Hello & Welcome to our community. Is this your first visit? Register
Page 1 of 2 12 LastLast
Results 1 to 10 of 18
  1. #1
    Join Date
    Nov 2006
    Posts
    7

    Default Does Anybody knows how to track IPs?

    Hi:
    Im using the headers to see the originating IPs but which one do I use? I see one next to the word HELO. I got 3 emails from prettty ladies in Global-date-com and one IP came from US, 1 from Germany and 1 from UKraine. wonder which girl is real! Does it make any difference what emai they are using? One is using googlemail.com, the other is using gmail and 3rd one is using a private email or work email. ANybody who knows can yu please tell me so I would be aware of scammers.
    Thanks

  2. #2
    Join Date
    Sep 2005
    Posts
    272

    Default

    Post one of the Headers here and I'll tell you which one to use. Just edit out your information. So others can't see it.

    No scammers will use any email address.

    Giles

  3. #3
    Join Date
    Nov 2006
    Posts
    7

    Default

    1st Lady:
    MIME-Version: 1.0
    Received: from mail2.secureserver50.com ([67.15.229.9]) by bay0-mc6-f11.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2444); Fri, 10 Nov 2006 05:03:50 -0800
    Received: (qmail 19108 invoked by uid 399); 10 Nov 2006 13:03:42 -0000
    Received: from unknown (HELO ?172.16.10.23?) (195.5.125.3) by web2.secureserver50.com with SMTP; 10 Nov 2006 13:03:42 -0000
    X-Message-Info: LsUYwwHHNt3660MmjhEvYg2f34OAemlK3oXsmRrh6gU=
    X-Mailer: The Bat! (v3.5.25) Professional
    References: <BAY118-F1F583285976E6097E416FD6F00@phx.gbl>
    Return-Path: yuli@ft-continental.com
    X-OriginalArrivalTime: 10 Nov 2006 13:03:50.0731 (UTC) FILETIME=[AAB509B0:01C704C8
    ------------------------------------
    2nd Lady:
    MIME-Version: 1.0
    Received: from ug-out-1314.google.com ([66.249.92.174]) by bay0-mc10-f7.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2444); Fri, 10 Nov 2006 06:13:35 -0800
    Received: by ug-out-1314.google.com with SMTP id m3so605118ugc for <latixxxx@hotmail.com>; Fri, 10 Nov 2006 06:13:35 -0800 (PST)
    Received: by 10.66.244.10 with SMTP id r10mr3418419ugh.1163168014616; Fri, 10 Nov 2006 06:13:34 -0800 (PST)
    Received: from 192.168.40.193 ( [82.211.136.14]) by mx.google.com with ESMTP id 30sm2435773ugf.2006.11.10.06.13.25; Fri, 10 Nov 2006 06:13:33 -0800 (PST)
    X-Message-Info: LsUYwwHHNt3660MmjhEvYg2f34OAemlK3oXsmRrh6gU=
    DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:date:from:x-mailer:reply-to:x-priority:message-id:to:subject:in-reply-to:references:mime-version:content-type; b=ppoDvT6OQlC3yzXVenLEh8d2s20mVtVxN007HKIwo+uRNwjM KQOM+ArFv+T14OkJZZIKZ7JbT6MK+BGTk8INNuuoJLKno+aFP9 pd1cfxqFVaHQVPigR7gcY5XCJCf9yYKqL9Tc7q+Ym6rzyInLdn 0rZpN+HnHxSTjIOilvHjWuk=
    Return-Path: <esamoshina@gmail.com>
    X-Mailer: The Bat! (v1.62r) UNREG / CD5BF9353B3B7091
    References: <BAY118-F1075774C1751384C98510DD6F00@phx.gbl>
    X-OriginalArrivalTime: 10 Nov 2006 14:13:35.0968 (UTC) FILETIME=[694D8600:01C704D2
    ------------------------------
    3rd Lady:
    MIME-Version: 1.0
    Received: from nf-out-0910.google.com ([64.233.182.190]) by bay0-mc11-f18.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2444); Fri, 10 Nov 2006 11:20:08 -0800
    Received: by nf-out-0910.google.com with SMTP id q29so1262634nfc for <latixxxxx@hotmail.com>; Fri, 10 Nov 2006 11:20:07 -0800 (PST)
    Received: by 10.49.91.6 with SMTP id t6mr5774699nfl.1163186407121; Fri, 10 Nov 2006 11:20:07 -0800 (PST)
    Received: from ADSL ( [81.169.226.162]) by mx.google.com with ESMTP id n22sm5049789nfc.2006.11.10.11.18.50; Fri, 10 Nov 2006 11:20:03 -0800 (PST)
    X-Message-Info: LsUYwwHHNt3rvZsz2Z/cVwAqF9JLFcco8NRp9CqN6gc=
    DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=googlemail.com; h=received:date:from:x-mailer:reply-to:x-priority:message-id:to:subject:mime-version:content-type; b=d2cwF4/YjZhdTap/0lsw+rWrOKeIXp1RKqdSs6znFnC+kg5P90kaBthQRHNfmRcrqe vbEutL5159XDFh5wh6A7ssGgrQ9+H18KncwD+VOlLfdicsvyfT nlBgYT/eoF+CcNOHmVlHzt93/GpvPGIoImdft1GTof2IyBmIaGXQs7I=
    Return-Path: <lyudnalamila@googlemail.com>
    X-Mailer: Voyager (v3.85.03) Professional
    X-OriginalArrivalTime: 10 Nov 2006 19:20:08.0410 (UTC) FILETIME=[3C0D73A0:01C704FD
    -----------------------------------------
    None shows Ukraine or Russia. Are these potential scammers so I be on the lookout?
    Thanks

