by gotic
Fri Jun 04, 2010 10:27 am
Nigeria + German proxy ( [email protected] ; [email protected] )
1) ########## Several days ago i received a message in Tagged:
"From:
Thomas B (http://www.tagged.com/profile.html?uid=5440084726):
Hey dearie (me), you are a very nice & sweet lady i bet,.you seem a wonderful lady,Well I live in Twyford Berkshire,Im 44,a construction expert..im single for now & searching,seperated,have a kid ..I like classical,gospel & R&b music,Like the movies too thats when im free by the weekend cos im always busy..i like sports & the outdoors too...and i would like to know probably every interesting thing about you?? take care !! you can write me on tom_braile at yahoo.com"
PROFILE INFO:
Thomas B
http://www.tagged.com/profile.html?uid=5440084726
Profile photo:
http://t4.tagstat.com/image05/1/1af6/8003054ghHS.jpg
Tagline: It takes two heart to make an affair
Member Since: Apr 9, 2010; Gender: Male
Location: Berkshire, United Kingdom
Age: 44; Relationship Status: Single
Interested In: Dating, Serious Relationship
Languages: English; Ethnicity: Caucasian/White
Religion: Christian; Orientation: Straight
College: Bracknell and Wokingham College '07
2) ########## I gave "him" my private e-mail address.
==> Later i received "his" 1st e-mail message (out of tagged)
The IP-address was 192.251.226.205 (Germany)
This fact made me ask a question to myself:
Q: Why a person that says is living in UK would have IP-address in Germany ?!
A: On my opinion - just in 2 cases:
- this person lies about his location... but why hide it, if "he" is in Germany?
- or this person is using a proxy... to hide the fact "he" is in a compromised location?
Both answers probably mean that "he" is not in UK nor in Germany.
.............. 1st e-mail message (out of tagged) .............
Delivered-To: -(me)[email protected]
Received: by 10.100.11.1 with SMTP id 1cs521100ank;
Wed, 2 Jun 2010 10:49:55 -0700 (PDT)
Received: by 10.224.52.164 with SMTP id i36mr3658870qag.147.1275500988457;
Wed, 02 Jun 2010 10:49:48 -0700 (PDT)
Return-Path: <[email protected]>
Received: from snt0-omc4-s2.snt0.hotmail.com (snt0-omc4-s2.snt0.hotmail.com [65.55.90.205])
by mx.google.com with ESMTP id 20si8308609qcf.31.2010.06.02.10.49.47;
Wed, 02 Jun 2010 10:49:48 -0700 (PDT)
Received-SPF: pass (google.com: domain of [email protected] designates 65.55.90.205 as permitted sender) client-ip=65.55.90.205;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of [email protected] designates 65.55.90.205 as permitted sender) [email protected]
Received: from SNT116-W60 ([65.55.90.200]) by snt0-omc4-s2.snt0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675);
Wed, 2 Jun 2010 10:48:28 -0700
Message-ID: <[email protected]>
Return-Path: [email protected]
Content-Type: multipart/alternative;
boundary="_d4dce3d7-c718-40bc-989e-a0947a02d785_"
X-Originating-IP: [192.251.226.205]
From: Thomas Braile <[email protected]>
To: <-(me)[email protected]>
Subject: HI BABE..
Date: Wed, 2 Jun 2010 18:48:28 +0100
Importance: Normal
MIME-Version: 1.0
X-OriginalArrivalTime: 02 Jun 2010 17:48:28.0972 (UTC) FILETIME=[CF24CEC0:01CB027B]
--_d4dce3d7-c718-40bc-989e-a0947a02d785_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
HI (obscured)=2C ITS OK=2CI CAN UNDERSTAND YOUR ENGLISH=2C I LIKE YOUR PROFILE=
=2C & ALL ABOUT YOUR LOVELY LIFE=2C I LL REALLY WANT US TO BE CLOSER FRIEND=
S=2C HOPE WE CAN CHAT SOON=2C IF U HAVE MSN=2C OR YAHOO I LL APPRECIATE TO =
TALK WITH YOU ON THERE.IM SINGLE & REALLY NEED A WOMAN IN MY LIFE. =
=20
........... end of 1st e-mail message (out of tagged) ..........
More info:
IP-address FROM SOURCE OF 1-ST E_MAIL MESSAGE:
192.251.226.205
---
- http://whatismyipaddress.com/ip/192.251.226.205
General IP Information
Hostname: anonymizer.blutmagie.de
ISP: Villa Straylight
Organization: Olaf Selke
Proxy: Confirmed proxy server
Type: Corporate
Assignment: Static IP
Geolocation Information
Country: Germany
State/Region: Nordrhein-Westfalen
City: Rietberg
Latitude: 51.7833
Longitude: 8.4333
---
Blacklisted:
- http://whatismyipaddress.com/blacklist- ... rotect.net
IP 192.251.226.205 is part of AS
6805 TDDE-ASN1 Telefonica Deutschland Autonomous System and the Networks 192.251.226.0/24
Reverse DNS (PTR) exists and claimes to be:
anonymizer.blutmagie.de
Forward DNS for anonymizer.blutmagie.de is:
192.251.226.205
DNS is consistent.
