SmartFeedSmartFeed          

Porsche Hangout


WELCOME - YOU ARE CURRENTLY VIEWING 419EATER AS A GUEST

By joining our community you will have the ability to post topics and access other forums reserved for members. Registration is quick, simple and absolutely free. Join our community today by clicking here.

ScamWarners.com - Internet Anti-Fraud Center - now open!


 Does this IP originate from the UK?

View next topic
View previous topic
 
Post new topicReply to topic
Author Message
Tikk
Master Baiter


Joined: 01 Feb 2007
Posts: 201
Location: the land of tea and crumpets


PostPosted: Mon Apr 16, 2007 8:24 pm Reply with quoteBack to top

Quote:
Received: from rediffmail.com ([203.199.83.200]) by imta03ps.mx.bigpond.com
with SMTP
id <[email protected]*****.com>
for <***.***@example.com>; Fri, 13 Apr 2007 22:49:20 +0000
Received: (qmail 12544 invoked from network); 13 Apr 2007 22:49:16 -0000
Received: from unknown (HELO geetekos) (81.85.1.1)
by mailserver with SMTP; 13 Apr 2007 22:49:16 -0000
Message-ID: <[email protected]>


This is everything relevant (i hope) from an email header.

The first IP is from the email server, correct? This makes it obsolete.

Now the second IP points to the UK. Does this mean the scammer comes from the UK? Or is there another reason for this being a UK IP? The scam email itself is in very good english, about the quality i would expect from a uk based scammer, so who knows. If it is a UK based lad, I may have to pick it up. I haven't tried a UK lad yet.

Mods - feel free to delete this thread when or if anyone confirms/denies this. It's a quick question only.
View user's profileSend private message
Inspector Gadget
Angel of unrealistic meetings


Joined: 20 Feb 2007
Posts: 6195
Location: Trumpton


PostPosted: Mon Apr 16, 2007 8:30 pm Reply with quoteBack to top

203.199.83.200 responds back to India.
The header goes all the way down to where the message starts.
If you copy and paste into
this site
You'll get your answers.

_________________
Easter 2015 x2 Pith Helmet Co bait with Rumbero Sao Tome island to Gabon van donation
Pith Helmet Co bait with Jayhawk and VJD. Stanley's bottle tour Aba to Lagos
Pith Helmet Pith Helmet Team Hector, airport in installments and St Louis to Kayes
Pith Helmet Halil, Cotonou to Accra
Pith Helmet + Sand Timer Precious 10/08/11
Cellphone x8 Nigeria Spain Mortar x34 Closed lad accounts x 73 Goat
grown up man like him, still doing all this shit games - Stanley, (he doesn't like Parcel Direct)
You again do the strange reflections stuffed with drugs? - Natalia
Sand Timer x3 Hector 24/1/13 Sand Timer Moses 15th Oct 2011
Pretty Rose Sand Timer x 2Mick Ole 11th Sept 2014-16 Sand Timer Asare Akuffo start 4th Aug 2014
View user's profileSend private messageSkype Name
Scam Patroller
Baiting Guru


Joined: 08 Jul 2004
Posts: 11852
Location: UK


PostPosted: Mon Apr 16, 2007 8:32 pm Reply with quoteBack to top

The Inidan IP is from Rediffmail, which is simply the email providor which is Indian, the other UK IP is for:

www.sms-internet.net (Satellite Media Services)

Which appears to be a satellite providor:

http://www.dnsstuff.com/tools/whois.ch?ip=81.85.1.1

http://www.uplinkstation.com/ss/SMS-Internet.html

_________________
Pith Helmet 10 Safari Safari Safari Safari Safari Safari Safari Safari Suitcase
40x Nigeria 4x South Africa 2x Ghana 2x Benin 10x Ivory Coast 34x United Kingdom 17x United States 9x Spain 1x Belgium 1x 6x European Union 4x Canada 1x New Zealand 6x Netherlands 1x pyramid 23x Cellphone Jolly Roger
Vcamera YMCA Vcamera Summer Holdiay + Bus Hijack

www.scamwarners.com - www.scam-info-links.info - www.aa419.org - The Numpties Gallery

Last edited by Scam Patroller on Mon Apr 16, 2007 8:34 pm; edited 1 time in total
View user's profileSend private message
Tikk
Master Baiter


Joined: 01 Feb 2007
Posts: 201
Location: the land of tea and crumpets


PostPosted: Mon Apr 16, 2007 8:33 pm Reply with quoteBack to top

The first one goes back to india yeah, but isn't that the IP of the email server? I'm probably wrong, i don't know.

