SmartFeedSmartFeed          

Porsche Hangout


WELCOME - YOU ARE CURRENTLY VIEWING 419EATER AS A GUEST

By joining our community you will have the ability to post topics and access other forums reserved for members. Registration is quick, simple and absolutely free. Join our community today by clicking here.

ScamWarners.com - Internet Anti-Fraud Center - now open!


 Scammers trying to catch me out?

View next topic
View previous topic
 
Post new topicReply to topic
Author Message
Templeton Peck
Wannabe Baiter


Joined: 27 Feb 2007
Posts: 81
Location: Still trying to escape from the Military Stockade


PostPosted: Wed Nov 14, 2007 7:18 pm Reply with quoteBack to top

Evening all,

Ive got a bait going to a guy in the US at the moment. When i use the ip locator it comes up with a map of Witchita in Kansas....nothing odd yet.

Today i received another fresh proposal from another scammer, so before replying i checked out his ip address and guess what?.....Witchita, Kansas.

Both email addresses are from different providers so can i rule out any kind of internet routing station thingy - like somewhere that sends the emails overseas (Do you know what i mean?)? or is there a possiblity that this is the same scammer running a seperate scam (probably to others as well) to try and see if he can catch me out because he thinks i may reply to both?

I hope this makes sense!!

Cheers all

TP

_________________
Safari Ades0 Agb0ngwa - Lagos to Budapest - 2972 miles

Fake Websites Killed - United Kingdom x 1

Bank Accounts Reported - United States x 1 Thailand x 1 United Kingdom x 1 Nigeria x 1 Guernsey x 1

pony
View user's profileSend private message
wingman
Master Baiter


Joined: 31 Oct 2007
Posts: 156
Location: State of Confusion, USA


PostPosted: Wed Nov 14, 2007 7:29 pm Reply with quoteBack to top

I'd consider letting the 2nd one go ignored. BTW it's Wichita.... I live not too far from there.

_________________
This is not a signature. I type this at the end of every post to ensure quality control.

Total amount in counterfeit checks taken off the street: $11450USD

"YOU THE TALK OF SCAM YOU WILL REMAIN POOR OVER THERE, YOU DONT KNOW EZE EGO OF IHIALA.."...[email protected]

"if only u had a little bit more education........u probably wouldn't have ended up this way."...Dr Bola Taylor

"THE GOD OF ABRAHAM WILL DESTROY U THIS 2007 YOU WILL NOT ENTER 2008 ."...henry oranusi (fake minister)
Cellphone x5 Closed lad accounts x6 pony
View user's profileSend private message
LaBrea
Marked Man


Joined: 04 Aug 2007
Posts: 1355
Location: Yet another hotel


PostPosted: Wed Nov 14, 2007 7:33 pm Reply with quoteBack to top

Sometiimes you get a relay server that does routing for multiple providers.
I wouldn't rule that out yet.
If you want to post your message headers, maybe we can put another pair of eyes on it, and see if there's something recognizable.

_________________
Nigeria x2 Benin Senegal Canada x7 United Kingdom x6 United States x7 Ivory Coast x5 New Zealand South Africa
"...It is in the light of the above-mentioned person with the fact that he died of testate..." - Barrister T3ddy J0hns0n
"...you make me stupid to the people ...no time to wast you better go and see your doctor because l think your lack of stickiness." _Dr. Usman Bello
"Sir I sworn an oath as a legal luminary to defend your cause in all ramification from the armpit of the law" - Barr. W4k4r4 Iss4c
pony pony pony Mortar x6 Closed lad accounts x25
Click here to help your lad miss his scam quota
View user's profileSend private messageSend e-mail
Templeton Peck
Wannabe Baiter


Joined: 27 Feb 2007
Posts: 81
Location: Still trying to escape from the Military Stockade


PostPosted: Wed Nov 14, 2007 7:36 pm Reply with quoteBack to top

Mod Edit: Full requote of previous post removed. See it here ^^^^

If i post the headers on here - doesnt that make them googleable?

Oh, sorry for getting the name wrong!! honest mistake....TP

_________________
Safari Ades0 Agb0ngwa - Lagos to Budapest - 2972 miles

Fake Websites Killed - United Kingdom x 1

Bank Accounts Reported - United States x 1 Thailand x 1 United Kingdom x 1 Nigeria x 1 Guernsey x 1

pony
View user's profileSend private message
luckey
Moderator


Joined: 25 Jan 2007
Posts: 5629
Location: Check the lost and found


PostPosted: Wed Nov 14, 2007 8:09 pm Reply with quoteBack to top

^^There's only a tiny tiny tiny tiny chance your lad will google anything that shows up in his header. You can delete his and your addy.

