SmartFeedSmartFeed          

Porsche Hangout


WELCOME - YOU ARE CURRENTLY VIEWING 419EATER AS A GUEST

By joining our community you will have the ability to post topics and access other forums reserved for members. Registration is quick, simple and absolutely free. Join our community today by clicking here.

ScamWarners.com - Internet Anti-Fraud Center - now open!


 I am back with a question - I used the search and zero resul

View next topic
View previous topic
 
Post new topicReply to topic
Author Message
huhenio
Not quite a Newb


Joined: 12 Jun 2005
Posts: 60


PostPosted: Thu Jan 06, 2011 8:57 pm Reply with quoteBack to top

As any unemployed person in the USofA, I receive a fair number of offers that go directly to spam and I don't even pay attention to them anymore.

After many years, one made it trough.

Allow me to copy/paste the email.

[quote=gmail]Hi,
I am the representative of TheUSAddress Company. Head hunter reported us that you were seeking for a work, that is way I would like to propose you an opportunity to occupy the position of Shipping Agent. Our organization deals with post transfer around the world and now we are expanding a new staff to meet customers' requests. If you are goal-oriented, ready to work on the result, laborious, we will be glad to consider you as a candidate for this position.
Our requirements are:
full legal age,
possibility to work in USA,
basic computer skills Word, Excel.
In return we can offer you a stable profit and career opportunities. If you have an interest in this vacansy and would like to know more information,
please, email us to [not going to post the name of the fellow ]@usaddressmail.com .
In the letter, you should mention your contact information to reach you.
Have a nice day![/quote]

I searched the whois for the domain and a result was produced.

Phone number is a cell phone.

The interesting part is that the site owner's name in google appears strong as a doctor, but not in the same state.

The sender's name shows strong on google as a lawyer in a different state, but not much else.

by typing the domain it shows up as www.beinus.com

Are they really clever or are they legit?

_________________
I got a fever and the only prescription is the cowbell!!
View user's profileSend private message
Nowhere Man
419Eater is my life


Joined: 03 Jun 2010
Posts: 450
Location: never where I want to be


PostPosted: Thu Jan 06, 2011 9:04 pm Reply with quoteBack to top

Can you post the headers?

_________________
Closed lad accounts x2 Goat Mc Fry
SafariSafari Andrew & the Traveling Computers (Accra-Lagos-Benin City-England)
Safari Lucas & The Holy Rollers (Owerri-Abeokuta)
Safari Joseph & The Golden Cow (Lagos-Kano)
Safari Douala Y'know Mike? Co-bait w/Bravo (Onicha to Yaounde)
Safari The One Love Safari (Lagos to Kano)
Safari Pastor Cl3tus/The Star Wars Safari (Accra to Bauchi) Co-bait w/Bravo, The Dane, Leonsumbitches

They have seized my luggage's my passport, my clothes, my shoes and everything i came with. Chima

i sat on a car for more than 15 hours, i staved, i could not eat good food or drink good water even when there is chorollar outbreak in Nigeria, still i accepted to go. Andrew

you want to know were i am this is where you will find me, Am in your mothers virgina. Andrew
View user's profileSend private messageSkype Name
huhenio
Not quite a Newb


Joined: 12 Jun 2005
Posts: 60


PostPosted: Thu Jan 06, 2011 9:31 pm Reply with quoteBack to top

Delivered-To: [email protected]
Received: by 10.14.123.195 with SMTP id v43cs705683eeh;
Thu, 6 Jan 2011 10:12:23 -0800 (PST)
Received: by 10.231.14.134 with SMTP id g6mr8533918iba.65.1294337542765;
Thu, 06 Jan 2011 10:12:22 -0800 (PST)
Return-Path: <[email protected]>
Received: from col0-omc4-s5.col0.hotmail.com (col0-omc4-s5.col0.hotmail.com [65.55.34.207])
by mx.google.com with ESMTP id hj39si56545552ibb.102.2011.01.06.10.12.22;
Thu, 06 Jan 2011 10:12:22 -0800 (PST)
Received-SPF: pass (google.com: domain of [email protected] designates 65.55.34.207 as permitted sender) client-ip=65.55.34.207;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of [email protected] designates 65.55.34.207 as permitted sender) [email protected]
Received: from COL110-DS19 ([65.55.34.199]) by col0-omc4-s5.col0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675);
Thu, 6 Jan 2011 10:11:40 -0800
X-Originating-IP: [88.254.86.31]
X-Originating-Email: [[email protected]]
Message-ID: <[email protected]>
Return-Path: [email protected]
From: Peter Patton <[email protected]>
To: <[email protected]>
Reply-To: [email protected]
Subject: TheUSAddress Company.Vacancy
Date: Thu, 6 Jan 2011 19:10:23 +0100
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
Importance: Normal
X-Mailer: Microsoft Windows Live Mail 14.0.8064.206
X-MimeOLE: Produced By Microsoft MimeOLE V14.0.8064.206
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: binary
Sender: <[email protected]>
X-OriginalArrivalTime: 06 Jan 2011 18:11:40.0961 (UTC) FILETIME=[2AE2F910:01CBADCD]