I checked your link, that's actually a really good link. *saved* Cool.

It tells me there are two IPs, one from india and one from the UK, and apparently the UK IP is probably the original.

I'll probably start baiting anyway regardless.
View user's profileSend private message
Tikk
Master Baiter


Joined: 01 Feb 2007
Posts: 201
Location: the land of tea and crumpets


PostPosted: Mon Apr 16, 2007 8:34 pm Reply with quoteBack to top

Scam Patroller wrote:
The Inidan IP is from Rediffmail, the other UK IP is for:

www.sms-internet.net (Satellite Media Services)

Which appears to be a satellite providor:

http://www.dnsstuff.com/tools/whois.ch?ip=81.85.1.1

http://www.uplinkstation.com/ss/SMS-Internet.html


Dammit. I guess that means i won't know where he's really from?
View user's profileSend private message
Scam Patroller
Baiting Guru


Joined: 08 Jul 2004
Posts: 11852
Location: UK


PostPosted: Mon Apr 16, 2007 8:35 pm Reply with quoteBack to top

^^^^^ As Slowfreddie said above, can you post the whole header, not just the bit you posted above.

_________________
Pith Helmet 10 Safari Safari Safari Safari Safari Safari Safari Safari Suitcase
40x Nigeria 4x South Africa 2x Ghana 2x Benin 10x Ivory Coast 34x United Kingdom 17x United States 9x Spain 1x Belgium 1x 6x European Union 4x Canada 1x New Zealand 6x Netherlands 1x pyramid 23x Cellphone Jolly Roger
Vcamera YMCA Vcamera Summer Holdiay + Bus Hijack

www.scamwarners.com - www.scam-info-links.info - www.aa419.org - The Numpties Gallery
View user's profileSend private message
Tikk
Master Baiter


Joined: 01 Feb 2007
Posts: 201
Location: the land of tea and crumpets


PostPosted: Mon Apr 16, 2007 8:40 pm Reply with quoteBack to top

No problem.

Return-Path: <[email protected]>
Received: from rediffmail.com ([203.199.83.200]) by imta03ps.mx.bigpond.com
with SMTP
id <[email protected]>
for <***.***@example.com>; Fri, 13 Apr 2007 22:49:20 +0000
Received: (qmail 12544 invoked from network); 13 Apr 2007 22:49:16 -0000
Received: from unknown (HELO geetekos) (81.85.1.1)
by mailserver with SMTP; 13 Apr 2007 22:49:16 -0000
Message-ID: <[email protected]>
Reply-To: "A.H.A INTERNATIONAL CO., LTD" <[email protected]>
From: "A.H.A INTERNATIONAL CO., LTD" <[email protected]>
To: <Undisclosed-Recipient:;>
Subject: Part-time Job From Home!!!
Date: Fri, 13 Apr 2007 23:23:50 -0700
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_00B7_01C77E22.CB1FDF80"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4927.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4927.1200
View user's profileSend private message
zombie
Not quite a Newb


Joined: 26 Mar 2007
Posts: 58
Location: Somewhere over the rainbow.


PostPosted: Mon Apr 16, 2007 10:02 pm Reply with quoteBack to top

The 81.85.1.1 will be a router or a server somewhere. Most places reserve the first xx.xx.xx.1 for the network router (or other default gateway). So I think you can pretty much count this one out.
View user's profileSend private messageMSN Messenger
ScamAngel
Not quite a Newb


Joined: 03 Apr 2007
Posts: 23


PostPosted: Mon Apr 16, 2007 10:55 pm Reply with quoteBack to top

That link toheader analysis excellent Wink Cool
View user's profileSend private messageSend e-mail
Display posts from previous:      
Post new topicReply to topic


 Jump to:   



View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



E-Mail Header Analysis


All Content © 2003 - 419Eater.com
Powered by phpBB © 2001, 2002 phpBB Group :S5: FI Theme :: All times are GMT