|
dekodoge
|
 |
August 14, 2014, 05:25:38 PM |
|
Squirrel webmail is hiding the client IP
Thanks anyhow.
|
|
|
|
|
|
odlal
|
|
August 14, 2014, 05:32:48 PM |
|
From : http://lunamine.com.hypestat.com/Server IP: 37.61.237.213 ASN: AS8607 ISP: Timico Ltd Autonomous System Server Location: Lincoln, H7, United Kingdom Perhaps if the ISP (Timico Ltd) was approached directly, from a Lawyer or some such, then they might divulge further details ? |
|
|
|
|
|
infested999
|
|
August 14, 2014, 05:39:18 PM |
|
From : http://lunamine.com.hypestat.com/Server IP: 37.61.237.213 ASN: AS8607 ISP: Timico Ltd Autonomous System Server Location: Lincoln, H7, United Kingdom Perhaps if the ISP (Timico Ltd) was approached directly, from a Lawyer or some such, then they might divulge further details ? If you have a police report they will confiscate the servers. |
|
|
|
|
|
jack3rror
Member
 Offline
Activity: 94
Merit: 16
|
|
August 14, 2014, 05:56:54 PM |
|
|
|
|
|
RealMalatesta
Legendary
Offline
Activity: 2492
Merit: 1180
|
|
August 14, 2014, 06:18:12 PM |
|
Who knows. Why do you think so? |
|
|
|
|
|
odlal
|
|
August 14, 2014, 06:39:05 PM |
|
You must have your reasons for pointing out that particular address ? It does look like some 'pooling of BTC' is taking place there doesn't it ? So far I haven't been able to make a connection to that address but then I've only "gone back" one level and it'll get exponentially more involved to go back further ! What would help is someone with a top-notch PC with forensic software able to make connections between seemingly disparate transactions (like now)  |
|
|
|
|
|
odlal
|
|
August 14, 2014, 06:56:09 PM
Last edit: August 18, 2014, 10:00:13 PM by odlal |
|
Has anybody followed up these links ? I think I saw he's from Belgium but didn't look into it any further than that ... NB : It appears ALL of his Facebook information and photos have been taken down ... does that mean it is him or someone with the same name who doesn't want to be associated with what's happening with Lunamine ? |
|
|
|
|
|
btcmner
|
|
August 14, 2014, 07:07:30 PM
Last edit: August 14, 2014, 07:19:52 PM by btcmner |
|
There are lots of small companies listed at that address, which is a rental office and commerce building : http://www.norrporten.se/fastighet/forellen-9-3/?lang=enMaybe there is a more detailed directory of tenants inside, or an actual help desk in case there is some shared-time office space for very small companies there, to which you could simply ask whether a company by the name of "Luna" or some individual by the name of "Christophe Verweire" or even some Kurt Larsson is registered tenant or not. There may be mail boxes you could check the name on. Also, there is a 16B and a 16A entrance to that building, and the address listed on lunamine.com mentions 16A, not 16B. This also might be worth another look. As for the Timmermansgatan 54 directory, there has actually been a registered tenant by the name of Kurt Olof Larsson there. You'll notice however that he is listed as being 71 years old, so he may be either being living at one of the other tenants' address, or may have moved elsewhere recently (the disconnected phone number might be a clue) : http://www.merinfo.se/search?ae6=Timmermansgatan+54+2tr&ae4=Lule%C3%A5&d=p |
Mining for fun.
|
|
|
|
ddalex
|
|
August 14, 2014, 07:21:01 PM
Last edit: August 14, 2014, 07:45:15 PM by ddalex |
|
Thanks for the headers it seems lunamine had webmail installed on their hosting server so no clues as to client IP.