  4. #4
    imported_admin Guest

    Default

    1) 195.5.125.3

    inetnum: 195.5.124.0 - 195.5.125.255
    netname: LUGANET
    descr: LugaNet ltd network
    country: UA
    org: ORG-LL23-RIPE
    admin-c: LDO15-RIPE
    tech-c: LDO15-RIPE
    status: ASSIGNED PI
    mnt-by: LUGANET-MNT
    mnt-by: RIPE-NCC-HM-PI-MNT
    mnt-lower: RIPE-NCC-HM-PI-MNT
    mnt-routes: LUGANET-MNT
    mnt-domains: LUGANET-MNT
    source: RIPE # Filtered

    organisation: ORG-LL23-RIPE
    org-name: Luganet Ltd
    org-type: NON-REGISTRY
    address: Mirniy 14/80, Lugansk, 91015, Ukraine
    e-mail: matvey@luga.net.ua
    mnt-ref: MIROTEL-MNT
    mnt-by: MIROTEL-MNT
    source: RIPE # Filtered

    person: Likhno Dmitriy Olegovich
    address: 91015 Ukraine, Lugansk, kv. Mirniy 14/80
    phone: +380642335331
    nic-hdl: LDO15-RIPE
    source: RIPE # Filtered

    % Information related to '195.5.124.0/23AS39728'

    route: 195.5.124.0/23
    descr: LUGANET Ltd.
    descr: Lugansk, Ukraine
    origin: AS39728
    mnt-by: LUGANET-MNT
    source: RIPE # Filtered

    2) 82.211.136.14 (proxy)

    inetnum: 82.211.128.0 - 82.211.191.255
    org: ORG-NPEL1-RIPE
    netname: CY-PLANETSKY-20031014
    descr: PROVIDER Local Registry
    descr: Net Planet Earth Lmited
    country: CY
    admin-c: PSKY-RIPE
    tech-c: PSKY-RIPE
    status: ALLOCATED PA
    mnt-by: RIPE-NCC-HM-MNT
    mnt-lower: NPE-MNT
    mnt-routes: NPE-MNT
    source: RIPE # Filtered

    organisation: ORG-NPEL1-RIPE
    org-name: Net Planet Earth Lmited
    org-type: LIR
    address: 6, Vasili Vryonides Str.
    Gala Court Chambers, PO box 52080
    address: 4060
    address: Limassol
    address: Cyprus
    phone: +357 25 817 204
    fax-no: +357 25 817 211
    e-mail: lir@planetsky.com
    admin-c: AP21455-RIPE
    admin-c: AN9999-RIPE
    admin-c: PC9999-RIPE
    mnt-ref: NPE-MNT
    mnt-ref: RIPE-NCC-HM-MNT
    mnt-by: RIPE-NCC-HM-MNT
    source: RIPE # Filtered

