Topic: www.lunamine.com - 0.0025 BTC/GHs mining contracts | On-demand withdrawals - page 12. (Read 41487 times)

email of course, "talk" this days to me is heh.. typing ;x
i know of one user who paid them 20BTC maybe je iwll jump to this thread.

No, it smells like OpenVPN. The IP was used in the past for spamming activities, too. So probably no way to get somewhere through this. If I were a scammer, I would use a Swedish VPN-service which can be paid with BTC, use a mixer and pretend I am from Sweden, while sitting somewhere else.
The domain was bought via namecheap, so most probably also through an OpenVPN, paid by BTC, I assume, so no way to get there.
What I'm wondering: When he connected to bitcointalk.org: Did he use this OpenVPN, too? Anybody with some connections to the board gurus?

Okay, what we need first is an overview of how much he scammed. Then, we should put all what we know together. I can file a lawsuit with the Swedish police, so we can get the documents regarding the e-mail.

Kingscrown: You posted this IP: 185.3.135.10 Would you mind to send me the whole header by pm?

Regarding the losses, I would only include what you have sent, deduct what you received. To include the sig-campaign doesn't really make sense...

Name:                         Paid:                        Received:             Defrauded for:
RealMalatesta             1.03142627             0.16943428         0.86199199



Total:                                                                                        0.86199199

The higher the value, the more likely the chance that the authorities will react.

Hmmm, so we've got an actual Sweden IP there. Well, that could be somehow reassuring, after all.

Oh, I like the route !  You try to go to 37.203 and you end up in another IP segment :

> traceroute 37.203.209.10
traceroute to 37.203.209.10 (37.203.209.10), 30 hops max, 60 byte packets
...
16  212.73.250.162 (212.73.250.162)  134.611 ms po11-40ge.sto4.se.portlane.net (80.67.4.174)  134.706 ms  136.136 ms
17  80.67.1.138 (80.67.1.138)  137.953 ms po11-40ge.sto4.se.portlane.net (80.67.4.174)  134.838 ms 80.67.1.138 (80.67.1.138)  136.045 ms
18  80.67.1.138 (80.67.1.138)  137.316 ms 37.203.209.10 (37.203.209.10)  135.540 ms  135.361 ms


Seems like a router :
http://80.67.1.138/

Funny, isn't there some PiratPartiet smell there ?...
They are not supposed to be scammers, though.
I wonder what we will learn about that strange story later on. Looks more and more like some detective story... 

On the phone or via email ?

When the signature campaign was late on payment Chain Radio suspended the advertisements for Lunamine on air and haven't ran them since.

If it is gone for good, I'm sure they won't mind if we don't finish the advertisement rotation

ive updated my review of cloud minners adding they are scammers - http://fuk.io/cloud-hashing-and-rig-renting-services-review/

this really sucks, currently u can trust nobody in crypto world. before doing review i did talk to them, they did pay out on my tests but of course didnt pay out later

i got 1 more IP of them from my mails:
Received: from 185.3.135.10 ([185.3.135.10])
        (SquirrelMail authenticated user [email protected])
        by server101.web-hosting.com with HTTP;

There are lots of small companies listed at that address, which is a rental office and commerce building :

http://www.norrporten.se/fastighet/forellen-9-3/?lang=en

Maybe there is a more detailed directory of tenants inside, or an actual help desk in case there is some shared-time office space for very small companies there, to which you could simply ask whether a company by the name of "Luna" or some individual by the name of "Christophe Verweire" or even some Kurt Larsson is registered tenant or not. There may be mail boxes you could check the name on. Also, there is a 16B and a 16A entrance to that building, and the address listed on lunamine.com mentions 16A, not 16B. This also might be worth another look.

As for the Timmermansgatan 54 directory, there has actually been a registered tenant by the name of Kurt Olof Larsson there. You'll notice however that he is listed as being 71 years old, so he may be either being living at one of the other tenants' address, or may have moved elsewhere recently (the disconnected phone number might be a clue) :

http://www.merinfo.se/search?ae6=Timmermansgatan+54+2tr&ae4=Lule%C3%A5&d=p

Has anybody followed up these links ?  I think I saw he's from Belgium but didn't look into it any further than that ...