_________________
I got a fever and the only prescription is the cowbell!!

Last edited by huhenio on Thu Jan 06, 2011 9:46 pm; edited 1 time in total
View user's profileSend private message
Nowhere Man
419Eater is my life


Joined: 03 Jun 2010
Posts: 450
Location: never where I want to be


PostPosted: Thu Jan 06, 2011 9:40 pm Reply with quoteBack to top

IP checks to Turkey.

I'd say its a scam.

PS: go thru the headers and x out any information that is yours--especially if it's your personal email.

_________________
Closed lad accounts x2 Goat Mc Fry
SafariSafari Andrew & the Traveling Computers (Accra-Lagos-Benin City-England)
Safari Lucas & The Holy Rollers (Owerri-Abeokuta)
Safari Joseph & The Golden Cow (Lagos-Kano)
Safari Douala Y'know Mike? Co-bait w/Bravo (Onicha to Yaounde)
Safari The One Love Safari (Lagos to Kano)
Safari Pastor Cl3tus/The Star Wars Safari (Accra to Bauchi) Co-bait w/Bravo, The Dane, Leonsumbitches

They have seized my luggage's my passport, my clothes, my shoes and everything i came with. Chima

i sat on a car for more than 15 hours, i staved, i could not eat good food or drink good water even when there is chorollar outbreak in Nigeria, still i accepted to go. Andrew

you want to know were i am this is where you will find me, Am in your mothers virgina. Andrew
View user's profileSend private messageSkype Name
huhenio
Not quite a Newb


Joined: 12 Jun 2005
Posts: 60


PostPosted: Thu Jan 06, 2011 9:43 pm Reply with quoteBack to top

thanks ... how do check the ip? [originating ip]
gotcha


I did replace my email with that goofy email addy

_________________
I got a fever and the only prescription is the cowbell!!
View user's profileSend private message
Nowhere Man
419Eater is my life


Joined: 03 Jun 2010
Posts: 450
Location: never where I want to be


PostPosted: Thu Jan 06, 2011 9:54 pm Reply with quoteBack to top

Usually, the IP is right above the date and time that the mail was sent. In this case, the IP was up a ways. These numbers: 88.254.86.31

If I'm wrong, someone correct me.

Here is an example from a yahoo mail:
Quote:

Received: from [62.145.79.150] by web27607.mail.ukl.yahoo.com via HTTP; Fri, 31 Dec 2010 19:41:48 GMT
X-Mailer: YahooMailClassic/11.4.20 YahooMailWebService/0.8.107.285259
Date: Fri, 31 Dec 2010 19:41:48 +0000 (GMT)

_________________
Closed lad accounts x2 Goat Mc Fry
SafariSafari Andrew & the Traveling Computers (Accra-Lagos-Benin City-England)
Safari Lucas & The Holy Rollers (Owerri-Abeokuta)
Safari Joseph & The Golden Cow (Lagos-Kano)
Safari Douala Y'know Mike? Co-bait w/Bravo (Onicha to Yaounde)
Safari The One Love Safari (Lagos to Kano)
Safari Pastor Cl3tus/The Star Wars Safari (Accra to Bauchi) Co-bait w/Bravo, The Dane, Leonsumbitches

They have seized my luggage's my passport, my clothes, my shoes and everything i came with. Chima

i sat on a car for more than 15 hours, i staved, i could not eat good food or drink good water even when there is chorollar outbreak in Nigeria, still i accepted to go. Andrew

you want to know were i am this is where you will find me, Am in your mothers virgina. Andrew
View user's profileSend private messageSkype Name
huhenio
Not quite a Newb


Joined: 12 Jun 2005
Posts: 60


PostPosted: Thu Jan 06, 2011 9:59 pm Reply with quoteBack to top

Nowhere Man wrote:
Usually, the IP is right above the date and time that the mail was sent. In this case, the IP was up a ways. These numbers: 88.254.86.31

If I'm wrong, someone correct me.

