Someone is playing tricks! Help with IP addresses!

Dr Picaresco

New Email
Folks,
Someone might be playing tricks with me. I need to know if the two emails below came from the same computer. I think the answer is affirmative since they both seem to come from the same IP. I know that EMAIL 1 originated from a private computer in someone´s home. EMAIL 2, instead, was allegedly sent from another city (not sure whether from a home or office).

Any elucidation or opinion would be greatly appreciated.
Than you very much.
Dr Picaresco

EMAIL 1

Return-Path: <xxxxxx@yahoo.es>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on spamd3.riseup.net
X-Spam-Level:
X-Spam-Status: No, score=-2.0 required=8.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FRO…
RCVD_IN_HOSTKARMA_YE shortcircuit=no autolearn=ham version=3.3.1
Delivered-To: txxxxx@riseup.net
Received: from mx1.riseup.net (mx1-pn.riseup.net [10.0.1.33])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client CN "*.riseup.net", Issuer "Gandi Standard SSL CA" (verified OK))
by cormorant.riseup.net (Postfix) with ESMTPS id D2DE11C38360
for <xxxx@riseup.net>; Mon, 18 Jul 2011 09:25:49 -0700 (PDT)
Received: from nm17.bullet.mail.ukl.yahoo.com (nm17.bullet.mail.ukl.yahoo.com [217.146.183.191])
by mx1.riseup.net (Postfix) with SMTP id 0F8475A647
for <txxxx@riseup.net>; Mon, 18 Jul 2011 09:25:48 -0700 (PDT)
Received: from [217.146.183.217] by nm17.bullet.mail.ukl.yahoo.com with NNFMP; 18 Jul 2011 16:25:48 -0000
Received: from [217.146.183.161] by tm10.bullet.mail.ukl.yahoo.com with NNFMP; 18 Jul 2011 16:25:48 -0000
Received: from [127.0.0.1] by omp1002.mail.ukl.yahoo.com with NNFMP; 18 Jul 2011 16:25:48 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 337204.45318.bm@omp1002.mail.ukl.yahoo.c…
Received: (qmail 42592 invoked by uid 60001); 18 Jul 2011 16:25:48 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.es; s=s1024; t=1311006348; bh=dfNAaEDd43d+ZdZcnX677OdxtmEvT99NO7zX6… h=X-YMail-OSG:Received:X-Mailer:Message-… b=C+yZJAEMj3VRjrwMaHaVuGvyvlSXqg7xq6TcD5…
DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.es;
h=X-YMail-OSG:Received:X-Mailer:Message-…
b=fc6O21frnW8GqeTN0NlpwDbxoNhcGYyo439sr4…
X-YMail-OSG: Cp6NiLAVM1lZ0tTGNxYtNAv037SsQwnxTgbhwBU3…
LsCc06RNor3GK5OQaC6satF6HOraONqCwhQHNYDG…
blivOX87.jPsVB3RVQVATrwPBGXeUsgXQUinBXSO…
6b.haE666HrdnA4qO7EQoXkolGgFANzlwkWzLSIL…
2g.o4L3Dgj1sH80kMa3y.wriBaiI4lkKm4DbfCgf…
1t8yZDxv6o_PW2dLUHg3QaZM22UvbRwORISs1lVM…
Received: from [186.29.121.201] by web28106.mail.ukl.yahoo.com via HTTP; Mon, 18 Jul 2011 17:25:48 BST
X-Mailer: YahooMailWebService/0.8.112.307740
Message-ID: <1311006348.42494.YahooMailNeo@web28106.…
Date: Mon, 18 Jul 2011 17:25:48 +0100 (BST)
From: L <xxxxxxxx@yahoo.es>

EMAIL 2

Return-Path: <xxxxxx@hotmail.com>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on spamd2.riseup.net
X-Spam-Level:
X-Spam-Status: No, score=-1.8 required=8.0 tests=BAYES_00,
FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_F…
RCVD_IN_HOSTKARMA_YE,T_RP_MATCHES_RCV… shortcircuit=no autolearn=no
version=3.3.1
Delivered-To: xxxxxx@riseup.net
Received: from mx1.riseup.net (mx1-pn.riseup.net [10.0.1.33])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client CN "*.riseup.net", Issuer "Gandi Standard SSL CA" (verified OK))
by cormorant.riseup.net (Postfix) with ESMTPS id 4E87C1C38336
for <xxxxxx@riseup.net>; Wed, 13 Jul 2011 15:09:49 -0700 (PDT)
Received: from bay0-omc1-s17.bay0.hotmail.com (bay0-omc1-s17.bay0.hotmail.com [65.54.190.28])
by mx1.riseup.net (Postfix) with ESMTP id DFC265B4EC
for <xxxxx@riseup.net>; Wed, 13 Jul 2011 15:09:48 -0700 (PDT)
Received: from BAY151-W42 ([65.54.190.61]) by bay0-omc1-s17.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675);
Wed, 13 Jul 2011 15:09:48 -0700
Message-ID: <BAY151-w42E802199B11FA28C6C79FAA470@phx…
Content-Type: multipart/alternative;
boundary="_1593045a-b64b-4c44-b06b-30…
X-Originating-IP: [186.29.121.201]
From: C <xxxxxxx1@hotmail.com>
To: <xxxxxx@riseup.net>
Subject: xxxxxxx
Date: Wed, 13 Jul 2011 17:09:48 -0500
Importance: Normal
MIME-Version: 1.0
X-OriginalArrivalTime: 13 Jul 2011 22:09:48.0364 (UTC) FILETIME=[9480A8C0:01CC41A9]
X-Virus-Scanned: clamav-milter 0.97 at mx1
X-Virus-Status: Clean

--_1593045a-b64b-4c44-b06b-30a698584ba…
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
 

popowich

EQ Forum Admin
Staff member
Hello,

Yes, it appears to be the same sender. There is some more information here.

:welcome: to Email Questions!
 

Dr Picaresco

New Email
Popowich, thank you very much for your help.

I other have suspicious emails coming from the same senders.

The IPs are generally similar: 186.29.123.157 or 186.29.121.201, etc...

Do you think this is another indication that they might be originating from the same PC?

Best wishes!
 

popowich

EQ Forum Admin
Staff member
Hello,

It's tough to answer for certain, but with the IP's coming out of the same ISP it could be the same person jumping around IP addresses, or a group of people (scammers?) using that ISP for their connection.

inetnum: 186.29/16 status: allocated owner: ETB - Colombia ownerid: CO-ETBE-LACNIC responsible: Coordinacion de Redes Internet address: Calle 22 F, 39, 16 address: 9999 - Bogota - Cu country: CO phone: +57 1 2426104 [] owner-c: CRE tech-c: CRE abuse-c: CRE inetrev: 186.29/16 nserver: NS1-AUTH.ETB.NET.CO nsstat: 20110812 AA nslastaa: 20110812 nserver: NS2-AUTH.ETB.NET.CO nsstat: 20110812 AA nslastaa: 20110812 created: 20090608 changed: 20090608
 

Similar threads

Top