Is this a fraud!? Are these emails coming from the same computer??

Discussion in 'Help Desk' started by Dr Picaresco, Aug 14, 2011.

  1. Dr Picaresco

    Dr Picaresco New Email

    Joined:
    Aug 14, 2011
    Messages:
    3
    Likes Received:
    0
    Folks,
    I think somebody is trying to play tricks with me.
    I need to know if the two emails below came from the same computer. I believe that the answer is affirmative, since they both seem to come from the same IP address. Any opinion out there???

    Thank you very much for your help.
    Dr Picaresco

    email one:

    Return-Path: <xxxxx@hotmail.com>
    X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on spamd2.riseup.net
    X-Spam-Level:
    X-Spam-Status: No, score=-1.8 required=8.0 tests=BAYES_00,
    FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,
    RCVD_IN_HOSTKARMA_YE,T_RP_MATCHES_RCVD shortcircuit=no autolearn=no
    version=3.3.1
    Delivered-To: xxxxx@riseup.net
    Received: from mx1.riseup.net (mx1-pn.riseup.net [10.0.1.33])
    (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
    (Client CN "*.riseup.net", Issuer "Gandi Standard SSL CA" (verified OK))
    by cormorant.riseup.net (Postfix) with ESMTPS id 4E87C1C38336
    for <xxxxx@riseup.net>; Wed, 13 Jul 2011 15:09:49 -0700 (PDT)
    Received: from bay0-omc1-s17.bay0.hotmail.com (bay0-omc1-s17.bay0.hotmail.com [65.54.190.28])
    by mx1.riseup.net (Postfix) with ESMTP id DFC265B4EC
    for <txxxxs@riseup.net>; Wed, 13 Jul 2011 15:09:48 -0700 (PDT)
    Received: from BAY151-W42 ([65.54.190.61]) by bay0-omc1-s17.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675);
    Wed, 13 Jul 2011 15:09:48 -0700
    Message-ID: <BAY151-w42E802199B11FA28C6C79FAA470@phx.gbl>
    Content-Type: multipart/alternative;
    boundary="_1593045a-b64b-4c44-b06b-30a698584bad_"

    X-Originating-IP: [186.29.121.201]
    From: car <xxxx_111@hotmail.com>
    To: <xxx@riseup.net>
    Subject: xxx
    Date: Wed, 13 Jul 2011 17:09:48 -0500
    Importance: Normal
    MIME-Version: 1.0
    X-OriginalArrivalTime: 13 Jul 2011 22:09:48.0364 (UTC) FILETIME=[9480A8C0:01CC41A9]
    X-Virus-Scanned: clamav-milter 0.97 at mx1
    X-Virus-Status: Clean

    --_1593045a-b64b-4c44-b06b-30a698584bad_
    Content-Type: text/plain; charset="iso-8859-1"
    Content-Transfer-Encoding: quoted-printable



    email two:

