SmartFeedSmartFeed          

Porsche Hangout


WELCOME - YOU ARE CURRENTLY VIEWING 419EATER AS A GUEST

By joining our community you will have the ability to post topics and access other forums reserved for members. Registration is quick, simple and absolutely free. Join our community today by clicking here.

ScamWarners.com - Internet Anti-Fraud Center - now open!


 IP trace help

View next topic
View previous topic
 
This forum is locked: you cannot post, reply to, or edit topics.This topic is locked: you cannot edit posts or make replies.
Author Message
mishkie
Hello I'm New here!


Joined: 28 Feb 2010
Posts: 9


PostPosted: Fri Mar 12, 2010 8:58 pm Reply with quoteBack to top

I received an email this morning from a lady who said she was in Russia but the trace came back as being from the US. Just now, I received an email from the same lady and the trace came back as being in Russia. Can someone explain how this is possible?

The email sender
.....
used at Fri, 12 Mar 2010 14:07:54 +0300 the IP address: 192.132.229.1 from United States, Randolph. Email Sender IP address location & IP address info:
IP address [?]: 192.132.229.1 [Copy][Whois]
IP address country: United States
IP address state: New Jersey
IP address city: Randolph
IP postcode: 07869
IP address latitude: 40.8462
IP address longitude: -74.5914
ISP of this IP [?]: Colgate-Palmolive Company
Organization: Colgate-Palmolive Company
Local Time of this IP country: 2010-03-12 15:55

Delivered-To: .....
Received: by 10.100.138.6 with SMTP id l6cs47088and;
Fri, 12 Mar 2010 03:07:57 -0800 (PST)
Received: by 10.223.102.214 with SMTP id h22mr968911fao.105.1268392076566;
Fri, 12 Mar 2010 03:07:56 -0800 (PST)
Return-Path: ......
Received: from forward12.mail.yandex.net (forward12.mail.yandex.net [95.108.130.94])
by mx.google.com with ESMTP id 10si2285490fxm.23.2010.03.12.03.07.55;
Fri, 12 Mar 2010 03:07:55 -0800 (PST)
Received-SPF: pass (google.com: domain of ........
designates 95.108.130.94 as permitted sender) client-ip=95.108.130.94;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of ....... designates 95.108.130.94 as permitted sender) smtp.mail=........; dkim=pass [email protected]
Received: from webmail103.yandex.ru (webmail103.yandex.ru [95.108.131.130])
by forward12.mail.yandex.net (Yandex) with ESMTP id CF23915D0A51
for <.........>; Fri, 12 Mar 2010 14:07:54 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail;
t=1268392074; bh=8RuhzyHNpSuKS+bsg4ShXgbRYlXJANgDaJJ6gL6PZ14=;
h=From:To:In-Reply-To:References:Subject:MIME-Version:Message-Id:
Date:Content-Transfer-Encoding:Content-Type;
b=QXLujobz4A5nXZ8VaqQVYhnrp39t891koNM3tIJ/T+wGrEGQhGTzlSzxJ0iDkUuCL
ZmTuji7bAG99CQySsMHEHU9/Yvgfqc+MIoDHxCHV0ZbcZDv04r3CODaqZ9+f1ktifl
+Qqi+/rGklZxSspXEtluQf9GxXUW1tLE6RXsfeSY=
Received: from localhost (localhost.localdomain [127.0.0.1])
by webmail103.yandex.ru (Yandex) with ESMTP id C16EB410001
for <........>; Fri, 12 Mar 2010 14:07:54 +0300 (MSK)
X-Yandex-Spam: 1
X-Yandex-Front: webmail103
X-Yandex-TimeMark: 1268392074
Received: from [192.132.229.1] ([192.132.229.1]) by mail.yandex.ru with HTTP;
Fri, 12 Mar 2010 14:07:54 +0300
From: Elena <......>
To: m B.. <.......>
In-Reply-To: <[email protected]>
References: <[email protected]> <[email protected]> <[email protected]> <[email protected]>
Subject: Re: Re: ..... sends you a page from www.astro.com
MIME-Version: 1.0
Message-Id: <[email protected]>
Date: Fri, 12 Mar 2010 14:07:54 +0300
X-Mailer: Yamail [ http://yandex.ru ] 5.0
Content-Transfer-Encoding: base64
Content-Type: text/html; charset=koi8-r



