I received an "official" looking email from the FBI today. It was sent from 10.100.25.20. The return-path was even and ic.fbi.gov address. The key was when you reviewed the reply-to path. It was a gmail account. See Headers here: Return-Path: <markgiuliano@ic.fbi.gov> Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2un0253.outbound.protection.outlook.com [65.55.169.253]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mtaiw-aaf02.mx.aol.com (Internet Inbound) with ESMTPS id 46F6370000661; Fri, 19 Feb 2016 09:15:48 -0500 (EST) Received: from CY1PR0601CA0018.namprd06.prod.outlook.com (10.160.162.28) by CY1PR0601MB1975.namprd06.prod.outlook.com (10.164.221.21) with Microsoft SMTP Server (TLS) id 15.1.409.15; Fri, 19 Feb 2016 13:58:47 +0000 Received: from BL2FFO11FD032.protection.gbl (2a01:111:f400:7c09::144) by CY1PR0601CA0018.outlook.office365.com (2a01:111:e400:4c00::28) with Microsoft SMTP Server (TLS) id 15.1.409.15 via Frontend Transport; Fri, 19 Feb 2016 13:58:47 +0000 Authentication-Results: spf=fail (sender IP is 216.129.93.100) smtp.mailfrom=ic.fbi.gov; aol.com; dkim=none (message not signed) header.d=none;aol.com; dmarc=fail action=none header.from=ic.fbi.gov; Received-SPF: Fail (protection.outlook.com: domain of ic.fbi.gov does not designate 216.129.93.100 as permitted sender) receiver=protection.outlook.com; client-ip=216.129.93.100; helo=CGYMAIL1.3esi.local; Received: from CGYMAIL1.3esi.local (216.129.93.100) by BL2FFO11FD032.mail.protection.outlook.com (10.173.160.73) with Microsoft SMTP Server (TLS) id 15.1.415.6 via Frontend Transport; Fri, 19 Feb 2016 13:58:45 +0000 Received: from InfinityPBX.3esi.local (10.100.25.20) by cgymail1.3esi.local (10.0.3.11) with Microsoft SMTP Server id 14.3.224.2; Fri, 19 Feb 2016 06:58:24 -0700 Received: from User (trixbox1.localdomain [127.0.0.1]) by InfinityPBX.3esi.local (Postfix) with SMTP id F16404448BEA; Fri, 19 Feb 2016 06:21:15 -0700 (MST) Reply-To: <markgiuliano704@gmail.com>
Please help us keep Internet safer and cleaner by leaving a descriptive comment about 10.100.25.20 IP address
- Hacked Gmail accounts
- WordPress Hacking Attempts
- SSH Hacking Attempts
- Why Can't I See The Exact Address?
DNSBL* - is a list of IP addresses published through the Internet Domain Name Service (DNS) either as a zone file that can be used by DNS server software, or as a live DNS zone that can be queried in real-time. DNSBLs are most often used to publish the addresses of computers or networks linked to spamming; most mail server software can be configured to reject or flag messages which have been sent from a site listed on one or more such lists.
WHOIS** - is a query/response protocol that is widely used for querying databases in order to determine the registrant or assignee of Internet resources, such as a domain name, an IP address block, or an autonomous system number. WHOIS lookups were traditionally performed with a command line interface application, and network administrators predominantly still use this method, but many simplified web-based tools exist. WHOIS services are typically communicated using the Transmission Control Protocol (TCP). Servers listen to requests on the well-known port number 43.
** Approximate Geographic Location - This is NOT the exact geographical location of the person/organization with the given IP address. However, this should still give you a good idea about the area/region where this person/orgranization is located.