Here is an example from a yahoo mail:
Quote:

Received: from [62.145.79.150] by web27607.mail.ukl.yahoo.com via HTTP; Fri, 31 Dec 2010 19:41:48 GMT
X-Mailer: YahooMailClassic/11.4.20 YahooMailWebService/0.8.107.285259
Date: Fri, 31 Dec 2010 19:41:48 +0000 (GMT)


Yah ... I was just rusty with my sleuth skills.

the website for the beinus.com has a forwarding address in St Pete, FLA

That location is a moto store.

I know bikes, so I will call and ask if they have a part or something.

_________________
I got a fever and the only prescription is the cowbell!!
View user's profileSend private message
Lachesis
** SUSPENDED **


Joined: 01 Nov 2010
Posts: 1162


PostPosted: Thu Jan 06, 2011 10:00 pm Reply with quoteBack to top

http://iptrackeronline.com/header.php

and yes, IP resolves to turkey.

_________________
Site killer, scam baiter, shit poster.

Baiting/sitekilling numbers:

United Kingdom x 56 Ghana x 6 South Africa x 2 x 2 United States x 5 Malaysia x 8 Spain x 8 Ireland x 2 Canada x 3 Malta Australia Ivory Coast Nigeria x 2 Benin x 2 Cambodia Flag Indonesia Burkina Faso

Closed lad accounts x 21 Easter Egg 2011

Photo trophies x 2, Forms filled x 11, Baited domains x 9, Writing pieces x 2

"Ok i want to be addressed like felon Musa Songo." - Musa Songo
"This your transaction is giving me heart failure" - EFCC
"YOU ARE A BIG FOOL AND AN IDIOT. DO NOT EVER CONTACT ME AGAIN. YOU ANIMAL." - Kojo Smith
"STOP FOULING YOURSELF JOHN." - Rodney Lloyd
View user's profileSend private message
huhenio
Not quite a Newb


Joined: 12 Jun 2005
Posts: 60


PostPosted: Thu Jan 06, 2011 10:07 pm Reply with quoteBack to top

small marine and motorcycle shop is listed on the forwarding address.
new building.

Across the street is a residential area.

mmhm!

_________________
I got a fever and the only prescription is the cowbell!!
View user's profileSend private message
huhenio
Not quite a Newb


Joined: 12 Jun 2005
Posts: 60


PostPosted: Thu Jan 06, 2011 10:30 pm Reply with quoteBack to top

The domain is registered with a michigan address .... residential area across the street from a ford dealership.

_________________
I got a fever and the only prescription is the cowbell!!
View user's profileSend private message
SlapHappy
Baiting Guru


Joined: 15 May 2006
Posts: 9612
Location: Floating up and down with happiness.


PostPosted: Thu Jan 06, 2011 10:35 pm Reply with quoteBack to top

Googling names really doesn't prove anything, as scammers will use fake names most of the time. If this is a scam, it's most likely a check scam, processing clients' checks and keeping 10%, or shipping real items that were bought with stolen credit cards, and shipping them overseas.

If you bait them and get CC#s, report them to a Mod for proper notification of authorities. If it's a check lad, do not have them sent to your home or work address! Too risky! We have a dropbox available for premium members to keep things risky-free for you. Or, alternately, make up a completely fake address, where it will languish for a time in limbo before being returned or destroyed and not fall into an innocent victims hands. Smile

_________________
Sand Timer x Reven U., Fats Walla, Donny
Safari x10 Sand Timer X2 MM:Mikex2, JohnK, [email protected], Ob1, Armstrong, Ismail, TG&Friend
Safari x3 Nancy, Security Guy, Robert Accra-Tamale
Safari Safari Sand Timer (19 mo.) Tina and Joe's Safari - Accra to Niger & Timbucktu
Safari Safari [email protected] & Charlie -Wulugu Or Bust Safari- Lagos to Paga & Tokwari X2 - 3800mi.
Golden Pith x3 H3ctor & [email protected] - Yankar1 & Parakou
Safari x2 Charles and Friend-Amsterdam to Vatican
Safari Issac to Chad
Be A Cool Cat, Like Me Trophy Videos Cool Stuff
pony pony Closed lad accounts Mortar Goat Easter Egg 2011
View user's profileSend private messageSkype Name
DoraTheExplorer
Anonymous