The email sender
.........
used at Fri, 12 Mar 2010 23:16:01 +0300 the IP address: 85.141.251.49 from Russian Federation, Moscow. Email Sender IP address location & IP address info:
IP address [?]: 85.141.251.49 [Copy][Whois]
IP address country: Russian Federation
IP address state: Moscow City
IP address city: Moscow
IP address latitude: 55.7522
IP address longitude: 37.6156
ISP of this IP [?]: CJSC Comstar-Direct
Organization: CJSC Comstar-Direct
Host of this IP: [?]: ppp85-141-251-49.pppoe.mtu-net.ru [Whois]
Local Time of this IP country: 2010-03-12 23:53

Delivered-To: ...........
Received: by 10.100.138.6 with SMTP id l6cs85619and;
Fri, 12 Mar 2010 12:16:05 -0800 (PST)
Received: by 10.223.65.73 with SMTP id h9mr3287989fai.75.1268424963982;
Fri, 12 Mar 2010 12:16:03 -0800 (PST)
Return-Path: <...............>
Received: from forward7.mail.yandex.net (forward7.mail.yandex.net [77.88.61.37])
by mx.google.com with ESMTP id 25si3984681fxm.29.2010.03.12.12.16.02;
Fri, 12 Mar 2010 12:16:02 -0800 (PST)
Received-SPF: pass (google.com: domain of .............designates 77.88.61.37 as permitted sender) client-ip=77.88.61.37;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of ......... designates 77.88.61.37 as permitted sender) smtp.mail=............; dkim=pass [email protected]
Received: from webmail126.yandex.ru (webmail126.yandex.ru [213.180.223.229])
by forward7.mail.yandex.net (Yandex) with ESMTP id 2A764268026
for <.............>; Fri, 12 Mar 2010 23:16:02 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail;
t=1268424962; bh=kuCa7dHa06+lOffaXqeDcGusF0p6KC9KDLTuduFd5ak=;
h=From:To:In-Reply-To:References:Subject:MIME-Version:Message-Id:
Date:Content-Transfer-Encoding:Content-Type;
b=cFQkhJww/LlSA8fIeqdWSr1xqCcuykC5kU5wZw6zsTbfz6ZBUKWEvb6ZQFtZ+YMvr
SWfgqsQJTyfgwbPHUolfnNo+I/Nj78A/5+mDz7fU8Cn7JDayim4u1t0kWH0R3MYGzH
y6Gg4qXh+2yVqKQ49LIj2QmmAU9CBuJoXr8moBDQ=
Received: from localhost (localhost [127.0.0.1])
by webmail126.yandex.ru (Yandex) with ESMTP id 239972FF8001
for <..............>; Fri, 12 Mar 2010 23:16:02 +0300 (MSK)
X-Yandex-Spam: 1
X-Yandex-Front: webmail126
X-Yandex-TimeMark: 1268424962
Received: from ppp85-141-251-49.pppoe.mtu-net.ru (ppp85-141-251-49.pppoe.mtu-net.ru [85.141.251.49]) by mail.yandex.ru with HTTP;
Fri, 12 Mar 2010 23:16:01 +0300
From: Elena <.............>
To: m B....... <.................>
In-Reply-To: <[email protected]>
References: <[email protected]> <[email protected]> <[email protected]> <[email protected]>
Subject: Re: Re: sends you a page from www.astro.com
MIME-Version: 1.0
Message-Id: <[email protected]>
Date: Fri, 12 Mar 2010 23:16:01 +0300
X-Mailer: Yamail [ http://yandex.ru ] 5.0
Content-Transfer-Encoding: base64
Content-Type: text/html; charset=koi8-r


Edited out name - Slightly


Last edited by mishkie on Sat Mar 13, 2010 11:59 am; edited 1 time in total
View user's profileSend private message
Bankster
Lab Rat


Joined: 22 Jun 2007
Posts: 2239
Location: Gone for a while.


PostPosted: Fri Mar 12, 2010 11:08 pm Reply with quoteBack to top

Hmm, Colgate-Palmolive Company. This is funny. Smile The initial mass mail may have been sent using a botnet, of which one computer happens to be inside the Colgate-Palmolive network. The second mail has then been sent by an actual human from their actual location.

_________________
Whoever said you can't touch happiness has never petted a dog.

Elite Ninja Team Member Easter Egg 2012 Goat Golden Goat Purple Flower Penguin
(United States United Kingdom Benin China Nigeria) x10 __ x?
View user's profileSend private messageSkype Name
mishkie
Hello I'm New here!