_________________
Moderator: \ˈmä-də-ˌrā-tər\: noun
A material which slows down neutrons after fission to speeds at which their probability for interaction with the fuel material is increased.
View user's profileSend private messageSend e-mail
TheGreatOok
CATBINGO


Joined: 25 May 2007
Posts: 2355
Location: Lost in L-Space


PostPosted: Wed Nov 14, 2007 9:47 pm Reply with quoteBack to top

Don't worry about it being googled. Post the Headers and maybe somebody can figure out what is going on. Wichita is rather poor city, no offense to anyone that lives there I have had a few friends living there, so it wouldn't surprise me if there are scammers there, but I doubt that they are.

_________________
For Free Bananas Click Here!
HYIP: pyramid x3 Banks: United Arab Emirates
Pith Helmet Samuel - Ziguinchor, SE to Dakar, SE - 264 km through Gambia Helping JojoBean

"I knew rigth from the first time you sent email to me that,you are a bloody *DELETED*" - Sgt Daniel Vess
"I NO BLAME U NA DI DIRTY TOTO WEN BORN U NA IM I BLAME. CATBINGO" - Lee Wong
"I AM EQUAL TO A MENTAL RETARDED PERSON" - Alvan Ben
"You have pushed me to the wall and i will make you smell yourself i bet." - George Martins
"THE FOOL STOLE YOUR US$755, HE DOES NOT DESERVE TO LEAVE ON THE PLANET" - Jim Ovia

pony pony - for a perfect brown nosing job. Wink

pony Mortar x4
View user's profileSend private messageSend e-mailVisit poster's websiteSkype Name
Tommo Shanter
Swiss Toni


Joined: 13 Jan 2006
Posts: 5379
Location: Whom the gods would destroy, they first make mad. - Euripides


PostPosted: Wed Nov 14, 2007 11:00 pm Reply with quoteBack to top

Templeton Peck wrote:
... or is there a possiblity that this is the same scammer running a seperate scam (probably to others as well) to try and see if he can catch me out because he thinks i may reply to both?


Happens all the time. If you keep your story consistent in replying to both, and it is the same lad, you can get him to chop his own dolla, which is nice! Twisted Evil Laughing

_________________
£1,052,334.30 (=US$2,121,125.60) lads fake cheques out of circulation (at 11/6/2008)
Closed lad accounts x135 (at 26/9/2008) Easter Egg 2013 Cellphone x138
"i see your not interested in the transaction but catching your fun, calling names and my muckery of me." - Usman Bello
"You need to visit a good psychiatrist very fast, because some nuts are missing from your brain." - PROF.SOLUDO
"...it is very important you forward the your cycling proficiency certificate which by right belongs to you." - Prof Charles Soludo.
"note i can still change my mind to blow you off and whenever" - T0ny 'The Killerman' Erik
YOUR GENERATION WILL ROAST IN ABSTRACT POVERTY,BASTARD IDIOT -Daniel Mensah

pony pony pony Pretty Rose Pretty Rose Pretty Rose Goat
View user's profileSend private message
Templeton Peck
Wannabe Baiter


Joined: 27 Feb 2007
Posts: 81
Location: Still trying to escape from the Military Stockade


PostPosted: Thu Nov 15, 2007 7:20 am Reply with quoteBack to top

This header is from my active bait

Quote:
From tim McCARRON Fri Nov 9 11:04:58 2007
Return-Path:
Authentication-Results: mta110.mail.ukl.yahoo.com from=hotmail.com; domainkeys=neutral (no sig)
Received: from 65.54.246.237 (EHLO bay0-omc3-s37.bay0.hotmail.com) (65.54.246.237)
by mta110.mail.ukl.yahoo.com with SMTP; Fri, 09 Nov 2007 11:15:44 +0000
Received: from BAY136-W8 ([65.55.141.43]) by bay0-omc3-s37.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);
Fri, 9 Nov 2007 03:04:58 -0800
Message-ID: <[email protected]>
Return-Path:
Content-Type: multipart/alternative;
boundary="_b2026c09-85c5-4242-9754-c4af8400949c_"
Reply-To:
From:
To:
Subject: URGENT
Date: Fri, 9 Nov 2007 04:04:58 -0700
Importance: Normal
MIME-Version: 1.0
Content-Length: 2489


and this is from the email i received yesterday


[/quote]From Wed Nov 14 18:06:32 2007
Return-Path:
Authentication-Results: mta140.mail.ukl.yahoo.com from=yahoo.de; domainkeys=neutral (no sig)
Received: from 209.239.36.229 (EHLO host4.oneononeinternet.com) (209.239.36.229)
by mta140.mail.ukl.yahoo.com with SMTP; Wed, 14 Nov 2007 18:11:56 +0000
Received: from localhost.localdomain (localhost [127.0.0.1])
by host4.oneononeinternet.com (8.12.11.20060614/8.12.10) with ESMTP id lAEI6Wmt010699;
Wed, 14 Nov 2007 13:06:32 -0500
From:
Reply-To:
Subject: INHERITANCE PAYMENT NOTIFICATION
Date: Wed, 14 Nov 2007 14:06:32 -0400
Message-Id: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain;
charset=iso-8859-1
Content-Length: 3193[/quote]

**Email addresses have been removed**

Both are coming from Wichita according to www.ip-adress.com

See whay you all think.

