Someone is playing tricks! Help with IP addresses!

Discussion in 'Help Desk' started by Dr Picaresco, Aug 15, 2011.

  1. Dr Picaresco

    Dr Picaresco New Email

    Joined:
    Aug 14, 2011
    Messages:
    3
    Likes Received:
    0
    Folks,
    Someone might be playing tricks with me. I need to know if the two emails below came from the same computer. I think the answer is affirmative since they both seem to come from the same IP. I know that EMAIL 1 originated from a private computer in someone´s home. EMAIL 2, instead, was allegedly sent from another city (not sure whether from a home or office).

    Any elucidation or opinion would be greatly appreciated.
    Than you very much.
    Dr Picaresco

    EMAIL 1

    Return-Path: <xxxxxx@yahoo.es>
    X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on spamd3.riseup.net
    X-Spam-Level:
    X-Spam-Status: No, score=-2.0 required=8.0 tests=BAYES_00,DKIM_SIGNED,
    DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FRO…
    RCVD_IN_HOSTKARMA_YE shortcircuit=no autolearn=ham version=3.3.1
    Delivered-To: txxxxx@riseup.net
    Received: from mx1.riseup.net (mx1-pn.riseup.net [10.0.1.33])
    (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
    (Client CN "*.riseup.net", Issuer "Gandi Standard SSL CA" (verified OK))
    by cormorant.riseup.net (Postfix) with ESMTPS id D2DE11C38360
    for <xxxx@riseup.net>; Mon, 18 Jul 2011 09:25:49 -0700 (PDT)
    Received: from nm17.bullet.mail.ukl.yahoo.com (nm17.bullet.mail.ukl.yahoo.com [217.146.183.191])
    by mx1.riseup.net (Postfix) with SMTP id 0F8475A647
    for <txxxx@riseup.net>; Mon, 18 Jul 2011 09:25:48 -0700 (PDT)
    Received: from [217.146.183.217] by nm17.bullet.mail.ukl.yahoo.com with NNFMP; 18 Jul 2011 16:25:48 -0000
    Received: from [217.146.183.161] by tm10.bullet.mail.ukl.yahoo.com with NNFMP; 18 Jul 2011 16:25:48 -0000
    Received: from [127.0.0.1] by omp1002.mail.ukl.yahoo.com with NNFMP; 18 Jul 2011 16:25:48 -0000
    X-Yahoo-Newman-Property: ymail-3
    X-Yahoo-Newman-Id: 337204.45318.bm@omp1002.mail.ukl.yahoo.c…
    Received: (qmail 42592 invoked by uid 60001); 18 Jul 2011 16:25:48 -0000
    DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.es; s=s1024; t=1311006348; bh=dfNAaEDd43d+ZdZcnX677OdxtmEvT99NO7zX6… h=X-YMail-OSG:Received:X-Mailer:Message-… b=C+yZJAEMj3VRjrwMaHaVuGvyvlSXqg7xq6TcD5…
    DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
    s=s1024; d=yahoo.es;
    h=X-YMail-OSG:Received:X-Mailer:Message-…
    b=fc6O21frnW8GqeTN0NlpwDbxoNhcGYyo439sr4…
    X-YMail-OSG: Cp6NiLAVM1lZ0tTGNxYtNAv037SsQwnxTgbhwBU3…
    LsCc06RNor3GK5OQaC6satF6HOraONqCwhQHNYDG…
    blivOX87.jPsVB3RVQVATrwPBGXeUsgXQUinBXSO…
    6b.haE666HrdnA4qO7EQoXkolGgFANzlwkWzLSIL…
    2g.o4L3Dgj1sH80kMa3y.wriBaiI4lkKm4DbfCgf…
    1t8yZDxv6o_PW2dLUHg3QaZM22UvbRwORISs1lVM…
    Received: from [186.29.121.201] by web28106.mail.ukl.yahoo.com via HTTP; Mon, 18 Jul 2011 17:25:48 BST
    X-Mailer: YahooMailWebService/0.8.112.307740
    Message-ID: <1311006348.42494.YahooMailNeo@web28106.…
    Date: Mon, 18 Jul 2011 17:25:48 +0100 (BST)
    From: L <xxxxxxxx@yahoo.es>

