SmartFeedSmartFeed          

Porsche Hangout


WELCOME - YOU ARE CURRENTLY VIEWING 419EATER AS A GUEST

By joining our community you will have the ability to post topics and access other forums reserved for members. Registration is quick, simple and absolutely free. Join our community today by clicking here.

ScamWarners.com - Internet Anti-Fraud Center - now open!


 Lads in the US on AOL?

View next topic
View previous topic
 
Post new topicReply to topic
Author Message
Tweety
Baiting Guru


Joined: 24 Dec 2003
Posts: 3095
Location: The Netherlands


PostPosted: Mon Nov 29, 2010 12:12 am Reply with quoteBack to top

Well, color me confused. I had a little trouble getting my lad's IP address, but it points back to AOL in the US. Now, a couple of years ago before I went fishing this was extremely rare. Lads outside of Africa were not unheared of, but only very rarely did they ever trace back to the US. I know for sure it's right. I have confirmation from two different sources.

I'm wondering how much things have changed over the last few years. Are there more scammers in the US these days? What's done about them? Or has AOL give international these days and could he be from some other place? Is AOL still messing about with rotating IP addresses that change every few minutes?

_________________
Jolly Roger Jolly Roger Jolly Roger Jolly Roger Jolly Roger Jolly Roger
View user's profileSend private message
irishemigrant
I Told You So


Joined: 22 Jul 2007
Posts: 4881
Location: 40*45' S 172* 34'E


PostPosted: Mon Nov 29, 2010 1:43 am Reply with quoteBack to top

Nice to see you back Tweety, Very Happy

It's getting a bit like Yahoo at times, sometimes the ip resolves to where you expect, other times you get Sunnyvale, Tacoma, Midwest, Iceland.

Scammers are more widespread in the last few years as well, Canada, the US probably, England, China even, and Malaysia, India.

Tried these?

http://www.ip-adress.com/

http://www.iptrackeronline.com/header.php

_________________
SeniorNet NZ Local Branch ongoing workshops about internet scams

http://www.scamwarners.com/ For when you want to remember why we bait

Goodbye Mike (Paranoid) Friend, confidant, partner. Till we meet again.
Personal Message From The Axeman
Easter Egg 2012 pony pony <-- Because you have earned them. Wink Goat Goat Golden Goat Mortar x8 Closed lad accounts a few x 13
View user's profileSend private messageSkype Name
Dorothy
Baiting Guru


Joined: 09 Jul 2008
Posts: 3114
Location: somewhere over the rainbow


PostPosted: Mon Nov 29, 2010 1:58 am Reply with quoteBack to top

AOL has a web-based application that can be used internationally. Even if the user is logged in outside the US, it appears that the originating IP will still show as AOL's servers in the US--so if your lad got hold of an AOL account, he could show as US.

In this situation, readnotify is probably the way to go to get his location.

_________________
Purple FlowerEaster Egg"I've a feeling we're not in Kansas any more..."
View user's profileSend private message
Togawa
Baiting Guru


Joined: 18 Feb 2004
Posts: 2180
Location: Location Location


PostPosted: Mon Nov 29, 2010 2:09 am Reply with quoteBack to top

The problem with AOL is that they have their own WAN network with the users inside. When you connect to AOL, you're not assigned a public IP number, you have an AOL private IP number.
If you go to a web page outside AOL, your IP is AOL's router. If you send email, your IP is not included. The first one in the header is AOL's mail server. It should be the transfer between the user and the mail server but it doesn't matter since the IP number has no meaning if you don't have a map of AOL IP distribution.

_________________
Ninja Easter Egg 2011
View user's profileSend private message
irishemigrant
I Told You So


Joined: 22 Jul 2007
Posts: 4881
Location: 40*45' S 172* 34'E


PostPosted: Mon Nov 29, 2010 2:17 am Reply with quoteBack to top

^^@ Dorothy and Togawa

Thanks, I learn something new everyday here.

and you can feck off right now Slightly before you even think of answering Very Happy

_________________
SeniorNet NZ Local Branch ongoing workshops about internet scams

http://www.scamwarners.com/ For when you want to remember why we bait

Goodbye Mike (Paranoid) Friend, confidant, partner. Till we meet again.
Personal Message From The Axeman
Easter Egg 2012 pony pony <-- Because you have earned them. Wink Goat Goat Golden Goat Mortar x8 Closed lad accounts a few x 13
View user's profileSend private messageSkype Name
Ghost
419Eater Admin


Joined: 26 Jun 2004
Posts: 5739
Location: In the cellar rattling chains


PostPosted: Mon Nov 29, 2010 6:30 am Reply with quoteBack to top

When I send from AOL, it shows my IP (according to iptrackeronline) as AOL's (205.188.91.211) however my real IP can be found in the usual places including the last RECEIVED: from and in the X-Originating-IP.

Using http://www.iptrackeronline.com/header.php my IP is shown second on the list. I don't use iptrackeronline and just by looking at the headers I would have found the right IP address.