Joined: 28 Feb 2010
Posts: 9


PostPosted: Fri Mar 12, 2010 11:24 pm Reply with quoteBack to top

I'm not sure what you mean by 'botnet'. Could you please explain this to me in English. Do I have anything to worry about with this lady/ botnet?
View user's profileSend private message
Bankster
Lab Rat


Joined: 22 Jun 2007
Posts: 2239
Location: Gone for a while.


PostPosted: Sat Mar 13, 2010 8:08 am Reply with quoteBack to top

^^ No, not at all.

A botnet is a network of so-called 'zombie PCs', computers that have been infected with a certain kind of malware. People with criminal energy write trojans/virii to bring as many computers as possible under their control. These computers are then used to send spam, run large-scale DDoS attacks, host/distribute illegal files and steal their owners' passwords.

A traditional spammer would have to either pay for a fat (=expensive) internet connection themselves or find a suitable open mail relay to exploit. Such a single source of huge amounts of spam is easily blocked and traced back to you.
The advantage of a botnet is that you have tens of thousands of single computers to deliver your spam. Because of their number they can neither be easily blocked, nor does it hurt you much when some of them are shut down.
Most botnet owners also let you rent their 'infrastructure' on a per-computer/per-hour/per-mail basis for your own 'business' needs. There's quite a bit of money to be made.

Long story short, somebody inside the Colgate-Palmolive network probably clicked on something that shouldn't have been clicked on, and now their PC is sending spam.

_________________
Whoever said you can't touch happiness has never petted a dog.

Elite Ninja Team Member Easter Egg 2012 Goat Golden Goat Purple Flower Penguin
(United States United Kingdom Benin China Nigeria) x10 __ x?
View user's profileSend private messageSkype Name
mishkie
Hello I'm New here!


Joined: 28 Feb 2010
Posts: 9


PostPosted: Sat Mar 13, 2010 11:00 am Reply with quoteBack to top

forgive me...I'm a slow Canadian eh, so...I understand the network of spam enabled computers...but how does an email supposedly from a russian lady get sent by one of these computers. Does this mean it was sent as mass-mail from that specific computer or by the 'infector' or 'spammer'. I alerted the website where I met this lady and they told me it's impossible to isolate a source location because messages get bounced all over the place but I told them my trace very clearly says the message originated at Colgate and it was after I told them this that I received the second email. In short...can I trust this girl or is this person a spammer?
View user's profileSend private message
Cathartic Kate
Elite Baiter


Joined: 03 Dec 2008
Posts: 1542
Location: Spooner Hall


PostPosted: Sat Mar 13, 2010 11:46 am Reply with quoteBack to top

Welcome to Eater mishkie.

Could you please post an early mail?

Also your second header needs your name editing out.

I have reported to Mods - they maybe will deal with this faster.

Your online safety is important here - as this is an open forum.

_________________
Give the lads some extra pain with your own IT admin from hell - visit toolkits for Grooble Gambit

Proud member of "The Todger Club"

Closed lad accounts < никогда достаточно




Goat
View user's profileSend private message
Bankster
Lab Rat


Joined: 22 Jun 2007
Posts: 2239
Location: Gone for a while.


PostPosted: Sat Mar 13, 2010 12:10 pm Reply with quoteBack to top

Quote:
In short...can I trust this girl or is this person a spammer?

If your lady has in fact used a botnet to send her initial message, it's clearly a scammer. The question is, what legitimate reasons could there be for a lovely Russian lady's e-mail to go through the network of a US-based company? She might work there and have been using some kind of VPN connection to the US headquarters, so that her first message has been routed through the company network. Other than that I can't think of anything right now.

ETA: Just noticed, both e-mails appear to have been sent through Yandex's webmail interface. A botnet wouldn't work that way.

_________________
Whoever said you can't touch happiness has never petted a dog.

Elite Ninja Team Member Easter Egg 2012 Goat Golden Goat Purple Flower Penguin
(United States United Kingdom Benin China Nigeria) x10 __ x?
View user's profileSend private messageSkype Name
mishkie
Hello I'm New here!


Joined: 28 Feb 2010
Posts: 9


PostPosted: Sat Mar 13, 2010 12:20 pm Reply with quoteBack to top

first letter...

