| Author |
Message |
Tikk
Master Baiter
Joined: 01 Feb 2007
Posts: 201
Location: the land of tea and crumpets
|
 Posted:
Mon Apr 16, 2007 8:24 pm |
  |
| Quote: |
Received: from rediffmail.com ([203.199.83.200]) by imta03ps.mx.bigpond.com
with SMTP
id <20070413224920.URPI28021.imta03ps.mx.bigpond.com@*****.com>
for <***.***@example.com>; Fri, 13 Apr 2007 22:49:20 +0000
Received: (qmail 12544 invoked from network); 13 Apr 2007 22:49:16 -0000
Received: from unknown (HELO geetekos) (81.85.1.1)
by mailserver with SMTP; 13 Apr 2007 22:49:16 -0000
Message-ID: <00f401c77e61$40e5fbd0$0800000a@geetekos> |
This is everything relevant (i hope) from an email header.
The first IP is from the email server, correct? This makes it obsolete.
Now the second IP points to the UK. Does this mean the scammer comes from the UK? Or is there another reason for this being a UK IP? The scam email itself is in very good english, about the quality i would expect from a uk based scammer, so who knows. If it is a UK based lad, I may have to pick it up. I haven't tried a UK lad yet.
Mods - feel free to delete this thread when or if anyone confirms/denies this. It's a quick question only. |
|
|
|
|
|
Inspector Gadget
Angel of unrealistic meetings
Joined: 20 Feb 2007
Posts: 6259
Location: Trumpton
|
| Posted:
Mon Apr 16, 2007 8:30 pm |
|
203.199.83.200 responds back to India.
The header goes all the way down to where the message starts.
If you copy and paste into
this site
You'll get your answers. |
_________________
  x2  Co bait with Rumbero Sao Tome island to Gabon van donation
Co bait with Jayhawk and VJD. Stanley's bottle tour Aba to Lagos
Team Hector, airport in installments and St Louis to Kayes
Halil, Cotonou to Accra
+  Precious 10/08/11
 x8    x34  x 73 
grown up man like him, still doing all this shit games - Stanley, (he doesn't like Parcel Direct)
You again do the strange reflections stuffed with drugs? - Natalia
x3 Hector 24/1/13 Moses 15th Oct 2011
 x 2Mick Ole 11th Sept 2014-16 Asare Akuffo start 4th Aug 2014 |
|
|
|
|
Scam Patroller
Baiting Guru
Joined: 08 Jul 2004
Posts: 11857
Location: UK
|
| Posted:
Mon Apr 16, 2007 8:32 pm |
|
|
|
|
|
Tikk
Master Baiter
Joined: 01 Feb 2007
Posts: 201
Location: the land of tea and crumpets
|
| Posted:
Mon Apr 16, 2007 8:33 pm |
|
The first one goes back to india yeah, but isn't that the IP of the email server? I'm probably wrong, i don't know.
I checked your link, that's actually a really good link. *saved*  .
It tells me there are two IPs, one from india and one from the UK, and apparently the UK IP is probably the original.
I'll probably start baiting anyway regardless. |
|
|
|
|
|
Tikk
Master Baiter
Joined: 01 Feb 2007
Posts: 201
Location: the land of tea and crumpets
|
| Posted:
Mon Apr 16, 2007 8:34 pm |
|
Dammit. I guess that means i won't know where he's really from? |
|
|
|
|
|
Scam Patroller
Baiting Guru
Joined: 08 Jul 2004
Posts: 11857
Location: UK
|
| Posted:
Mon Apr 16, 2007 8:35 pm |
|
|
|
|
|
Tikk
Master Baiter
Joined: 01 Feb 2007
Posts: 201
Location: the land of tea and crumpets
|
| Posted:
Mon Apr 16, 2007 8:40 pm |
|
No problem.
Return-Path: <[email protected]>
Received: from rediffmail.com ([203.199.83.200]) by imta03ps.mx.bigpond.com
with SMTP
id <[email protected]>
for <***.***@example.com>; Fri, 13 Apr 2007 22:49:20 +0000
Received: (qmail 12544 invoked from network); 13 Apr 2007 22:49:16 -0000
Received: from unknown (HELO geetekos) (81.85.1.1)
by mailserver with SMTP; 13 Apr 2007 22:49:16 -0000
Message-ID: <00f401c77e61$40e5fbd0$0800000a@geetekos>
Reply-To: "A.H.A INTERNATIONAL CO., LTD" <[email protected]>
From: "A.H.A INTERNATIONAL CO., LTD" <[email protected]>
To: <Undisclosed-Recipient:;>
Subject: Part-time Job From Home!!!
Date: Fri, 13 Apr 2007 23:23:50 -0700
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_00B7_01C77E22.CB1FDF80"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4927.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4927.1200 |
|
|
|
|
|
zombie
Not quite a Newb
Joined: 26 Mar 2007
Posts: 58
Location: Somewhere over the rainbow.
|
| Posted:
Mon Apr 16, 2007 10:02 pm |
|
The 81.85.1.1 will be a router or a server somewhere. Most places reserve the first xx.xx.xx.1 for the network router (or other default gateway). So I think you can pretty much count this one out. |
|
|
|
|
|
ScamAngel
Not quite a Newb
Joined: 03 Apr 2007
Posts: 23
|
| Posted:
Mon Apr 16, 2007 10:55 pm |
|
That link toheader analysis excellent  |
|
|
|
|
|
|
|
SmartFeed
2x 
2x 
10x 
34x 
17x 
9x 
1x 
6x 
4x 
1x 
6x 
1x 
23x 