    role: Planetsky Ltd. Netmaster
    org: ORG-NPEL1-RIPE
    address: 6, Vasili Vryonides Str.
    address: Gala Court Chambers
    address: PO box 52080
    address: 4060 Limassol, Cyprus
    phone: +357 25 817204
    fax-no: +357 25 817211
    e-mail: ripe@planetsky.com
    admin-c: ZAK-RIPE
    tech-c: ZAK-RIPE
    nic-hdl: PSKY-RIPE
    remarks: Role Object for Planetsky Ltd.
    remarks: For urgent operational issues, change requests, routing
    remarks: policies, etc please contact noc@planetsky.com
    remarks: For portscans, DoS attacks and spam complaints please
    remarks: contact abuse@planetsky.com
    remarks: Please include all headers and logs where appropriate.
    mnt-by: NPE-MNT
    source: RIPE # Filtered

    % Information related to '82.211.136.0/22AS21455'

    route: 82.211.136.0/22
    descr: PlanetSky Com-tonet Teleport
    origin: AS21455
    mnt-by: NPE-MNT
    source: RIPE # Filtered

    3) 81.169.226.162 (proxy too)

    inetnum: 81.169.224.0 - 81.169.239.255
    netname: SKYDSL1
    descr: SkyDSL
    country: DE
    admin-c: CM265-RIPE
    tech-c: XX1-RIPE
    tech-c: WB14-RIPE
    status: ASSIGNED PA
    mnt-by: STRATO-RZG-MNT
    mnt-lower: STRATO-RZG-MNT
    mnt-routes: STRATO-RZG-MNT
    source: RIPE # Filtered

    person: Christian Mueller
    address: Cronon AG
    address: Pascalstrasse 10
    address: D-10587 Berlin
    address: Germany
    phone: +49 30 398020
    fax-no: +49 30 39802222
    abuse-mailbox: abuse@strato.de
    nic-hdl: CM265-RIPE
    remarks: see also: XX1-RIPE CM5081-NSI CM1-ABC SOUL-RIPE
    mnt-by: CRONON-MNT
    source: RIPE # Filtered

    person: Christian Xaver Mueller
    address: Cronon AG
    address: Pascalstrasse 10
    address: D-10587 Berlin
    address: Germany
    phone: +49 30 398020
    fax-no: +49 30 39 802-222
    abuse-mailbox: abuse@strato.de
    nic-hdl: XX1-RIPE
    remarks: see also: CM265-RIPE SOUL-RIPE
    mnt-by: CRONON-MNT
    source: RIPE # Filtered

    person: Wilhelm Boeddinghaus
    address: Strato Rechenzentrum GmbH
    address: Pascalstrasse 10
    address: D-10587 Berlin
    address: Germany
    phone: +49 30 39802-0
    fax-no: +49 30 39802-222
    nic-hdl: WB14-RIPE
    remarks: see also INTERNIC: >WB131<
    mnt-by: CRONON-MNT
    source: RIPE # Filtered

    % Information related to '81.169.192.0/18AS6724'

    route: 81.169.192.0/18
    descr: Strato Rechenzentrum
    origin: AS6724
    mnt-by: STRATO-RZG-MNT
    source: RIPE # Filtered


  5. #5
    Join Date
    Sep 2005
    Posts
    272

    Default

    Ahh, Admin beat me to it anyway as I'd was just doing the message I'll post it.


    Hi,

    1st Lady.
    Well for a start she is using ?The Bat? a lot of scammers use that, the IP 195.5.125.3 resolves to Luganet in the Ukraine.
    Possible scammer, Where does she say she?s from ?

    2nd Lady
    Again using ?The Bat? the IP address 82.211.136.14 resolves to Limassol in Cyprus. IP 82.211.136.14 - this is a Cyprus Planetsky satellite provider that provides satellite Internet access for Mari El. When you see "Cyprus", that means Mari El?. That information is from a very good source.
    So again I would say that is a scammer.
    Mari EL is well known for a gang of scammers, they post fake profiles all over the internet.

