It started with a routine check.
I was combing through some old email headers for practice, following IP hops to see where things led. Most of it was mundane. But then — an odd bounce. An IP geolocated to Naples, Italy, buried in a header from a user who supposedly never left Ontario.
I pulled at the thread. Who owns the IP block? Is it a VPN endpoint? A CDN? Something else?
My search turned up:
– Conflicting location data
– A handful of questionable domains sharing the IP range
– A pizza delivery site using the same server
I’m still not sure what happened. Misconfigured email routing? Lazy obfuscation? A pizza-loving hacker?
This post is my work-in-progress log of the mystery. If you’ve got theories — or want to chase the crumbs — I’m all ears.