---
- LISTED in UCEPROTECT- Level3
Reputation of ASN 6805 | TDDE-ASN1 Telefonica Deutschland Autonomous System
UCEPROTECT- Level 3 is the highest possible escalaion, complete Autonomus Systems (AS) get listed at Level 3 if there were too many spamming IP's
-------
3) ########## So, with the purpose to verify the IP-address again, i wrote to this sender an answer:
blah... blah... + asking about the actual wetter in UK + blah... blah... + now i am alone too + blah... blah...
==> Today i received "his" answer, 2-nd e-mail message
IP-ADDRESS: 41.220.68.1 --> Nigeria
.............. 2-nd e-mail message (out of tagged) .............
Delivered-To: -(me)[email protected]
Received: by 10.100.11.1 with SMTP id 1cs2907ank;
Thu, 3 Jun 2010 20:08:25 -0700 (PDT)
Received: by 10.231.69.71 with SMTP id y7mr260207ibi.136.1275620904831;
Thu, 03 Jun 2010 20:08:24 -0700 (PDT)
Return-Path: <[email protected]>
Received: from snt0-omc4-s21.snt0.hotmail.com (snt0-omc4-s21.snt0.hotmail.com [65.55.90.224])
by mx.google.com with ESMTP id g4si1309831ibl.92.2010.06.03.20.08.23;
Thu, 03 Jun 2010 20:08:24 -0700 (PDT)
Received-SPF: pass (google.com: domain of [email protected] designates 65.55.90.224 as permitted sender) client-ip=65.55.90.224;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of [email protected] designates 65.55.90.224 as permitted sender) [email protected]
Received: from SNT116-W7 ([65.55.90.200]) by snt0-omc4-s21.snt0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675);
Thu, 3 Jun 2010 20:08:06 -0700
Message-ID: <[email protected]>
Return-Path: [email protected]
Content-Type: multipart/alternative;
boundary="_ded3e066-543c-4020-a8a5-a7757892e272_"
X-Originating-IP: [41.220.68.1]
From: Thomas Braile <[email protected]>
To: <-(me)[email protected]>
Subject: RE: HI BABE..
Date: Fri, 4 Jun 2010 04:08:06 +0100
Importance: Normal
In-Reply-To: <[email protected]>
References:
<[email protected]>,<[email protected]>
MIME-Version: 1.0
X-OriginalArrivalTime: 04 Jun 2010 03:08:06.0257 (UTC) FILETIME=[272DA610:01CB0393]
--_ded3e066-543c-4020-a8a5-a7757892e272_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Ok babe=2Cthe weather here is warm=2C its very bad you dont have a messenge=
r=2C i would love to know more about u=2C thanks for the mail anyway=2Cits =
good you wrote to me=2Cso hows your week going?=2C sorry about your ex husb=
and=2C how do u cope been single=2C this is why i want us to be friends to =
talk more about us=2C well you can send me more pics of you=2C & what do u =
do for fun? & for a living?
........... end of 2-nd e-mail message (out of tagged) ..........
More info:
---
- http://whatismyipaddress.com/ip/41.220.68.1
Hostname: 68-1.vgccl.net
ISP: MTN Nigeria
Organization: MTN Nigeria
Proxy: Suspected network sharing device.
Type: Unknown
Assignment: Static IP
---
- http://www.ip-adress.com/whois/41.220.68.1
---
- http://www.itistimed.com/what-is-my-ip/ ... .220.68.1/
IP Address: 41.220.68.1
Hostname: 68-1.vgccl.net
Domain: vgccl.net
Organization: IP Adddress Assigned to MTN N Mobile Data Services.
