New developments in the last 24 hours from the threatening E-mail episode... this prick has been guzzling HATOR-ADE like it's going out of style (*starmarked for successful posting through swear filters).
--------
Return-Path: <nachomai@nachomail.com>
Delivered-To: chrisatkinson.net%chris@chrisatkinson.net
Received: (cpmta 3395 invoked from network); 11 Jul 2002 00:01:07 -0700
Received: from 208.234.3.55 (HELO nachomail.com)
by smtp.c007.snv.cp.net (209.228.33.238) with SMTP; 11 Jul 2002 00:01:07 -0700
X-Received: 11 Jul 2002 07:01:07 GMT
Received: (from nachomai@localhost)
by nachomail.com (8.8.8/8.8.5) id DAA25562;
Thu, 11 Jul 2002 03:01:05 -0400
Date: Thu, 11 Jul 2002 03:01:05 -0400
Message-Id: <200207110701.DAA25562@nachomail.com>
To:
chris@chrisatkinson.net
Subject: I\'m sorry about my previous email,
From: anon <noreply@email.com>
Reply-To:
noreply@email.com
Cc:
Status: U
X-UIDL: PS0tM9HkIe4NRQE
I\'m sorry i didnt sniff you out sooner as a f*cking loser. Only a loser would treat his roommate like that. Especially a freshman.
Dude I think ive got you figured out. I think what pissed you of most wasnt Mikes friends going thru your stuff, but the fact the dude has more friends than youll ever have.
And judging by your pics, well...a pimple faced scrawny loser like yourself is probably still a virgin. Damn your face looks like a pizza, i\'ve never seen so many zits on a dude before.
Damn dude, maybe you should quit jacking off, so that you minimize the breakouts. LOL
Only a pathetic loser like yourself would bitch about a lousy $20.00 of food being mooched by a roommates friends. boohoo DUDE lighten up, life is too short to be getting mad over small things especially food!!
If i saw a stranger on the desert, dehydrated and dying of thirst, you could bet that i would hand him a drink of water, even if i paid for it. I may be a troll, but alteast i\'m not loser!!!
btw nice focking car. lol what a piece of sh*t. I bet the women just all want you when your cruising around campus. Lol
---------
Now, updates from my gracious cyber sleuth on this bastard...
---------
Thanks, I got him tracked down he owns nachomail.com he made a critical mistake on the first E-mail he sent because he actually didn?t spoof that IP as it matches his records that the ISP has on file for him here in the states (the first E-mail contains an IP from Europe X-Originating-Ip: [212.24.137.66] from the message to lucky. Lucky is lucky
. I got this guy nailed to a corner and figured out exactly what he is doing, and how he is doing it. and the best part is, he doesn?t know it yet! God I love my day job. Thanks for spicing up my vacation.
Just posted this,
I caught wind of this thread a few days ago and have been watching it with intrest in its development. I am on vacation from work, and school, and got laid off on another job I was doing in the interm so I have had a bit of free time on my hands.
Today another member having an issue with a room mate posted in Off Topic, as the topic progressed I threatening E-mail landed in his inbox that quite frankly was frightening. I offered my help in tracking the E-mail to the source which he accepted and led me on what I would like to title "The Hunt" here inlines the story.
I will not post exactly how I found things for that would aid this individual in further attempt in hiding his identity and makeing my rather easy task of finding out who it was more difficult then it needs to be so I will be very selective in how things are phrased and very broad on the nitty gritties.
A reply in the room mate post suggested that it might not be the room mate and pointed back to this thread, this had not crossed my mind at that exact moment but then again I was 30 seconds into "The Hunt." I got the information I needed from the poster (header information) and began cracking leaving this thread in mind. as I disected the header information similarities began to show their head in each header by gosh they were exactly the same different routing servers but the origin was the same, just the from and reply paths were forged. So of course my next step was to look up the origin IP in arin (knowing how to read a header file really helps for information on reading them look at anti spam sites they talk alot about header information. I will not directly link to the article I learned everything I ever wanted to know from to prevent said sad individual from learning the "tricks of the trade") and low and behold it poped up as;
Advanced Internet Technologies (NETBLK-AIT-1)
536 Ramsey Street
Fayetteville, NC 28301
US
Netname: AIT-1
Netblock: 208.234.0.0 - 208.234.31.255
Coordinator:
ADVANCED INTERNET TECHNOLOGIES (ZA55-ARIN)
NETQ@AITCOM.NET
1-877-209-5184
I know your thinking "ya ya we already knew this now get to it"
Being narrow minded due to lack of proper rest led me to belive I was at the end of my journey, just a quick call over to AITnet and this would all be settled. so I rang them up, and got a very helpful systems administrator on the line and explained the situation to him gave him the perp IP's and did the hemoragous hold wile it figured out what to do. got transfered to another department explained it and was tould exactly how to deal with the situation. during this conversation some interesting anomalies appeared. the headers were from somthing called nachomail.com, thinking this was a free ball E-mail account supplier I thought no more of it but did mention it to the administrator / support staff and they ran a quick check on the DB and low and behold they host nachomail.com. just know this nachomail is not a freeball e-mail account supplier, its specificly a forger to send anonymous E-mails. what a handy yet pain in the butt website.
Now there is another IP in the mix wich idenified the individual I will not reveal it but I can tell you that this IP is posted and that the perp messed up big. ran a cross on this IP and found its origins to be outside of the states, the support staff on the phone confimed that the client contact info did match this. also this perp neglected to relize that the ISP tracks all inboud and outbound traffic (for billing) and said IP matched.
In conclusion these E-mails should stop soon.
Thought you would like to read it. it is broad but I rather not give away my tactics
.
Facebook
Twitter