Joined: 18 Nov 2008
Posts: 9264
Location: Magnolia, Mississippi


PostPosted: Thu Jan 06, 2011 10:49 pm Reply with quoteBack to top

http://www.usaddressmail.com/

Quote:
canonical name usaddressmail.com.
addresses 195.226.218.97



Domain Name: USADDRESSMAIL.COM
Registrar: BIZCN.COM, INC.
Whois Server: whois.bizcn.com
Referral URL: http://www.bizcn.com
Name Server: NS1.DATA-CENTR.LV
Name Server: NS1.FREEDNS.WS
Name Server: NS2.DATA-CENTR.LV
Name Server: NS2.FREEDNS.WS
Status: clientDeleteProhibited
Status: clientTransferProhibited
Updated Date: 05-jan-2011
Creation Date: 04-jan-2011
Expiration Date: 04-jan-2012


Domain name: usaddressmail.com

Registrant Contact:
The US Address
Sridhar Atluri [email protected]
734-416-0058 fax: 734-416-0058
45732 Prairiegrass ct
Belleville MI 48111
us



Brand new domain, nothing on the website. If you get a scam email from that domain (with headers), we can probably get it killed. Although with a chinese registrar and a russian hoster (that's what it looks like at first glance, though I could be wrong), it might be more difficult.

I don't get any google hits on [email protected]

And Slap is right, most scammers will register a fraudulent domain with fake/stolen details, so worrying about registrant details doesn't usually help much. Wink

_________________
United StatesCanadaUnited KingdomNigeriaGhanaBeninMalaysiaSouth AfricaSwitzerlandTogoChinaSpainMadagascar FlagBulgeriaUnited Arab EmiratesUkraineUnited NationsItalyLibya FlagCzech Republic
NetherlandsNew ZealandRussiaSaudi ArabiaAustraliaBahamas, TheIvory CoastDenmarkBelgiumHong KongFranceGermanyRomaniaBahamas, TheNew ZealandcameroonBurkina Faso x 2714
Easter Egg 2012 Cellphone Closed lad accounts Mortar pony pony Nurse Nastys Audi TT Nurse Nastys Audi TT Goat Tattoo Mc Fry Elite Ninja Team Member
Safari Vcamera Paga John Safari Vcamera Paga Willie Safari Vcamera Paga Kingsley Safari James

Safari The Dynamic Duo Travels! Vcamera Sand Timer
View user's profileSend private message
huhenio
Not quite a Newb


Joined: 12 Jun 2005
Posts: 60


PostPosted: Thu Jan 06, 2011 10:50 pm Reply with quoteBack to top

This one looks pretty organized ... challenging!

_________________
I got a fever and the only prescription is the cowbell!!
View user's profileSend private message
DoraTheExplorer
Anonymous


Joined: 18 Nov 2008
Posts: 9264
Location: Magnolia, Mississippi


PostPosted: Thu Jan 06, 2011 10:56 pm Reply with quoteBack to top

Oh, and I don't see any connection with https://beinus.com/

Googling usaddressmail.com pulls up beinus.com because they deal with us address forwarding and the terms are similar. beinus.com looks legit to me unless I am missing something.

_________________
United StatesCanadaUnited KingdomNigeriaGhanaBeninMalaysiaSouth AfricaSwitzerlandTogoChinaSpainMadagascar FlagBulgeriaUnited Arab EmiratesUkraineUnited NationsItalyLibya FlagCzech Republic
NetherlandsNew ZealandRussiaSaudi ArabiaAustraliaBahamas, TheIvory CoastDenmarkBelgiumHong KongFranceGermanyRomaniaBahamas, TheNew ZealandcameroonBurkina Faso x 2714
Easter Egg 2012 Cellphone Closed lad accounts Mortar pony pony Nurse Nastys Audi TT Nurse Nastys Audi TT Goat Tattoo Mc Fry Elite Ninja Team Member
Safari Vcamera Paga John Safari Vcamera Paga Willie Safari Vcamera Paga Kingsley Safari James

Safari The Dynamic Duo Travels! Vcamera Sand Timer
View user's profileSend private message
huhenio
Not quite a Newb


Joined: 12 Jun 2005
Posts: 60


PostPosted: Thu Jan 06, 2011 11:11 pm Reply with quoteBack to top

DoraTheExplorer wrote:
Oh, and I don't see any connection with https://beinus.com/

Googling usaddressmail.com pulls up beinus.com because they deal with us address forwarding and the terms are similar. beinus.com looks legit to me unless I am missing something.


well ... I get an email sent from turkey in behalf of [email protected]

try to go to the domain www.usasddressmail.com and forwards me to beinus.com

Souns fishy to me ... that is why I am doing my legwork.