Hi ....,
nice to meet you! Well, actually there are so many things in your profile and the latest message that sound close to me or do intrigue you, that am hesitant now what to start from...
So first of all - I'm blessed to meet the person who seem to be happily uniting professional activity with personal values and hobbies. Making films, travelling and learning new cultures, working on social project - all at a time... Lots of people would be happy to have a professional activity related at least to one of the above... Smile And I think I would not be original to tell you that your cinematographic occupation sounds so very exciting! Especially the part on doing non-commercial films... I don't like Holliwood either, the last time I've been to cinema was to watch the Titanic:) It's very boring when you know from the beginning what the fabula is and clearly see all political and propaganda context so transparantly, right? I love it much more, when you have something to think over when you watch it... I enjoy watching old masters - like Bergman, Ksislevsky, Antonioni, lack enough of experience for contemporary cinema though, so would be great if you could give me some advise on whom to start from. Well - the best way to give an advise - is to name your favorite ones, won't you do that?
Well, it got to be so long, you must be bored by the time... So will end up this chapter for now...
By the way - I do not work on the internet... This quotation might have been adressed to somebody else? Smile
Have a nice day!
Elena.

second letter

M.....,
that's trully amazing to read... I got to be interested in astrology recently - don't know actually how it came to me, but seems that it is just the time of my life when I seek for deeper understanding of life experience I've got by now and building the direction to go further... I talked to an astrologer two weeks ago, have ordered my horoscope right after my birthday... Among all the curious things she told me - some known, some yet unknown to me- one was really fun. She told me that big politicians or businessmen never do reveal the date of their birth - cause their horoscope may say so much of them, that they probably would not want to let know to anybody... But luckily I'm not a big boss by far:) so can tell you the truth: it's ..........., 2am, Moscow. And please - do tell me the truth you'll see! I am fragile enough, but will survive it, I promise:)
Just in case you won't get my email address from the system: .....

take care,
E

after the second letter, I asked her if the year she gave me in her birthdate was correct because if it was, it means she would be 31...but her profile said she was 29.

this one is correct, the one on the site is marketing... Wink

Sender wrote:
==========
...is 1979 correct? Wink

fourth email...now on gmail. This is the first colgate email.

Elena to me
show details Mar 12 (1 day ago)

from E. .........
to M. B <.............>

dateFri, Mar 12, 2010 at 4:52 AM
subjectRe: M.B sends you a page from www.astro.com
mailed-byyandex.ru
signed-byyandex.ru

hide details Mar 12 (1 day ago)

Hi M! thanks for the links! The maps look fabulous... Though it must be even more exciting when you can read it:) Or there's some hidden text there that I did not find?
Sweet dreams,
E

> M. B sends you a page from www.astro.com!
> M.B's comment:
> te
> To view the page, please follow this link.
> This e-mail was generated on the Astrodienst website.
> www.astro.com - The leading international website for astrology

Здесь спама нет http://mail.yandex.ru/nospam/sign


second colgate email...I asked her if she was travelling because the trace came back to the US.

Elena to me
show details Mar 12 (1 day ago)

fromE <............>
to M. B <...............>

dateFri, Mar 12, 2010 at 6:07 AM
subjectRe: Re: M. B sends you a page from www.astro.com
mailed-byyandex.ru
signed-byyandex.ru

hide details Mar 12 (1 day ago)

12.03.10, 05:12, "M.B" .............:


much worse - working in the office... Smile Why?
Thanks for the hint on the site - will study the pages in the evening once I'm at home.
E.


- Show quoted text -
Are you travelling right now? m...

On Fri, Mar 12, 2010 at 4:57 AM, M.B
<.......> wrote:
E., To reveal the information simply click on the symbols. Start at AC on the left and work counter clockwise around back to AC. I look forward to hearing your thoughts and impressions. If you like these, I can probably make a more detailed report when I have more time. talk soon, M.


Здесь спама нет http://mail.yandex.ru/nospam/sign

Last email...the 'normal' one that traced to russia.

Hi M..,
hope your are having a nice day. I'm afraid I cannot share my impressions on horoscopes with you - still have not discovered the way to read the signs interpretation, suppose something's wrong with my browser settings that I cannot fix... But the pictures do look beautiful! And from what I can notice - the "lines" areas seem alike in both of our maps? Smile If you have time to give me some hints on what you read there - I would be excited!
Take care,
E..

I'm reluctant to answer her...for many reasons.

comment from the dating site...Elena's Models.

Message from: Administrator
at 12.03.2010 08:40
Click here to go back to your message list.
Write an answer
Subject: Re: [7739899] Elena
Hello M,

Thank you for your message.

