Lads in the US on AOL?

By joining our community you will have the ability to post topics and access other forums reserved for members. Registration is quick, simple and absolutely free. Join our community today by clicking here.

Posted: Mon Nov 29, 2010 12:12 am

Well, color me confused. I had a little trouble getting my lad's IP address, but it points back to AOL in the US. Now, a couple of years ago before I went fishing this was extremely rare. Lads outside of Africa were not unheared of, but only very rarely did they ever trace back to the US. I know for sure it's right. I have confirmation from two different sources.

I'm wondering how much things have changed over the last few years. Are there more scammers in the US these days? What's done about them? Or has AOL give international these days and could he be from some other place? Is AOL still messing about with rotating IP addresses that change every few minutes?

Posted: Mon Nov 29, 2010 1:43 am

Nice to see you back Tweety, Very Happy

It's getting a bit like Yahoo at times, sometimes the ip resolves to where you expect, other times you get Sunnyvale, Tacoma, Midwest, Iceland.

Scammers are more widespread in the last few years as well, Canada, the US probably, England, China even, and Malaysia, India.

Tried these?

http://www.ip-adress.com/

http://www.iptrackeronline.com/header.php

Posted: Mon Nov 29, 2010 1:58 am

AOL has a web-based application that can be used internationally. Even if the user is logged in outside the US, it appears that the originating IP will still show as AOL's servers in the US--so if your lad got hold of an AOL account, he could show as US.

In this situation, readnotify is probably the way to go to get his location.

Posted: Mon Nov 29, 2010 2:09 am

The problem with AOL is that they have their own WAN network with the users inside. When you connect to AOL, you're not assigned a public IP number, you have an AOL private IP number.
If you go to a web page outside AOL, your IP is AOL's router. If you send email, your IP is not included. The first one in the header is AOL's mail server. It should be the transfer between the user and the mail server but it doesn't matter since the IP number has no meaning if you don't have a map of AOL IP distribution.

Posted: Mon Nov 29, 2010 2:17 am

^^@ Dorothy and Togawa

Thanks, I learn something new everyday here.

and you can feck off right now Slightly before you even think of answering Very Happy

Posted: Mon Nov 29, 2010 6:30 am

When I send from AOL, it shows my IP (according to iptrackeronline) as AOL's (205.188.91.211) however my real IP can be found in the usual places including the last RECEIVED: from and in the X-Originating-IP.

Using http://www.iptrackeronline.com/header.php my IP is shown second on the list. I don't use iptrackeronline and just by looking at the headers I would have found the right IP address.

The last received from is

Quote:

Received: from xx.xx.xx.xx by webmail-d062.sysops.aol.com (205.188.91.211) with HTTP (WebMailUI); Mon, 29 Nov 2010 01:03:00 -0500

The xx.xx.xx.xx shows my IP address and is what I always look for. It kind of just jumps out at you at this point.

Way back when AOL was my ISP I know it showed my IP as AOL's and stuck me in Virginia.

419Eater is my life Joined: 31 Mar 2009 Posts: 327

I have a lad in Nigeria who has sent me emails using AOL. I found it interesting that he could use it, but I knew he was in Nigeria. Of course, the lad is still calling with that Nigerian phone number, but now his IP says South Africa, so who knows. I don't think it's often lads use AOL, but some of them do.

Posted: Mon Nov 29, 2010 2:55 pm

It's really hard to explain this in detail. I wrote a note about email routing years ago and I guess it's there somewhere.

Basically, email is a file transfer between nodes. Each server handling a mail adds a line on top that says Received with timestamp and identification of the previous node.
Years ago, when a message had to pass through many servers, was really helpful. Today, most messages are handled by the originating server and the destination server. In some complex setups, Gmail, Yahoo, a message is passed through different servers inside their own network (you'll see address 10.x.x.x or other numbers reserved for private LAN).

One thing that you have to understand, this is not a rule nor a functional part of the email system. It's more like common courtesy (and common sense). You can have thousand servers handling a message without reporting it and you'll never know. In fact, I know that some system have spam/antivirus/whatever servers filtering email and not adding to the routing. I've seen too some systems that do (although most antivirus report to the bottom of the body as a form of advertising... it's funny when you see the ad and the attachment is rejected by your own local antivirus...).

Then one day webmail showed up. Before that, all transfer were client to server. Client meaning your node dealing with the server through Telnet (yes! that was the way originally, typing all the commands one by one...) or a client application. Webmail does that from a node other than your own. That's why many old webmail generated messages where the first Received line was the IP of the web server. For the mail server it was exactly the same, in fact they were regular mail servers responding to Telnet sessions, not from your node, not from your mail app but from a webmail app. I think the first one I saw reporting the IP of the client was Yahoo (it could be someone else, Yahoo was popular and it was more likely to notice that there), they made their webmail app to add a Received line to the routing before passing it to the mail server.
Again, it's not mandatory. Gmail, on the other hand, chose not to.

Then, they all started adding all kind of tags in the middle. One of the is the X-Originating IP that shows the IP of the original client. Again, it's not a standar nor it's mandatory. If you check it, you'll notice that this tag is located way up in the routing meaning that the information has been carried from node to node by other means, not just added on top of the file before transfer. That's because the mail servers they use now for webmail are not standard SMTP servers. So, you can see all kind of weird headers. Weird meaning you can no longer trust the sequence of events. Before that, the unwritten rule was that a node was able to add lines on top. Now they add on top, in the middle, down under, in the body!

The story of AOL started when they were an isolated network with connection to the Internet. Their original webmail app didn't report the originator IP and it didn't matter since the information (a private IP) made sense only to AOL. When they opened their webmail to the Internet, I guess, they kept the same app and didn't report the now public originating IP. Now, AOL is Yahoo (and so is ATT.net). I've seen that they're all changing their sites converging to the Yahoo format. It's reasonable to think that all their servers are going to be integrated soon and will behave the same way.

Posted: Mon Nov 29, 2010 8:11 pm

Thanks for all the explanations, but like I said, I have extra confirmation. I sent him a message with a remotely embedded image in it. When he viewed it, the image loaded from my server and I got an IP address. The server logs indicate an AOL IP as well, so it's not just the e-mail headers.

Or is AOL running some kind of shenanigans with transparent proxies? And if so, are those available outside the US as well? Mail can be routed from anywhere, but I wonder if AOL's WAN that Togawa speaks of is available outside the US.