>From - Sat Mar 02 00:57:20 2024
X-Received: by 10.180.89.170 with SMTP id bp10mr2741949wib.4.1409157623498;
Wed, 27 Aug 2014 09:40:23 -0700 (PDT)
X-BeenThere: tscm-l2006_at_googlegroups.com
Received: by 10.180.93.228 with SMTP id cx4ls522762wib.15.canary; Wed, 27 Aug
2014 09:40:18 -0700 (PDT)
X-Received: by 10.180.105.3 with SMTP id gi3mr2733214wib.3.1409157618004;
Wed, 27 Aug 2014 09:40:18 -0700 (PDT)
Return-Path: <tsc..._at_shaddack.mauriceward.com>
Received: from 121.235.cust.netway.cz ([85.239.254.200])
by gmr-mx.google.com with ESMTPS id pw5si179364lbb.0.2014.08.27.09.40.17
for <tscm-..._at_googlegroups.com>
(version=TLSv1 cipher=RC4-SHA bits=128/128);
Wed, 27 Aug 2014 09:40:17 -0700 (PDT)
Received-SPF: pass (google.com: domain of tsc..._at_shaddack.mauriceward.com designates 85.239.254.200 as permitted sender) client-ip=85.239.254.200;
Authentication-Results: gmr-mx.google.com;
spf=pass (google.com: domain of tsc..._at_shaddack.mauriceward.com designates 85.239.254.200 as permitted sender) smtp.mail=tsc..._at_shaddack.mauriceward.com
Received: (qmail 16636 invoked by uid 0); 27 Aug 2014 18:40:16 +0200
Date: Wed, 27 Aug 2014 18:40:16 +0200 (CEST)
From: Thomas Shaddack <tsc..._at_shaddack.mauriceward.com>
To: tscm-l2006_at_googlegroups.com
Subject: Re: [TSCM-L] {6589} Re: Here it is. Anyone decode the header
In-Reply-To: <76c9abf9-4570-4672-9de1-4a493ea66387_at_googlegroups.com>
Message-ID: <1408271831240.0_at_somehost.domainz.com>
References: <BAY175-W45E0E096524493403D82DABCE90_at_phx.gbl>
<76c9abf9-4570-4672-9de1-4a493ea66387_at_googlegroups.com>
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED; BOUNDARY="655872-453835516-1409157616=:29637"
--655872-453835516-1409157616=:29637
Content-Type: TEXT/PLAIN; charset=ISO-8859-2
Content-Transfer-Encoding: QUOTED-PRINTABLE
This is the crucial line:
Received: from [170.215.91.254] by web163406.mail.gq1.yahoo.com via HTTP; S=
un, 17 Mar 2013 22:40:19 PDT
The IP address of the sender is [170.215.91.254], which resolves to=20
170-215-91-254.dr01.mccl.id.frontiernet.net and according to the=20
geolocation database is located at NA/US/Idaho/Mccall.
In such cases it is likely that the sender knows the recipient, and is in=
=20
contact with him or with someone close to him (or her).=20
If the location of the city is not a sufficient indicator, I would suggest=
=20
taking the recipient's mailbox, and the mailboxes of related persons, and=
=20
looking at mails from roughly that timeframe. (Modern cable modems or DSL=
=20
modems have dynamic IP addresses, which means they change their IPs=20
occasionally, but can hold them typically for many days at once; even in=20
case of change the first many bits will be usually conserved between=20
changes.)
If an email from someone else, with matching IP address and timeframe, is=
=20
found, it is a strong suggestion to perform further investigation on the=20
known sender.=20
(In a case I had here, it involved mails that were disruptive to the=20
client's relationship. The sender IP matched mails from her friend from=20
her original hometown. She directly confronted said friend, who denied=20
involvement vigorously, and the mails stopped arriving.)
On Tue, 26 Aug 2014, Fritz Brause wrote:
> try http://mailheader.org=20
>=20
> Am Dienstag, 19. M=E4rz 2013 11:30:17 UTC+1 schrieb Onion George:
> >
> > This is what I got the other day. Dont put much into it as it was not =
addressed to me personalty.
> >
> > Dont think Bernie is mad enough at me about my posting to send this. ha=
ha
> >
> > So have at it guys, post what you find. The hunt is on!
