lJtWoneb0MAqO76e+q76TxV8VXNXI
/0oP4SY1a6Iw6byS1J5k+1jN4ScuLEgq/AFH4zpxj0r/llwteLpaEacjY4xFc5bDBmStn99IECq
l5Vs2cU7lyXg9bwpI3VSP5SSxfyDq+G/eFWat290CDPfco27/wAIb0x/YU37ftLNa67S2TYIm4t
Q18SacrhVuO77EAUXNyvInch1rX7ZRMZUCEHkRt
Return-Path:***@******.***
X-MS-Exchange-Organization-AuthSource: exchange.solargain.local
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Organization-PRD: gmail.com
X-MS-Exchange-Organization-SenderIdResult: SoftFail
Received-SPF: SoftFail (exchange.solargain.local: domain of transitioning
***@******.*** discourages use of 54.219.191.113 as permitted sender)
X-MS-Exchange-Organization-SCL: 0
X-MS-Exchange-Organization-PCL: 2
X-MS-Exchange-Organization-Antispam-Report: DV:3.3.14920.485;SID:SenderIDStatus SoftFail;OrigIP:54.219.191.113
Expert:  Kamil Anwar replied 1 year ago.
The source looks spammy. They are using a relay service to send out e-mails. So, we cannot trace the IP Address because it points to the relay server.
Customer: replied 1 year ago.
can you give me any information
Expert:  Kamil Anwar replied 1 year ago.
The source host name is "mail-wi0-f176.google.com" and the source IP address is 209.85.212.176. That is the only useful information in this header.
But if you can tell me what it says, i may be able to tell if it is a scam.
Customer: replied 1 year ago.
it is someone that works with me and they sent an email to my wife saying i had an affair with my secretary
so i am very keen to find out
what other information would you require to assist
Customer: replied 1 year ago.
i believe the ip address 209.85.212.176 as just google - i need more than that
Expert:  Kamil Anwar replied 1 year ago.
Give me a few minutes to see if i can find something else. We only have what the header has.
Expert:  Kamil Anwar replied 1 year ago.
Do you know anyone using trendmicro as email relayer or firewall?
Customer: replied 1 year ago.
no sorry
Expert:  Kamil Anwar replied 1 year ago.
There is nothing we can do with this header. Because it doesn't includes anything that can tell who/where the sender is. BUT with a little bit of engineering, you can log the IP Address of the sender, with the ip address, we will be able to get a bit closer but for that, you need to setup a page and code it, then make the user click the link to log the ip address.
Customer: replied 1 year ago.
do want a copy of the actual email?
will this help?
Expert:  Kamil Anwar replied 1 year ago.
You have already given me the entire header.
Customer: replied 1 year ago.
i really understand the technical side
but what happens if they dont use this email address again
Expert:  Kamil Anwar replied 1 year ago.
If the sender decides not to use the email again nothing can be done.
Customer: replied 1 year ago.
ok so there is no more you can do?i can tell you it got sent to my work email
in Perth Western Australia
Expert:  Kamil Anwar replied 1 year ago.
I can assist with setting up a site and logging ip address if the user clicks on the link in your e-mail. Other then that, nothing can be done unfortunately because the header doesn't contain the ip address of the sender.
Customer: replied 1 year ago.
ok so can you set up ?
Expert:  Kamil Anwar replied 1 year ago.
Yes, but you will have to buy hosting and a domain and if i do that setup then that will via an additional service.
Customer: replied 1 year ago.
ok how long does it take and whats the cost
Expert:  Kamil Anwar replied 1 year ago.
The cost for additional service will be $54.
The domain will cost between $5 to $14
The hosting will be less then $10 for a month
After which you can cancel the hosting, but the domain is minimum 1 year.
Customer: replied 1 year ago.
i will leave it for the time being
thanks very much for your assistance
Expert:  Kamil Anwar replied 1 year ago.
You're Welcome. Thank you for your patience.