    EMAIL 2

    Return-Path: <xxxxxx@hotmail.com>
    X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on spamd2.riseup.net
    X-Spam-Level:
    X-Spam-Status: No, score=-1.8 required=8.0 tests=BAYES_00,
    FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_F…
    RCVD_IN_HOSTKARMA_YE,T_RP_MATCHES_RCV… shortcircuit=no autolearn=no
    version=3.3.1
    Delivered-To: xxxxxx@riseup.net
    Received: from mx1.riseup.net (mx1-pn.riseup.net [10.0.1.33])
    (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
    (Client CN "*.riseup.net", Issuer "Gandi Standard SSL CA" (verified OK))
    by cormorant.riseup.net (Postfix) with ESMTPS id 4E87C1C38336
    for <xxxxxx@riseup.net>; Wed, 13 Jul 2011 15:09:49 -0700 (PDT)
    Received: from bay0-omc1-s17.bay0.hotmail.com (bay0-omc1-s17.bay0.hotmail.com [65.54.190.28])
    by mx1.riseup.net (Postfix) with ESMTP id DFC265B4EC
    for <xxxxx@riseup.net>; Wed, 13 Jul 2011 15:09:48 -0700 (PDT)
    Received: from BAY151-W42 ([65.54.190.61]) by bay0-omc1-s17.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675);
    Wed, 13 Jul 2011 15:09:48 -0700
    Message-ID: <BAY151-w42E802199B11FA28C6C79FAA470@phx…
    Content-Type: multipart/alternative;
    boundary="_1593045a-b64b-4c44-b06b-30…
    X-Originating-IP: [186.29.121.201]
    From: C <xxxxxxx1@hotmail.com>
    To: <xxxxxx@riseup.net>
    Subject: xxxxxxx
    Date: Wed, 13 Jul 2011 17:09:48 -0500
    Importance: Normal
    MIME-Version: 1.0
    X-OriginalArrivalTime: 13 Jul 2011 22:09:48.0364 (UTC) FILETIME=[9480A8C0:01CC41A9]
    X-Virus-Scanned: clamav-milter 0.97 at mx1
    X-Virus-Status: Clean

    --_1593045a-b64b-4c44-b06b-30a698584ba…
    Content-Type: text/plain; charset="iso-8859-1"
    Content-Transfer-Encoding: quoted-printable
     


  2. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,986
    Likes Received:
    120
    Hello,

    Yes, it appears to be the same sender. There is some more information here.

    :welcome: to Email Questions!
     

  3. Dr Picaresco

    Dr Picaresco New Email

    Joined:
    Aug 14, 2011
    Messages:
    3
    Likes Received:
    0
    Popowich, thank you very much for your help.

    I other have suspicious emails coming from the same senders.

    The IPs are generally similar: 186.29.123.157 or 186.29.121.201, etc...

    Do you think this is another indication that they might be originating from the same PC?

    Best wishes!
     
  4. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,986
    Likes Received:
    120
    Hello,

    It's tough to answer for certain, but with the IP's coming out of the same ISP it could be the same person jumping around IP addresses, or a group of people (scammers?) using that ISP for their connection.

    inetnum: 186.29/16 status: allocated owner: ETB - Colombia ownerid: CO-ETBE-LACNIC responsible: Coordinacion de Redes Internet address: Calle 22 F, 39, 16 address: 9999 - Bogota - Cu country: CO phone: +57 1 2426104 [] owner-c: CRE tech-c: CRE abuse-c: CRE inetrev: 186.29/16 nserver: NS1-AUTH.ETB.NET.CO nsstat: 20110812 AA nslastaa: 20110812 nserver: NS2-AUTH.ETB.NET.CO nsstat: 20110812 AA nslastaa: 20110812 created: 20090608 changed: 20090608
     

Want to reply or ask your own question?

It only takes a minute to sign up (and it's free!). Click the orange sign up button to choose a username and then you can ask your own questions on the forum.
Loading...