    3rd Lady
    IP 81.169.226.162 resolves to Pascalstrasse 10, Berlin
    She is using an email programme called Voyager which I don?t now anything about.
    Not sure could be fake again.

    The way to track an IP is to use the second IP address in the header, you can then goto this site to check the information of the IP :-
    http://www.whois-search.com/

    Another thing about the Internet in Russia is that the IP address should resolve to the location that the person says they are from, In Europe it usually goes to the Users ISP instead. My IP address resolves to a city 100 miles from where I live.

    If you want to PM me more details where you meet them so I can see the profiles, I may even be able to find the Scam reports for them.

    Bye

  6. #6
    Join Date
    Nov 2006
    Posts
    7

    Default

    Hello Admin:
    So what does this tells me? 1st lady says she is in Crimea Region Simferopol, and internet is in Luganks, and next 2 ladies may be false. Humm...Im beginning to lose hope on online dating..hehehe


  7. #7
    imported_admin Guest

    Default

    Hi visible11,

    > So what does this tells me?

    She tells she is in Simferopol -> Letters come from Lugansk -> Scam!!!
    She tells she is in Russia -> Letters come from Cyprus (Germany, ...) -> Scam!!!

    Post them here: http://www.stop-scammers.com/scamreport.asp and don't waste time or play the game knowing they are scammers.

  8. #8
    Join Date
    Nov 2006
    Posts
    7

    Default

    X-Apparently-To: taxx85@yahoo.com via 209.73.179.70; Wed, 16 Aug 2006 11:22:20 -0700
    X-Originating-IP: [64.233.162.205]
    Return-Path: <tatyiana.sweety@gmail.com>
    Authentication-Results: mta437.mail.mud.yahoo.com from=gmail.com; domainkeys=pass (ok)
    Received: from 64.233.162.205 (EHLO nz-out-0102.google.com) (64.233.162.205) by mta437.mail.mud.yahoo.com with SMTP; Wed, 16 Aug 2006 06:27:20 -0700
    Received: by nz-out-0102.google.com with SMTP id z6so82205nzd for <taxx85@yahoo.com>; Wed, 16 Aug 2006 06:27:13 -0700 (PDT)
    DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:date:from:x-mailer:reply-to:x-priority:message-id:to:subject:in-reply-to:references:mime-version:content-type; b=RgzIvb5jab26W+mxPvj4OZKOf0Rt7eevZlerQaWbrbyOB4Ph MSM7yMaLNu2RgJbRPYud7KKbyxr3jdHxxDwCW7h68a9Cp6kQ8m VIAn4iwUvjCrCrMlN1GrnC4AIks5NpMt3d7qqNEhjysk/7Pjthe8L0fx1BLvyIUZhOgo8jGDo=
    Received: by 10.65.114.11 with SMTP id r11mr583808qbm; Wed, 16 Aug 2006 06:27:12 -0700 (PDT)
    Return-Path: <tatyiana.sweety@gmail.com>
    Received: from 192.168.0.160 ( [75.7.34.46]) by mx.gmail.com with ESMTP id a29sm221688qbd.2006.08.16.06.26.50; Wed, 16 Aug 2006 06:27:11 -0700 (PDT)
    Date: Wed, 16 Aug 2006 11:08:52 +0400
    From: "tatyiana.sweety" <tatyana.sweety@gmail.com> View Contact Details Add Mobile Alert
    Yahoo! DomainKeys has confirmed that this message was sent by gmail.com. Learn more
    X-Mailer: The Bat! (v1.62r)
    Reply-to: "tatyiana.sweety" <tatyiana.sweety@gmail.com>
    X-Priority: 3 (Normal)
    Message-ID: <1353018244.20060816110852@gmail.com>
    To: "taxx85" <taxx85@yahoo.com>
    Subject: Hello my love Tony!
    In-Reply-To: <20060815082024.2897.qmail@web61316.mail.yahoo.com >
    References: <20060815082024.2897.qmail@web61316.mail.yahoo.com >
    MIME-Version: 1.0
    Content-Type: multipart/mixed; boundary="----------AC17F6B3B69EAAB"
    Content-Length: 239259
    --------------------------------------------------
    This person is the most who has written letters (40) plus 52 pictures all the same girl, but by coincidence I saw one picture of her in the scammers list. I confronted her but she denied it but didnt explain. I was thinking hard on her due to the many letters almost every day but she never asked me for anything so far. Now she writes less as I also dont respond rapidly but I told her that I need to talk to her on the phone and she says its difficult. Well, now I use the headers and she is using the BAT. Last time, she wrote she was talking of planning meeting. Her english looks russian but Im surprised all IPs are from USA or am I wrong?. Kind of worried as I sent her my physical address but she never sent me hers and she says she is Kazan Russia, but in the scammer list the person named is one from Nigeria but the english is not nigerian as I now can distinguish this. They talk a lot about "baby" and "OK" phrases.
    Let me see what you can find.
    Thanks