> >
> > Onion
> >
> > ------------------------------
> >
> > ------------------------------
> >
> > x-store-info:fHNTDlzCF8Nxw6HwcfGQy+S7Ax/lqLSmNphQ3OF+T9E=3D
> >
> > Authentication-Results: hotmail.com; spf=3Dnone (sender IP is 98.136.21=
7.16) smtp.mailfrom=3Dann..._at_yahoo.com <javascript:>; dkim=3Dnone header.d=
=3Dasia.com; x-hmca=3Dnone
> > X-SID-PRA: lr..._at_asia.com <javascript:>
> > X-AUTH-Result: NONE
> > X-SID-Result: NONE
> > X-Message-Status: n:n
> > X-Message-Delivery: Vj0xLjE7dXM9MDtsPTE7YT0wO0Q9MjtHRD0yO1NDTD00
> > X-Message-Info: o9rlR4nWDTfJuzYaLPaTpynCcqKtoWC6+3UxAe0+cwyf6e+9/460K6k=
iOfu+yN6KVuCIB1AugruavVqbAiZFTWRbUNxKGEqFnEhQpZthZCDWyEUMdd+7KxtViZP5tNNf2M=
ca2tIp5mIPavIssACKghh25kPZeIBu
> > Received: from nm33.bullet.mail.gq1.yahoo.com ([98.136.217.16]) by BAY0=
-MC2-F41.Bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4900);
> > =09 Sun, 17 Mar 2013 22:40:21 -0700
> > Received: from [98.137.12.191] by nm33.bullet.mail.gq1.yahoo.com with N=
NFMP; 18 Mar 2013 05:40:20 -0000
> > Received: from [98.137.12.241] by tm12.bullet.mail.gq1.yahoo.com with N=
NFMP; 18 Mar 2013 05:40:20 -0000
> > Received: from [127.0.0.1] by omp1049.mail.gq1.yahoo.com with NNFMP; 18=
Mar 2013 05:40:20 -0000
> > X-Yahoo-Newman-Property: ymail-3
> > X-Yahoo-Newman-Id: 575..._at_omp1049.mail.gq1.yahoo.com <javascript:>
> > Received: (qmail 53592 invoked by uid 60001); 18 Mar 2013 05:40:20 -000=
0
> > DKIM-Signature: v=3D1; a=3Drsa-sha256; c=3Drelaxed/relaxed; d=3Dyahoo.c=
om; s=3Ds1024; t=3D1363585220; bh=3DhkmzYaue8yRwFrqtdNFB/mkT89ZBbLeLdNLk9aJ=
VZ5w=3D; h=3DX-YMail-OSG:Received:X-Rocket-MIMEInfo:X-RocketYMMF:X-Mailer:M=
essage-ID:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type; b=3DYxOX=
lQNHe4w1S6Eld+mSFE6c94yFMFj+q6qrc2mlns3Y7DesrtfU2uCgpsFdWHaLoputY6HvYM+Fsk5=
6OWLjEAfm8jwYZv189RfIvaAuea/qrG5dcYK3q4Yy/b8qag+boVhsdpDCwL5eGTzBaz361ptVjT=
QvJwQMak0Kq8WDN54=3D
> > DomainKey-Signature:a=3Drsa-sha1; q=3Ddns; c=3Dnofws;
> > s=3Ds1024; d=3Dyahoo.com;
> > h=3DX-YMail-OSG:Received:X-Rocket-MIMEInfo:X-RocketYMMF:X-Mailer:Mess=
age-ID:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type;
> > b=3DKMPNXxsWhFt8vclZsbMQiP75lK4aEWZtLbdWcKbB2v4ymCAGf8jIVIqWgvMp9/r9H=
0mXxXXRdb8nZZUl/gR2e9iJr7hL4y0uny3kh6DMQZIIFefz+tD+afJnPPICnDvwCZ6UN3fKcn7v=
7WLQnhQaxoZRpk14Ui7RfTXiJP/Pl54=3D;
> > X-YMail-OSG: X1hwZmUVM1k6yH3kFm1FKcFnUEm_2emGH81vtjFFB5dRCpv
> > d1pb5AlUd2UR3ED35YcIp3EHiDAU7fWGZlWr1Mpg.ATO7VmUet6CjWO6V_AS
> > uGyAVPs61Xb.l8KI7lIyZMN3_VTtypp.Jlo5b8rimrj8tRGfWounbROhdKe8
> > HMnC3kwftFsfVpW_BelnCwY8qfP_FcAbA2RoE97lSgUJunpLitoeIDKC6A3G
> > foOgN.kW_gj.ZVI0shzXGhLX0f2nGOugT8wufZgLxErMrnvrHGHHnB1PzE8L
> > d5.vZztY7BIWcSysGDBw1zgEfbeyxETISE8eXof6bJG20D_4eM5qZvUBk_85
> > Lk6Yc1qYFHh9gYbh16Ps_rcDvGEE16EGpcfLAGB3HyRXWQRV98FLdYTMQIk5