    Return-Path: <lixxxxx@yahoo.es>
    X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on spamd3.riseup.net
    X-Spam-Level:
    X-Spam-Status: No, score=-2.0 required=8.0 tests=BAYES_00,DKIM_SIGNED,
    DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,
    RCVD_IN_HOSTKARMA_YE shortcircuit=no autolearn=ham version=3.3.1
    Delivered-To: txxxx@riseup.net
    Received: from mx1.riseup.net (mx1-pn.riseup.net [10.0.1.33])
    (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
    (Client CN "*.riseup.net", Issuer "Gandi Standard SSL CA" (verified OK))
    by cormorant.riseup.net (Postfix) with ESMTPS id D2DE11C38360
    for <txxxxi@riseup.net>; Mon, 18 Jul 2011 09:25:49 -0700 (PDT)
    Received: from nm17.bullet.mail.ukl.yahoo.com (nm17.bullet.mail.ukl.yahoo.com [217.146.183.191])
    by mx1.riseup.net (Postfix) with SMTP id 0F8475A647
    for <txxxx@riseup.net>; Mon, 18 Jul 2011 09:25:48 -0700 (PDT)
    Received: from [217.146.183.217] by nm17.bullet.mail.ukl.yahoo.com with NNFMP; 18 Jul 2011 16:25:48 -0000
    Received: from [217.146.183.161] by tm10.bullet.mail.ukl.yahoo.com with NNFMP; 18 Jul 2011 16:25:48 -0000
    Received: from [127.0.0.1] by omp1002.mail.ukl.yahoo.com with NNFMP; 18 Jul 2011 16:25:48 -0000
    X-Yahoo-Newman-Property: ymail-3
    X-Yahoo-Newman-Id: 337204.45318.bm@omp1002.mail.ukl.yahoo.com
    Received: (qmail 42592 invoked by uid 60001); 18 Jul 2011 16:25:48 -0000
    DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.es; s=s1024; t=1311006348; bh=dfNAaEDd43d+ZdZcnX677OdxtmEvT99NO7zX6+VcHWE=; h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type; b=C+yZJAEMj3VRjrwMaHaVuGvyvlSXqg7xq6TcD5S4uirPgk3Knkbr/DQVFthttkSCiUFhS5Yf+wa10Fl2NrgjbtyvkMH4LvzE4CJpT+WTMjPnBCT4Ho7hBcgYEvJqTBpvmaio6UOMX6v1gJqOIItQnb0zmRbxcHdXrY5/wxytJM4=
    DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
    s=s1024; d=yahoo.es;
    h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type;
    b=fc6O21frnW8GqeTN0NlpwDbxoNhcGYyo439sr4f9sROM/tdLg8msUQxG6Wkj21zjPlyH4f+AgNMGMc0Kzqc2qaqzdFdC2+MRuRBBFAENXpH1VS5SeeVHksY3+KBn7HVbaLoyLFy5Ij9Ni0yEU5KUXdcpWBd/KqHoWqhgP90U2n0=;
    X-YMail-OSG: Cp6NiLAVM1lZ0tTGNxYtNAv037SsQwnxTgbhwBU3dZNEawM
    LsCc06RNor3GK5OQaC6satF6HOraONqCwhQHNYDGywvyb_yWs0F4pf8QRjJJ
    blivOX87.jPsVB3RVQVATrwPBGXeUsgXQUinBXSOR.cCWRfZcIjNfUVScfb5
    6b.haE666HrdnA4qO7EQoXkolGgFANzlwkWzLSILgZc7usAhQS_qV3JOMKRh
    2g.o4L3Dgj1sH80kMa3y.wriBaiI4lkKm4DbfCgfbkzTkEI6MuD3ehBwSK91
    1t8yZDxv6o_PW2dLUHg3QaZM22UvbRwORISs1lVMyBiUg6AcUzo9VOVOf
    Received: from [186.29.121.201] by web28106.mail.ukl.yahoo.com via HTTP; Mon, 18 Jul 2011 17:25:48 BST
    X-Mailer: YahooMailWebService/0.8.112.307740
    Message-ID: <1311006348.42494.YahooMailNeo@web28106.mail.ukl.yahoo.com>
    Date: Mon, 18 Jul 2011 17:25:48 +0100 (BST)
    From: Lixxx <linxxxxx@yahoo.es>
     


  2. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,994
    Likes Received:
    120
    Hi Dr Picaresco,

    Yes, both emails appear to have come from the same computer at 186.29.121.201

    The senders IP address appears to belong to the ISP etb.net.co.

    ;; ANSWER SECTION:
    201.121.29.186.in-addr.arpa. 11h58m54s IN PTR adsl186-29121201.din.etb.net.co.

    If you suspect abuse try contacting abuse@etb.net.co and postmaster@etb.net.co.

    :welcome: to Email Questions!
     

Want to reply or ask your own question?

It only takes a minute to sign up (and it's free!). Click the orange sign up button to choose a username and then you can ask your own questions on the forum.
Loading...