  9. #9
    davismccarn Guest

    Default

    I'll answer the question so you can all find out for yourselves!
    IpNetinfo (www.nirsoft.net) is a great little, no install, freeware app that prompts you to type in an IP Address (paste it from the E-Mail header) and then displays the whois information for you.

    Computer-Help.Net for over 30 years now.

  10. #10
    Join Date
    Dec 2006
    Posts
    7

    Default

    hallo I am also giving the header from a lady,I have been speaking from last few days,she is saying that she is from Chebosary, can you please tell me from IP , where these email coming from.Please reply me.

    Return-Path: <xxxxxxxxxxxxxxx@rambler.ru>
    Delivered-To: xxxxxxxxxxxxxxx@f4.p19.mail.in.redif...di ffmail.com
    Received: (qmail 7892 invoked from network); 6 Dec 2006 14:31:10 -0000
    Received: from unknown (HELO mxb.rambler.ru) (81.19.66.30)
    by 0 with SMTP; 6 Dec 2006 14:31:10 -0000
    Received: from mailc.rambler.ru (mailc.rambler.ru [81.19.66.27])
    by mxb.rambler.ru (Postfix) with ESMTP id 1055043497
    for <xxxxxxxxxxxxxxxxxxxxxxx>; Wed, 6 Dec 2006 17:34:50 +0300 (MSK)
    Received: from comp3 (accel-de.planetsky.com [82.211.152.12] (may be forged))
    (authenticated bits=0)
    by mailc.rambler.ru (8.13.6/8.13.6) with ESMTP id kB6EYjxk015593
    for <xxxxxxxxxxxxxxxxxxx>; Wed, 6 Dec 2006 17:34:48 +0300 (MSK)
    Date: Wed, 6 Dec 2006 13:56:02 +0300
    From: xxxxxxxxxxxxxxx <xxxxxxxxxxxxxxxxxx@rambler.ru>
    X-Mailer: The Bat! (v3.85.03) Professional
    Reply-To: xxxxxxxxxxxxxxxxxx<xxxxxxxxxxxxxxxxx@rambler.ru>
    X-Priority: 3 (Normal)
    Message-ID: <322205681.20061206135602@rambler.ru>
    To: xxxxxxxxxxxxxxx<xxxxxxxxxxxxxxxxx.com>
    Subject: Re: Re
    In-Reply-To: <1165230756.S.2907.26694.webmail78.rediffmail.com. old.1165233443.17182@webmail.rediffmail.com>
    References: <1165230756.S.2907.26694.webmail78.rediffmail.com. old.1165233443.17182@webmail.rediffmail.com>
    MIME-Version: 1.0
    Content-Type: text/plain; charset=iso-8859-5
    Content-Transfer-Encoding: quoted-printable


Similar Threads

  1. Got a telephone call ....
    By lonelyboy in forum Scam or not?
    Replies: 8
    Last Post: 12-28-2005, 01:26 PM
  2. Russian-American jokes
    By Detective in forum Scam or not?
    Replies: 8
    Last Post: 12-19-2005, 02:20 PM
  3. And how about this...scam or not?
    By Horribilis in forum Scam or not?
    Replies: 15
    Last Post: 11-26-2005, 10:28 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
All times are GMT. The time now is 10:18 AM.
Powered by vBulletin® Version 4.2.3
Copyright © 2016 vBulletin Solutions, Inc. All rights reserved.
Username Changing provided by Username Change (Free) - vBulletin Mods & Addons Copyright © 2016 DragonByte Technologies Ltd.
vBulletin Skin By: PurevB.com