D'uh ! I just remembered I had a small email exchange with Lunamaine before I went ahead and bought into them. What is it you're looking for please ? Like are there certain keywords related to client IP addresses for example ? I'll have to see what, if anything, I can post here that may be of interest ! From lunamine.com Support Wed Jul 23 22:03:03 2014 X-Apparently-To: [email protected] via 46.228.38.200; Wed, 23 Jul 2014 21:03:07 +0000 Return-Path: < [email protected]> Received-SPF: none (domain of lunamine.com does not designate permitted sender hosts) ... Authentication-Results: mta1586.mail.gq1.yahoo.com from=lunamine.com; domainkeys=neutral (no sig); from=lunamine.com; dkim=neutral (no sig) Received: from 127.0.0.1 (EHLO s101.web-hosting.com) (37.61.237.213) by mta1586.mail.gq1.yahoo.com with SMTPS; Wed, 23 Jul 2014 21:03:06 +0000 Received: from localhost ([::1]:50800 helo=server101.web-hosting.com) by server101.web-hosting.com with esmtpa (Exim 4.82) (envelope-from < [email protected]>) id 1XA3gl-003GV2-MD for [email protected]; Wed, 23 Jul 2014 17:03:04 -0400 Received: from 37.203.209.10 ([37.203.209.10]) (SquirrelMail authenticated user [email protected]) by server101.web-hosting.com with HTTP; Wed, 23 Jul 2014 17:03:03 -0400 Message-ID: < b3064213281d23a23e088d4ce69c0dc9.squirrel@server101.web-hosting.com> In-Reply-To: < [email protected]> References: < [email protected]> Date: Wed, 23 Jul 2014 17:03:03 -0400 Subject: Re: Bitcoin Mining Contracts : 1 TH/s Individual From: "lunamine.com Support" < [email protected]> To: "xxxxxxxx yyyyyyyy" < [email protected]> ... X-Get-Message-Sender-Via: server101.web-hosting.com: authenticated_id: [email protected]I.M.H.O., odlal@... received the message via 46.228.38.200 (UK, London) located here: http://tejji.com/ip/ip-to-location.aspx?ip=46.228.38.200This is the IP address of the e-mail server (UK, Lincoln): http://tejji.com/ip/ip-to-location.aspx?ip=37.61.237.213More important is this IP address (Sweden) -
the person at [email protected] who send this message:
http://tejji.com/ip/ip-to-location.aspx?ip=37.203.209.10P.S. 37.203.209.10 | SPAM activity on websites - CleanTalk cleantalk.org/blacklists/37.203.209.10 37.203.209.10 has spam activity on 3 websites. Blacklisted Aug 12, 2014 14:45:27. Last seen Aug 12, 2014 14:30:34. Internet Speed Check For 37.203.209.10 Located In ... www.ip-tracker.org/check/internet-speed.php?ip=37.203.209.10Connection speed test For 37.203.209.10 From Sweden http://myip.ms/view/ip_addresses/634114304/37.203.209.0_37.203.209.255Internet Provider: Sweden Network Vintrosagatan 10, 124 73 Bandhagen, Stockholm Se, Sweden http://www.webexxpurts.com/ |
|
|
|
|
|
kingscrown
|
|
August 14, 2014, 07:27:21 PM |
|
ive updated my review of cloud minners adding they are scammers - http://fuk.io/cloud-hashing-and-rig-renting-services-review/this really sucks, currently u can trust nobody in crypto world. before doing review i did talk to them, they did pay out on my tests but of course didnt pay out later i got 1 more IP of them from my mails: Received: from 185.3.135.10 ([185.3.135.10]) (SquirrelMail authenticated user [email protected]) by server101.web-hosting.com with HTTP; |
|
|
|
ChainRadio
Newbie
Offline
Activity: 34
Merit: 0
|
|
August 14, 2014, 07:31:56 PM |
|
When the signature campaign was late on payment Chain Radio suspended the advertisements for Lunamine on air and haven't ran them since. If it is gone for good, I'm sure they won't mind if we don't finish the advertisement rotation |
|
|
|
|
|
odlal
|
|
August 14, 2014, 07:37:31 PM |
|
before doing review i did talk to them
On the phone or via email ? |
|
|
|
|
|
btcmner
|
|
August 14, 2014, 07:48:12 PM |
|
Hmmm, so we've got an actual Sweden IP there. Well, that could be somehow reassuring, after all. Oh, I like the route !  You try to go to 37.203 and you end up in another IP segment : > traceroute 37.203.209.10
traceroute to 37.203.209.10 (37.203.209.10), 30 hops max, 60 byte packets
...
