Author |
Message |
Templeton Peck
Wannabe Baiter
Joined: 27 Feb 2007
Posts: 81
Location: Still trying to escape from the Military Stockade
|
Posted:
Wed Nov 14, 2007 7:18 pm |
|
Evening all,
Ive got a bait going to a guy in the US at the moment. When i use the ip locator it comes up with a map of Witchita in Kansas....nothing odd yet.
Today i received another fresh proposal from another scammer, so before replying i checked out his ip address and guess what?.....Witchita, Kansas.
Both email addresses are from different providers so can i rule out any kind of internet routing station thingy - like somewhere that sends the emails overseas (Do you know what i mean?)? or is there a possiblity that this is the same scammer running a seperate scam (probably to others as well) to try and see if he can catch me out because he thinks i may reply to both?
I hope this makes sense!!
Cheers all
TP |
_________________ Ades0 Agb0ngwa - Lagos to Budapest - 2972 miles
Fake Websites Killed - x 1
Bank Accounts Reported - x 1 x 1 x 1 x 1 x 1
|
|
|
|
wingman
Master Baiter
Joined: 31 Oct 2007
Posts: 156
Location: State of Confusion, USA
|
Posted:
Wed Nov 14, 2007 7:29 pm |
|
I'd consider letting the 2nd one go ignored. BTW it's Wichita.... I live not too far from there. |
_________________ This is not a signature. I type this at the end of every post to ensure quality control.
Total amount in counterfeit checks taken off the street: $11450USD
"YOU THE TALK OF SCAM YOU WILL REMAIN POOR OVER THERE, YOU DONT KNOW EZE EGO OF IHIALA.."[email protected]
"if only u had a little bit more education........u probably wouldn't have ended up this way."...Dr Bola Taylor
"THE GOD OF ABRAHAM WILL DESTROY U THIS 2007 YOU WILL NOT ENTER 2008 ."...henry oranusi (fake minister)
x5 x6 |
|
|
|
LaBrea
Elite Baiter
Joined: 04 Aug 2007
Posts: 1355
Location: Yet another hotel
|
Posted:
Wed Nov 14, 2007 7:33 pm |
|
Sometiimes you get a relay server that does routing for multiple providers.
I wouldn't rule that out yet.
If you want to post your message headers, maybe we can put another pair of eyes on it, and see if there's something recognizable. |
_________________ x2 x7 x6 x7 x5
"...It is in the light of the above-mentioned person with the fact that he died of testate..." - Barrister T3ddy J0hns0n
"...you make me stupid to the people ...no time to wast you better go and see your doctor because l think your lack of stickiness." _Dr. Usman Bello
"Sir I sworn an oath as a legal luminary to defend your cause in all ramification from the armpit of the law" - Barr. W4k4r4 Iss4c
x6 x25
Click here to help your lad miss his scam quota |
|
|
|
Templeton Peck
Wannabe Baiter
Joined: 27 Feb 2007
Posts: 81
Location: Still trying to escape from the Military Stockade
|
Posted:
Wed Nov 14, 2007 7:36 pm |
|
Mod Edit: Full requote of previous post removed. See it here ^^^^
If i post the headers on here - doesnt that make them googleable?
Oh, sorry for getting the name wrong!! honest mistake....TP |
_________________ Ades0 Agb0ngwa - Lagos to Budapest - 2972 miles
Fake Websites Killed - x 1
Bank Accounts Reported - x 1 x 1 x 1 x 1 x 1
|
|
|
|
luckey
Moderator
Joined: 25 Jan 2007
Posts: 5672
Location: Check the lost and found
|
Posted:
Wed Nov 14, 2007 8:09 pm |
|
^^There's only a tiny tiny tiny tiny chance your lad will google anything that shows up in his header. You can delete his and your addy. |
_________________ Moderator: \ˈmä-də-ˌrā-tər\: noun
A material which slows down neutrons after fission to speeds at which their probability for interaction with the fuel material is increased. |
|
|
|
TheGreatOok
Catbingo
Joined: 25 May 2007
Posts: 2355
Location: Lost in L-Space
|
Posted:
Wed Nov 14, 2007 9:47 pm |
|
Don't worry about it being googled. Post the Headers and maybe somebody can figure out what is going on. Wichita is rather poor city, no offense to anyone that lives there I have had a few friends living there, so it wouldn't surprise me if there are scammers there, but I doubt that they are. |