NB : It appears ALL of his Facebook information and photos have been taken down ... does that mean it is him or someone with the same name who doesn't want to be associated with what's happening with Lunamine ?

You must have your reasons for pointing out that particular address ? It does look like some 'pooling of BTC' is taking place there doesn't it ?

So far I haven't been able to make a connection to that address but then I've only "gone back" one level and it'll get exponentially more involved to go back further !

What would help is someone with a top-notch PC with forensic software able to make connections between seemingly disparate transactions (like now)

Who knows. Why do you think so?

https://blockchain.info/address/15YoDfLcYWpY39C5eHANviTj1CjQ75UH5e


Is it him ?

Both addresses are probably fake. Just drove past them to have a loook..

16A is a restaurant and a store.
54 no names mentioned here are listed

https://www.dropbox.com/s/22llscxccras83f/IMG_20140814_190804.jpg

https://www.dropbox.com/s/ytzneinzr3o0yc8/IMG_20140814_192333.jpg

If you have a police report they will confiscate the servers.

From : http://lunamine.com.hypestat.com/

Server IP:         37.61.237.213
ASN:                AS8607
ISP:                 Timico Ltd Autonomous System
Server Location: Lincoln, H7, United Kingdom

Perhaps if the ISP (Timico Ltd) was approached directly, from a Lawyer or some such, then they might divulge further details ?

 Squirrel webmail is hiding the client IP

Thanks anyhow.