16 212.73.250.162 (212.73.250.162) 134.611 ms po11-40ge.sto4.se.portlane.net (80.67.4.174) 134.706 ms 136.136 ms
17 80.67.1.138 (80.67.1.138) 137.953 ms po11-40ge.sto4.se.portlane.net (80.67.4.174) 134.838 ms 80.67.1.138 (80.67.1.138) 136.045 ms
18 80.67.1.138 (80.67.1.138) 137.316 ms 37.203.209.10 (37.203.209.10) 135.540 ms 135.361 ms
Seems like a router : http://80.67.1.138/Funny, isn't there some PiratPartiet smell there ?... They are not supposed to be scammers, though. I wonder what we will learn about that strange story later on. Looks more and more like some detective story... |
Mining for fun.
|
|
|
RealMalatesta
Legendary
Offline
Activity: 2492
Merit: 1180
|
|
August 14, 2014, 07:48:52 PM |
|
Okay, what we need first is an overview of how much he scammed. Then, we should put all what we know together. I can file a lawsuit with the Swedish police, so we can get the documents regarding the e-mail.
Kingscrown: You posted this IP: 185.3.135.10 Would you mind to send me the whole header by pm?
Regarding the losses, I would only include what you have sent, deduct what you received. To include the sig-campaign doesn't really make sense...
Name: Paid: Received: Defrauded for:
RealMalatesta 1.03142627 0.16943428 0.86199199
Total: 0.86199199
The higher the value, the more likely the chance that the authorities will react.
|
|
|
|
|
RealMalatesta
Legendary
Offline
Activity: 2492
Merit: 1180
|
|
August 14, 2014, 07:56:41 PM |
|
Hmmm, so we've got an actual Sweden IP there. Well, that could be somehow reassuring, after all. Oh, I like the route ! You try to go to 37.203 and you end up in another IP segment : > traceroute 37.203.209.10
traceroute to 37.203.209.10 (37.203.209.10), 30 hops max, 60 byte packets
...
16 212.73.250.162 (212.73.250.162) 134.611 ms po11-40ge.sto4.se.portlane.net (80.67.4.174) 134.706 ms 136.136 ms
17 80.67.1.138 (80.67.1.138) 137.953 ms po11-40ge.sto4.se.portlane.net (80.67.4.174) 134.838 ms 80.67.1.138 (80.67.1.138) 136.045 ms
18 80.67.1.138 (80.67.1.138) 137.316 ms 37.203.209.10 (37.203.209.10) 135.540 ms 135.361 ms
Seems like a router : http://80.67.1.138/Funny, isn't there some PiratPartiet smell there ?... They are not supposed to be scammers, though. I wonder what we will learn about that strange story later on. Looks more and more like some detective story... No, it smells like OpenVPN. The IP was used in the past for spamming activities, too. So probably no way to get somewhere through this. If I were a scammer, I would use a Swedish VPN-service which can be paid with BTC, use a mixer and pretend I am from Sweden, while sitting somewhere else. The domain was bought via namecheap, so most probably also through an OpenVPN, paid by BTC, I assume, so no way to get there. What I'm wondering: When he connected to asktom.cf: Did he use this OpenVPN, too? Anybody with some connections to the board gurus? |
|
|
|
|
|
kingscrown
|
|
August 14, 2014, 08:22:55 PM |
|
before doing review i did talk to them
On the phone or via email ? email of course, "talk" this days to me is heh.. typing ;x i know of one user who paid them 20BTC maybe je iwll jump to this thread. |
|
|
|
|
odlal
|
|
August 14, 2014, 08:38:24 PM
Last edit: August 14, 2014, 09:17:32 PM by odlal |
|
i know of one user who paid them 20BTC
I know this is an off topic reply however according to the "Global Stats" page at PBMining one new customer of theirs has recently bought in for just over 60 TH/s which at their rates is approximately 174 BTC  Luckily I only got into Lunamine in a very small way to "test the waters" so-to-speak but anyone who's bought in for a chunk of their own money has my sympathies for being on the receiving end of this apparent Scam !!! Pffffffffffffffffff ... |
|
|
|
|
|
dekodoge
|
|
August 14, 2014, 09:39:04 PM |
|
Kurt Larsson is listed in 2nd pic and he is tied to the telenumber in the domain record. |
|
|
|
|
RealMalatesta
Legendary
Offline
Activity: 2492
Merit: 1180
|
|
August 14, 2014, 10:10:17 PM |
|
Kurt Larsson is listed in 2nd pic and he is tied to the telenumber in the domain record. As mentioned in a previous post: As for the Timmermansgatan 54 directory, there has actually been a registered tenant by the name of Kurt Olof Larsson there. You'll notice however that he is listed as being 71 years old, so he may be either being living at one of the other tenants' address, or may have moved elsewhere recently (the disconnected phone number might be a clue) : |
|
|
|
|
|