_________________ For Free Bananas Click Here!
HYIP: x3 Banks:
Samuel - Ziguinchor, SE to Dakar, SE - 264 km through Gambia Helping JojoBean
"I knew rigth from the first time you sent email to me that,you are a bloody *DELETED*" - Sgt Daniel Vess
"I NO BLAME U NA DI DIRTY TOTO WEN BORN U NA IM I BLAME. CATBINGO" - Lee Wong
"I AM EQUAL TO A MENTAL RETARDED PERSON" - Alvan Ben
"You have pushed me to the wall and i will make you smell yourself i bet." - George Martins
"THE FOOL STOLE YOUR US$755, HE DOES NOT DESERVE TO LEAVE ON THE PLANET" - Jim Ovia
- for a perfect brown nosing job.
x4 |
|
|
|
Tommo Shanter
Baiting Guru
Joined: 13 Jan 2006
Posts: 5378
Location: Whom the gods would destroy, they first make mad. - Euripides
|
Posted:
Wed Nov 14, 2007 11:00 pm |
|
Templeton Peck wrote: |
... or is there a possiblity that this is the same scammer running a seperate scam (probably to others as well) to try and see if he can catch me out because he thinks i may reply to both?
|
Happens all the time. If you keep your story consistent in replying to both, and it is the same lad, you can get him to chop his own dolla, which is nice! |
_________________ £1,052,334.30 (=US$2,121,125.60) lads fake cheques out of circulation (at 11/6/2008)
x135 (at 26/9/2008) x138
"i see your not interested in the transaction but catching your fun, calling names and my muckery of me." - Usman Bello
"You need to visit a good psychiatrist very fast, because some nuts are missing from your brain." - PROF.SOLUDO
"...it is very important you forward the your cycling proficiency certificate which by right belongs to you." - Prof Charles Soludo.
"note i can still change my mind to blow you off and whenever" - T0ny 'The Killerman' Erik
YOUR GENERATION WILL ROAST IN ABSTRACT POVERTY,BASTARD IDIOT -Daniel Mensah
|
|
|
|
Templeton Peck
Wannabe Baiter
Joined: 27 Feb 2007
Posts: 81
Location: Still trying to escape from the Military Stockade
|
Posted:
Thu Nov 15, 2007 7:20 am |
|
This header is from my active bait
Quote: |
From tim McCARRON Fri Nov 9 11:04:58 2007
Return-Path:
Authentication-Results: mta110.mail.ukl.yahoo.com from=hotmail.com; domainkeys=neutral (no sig)
Received: from 65.54.246.237 (EHLO bay0-omc3-s37.bay0.hotmail.com) (65.54.246.237)
by mta110.mail.ukl.yahoo.com with SMTP; Fri, 09 Nov 2007 11:15:44 +0000
Received: from BAY136-W8 ([65.55.141.43]) by bay0-omc3-s37.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);
Fri, 9 Nov 2007 03:04:58 -0800
Message-ID: <[email protected]>
Return-Path:
Content-Type: multipart/alternative;
boundary="_b2026c09-85c5-4242-9754-c4af8400949c_"
Reply-To:
From:
To:
Subject: URGENT
Date: Fri, 9 Nov 2007 04:04:58 -0700
Importance: Normal
MIME-Version: 1.0
Content-Length: 2489 |
and this is from the email i received yesterday
[/quote]From Wed Nov 14 18:06:32 2007
Return-Path:
Authentication-Results: mta140.mail.ukl.yahoo.com from=yahoo.de; domainkeys=neutral (no sig)
Received: from 209.239.36.229 (EHLO host4.oneononeinternet.com) (209.239.36.229)
by mta140.mail.ukl.yahoo.com with SMTP; Wed, 14 Nov 2007 18:11:56 +0000
Received: from localhost.localdomain (localhost [127.0.0.1])
by host4.oneononeinternet.com (8.12.11.20060614/8.12.10) with ESMTP id lAEI6Wmt010699;
Wed, 14 Nov 2007 13:06:32 -0500
From:
Reply-To:
Subject: INHERITANCE PAYMENT NOTIFICATION
Date: Wed, 14 Nov 2007 14:06:32 -0400
Message-Id: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain;
charset=iso-8859-1
Content-Length: 3193[/quote]
**Email addresses have been removed**
Both are coming from Wichita according to www.ip-adress.com
See whay you all think.