From lunamine.com Support Wed Jul 23 22:03:03 2014
X-Apparently-To: [email protected] via 46.228.38.200; Wed, 23 Jul 2014 21:03:07 +0000
Return-Path: <[email protected]>
Received-SPF: none (domain of lunamine.com does not designate permitted sender hosts)
 dXR1cmUgZGlmZmljdWx0eSBpbmNyZWFzZXMuIFRoZSBiZXN0IHdheSB0byBj
 b21wYXJlIHR3byBzZXJ2aWNlcyBpcyB0byBtYWtlIGEgc3ByZWFkc2hlZXQg
 aW4gRXhjZWwsIHVzaW5nIHRoZSBzYW1lIGRpZmZpY3VsdHkgaW5jcmVhc2Vz
 LiBPdXIgY29udHJhY3RzIGFyZSAkMS40MCBwZXIgR0gvcyBhbmQgZWxlY3Ry
 aWNpdHkgY29zdHMgYXJlICQwLjAwMDMyIHBlciBHSC9zIGEgZAEwAQEBAQ--
X-YMailISG: 8moufOAWLDtX53Kk29zlnTPOd5Z8H0zp6EsATkp0NzMYMyyz
 nAsMlUEsXpKaq1FlF38QHtGe.4t5wnUbziBhY6EP9SLVMbrMfhPrmPNcuR5Z
 DVu0E5tca.gkIY0kVfW3ZYn6kAw7E053g0aUqt7Ucwl3D9t29fsanB.j.F53
 C3Cy_ccbfTBcOm5RfI6NjwD_pP_xJWZjtiRVDlwhOXGOG695AJh1mUJsAbFv
 3HF8evIssKTdYwzemPoOUjXCPVWwJvCIL0MyY8GoK_xCOVsIDwepfXRbeQD4
 tJchVkhS9KtIgdgAoVYpcO0WjD6LPmUC8wefozFbZAZMaH38hpMra.t_5F4O
 jPpoU6qmNmBDkDe1ySWOPO0AgHAzTf.lNMJw2Z9ndmhqQRSJHfEuPQYXU9F1
 yM1.lPZtwMdptRPgzqBzs0eYdC7o.wv8QH8nXIEta8H_09TbwdxGIhUp3R19
 OROlEjVITV6OKIFaNXL9cHRF1_1PgiXsIuA1DmlbJfQYol0y_9RVFbnI5SWO
 wX7_p5gcYPeXEEScR62tRPHWukpN5WSHcZqv5BmLKedUEQ_KTK1tAmH587cZ
 R8g0ax84dzgwKQJ9usbCgs1Wi6TUFJBeizPlk9S0Dc06dtjZGELnKID4vtqW
 eq5nwpi5lwOnf3b7Ta8IoPwsU5mZvg7ElrnRFQQqNS5LaqL89DReg26mZyem
 jFslRibzkn.cJdD2PNpT.2Z0HgEaLAwMp_0YX6y6b7Q5WxpU8p1DBv4XtRG9
 U1zXjEHp1foiTMkQmqKmWDCNrRMvR4rinJrMx3nyqbhicy3DW.UQjHwisSKt
 FKoEVqHG8obNir309NP8LXGexXzK7sWEgc34_LFOwzgyTQ8qClDAx44dJE0L
 0Kjihx_BL14sNi9Fh5bN0HRYimnSMz_SL3p4rahieFo.ahGCJ0zXa96K65NX
 fFnCjUMldDEFks.y98SyoZsc0cXT3hcOLsS9U.JEToqtClM._RGXuRzAZlh7
 E_Wp5ztyn7D.wIHRTmwDg.Y7CA8.dvwIRroNWBJEqRTste2PUVt1mvvZkaVT
 azhKAn6rZDUJ5bHnOEGrxruTUCYIq_iQ8Rc_CJWAPNFjEReth1mcY54GFEXM
 Q13HvSiAaqJz_hL6i1xfT915dAWkbTgoSC9MLpsyGWs.P49yu5EEvdEVMV.m
 jMaJKlVddGUIatTNumIWs6lYdP2e3hF4_6QFEZR7RPMRNLpPUptEjbDSPYC1
 f15lTQLsUpwaNJTP_33SM49XOSiUbq0KW9nq8DJ6c5aBORe8nl8EIg7aKfeK
 gPbshtzq7EnWby24U1LPTKGkZsUruqDnJNCi.gkDzyMTZBxEcJOJ3MohV8gH
 PoIrlN0vDiIFy8pN.XVkm9j3hnE.DKPFdLT_PchE_SBU.YzTCenhjyU-
X-Originating-IP: [37.61.237.213]
Authentication-Results: mta1586.mail.gq1.yahoo.com  from=lunamine.com; domainkeys=neutral (no sig);  from=lunamine.com; dkim=neutral (no sig)
Received: from 127.0.0.1  (EHLO s101.web-hosting.com) (37.61.237.213)
  by mta1586.mail.gq1.yahoo.com with SMTPS; Wed, 23 Jul 2014 21:03:06 +0000
Received: from localhost ([::1]:50800 helo=server101.web-hosting.com)
   by server101.web-hosting.com with esmtpa (Exim 4.82)
   (envelope-from <[email protected]>)
   id 1XA3gl-003GV2-MD
   for [email protected]; Wed, 23 Jul 2014 17:03:04 -0400
Received: from 37.203.209.10 ([37.203.209.10])
        (SquirrelMail authenticated user [email protected])
        by server101.web-hosting.com with HTTP;
        Wed, 23 Jul 2014 17:03:03 -0400
Message-ID: <b3064213281d23a23e088d4ce69c0dc9.squirrel@server101.web-hosting.com>
In-Reply-To: <[email protected]>
References: <[email protected]>
Date: Wed, 23 Jul 2014 17:03:03 -0400
Subject: Re: Bitcoin Mining Contracts : 1 TH/s Individual
From: "lunamine.com Support" <[email protected]>
To: "xxxxxxxx yyyyyyyy" <[email protected]>
User-Agent: SquirrelMail/1.4.22
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
X-OutGoing-Spam-Status: No, score=0.7
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server101.web-hosting.com
X-AntiAbuse: Original Domain - ymail.com
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - lunamine.com
X-Get-Message-Sender-Via: server101.web-hosting.com: authenticated_id: [email protected]
X-Source:
X-Source-Args:
X-Source-Dir:
Content-Length: 1059

D'uh ! I just remembered I had a small email exchange with Lunamaine before I went ahead and bought into them.

What is it you're looking for please ? Like are there certain keywords related to client IP addresses for example ?

I'll have to see what, if anything, I can post here that may be of interest !

Thanks for the headers it seems lunamine had webmail installed on their hosting server so no clues as to client IP.