Cheers

TP

_________________
Safari Ades0 Agb0ngwa - Lagos to Budapest - 2972 miles

Fake Websites Killed - United Kingdom x 1

Bank Accounts Reported - United States x 1 Thailand x 1 United Kingdom x 1 Nigeria x 1 Guernsey x 1

pony
View user's profileSend private message
Murry Guru
Baiting Guru


Joined: 11 May 2007
Posts: 5561
Location: Turned into Ralph


PostPosted: Thu Nov 15, 2007 7:54 am Reply with quoteBack to top

I am no IP address expert but I get

65.55.141.43 for the first one which leads to here

City: Redmond
StateProv: WA
PostalCode: 98052
Country: US

I would guess this is microsoft corp

And

8.12.11.200 for the second one which seems to be here

City: Broomfield
StateProv: CO
PostalCode: 80021
Country: US

Dont take my word for it but to me it looks like 2 different people.

I wouldn't be surprised if someone is just about to come along and tell me I am wrong.

Even if they are different people in different locations it still could be the same group.

You could also try sending an ASEM to the second one from a different addy and see what happens

_________________
"I want to hold your hand and let you scream at me while you bring our child into this world"- Linda Lopez
Safari Bait with Frumpy on the hitman "i though we are partners in this and now u turn around to stub me on the back"
Click to learn how to romance bait Click to get your name in mugu gold
Got info on a scam vic? PM a mod Recieved a scam warning? Say "thank you, I am a baiter"
Ruin your pets day, post their details at scamwarners
Nurse Nastys Audi TT <- I run like a girl
Mortar x12 Closed lad accounts ? not enough Twisted Evil
Goat Goat <- this one belongs to Ralph.
View user's profileSend private message
thud419
Baiting Guru


Joined: 04 Jan 2006
Posts: 3193


PostPosted: Thu Nov 15, 2007 9:09 am Reply with quoteBack to top

I agree with the first, it's a Hotmail server. That seems odd, because I didn't think Hotmail hid IP addresses. Maybe it was spoofed, but that would be unusual in an ongoing bait.

Quote:
Received: from BAY136-W8 ([65.55.141.43]) by bay0-omc3-s37.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);
The IP address there is a look-up by the server to find the IP address that BAY136-W8 refers to. However it is not necessarily the IP address that actually connected to it (unless someone knows MS SMTPSVC better than I do.)

Your second IP there is a date and time.

It comes from OneOnOne Internet, who appear to hide the IP address too.
Quote:
Received: from localhost.localdomain (localhost [127.0.0.1])
by host4.oneononeinternet.com (8.12.11.20060614/8.12.10) with ESMTP id lAEI6Wmt010699;


Like the first, it reports the name that the lad's PC identified itself as, and it reports what IP address that name relates to. But it doesn't report the IP address that the lad used. banghead

If we accept that the IP addresses given are correct, then someone has hacked a Hotmail server and a OneOnOne Internet server. That doesn't seem likely.

_________________
Click here to feel warm and cozy.

I did not f**k your wife in any way -- Nike Akanbi
I don't know what else to do or do I continue filling and filling forms. -- Barr. Koloti
you has been dribbling me up and down but I will show some thing you have never seen before, I think you breath air wait and see. -- Sand Timer Barr. Cole
Cellphone x14
United States x 0.25 won from Reaper in a sucker's bet

Hello Kitty! pony Mortar x8 Closed lad accounts x several
View user's profileSend private messageSend e-mailVisit poster's website
irishemigrant
I Told You So


Joined: 22 Jul 2007
Posts: 4864
Location: 40*45' S 172* 34'E


PostPosted: Thu Nov 15, 2007 9:23 am Reply with quoteBack to top

IP address: 65.55.141.43
IP country: United States
IP Address state:
IP Address city:
IP latitude: 38.0000
IP longitude: -97.0000
ISP: Microsoft Corp
Organization: Microsoft Corp
Host: bay136-w8.bay136.hotmail.com


IP address: 8.12.11.200
IP country: United States
IP Address state:
IP Address city:
IP latitude: 38.000000
IP longitude: -97.000000
ISP: Level 3 Communications
Organization: Level 3 Communications