Cheers
TP |
_________________ Ades0 Agb0ngwa - Lagos to Budapest - 2972 miles
Fake Websites Killed - x 1
Bank Accounts Reported - x 1 x 1 x 1 x 1 x 1
|
|
|
|
Murry Guru
Baiting Guru
Joined: 11 May 2007
Posts: 5561
Location: Turned into Ralph
|
Posted:
Thu Nov 15, 2007 7:54 am |
|
I am no IP address expert but I get
65.55.141.43 for the first one which leads to here
City: Redmond
StateProv: WA
PostalCode: 98052
Country: US
I would guess this is microsoft corp
And
8.12.11.200 for the second one which seems to be here
City: Broomfield
StateProv: CO
PostalCode: 80021
Country: US
Dont take my word for it but to me it looks like 2 different people.
I wouldn't be surprised if someone is just about to come along and tell me I am wrong.
Even if they are different people in different locations it still could be the same group.
You could also try sending an ASEM to the second one from a different addy and see what happens |
_________________ "I want to hold your hand and let you scream at me while you bring our child into this world"- Linda Lopez
Bait with Frumpy on the hitman "i though we are partners in this and now u turn around to stub me on the back"
Click to learn how to romance bait Click to get your name in mugu gold
Got info on a scam vic? PM a mod Recieved a scam warning? Say "thank you, I am a baiter"
Ruin your pets day, post their details at scamwarners
<- I run like a girl
x12 ? not enough
<- this one belongs to Ralph. |
|
|
|
thud419
Baiting Guru
Joined: 04 Jan 2006
Posts: 3193
|
Posted:
Thu Nov 15, 2007 9:09 am |
|
I agree with the first, it's a Hotmail server. That seems odd, because I didn't think Hotmail hid IP addresses. Maybe it was spoofed, but that would be unusual in an ongoing bait.
Quote: |
Received: from BAY136-W8 ([65.55.141.43]) by bay0-omc3-s37.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); |
The IP address there is a look-up by the server to find the IP address that BAY136-W8 refers to. However it is not necessarily the IP address that actually connected to it (unless someone knows MS SMTPSVC better than I do.)
Your second IP there is a date and time.
It comes from OneOnOne Internet, who appear to hide the IP address too.
Quote: |
Received: from localhost.localdomain (localhost [127.0.0.1])
by host4.oneononeinternet.com (8.12.11.20060614/8.12.10) with ESMTP id lAEI6Wmt010699; |
Like the first, it reports the name that the lad's PC identified itself as, and it reports what IP address that name relates to. But it doesn't report the IP address that the lad used.
If we accept that the IP addresses given are correct, then someone has hacked a Hotmail server and a OneOnOne Internet server. That doesn't seem likely. |
_________________ Click here to feel warm and cozy.
I did not f**k your wife in any way -- Nike Akanbi
I don't know what else to do or do I continue filling and filling forms. -- Barr. Koloti
you has been dribbling me up and down but I will show some thing you have never seen before, I think you breath air wait and see. -- Barr. Cole
x14
x 0.25 won from Reaper in a sucker's bet
x8 x several |
|
|
|
irishemigrant
** REMEMBERED **
Joined: 22 Jul 2007
Posts: 4933
Location: 40*45' S 172* 34'E
|
Posted:
Thu Nov 15, 2007 9:23 am |
|
IP address: 65.55.141.43
IP country: United States
IP Address state:
IP Address city:
IP latitude: 38.0000
IP longitude: -97.0000
ISP: Microsoft Corp
Organization: Microsoft Corp
Host: bay136-w8.bay136.hotmail.com
IP address: 8.12.11.200
IP country: United States
IP Address state:
IP Address city:
IP latitude: 38.000000
IP longitude: -97.000000
ISP: Level 3 Communications
Organization: Level 3 Communications
I got both resolved to NW120th Street and NW River Valley Road, between Route 196 and Route 77
On Google earth it looks like farmland there, Transmission tower possibly, I'm picking a Sat bounce to the Network. Your lad could be anywhere,
edit: I missed this , our old friend IP address: 127.0.0.1 it's the Gilat Sat off the coast of Ghana, serving Nigeria, Ghana, Benin etc. Your lad is probably in Nigeria.