> > KqM.RdTX.4ROkXk3OQ41sbWZ0iaDO8c4v.zKx.S5d7spP8uitoIEly_zmKjx
> > hajZwrzVdo0idDw7iSfmAfjnlW_j6ScQ-
> > Received: from [170.215.91.254] by web163406.mail.gq1.yahoo.com via HTT=
P; Sun, 17 Mar 2013 22:40:19 PDT
> > X-Rocket-MIMEInfo: 002.001,WW91IGhhdmUgYmVlbiBiZXRyYXllZCEhISBJdCdzIGEg=
CnBpdHkgdGhhdCB0aGlzIGhvdyB5b3VyIGxpZmUgaXMgZ29pbmcgdG8gY29tZSB0byBhbiBlbmQ=
gYXMgeW91ciBkZWF0aCAKaGFkIGFscmVhZHkgYmVlbiBwYWlkIGJ5IHNvbWVvbmUgd2hvIGlzIH=
ZlcnkgY2xvc2UgdG8geW91IGZyb20gYWxsIAppbnZlc3RpZ2F0aW9ucy5JIGhhdmUgb3JkZXJlZ=
CAzICh0aHJlZSkgb2YgbXkgbWVuIHRvIG1vbml0b3IgZXZlcnkgbW92ZSAKb2YgeW91IGFuZCBt=
YWtlIHN1cmUgeW91IGFyZSBub3Qgb3V0IG9mIHNpZ2gBMAEBAQE-
> > X-RocketYMMF: annahungwong
> > X-Mailer: YahooMailWebService/0.8.137.519
> > Message-ID: <1363585219.52..._at_web163406.mail.gq1.yahoo.com <javascript:=
>>
> > Date: Sun, 17 Mar 2013 22:40:19 -0700 (PDT)
> > From: Alfredo Nuno <lr..._at_asia.com <javascript:>>
> > Reply-To: Alfredo Nuno <lr..._at_asia.com <javascript:>>
> > Subject: Warning=20
> > To: undisclosed recipients: ;
> > MIME-Version: 1.0
> > Content-Type: multipart/alternative; boundary=3D"-346883024-1562806413-=
1363585219=3D:52986"
> > Return-Path: ann..._at_yahoo.com <javascript:>
> > X-OriginalArrivalTime: 18 Mar 2013 05:40:21.0170 (UTC) FILETIME=3D[1488=
4120:01CE239B]
> >
> >
> > ------------------------------
> > ------------------------------
> >
> > You have been betrayed!!! It's a pity that this how your life is going =
to come to an end as your death had already been paid by someone who is ver=
y close to you from all investigations.I have ordered 3 (three) of my men t=
o monitor every move of you and make sure you are not out of sight till the=
date of your assassination.
> >
> > According to the report I gets, you seem to be innocent about what you =
have been accuse but I have no business with that, so that's why am contact=
ing you to know if truly you are innocent and how much you value your life.=
Get back to me if you sure you really want to live, ignore this mail only i=
f you feel it's a joke or just a threat. Don't forget your days on earth ar=
e numbered, so you have the chance to live if only you will comply with me.
> >
> > WARNING: Tell no one about this mail because he or she might just be th=
e person who wants you dead, and if that happens, I will be aware and am go=
ing to make sure you DIE instantly.I will give you every detail of where to=
be and how to take any actions be it legal or illegal, that's only when I =
read from you.
> >
> > You need to stay calm and act unaware of this situation and follow inst=
ructions because any move you make that is suspicious; you will DIE as your=
days are numbered.
> >
> >
> >=20
>=20
>=20
--655872-453835516-1409157616=:29637--
Received on Sat Mar 02 2024 - 00:57:20 CST