City
State
Zip
Country: NIGERIA
Lat / Lon: (9.081999, 8.675277)
---
- http://rbls.org/41.220.68.1
41.220.68.1 updated: June 4, 2010 09:34
is listed in combined.abuse.ch and four other blacklists (red):
combined.abuse.ch
spam.abuse.ch
bl.nszones.com
dyn.nszones.com
access.redhawk.org
4) ########## MY CONCLUSION IS: SCAMMER FROM NIGERIA
1) ########## Several days ago i received a message in Tagged:
"From:
Thomas B (http://www.tagged.com/profile.html?uid=5440084726):
Hey dearie (me), you are a very nice & sweet lady i bet,.you seem a wonderful lady,Well I live in Twyford Berkshire,Im 44,a construction expert..im single for now & searching,seperated,have a kid ..I like classical,gospel & R&b music,Like the movies too thats when im free by the weekend cos im always busy..i like sports & the outdoors too...and i would like to know probably every interesting thing about you?? take care !! you can write me on tom_braile at yahoo.com"
PROFILE INFO:
Thomas B
http://www.tagged.com/profile.html?uid=5440084726
Profile photo:
http://t4.tagstat.com/image05/1/1af6/8003054ghHS.jpg
Tagline: It takes two heart to make an affair
Member Since: Apr 9, 2010; Gender: Male
Location: Berkshire, United Kingdom
Age: 44; Relationship Status: Single
Interested In: Dating, Serious Relationship
Languages: English; Ethnicity: Caucasian/White
Religion: Christian; Orientation: Straight
College: Bracknell and Wokingham College '07
2) ########## I gave "him" my private e-mail address.
==> Later i received "his" 1st e-mail message (out of tagged)
The IP-address was 192.251.226.205 (Germany)
This fact made me ask a question to myself:
Q: Why a person that says is living in UK would have IP-address in Germany ?!
A: On my opinion - just in 2 cases:
- this person lies about his location... but why hide it, if "he" is in Germany?
- or this person is using a proxy... to hide the fact "he" is in a compromised location?
Both answers probably mean that "he" is not in UK nor in Germany.
.............. 1st e-mail message (out of tagged) .............
Delivered-To: -(me)[email protected]
Received: by 10.100.11.1 with SMTP id 1cs521100ank;
Wed, 2 Jun 2010 10:49:55 -0700 (PDT)
Received: by 10.224.52.164 with SMTP id i36mr3658870qag.147.1275500988457;
Wed, 02 Jun 2010 10:49:48 -0700 (PDT)
Return-Path: <[email protected]>
Received: from snt0-omc4-s2.snt0.hotmail.com (snt0-omc4-s2.snt0.hotmail.com [65.55.90.205])
by mx.google.com with ESMTP id 20si8308609qcf.31.2010.06.02.10.49.47;
Wed, 02 Jun 2010 10:49:48 -0700 (PDT)
Received-SPF: pass (google.com: domain of [email protected] designates 65.55.90.205 as permitted sender) client-ip=65.55.90.205;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of [email protected] designates 65.55.90.205 as permitted sender) [email protected]
Received: from SNT116-W60 ([65.55.90.200]) by snt0-omc4-s2.snt0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675);
Wed, 2 Jun 2010 10:48:28 -0700
Message-ID: <[email protected]>
Return-Path: [email protected]
Content-Type: multipart/alternative;
boundary="_d4dce3d7-c718-40bc-989e-a0947a02d785_"
X-Originating-IP: [192.251.226.205]
From: Thomas Braile <[email protected]>
To: <-(me)[email protected]>
Subject: HI BABE..
Date: Wed, 2 Jun 2010 18:48:28 +0100
Importance: Normal
MIME-Version: 1.0
X-OriginalArrivalTime: 02 Jun 2010 17:48:28.0972 (UTC) FILETIME=[CF24CEC0:01CB027B]
--_d4dce3d7-c718-40bc-989e-a0947a02d785_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
HI (obscured)=2C ITS OK=2CI CAN UNDERSTAND YOUR ENGLISH=2C I LIKE YOUR PROFILE=
=2C & ALL ABOUT YOUR LOVELY LIFE=2C I LL REALLY WANT US TO BE CLOSER FRIEND=
S=2C HOPE WE CAN CHAT SOON=2C IF U HAVE MSN=2C OR YAHOO I LL APPRECIATE TO =
TALK WITH YOU ON THERE.IM SINGLE & REALLY NEED A WOMAN IN MY LIFE. =
=20
........... end of 1st e-mail message (out of tagged) ..........
More info:
IP-address FROM SOURCE OF 1-ST E_MAIL MESSAGE:
192.251.226.205
---
- http://whatismyipaddress.com/ip/192.251.226.205
General IP Information
Hostname: anonymizer.blutmagie.de
ISP: Villa Straylight
Organization: Olaf Selke
Proxy: Confirmed proxy server
Type: Corporate
Assignment: Static IP
Geolocation Information
Country: Germany
State/Region: Nordrhein-Westfalen
City: Rietberg
Latitude: 51.7833
Longitude: 8.4333
---
Blacklisted:
- http://whatismyipaddress.com/blacklist- ... rotect.net
IP 192.251.226.205 is part of AS
6805 TDDE-ASN1 Telefonica Deutschland Autonomous System and the Networks 192.251.226.0/24
Reverse DNS (PTR) exists and claimes to be:
anonymizer.blutmagie.de
Forward DNS for anonymizer.blutmagie.de is:
192.251.226.205
DNS is consistent.