edit, if you google mta110.mail.ukl.yahoo.com it takes you to the romance anti scammers site |
|
|
|
|
LaBrea
Elite Baiter
Joined: 04 Aug 2007
Posts: 1355
Location: Yet another hotel
|
Posted:
Thu Nov 15, 2007 2:41 pm |
|
I agree with the first is a hotmail server.
The second server net name (oneononeinternet.com) resolves to the 209.239.36.229 address.
Quote: |
IP address: 209.239.36.229
Host name: host4.oneononeinternet.com
209.239.36.229 is from United States(US) in region North America
NetRange: 209.239.32.0 - 209.239.63.255
CIDR: 209.239.32.0/19
NetName: ALABANZA-BALT-1
(Baltimore MD)
|
The 8.12.11.x range resolves to just outside of Wichita KS (Satellite IP).
The 127.0.0.1 is the loopback address of the gateway server of the 8.12.11.x net.
Quote: |
Received: from 209.239.36.229 (EHLO host4.oneononeinternet.com) (209.239.36.229)
by mta140.mail.ukl.yahoo.com with SMTP; Wed, 14 Nov 2007 18:11:56 +0000
Received: from localhost.localdomain (localhost [127.0.0.1])
by host4.oneononeinternet.com (8.12.11.20060614/8.12.10) with ESMTP id lAEI6Wmt010699;
Wed, 14 Nov 2007 13:06:32 -0500 |
I think the lad is posting from an account that is served by a domain that hides the workstation IP, much like Gmail.
It's a sat bounce to the tower in KS, the net servers are in Baltimore.
In short, the lad could be anywhere. |
_________________ x2 x7 x6 x7 x5
"...It is in the light of the above-mentioned person with the fact that he died of testate..." - Barrister T3ddy J0hns0n
"...you make me stupid to the people ...no time to wast you better go and see your doctor because l think your lack of stickiness." _Dr. Usman Bello
"Sir I sworn an oath as a legal luminary to defend your cause in all ramification from the armpit of the law" - Barr. W4k4r4 Iss4c
x6 x25
Click here to help your lad miss his scam quota |
|
|
|
luckey
Moderator
Joined: 25 Jan 2007
Posts: 5672
Location: Check the lost and found
|
Posted:
Thu Nov 15, 2007 2:52 pm |
|
For addies that hide IPs, you can send an email through readnotify.com and track it that way. You can sign up for a free two week trial there. (Thank Jojobean for that tip.)
My money is on West Africa for your lad(s), but I'll keep an open mind. |
_________________ Moderator: \ˈmä-də-ˌrā-tər\: noun
A material which slows down neutrons after fission to speeds at which their probability for interaction with the fuel material is increased. |
|
|
|
ParaNoid
** REMEMBERED **
Joined: 12 Sep 2006
Posts: 5123
Location: Looking for Steward.
|
Posted:
Fri Nov 16, 2007 2:55 am |
|
@ Templeton Peck, I liked your work on A-Team as Face. I even recognized the line in your Location line. Thanks for the memory!
Murry Guru wrote: |
City: Broomfield
StateProv: CO
PostalCode: 80021
Country: US |
My IP regularly resolves to this location. I am 300 miles away from there (and I am not in Kansas). If "Faceman" checks often he will see that the IP location is dynamic in Eastern Colorado. Often it shows up in Hudson, Broomfield, Parker and a couple other cities.
irishemigrant wrote: |
ISP: Level 3 Communications
Organization: Level 3 Communications |
My ISP also uses Level 3 Communications, though the actual ISP is NOT Level 3.
Thank you Al Coholic for teaching me this. |
_________________ Gold Coins here
x 4 <b>Looking for a Mentor? Click here</b>
"If I get mad at you, please just understand me. I am just being ParaNoid because I love you so much." - unknown
Visit www.scamwarners.com |
|
|
|
|