Finding the Email from an IP?

You opened an e-mail and BAM you were hacked? Wow you must be a HVT, never seen that on ‘public level’.
I assume it wasn’t the e-mail itself, but there were links inside, probably a download involved.
You fell for that and you think you can handle a revenge? You’d be better off learning the basics first, but you wan also get your ass beaten or wait to see what the rest of the people here say.

It can be the e-mail itself, if you have bad client. But I agree, don’t play with fire; you are clearly not a fireman.

If it’s serious, contact the authorities.

Yes it was a link, but i wrongly assumed it was from my brother.

I never intended it to be revenge, but he hacked most of my family members. I meant for this to be a learning curve for me, and i want to just… I don’t know I want to feel better about myself, more secure. And I have been on this site for a while and I have gone through some of the levels on here so…

Anyways I’m just looking for guidance because I know that a lot of people here are smart and helpful. I’m not trying to get myself into trouble, I’m trying to use the situation to my advantage.

Thank you for understanding….

Next time you open an e-mail which you think may be suspicious open it in a sandboxed web browser.

Well you certainly can learn from it. Now you know: don’t open links that weren’t requested (or use common sense).
Personally I don’t think you’ll find whoever it was by yourself, so as dloser said: assess the situation and act accordingly. (btw @dloser if you could hint on what providers offer such crappy service as to be vulnerable to basic ‘in body’ attacks if would be appreciated, it’s an interesting topic)
The levels on HackThis have (almost) nothing to do with a real life ‘hacking someone’ (if you allow for the abuse of language) situation where time is key and there can be quite a lot at risk involved.

So if you really want to make the most out of it: find compilations of attack vectors and learn how to identify some of them. You can never identify ‘any’ attack so you have to learn how to trust your gut sometimes, and use common sense. No antivirus, no detection system will save you from all of the things out there, but your common sense can.

Always remember at least these 2 rules (there are many more but if I had to choose only 2, they would be these):

[list=1]
[] Always have an escape plan. (E.g. if you fall for an attack know how to stop it or prevent it from escalating - sometimes this could be as simple as ‘have backups so that you can nuke your hard drive or whatever you use if necessary’).
[] Trust no one. (If you don’t know why someone is providing a link, ask. Leave the ‘valuable things’ far away from the rest of them, learn to compartmentalise)
[/list]

Thank you for the advice.

I’m not - particularly - going into deep waters as you think I am. I understand risks and know even a simple phishing attack like that is too big for me track.

I just am curious. What can possibly be done with the information I have gathered? Turns out they have an uh…domain. Which leads me to think both the domain is dangerous and i shan’t click the only link on that page, and that there’s possibly a proxy or service masking the IP. Again, I’m sorry if I unbeknownst to myself have said something foolish or asked of something too big for me, but I really want to learn.

Nah being curious it’s fine.
Where did you get the IP from, e-mail headers? If that’s the case - probably not the original way unless they’re retarded.
I also have doubts about the ‘bounces about 11 places and ends up in South America", sounds as 'crappy crap I don’t believe’ as the GUIs in Skyfall. If they used proxies I assume they’re not as retarded as to use transparent proxies.
Probably your best ‘suicide’ bet if you don’t want to do things right and contact LE would be to reply to the mails they sent, or whatever medium is still compromised, acting as if you didn’t realise they’re attackers, and prepare a SE attack. Attacker posing as victim. Provide (fake) info and lure them into your territory.

But that’s quite complex, and definitely not recommended unless you know what you’re doing and are ‘legally’ allowed to do so.

I understand. Like I said, you make my choice of words make me think differently.

Anyways, I obtained the IP by viewing it’s source code from where it was sent, and I looked at the last “received: from” code. Also I was misguided as this result came to me when I was rather tired. I read “11” and assumed wrongly. Realistically, this is what i see.

http://gyazo.com/f287a51304019fecbf8ce37f0199b9fc

Just to make things clear I am not going after this guy, nor am I trying to do anything stupid. I’m just…I don’t know. Thing is you say i shouldn’t do anything you’re assuming I want to do unless I know what I’m doing…and more than anything I want to know what I’m doing.

Anyways, the numbers confused me. I’m not looking for “vengeance”. What they did was only inconvenient. It’s just…I’m trying to explore, but I know venturing outside the campsite can be dangerous, and it’s why I’m asking for your guidance.

The whole ‘bounces’ thing sounds to me like somebody ran traceroute. ;)

As for the ‘providers’, I wasn’t talking about anything specific and certainly nothing web based, but I believe Outlook has had some issues.

Dude: don’t get me wrong. I’m just a guy writing on a forum, this is a free world. Just posting my opinion and there are many others, you can choose which one to follow or not to follow any at all. :)
That part of the ‘source code’ of the email is the header.

Thanks dloser, I was thinking web. ;) I try to stay away from ‘software’ clients.

“I read "11” and assumed wrongly.“ Where did you read 11, what website is the screenshot from? Looks rather odd for a traceroute since there’s only 2 nodes (I wouldn’t assume that 11 means the number of hops).

I took the screenshot off of this site http://www.yougetsignal.com/tools/visual-tracert/
I ran the IP address i found and it connected those two nodes. I’ve used multiple sites to help me identify the location and most of them including this one has pointed straight at some place in Argentina. Truth be told one took me to Turkey but, I feel that may have been irrelevant.

And yes, I was tired, and assumed the 11 meant the number of hops just to clear things up.

Thank you.

Unless the person isn’t that bright, the IP is pretty useless. The location you get is just a rough estimate, but doesn’t have to mean anything either.

Edit: and the trace is completely useless.

Ok. Thank you. From they’re style of writing, I honestly believe they may not have been bright, but they could have fooled me.

This was the exact message
“Hogwarts had given him a lot of holiday work One of the essays a particularly nasty one about

i have sent you a skype message"

Then they had a link that said “click here to review your messages”
It was so stupid it worked.

Anyways I just thought the context may have been helpful.