---
- LISTED in UCEPROTECT- Level3
Reputation of ASN 6805 | TDDE-ASN1 Telefonica Deutschland Autonomous System
UCEPROTECT- Level 3 is the highest possible escalaion, complete Autonomus Systems (AS) get listed at Level 3 if there were too many spamming IP's
-------
3) ########## So, with the purpose to verify the IP-address again, i wrote to this sender an answer:
blah... blah... + asking about the actual wetter in UK + blah... blah... + now i am alone too + blah... blah...
==> Today i received "his" answer, 2-nd e-mail message
IP-ADDRESS: 41.220.68.1 --> Nigeria
.............. 2-nd e-mail message (out of tagged) .............
Delivered-To: -(me)[email protected]
Received: by 10.100.11.1 with SMTP id 1cs2907ank;
Thu, 3 Jun 2010 20:08:25 -0700 (PDT)
Received: by 10.231.69.71 with SMTP id y7mr260207ibi.136.1275620904831;
Thu, 03 Jun 2010 20:08:24 -0700 (PDT)
Return-Path: <[email protected]>
Received: from snt0-omc4-s21.snt0.hotmail.com (snt0-omc4-s21.snt0.hotmail.com [65.55.90.224])
by mx.google.com with ESMTP id g4si1309831ibl.92.2010.06.03.20.08.23;
Thu, 03 Jun 2010 20:08:24 -0700 (PDT)
Received-SPF: pass (google.com: domain of [email protected] designates 65.55.90.224 as permitted sender) client-ip=65.55.90.224;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of [email protected] designates 65.55.90.224 as permitted sender) [email protected]
Received: from SNT116-W7 ([65.55.90.200]) by snt0-omc4-s21.snt0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675);
Thu, 3 Jun 2010 20:08:06 -0700
Message-ID: <[email protected]>
Return-Path: [email protected]
Content-Type: multipart/alternative;
boundary="_ded3e066-543c-4020-a8a5-a7757892e272_"
X-Originating-IP: [41.220.68.1]
From: Thomas Braile <[email protected]>
To: <-(me)[email protected]>
Subject: RE: HI BABE..
Date: Fri, 4 Jun 2010 04:08:06 +0100
Importance: Normal
In-Reply-To: <[email protected]>
References:
<[email protected]>,<[email protected]>
MIME-Version: 1.0
X-OriginalArrivalTime: 04 Jun 2010 03:08:06.0257 (UTC) FILETIME=[272DA610:01CB0393]
--_ded3e066-543c-4020-a8a5-a7757892e272_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Ok babe=2Cthe weather here is warm=2C its very bad you dont have a messenge=
r=2C i would love to know more about u=2C thanks for the mail anyway=2Cits =
good you wrote to me=2Cso hows your week going?=2C sorry about your ex husb=
and=2C how do u cope been single=2C this is why i want us to be friends to =
talk more about us=2C well you can send me more pics of you=2C & what do u =
do for fun? & for a living?
........... end of 2-nd e-mail message (out of tagged) ..........
More info:
---
- http://whatismyipaddress.com/ip/41.220.68.1
Hostname: 68-1.vgccl.net
ISP: MTN Nigeria
Organization: MTN Nigeria
Proxy: Suspected network sharing device.
Type: Unknown
Assignment: Static IP
---
- http://www.ip-adress.com/whois/41.220.68.1
---
- http://www.itistimed.com/what-is-my-ip/ ... .220.68.1/
IP Address: 41.220.68.1
Hostname: 68-1.vgccl.net
Domain: vgccl.net
Organization: IP Adddress Assigned to MTN N Mobile Data Services.
City
State
Zip
Country: NIGERIA
Lat / Lon: (9.081999, 8.675277)
---
- http://rbls.org/41.220.68.1
41.220.68.1 updated: June 4, 2010 09:34
is listed in combined.abuse.ch and four other blacklists (red):
combined.abuse.ch
spam.abuse.ch
bl.nszones.com
dyn.nszones.com
access.redhawk.org
4) ########## MY CONCLUSION IS: SCAMMER FROM NIGERIA
------------------------------------------------------------
If something LOOKS YOU TOO GOOD to be true
. . . . IT REALLY IS TOO GOOD TO BE TRUE !
------------------------------------------------------------
..."The best way to say is to do"...
- http://blue_fractal.tbg.0lx.net/ -
"La mejor forma de decir es hacer"
If something LOOKS YOU TOO GOOD to be true
. . . . IT REALLY IS TOO GOOD TO BE TRUE !
------------------------------------------------------------
..."The best way to say is to do"...
- http://blue_fractal.tbg.0lx.net/ -
"La mejor forma de decir es hacer"