I got both resolved to NW120th Street and NW River Valley Road, between Route 196 and Route 77
On Google earth it looks like farmland there, Transmission tower possibly, I'm picking a Sat bounce to the Network. Your lad could be anywhere,

edit: I missed this , our old friend IP address: 127.0.0.1 it's the Gilat Sat off the coast of Ghana, serving Nigeria, Ghana, Benin etc. Your lad is probably in Nigeria.

edit, if you google mta110.mail.ukl.yahoo.com it takes you to the romance anti scammers site
View user's profileSend private messageSkype Name
LaBrea
Marked Man


Joined: 04 Aug 2007
Posts: 1355
Location: Yet another hotel


PostPosted: Thu Nov 15, 2007 2:41 pm Reply with quoteBack to top

I agree with the first is a hotmail server.
The second server net name (oneononeinternet.com) resolves to the 209.239.36.229 address.

Quote:
IP address: 209.239.36.229
Host name: host4.oneononeinternet.com
209.239.36.229 is from United States(US) in region North America

NetRange: 209.239.32.0 - 209.239.63.255
CIDR: 209.239.32.0/19
NetName: ALABANZA-BALT-1
(Baltimore MD)


The 8.12.11.x range resolves to just outside of Wichita KS (Satellite IP).
The 127.0.0.1 is the loopback address of the gateway server of the 8.12.11.x net.

Quote:
Received: from 209.239.36.229 (EHLO host4.oneononeinternet.com) (209.239.36.229)
by mta140.mail.ukl.yahoo.com with SMTP; Wed, 14 Nov 2007 18:11:56 +0000
Received: from localhost.localdomain (localhost [127.0.0.1])
by host4.oneononeinternet.com (8.12.11.20060614/8.12.10) with ESMTP id lAEI6Wmt010699;
Wed, 14 Nov 2007 13:06:32 -0500


I think the lad is posting from an account that is served by a domain that hides the workstation IP, much like Gmail.
It's a sat bounce to the tower in KS, the net servers are in Baltimore.

In short, the lad could be anywhere.

_________________
Nigeria x2 Benin Senegal Canada x7 United Kingdom x6 United States x7 Ivory Coast x5 New Zealand South Africa
"...It is in the light of the above-mentioned person with the fact that he died of testate..." - Barrister T3ddy J0hns0n
"...you make me stupid to the people ...no time to wast you better go and see your doctor because l think your lack of stickiness." _Dr. Usman Bello
"Sir I sworn an oath as a legal luminary to defend your cause in all ramification from the armpit of the law" - Barr. W4k4r4 Iss4c
pony pony pony Mortar x6 Closed lad accounts x25
Click here to help your lad miss his scam quota
View user's profileSend private messageSend e-mail
luckey
Moderator


Joined: 25 Jan 2007
Posts: 5629
Location: Check the lost and found


PostPosted: Thu Nov 15, 2007 2:52 pm Reply with quoteBack to top

For addies that hide IPs, you can send an email through readnotify.com and track it that way. You can sign up for a free two week trial there. (Thank Jojobean for that tip.)

My money is on West Africa for your lad(s), but I'll keep an open mind. Wink

_________________
Moderator: \ˈmä-də-ˌrā-tər\: noun
A material which slows down neutrons after fission to speeds at which their probability for interaction with the fuel material is increased.
View user's profileSend private messageSend e-mail
ParaNoid
** REMEMBERED **


Joined: 12 Sep 2006
Posts: 5123
Location: Looking for Steward.


PostPosted: Fri Nov 16, 2007 2:55 am Reply with quoteBack to top

@ Templeton Peck, I liked your work on A-Team as Face. I even recognized the line in your Location line. Thanks for the memory! Wink

Murry Guru wrote:
City: Broomfield
StateProv: CO
PostalCode: 80021
Country: US

My IP regularly resolves to this location. I am 300 miles away from there (and I am not in Kansas). If "Faceman" checks often he will see that the IP location is dynamic in Eastern Colorado. Often it shows up in Hudson, Broomfield, Parker and a couple other cities.

irishemigrant wrote:
ISP: Level 3 Communications
Organization: Level 3 Communications

My ISP also uses Level 3 Communications, though the actual ISP is NOT Level 3.

Thank you Al Coholic for teaching me this. Very Happy

_________________
Gold Coins here

pony pony Closed lad accounts Goat Goat Goat Goat Sand Timer Easter Egg Easter 2015
Mortar x 4 <b>Looking for a Mentor? Click here</b>

"If I get mad at you, please just understand me. I am just being ParaNoid because I love you so much." - unknown

Visit www.scamwarners.com
View user's profileSend private messageSend e-mail
Display posts from previous:      
Post new topicReply to topic


 Jump to:   



View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



E-Mail Header Analysis


All Content © 2003 - 419Eater.com
Powered by phpBB © 2001, 2002 phpBB Group :S5: FI Theme :: All times are GMT