Internet providers route connections by proxy and it changes location a lot.

Regards,

Anna
Help Desk



--
May your imagination be your muse.

><((((º>





--
May your imagination be your muse.

><((((º>





--
Яндекс.Почта. Письма есть. Спама - нет. http://mail.yandex.ru/nospam/sign
View user's profileSend private message
Cathartic Kate
Elite Baiter


Joined: 03 Dec 2008
Posts: 1542
Location: Spooner Hall


PostPosted: Sat Mar 13, 2010 12:52 pm Reply with quoteBack to top

Hi again mishkie

I have some experience of Russian scammers.

The mails do not seem to be scripts.

However I would question the likelihood that this "woman" is telling the truth.

Her profile picture is very "modelish" and the reality of being 29 years old, never married and having no children I find questionable.

The net and dating sites are over-run with scammers and the like, so I agree with you - cease all contact.

This guide here may benefit you.

http://forum.419eater.com/forum/viewtopic.php?t=178765

Please post any questions or concerns or observations.

_________________
Give the lads some extra pain with your own IT admin from hell - visit toolkits for Grooble Gambit

Proud member of "The Todger Club"

Closed lad accounts < никогда достаточно




Goat
View user's profileSend private message
mishkie
Hello I'm New here!


Joined: 28 Feb 2010
Posts: 9


PostPosted: Sat Mar 13, 2010 4:57 pm Reply with quoteBack to top

i've been on Elena's Models for a year and my experience with them has been questionable. At first, I blindly trusted their claim that they are 100% scam free but other site owners have told me this is impossible and an irresponsible statement. The last two weeks have given me the following proof that they are fraudulent and a scam...and I will make a post about it, with proof, later tonight, or tomorrow, when I have more time.

In two weeks...

I found an agency owner writing letters for the girls he lists on EM. EM tells me he is a trusted partner.

The above experience with the minty-fresh scammer spammer.

It says on Elena's Models' site that they verify every profile...and this is not true. One girl that I do trust told me they only ask to describe the pictures and for name, age, address, email, and whether they belong to an agency or are a model. How is this proof? Any monkey posting fake pictures will be able to describe the pictures and fake information they post. This girl I trust also told me that her friends have joined Elena's Models and some were NOT telephoned to verify the profile. I might be wrong but the only way to verify someone's identity is to ask for a passport scan. Am I wrong?

Yesterday I was invited to skype to talk with one of the girls...a 23 year old girl from Kiev. During our talk I sensed that something was not right...like she was asking me about things that are in my profile so I searched her skype name in google and found a long list of social networking memberships. At the top was myspace and beside this profile was a skype icon, which means this profile belongs to one of my skype contacts and when I clicked over to it, the profile belonged to a 17 year old malaysian arabic girl from the UK....and when I click on the skype icon beside the malay girl's profile, the ukrainian girl's skype profile comes up. Elena's Models is defending their girl. Myspace is doing nothing and only sent me a copy of their terms of use and privacy policy. Only skype is helping me figure out who this person is.

I have not been able to trace their 'australian' phone number and asked someone to assist me to be told it doesn't exist. So, it must be a voip number.

I traced a letter from their help desk and it came back to Kiev...but I thought their office was in australia.

All of this will be posted with proof shortly...and it's all going to the RCMP. The mounties always get their man.

I've been on Elena's Models for a year and wasted my time, energy, and money. My profile expires in a week and I will not be renewing.
View user's profileSend private message
ririnthechick
Hello I'm New here!


Joined: 22 Feb 2010
Posts: 2


PostPosted: Tue Mar 16, 2010 8:48 am Reply with quoteBack to top

You can try the Email Header Tracer from IP2Location.com

http://www.ip2location.com/emailtracer.aspx
View user's profileSend private message
oliviareeves
Not quite a Newb


Joined: 13 Mar 2010
Posts: 29


PostPosted: Sat Mar 20, 2010 7:11 pm Reply with quoteBack to top

Nice information i was also unaware of the botnet.. thanks for puting this question Smile

_________________
Thanks
View user's profileSend private message
Display posts from previous:      
This forum is locked: you cannot post, reply to, or edit topics.This topic is locked: you cannot edit posts or make replies.


 Jump to:   



View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



E-Mail Header Analysis


All Content © 2003 - 419Eater.com
Powered by phpBB © 2001, 2002 phpBB Group :S5: FI Theme :: All times are GMT