The last received from is

Quote:
Received: from xx.xx.xx.xx by webmail-d062.sysops.aol.com (205.188.91.211) with HTTP (WebMailUI); Mon, 29 Nov 2010 01:03:00 -0500


The xx.xx.xx.xx shows my IP address and is what I always look for. It kind of just jumps out at you at this point.

Way back when AOL was my ISP I know it showed my IP as AOL's and stuck me in Virginia.

_________________
Easter Egg 2012 Star pony pony Santa pony pony Closed lad accounts Mortar
View user's profileSend private messageSkype Name
Jasper
419Eater is my life


Joined: 31 Mar 2009
Posts: 327


PostPosted: Mon Nov 29, 2010 12:44 pm Reply with quoteBack to top

I have a lad in Nigeria who has sent me emails using AOL. I found it interesting that he could use it, but I knew he was in Nigeria. Of course, the lad is still calling with that Nigerian phone number, but now his IP says South Africa, so who knows. I don't think it's often lads use AOL, but some of them do.

_________________
well i really don't no wat ass to say to u than telling u that u own me - Paul

Closed lad accounts x9 Easter Egg
View user's profileSend private message
Togawa
Baiting Guru


Joined: 18 Feb 2004
Posts: 2180
Location: Location Location


PostPosted: Mon Nov 29, 2010 2:55 pm Reply with quoteBack to top

It's really hard to explain this in detail. I wrote a note about email routing years ago and I guess it's there somewhere.

Basically, email is a file transfer between nodes. Each server handling a mail adds a line on top that says Received with timestamp and identification of the previous node.
Years ago, when a message had to pass through many servers, was really helpful. Today, most messages are handled by the originating server and the destination server. In some complex setups, Gmail, Yahoo, a message is passed through different servers inside their own network (you'll see address 10.x.x.x or other numbers reserved for private LAN).

One thing that you have to understand, this is not a rule nor a functional part of the email system. It's more like common courtesy (and common sense). You can have thousand servers handling a message without reporting it and you'll never know. In fact, I know that some system have spam/antivirus/whatever servers filtering email and not adding to the routing. I've seen too some systems that do (although most antivirus report to the bottom of the body as a form of advertising... it's funny when you see the ad and the attachment is rejected by your own local antivirus...).

Then one day webmail showed up. Before that, all transfer were client to server. Client meaning your node dealing with the server through Telnet (yes! that was the way originally, typing all the commands one by one...) or a client application. Webmail does that from a node other than your own. That's why many old webmail generated messages where the first Received line was the IP of the web server. For the mail server it was exactly the same, in fact they were regular mail servers responding to Telnet sessions, not from your node, not from your mail app but from a webmail app. I think the first one I saw reporting the IP of the client was Yahoo (it could be someone else, Yahoo was popular and it was more likely to notice that there), they made their webmail app to add a Received line to the routing before passing it to the mail server.
Again, it's not mandatory. Gmail, on the other hand, chose not to.

Then, they all started adding all kind of tags in the middle. One of the is the X-Originating IP that shows the IP of the original client. Again, it's not a standar nor it's mandatory. If you check it, you'll notice that this tag is located way up in the routing meaning that the information has been carried from node to node by other means, not just added on top of the file before transfer. That's because the mail servers they use now for webmail are not standard SMTP servers. So, you can see all kind of weird headers. Weird meaning you can no longer trust the sequence of events. Before that, the unwritten rule was that a node was able to add lines on top. Now they add on top, in the middle, down under, in the body!

The story of AOL started when they were an isolated network with connection to the Internet. Their original webmail app didn't report the originator IP and it didn't matter since the information (a private IP) made sense only to AOL. When they opened their webmail to the Internet, I guess, they kept the same app and didn't report the now public originating IP. Now, AOL is Yahoo (and so is ATT.net). I've seen that they're all changing their sites converging to the Yahoo format. It's reasonable to think that all their servers are going to be integrated soon and will behave the same way.

_________________
Ninja Easter Egg 2011
View user's profileSend private message
Tweety
Baiting Guru


Joined: 24 Dec 2003
Posts: 3095
Location: The Netherlands


PostPosted: Mon Nov 29, 2010 8:11 pm Reply with quoteBack to top

Thanks for all the explanations, but like I said, I have extra confirmation. I sent him a message with a remotely embedded image in it. When he viewed it, the image loaded from my server and I got an IP address. The server logs indicate an AOL IP as well, so it's not just the e-mail headers.

Or is AOL running some kind of shenanigans with transparent proxies? And if so, are those available outside the US as well? Mail can be routed from anywhere, but I wonder if AOL's WAN that Togawa speaks of is available outside the US.

_________________
Jolly Roger Jolly Roger Jolly Roger Jolly Roger Jolly Roger Jolly Roger
View user's profileSend private message
Display posts from previous:      
Post new topicReply to topic


 Jump to:   



View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



** Find out information about your IP address **


All Content © 2003 - 419Eater.com
Powered by phpBB © 2001, 2002 phpBB Group :S5: FI Theme :: All times are GMT