I should call them via skype and see what happens.

_________________
I got a fever and the only prescription is the cowbell!!
View user's profileSend private message
huhenio
Not quite a Newb


Joined: 12 Jun 2005
Posts: 60


PostPosted: Thu Jan 06, 2011 11:17 pm Reply with quoteBack to top

www.usaddressmail.com was created yesterday!

And now it does not redirect but shows a screen!

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

*<html>

*<head><title>The US Address Mail Server v. 3.2</title></head>
*<body bgcolor="#2f1054">
*<div style="margin-top: 100px;color:#fff"><center><img *src="logo_sm.jpg"><br><br><strong>The US Address</strong><br>

*Mail Server v. 3.2</center></div>
*</body>
*</html>

_________________
I got a fever and the only prescription is the cowbell!!

Last edited by huhenio on Thu Jan 06, 2011 11:50 pm; edited 1 time in total
View user's profileSend private message
DoraTheExplorer
Anonymous


Joined: 18 Nov 2008
Posts: 9264
Location: Magnolia, Mississippi


PostPosted: Thu Jan 06, 2011 11:34 pm Reply with quoteBack to top

^^^ Yes, I know. However there is nothing fraudulent on that website, is there? Wink

Was http://www.usaddressmail.com/ forwarding to https://beinus.com/ ? Cause it isn't now (as you can tell). Plus anyone can forward a domain to another -- doesn't indicate the fraud on the part of the legit domain.

Again, unless you get a scam email from that domain, there is nothing that we, as site killers, can do about it. No hoster or registrar is going to shut it down without outright evidence of fraud. Email-only domains absolutely need a scam email from the domain to be added to our DB and for a kill. Promise.

And you don't need to quote the whole post above you, huhenio. Not only is it against the forum policy, we can scroll up to see. Just quote pertinent parts, if needed. Very Happy

_________________
United StatesCanadaUnited KingdomNigeriaGhanaBeninMalaysiaSouth AfricaSwitzerlandTogoChinaSpainMadagascar FlagBulgeriaUnited Arab EmiratesUkraineUnited NationsItalyLibya FlagCzech Republic
NetherlandsNew ZealandRussiaSaudi ArabiaAustraliaBahamas, TheIvory CoastDenmarkBelgiumHong KongFranceGermanyRomaniaBahamas, TheNew ZealandcameroonBurkina Faso x 2714
Easter Egg 2012 Cellphone Closed lad accounts Mortar pony pony Nurse Nastys Audi TT Nurse Nastys Audi TT Goat Tattoo Mc Fry Elite Ninja Team Member
Safari Vcamera Paga John Safari Vcamera Paga Willie Safari Vcamera Paga Kingsley Safari James

Safari The Dynamic Duo Travels! Vcamera Sand Timer
View user's profileSend private message
huhenio
Not quite a Newb


Joined: 12 Jun 2005
Posts: 60


PostPosted: Thu Jan 06, 2011 11:36 pm Reply with quoteBack to top

Sorry for the clutter!

_________________
I got a fever and the only prescription is the cowbell!!
View user's profileSend private message
huhenio
Not quite a Newb


Joined: 12 Jun 2005
Posts: 60


PostPosted: Mon Jan 10, 2011 11:38 pm Reply with quoteBack to top

He sent me a job application ... ALL kinds of information requested as usual for a job application from a cold email from a website that did not even exist the day before the email was sent to me.

Now I changed email addy's to my bait account and see if he notices that there is something going on.

_________________
I got a fever and the only prescription is the cowbell!!
View user's profileSend private message
Display posts from previous:      
Post new topicReply to topic


 Jump to:   



View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



** Find out information about your IP address **


All Content © 2003 - 419Eater.com
Powered by phpBB © 2001, 2002 phpBB Group :S5: FI Theme :: All times are GMT