Is this email associated with a scam

Has this email < [email protected]> been associated with military leave request scams.

Welcome, SAL

A quick google search of that email address gives a few hits - one of which is: http://en.netlog.com/marvelgurl/blog/blogid=3728239

ANY 'leave application' you are asked to supply details for is a definite scam.!

Thanks for your reply. I assumed that it was. I am member of tagged and a person sent me a message saying they was attracted to my picture and wanted to get to know me. After a couple of days I began to suspect this person may be trying to pull off a scam. He asked me to send an email to his commander telling him that I was his fiancee so that he could get his leave approved. Well I knew this is not right but I did it just to see what happens. The day after I sent the request, I got an email with an attachment from his commander asking me to complete a leave form and send money for a processing fee. Well of course I did not. This person is using real pictures of a real military person for which I assume is not the scammer. I have the pictures and emails and was wondering how to find out if the pictures that I have are of the real scammer or an innocent solider being used.

The photos will have been stolen from a web site, a social networking site or some other freely available source. They will not be of the scammer himself, as he's (more than likely) in Nigeria!

Could you please post an email you've received - with the headers (if you don't know how to get the headers, please tell us which email program you use & we can advise). All we ask is that you remove YOUR information, name, email address etc. From these, we will be able to say definitively where the email has been sent from & also, you will save someone else who searches for the senders name or address.

X-Message-Delivery:
X-Message-Status: n:0
X-SID-PRA: John Williams [email protected]
X-AUTH-Result: NONE
X-Message-Info: Removed

Received: from web114409.mail.gq1.yahoo.com ([98.136.183.48]) by COl0-MC4-F43.Col0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);
Wed, 28 Apr 2010 08:25:47 -0700
Received: (qmail 57192 invoked by uid 60001); 28 Apr 2010 15:25:47 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1272468346; bh=
=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type;
b= Removed
DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.com;
h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type;
b= Removed
Message-ID: <[email protected]>
X-YMail-OSG: Removed
Received: from [93.91.80.1] by web114409.mail.gq1.yahoo.com via HTTP; Wed, 28 Apr 2010 08:25:46 PDT
X-Mailer: YahooMailClassic/10.1.11 YahooMailWebService/0.8.103.269680
Date: Wed, 28 Apr 2010 08:25:46 -0700 (PDT)
From: John Williams [email protected]

Subject: pics

To:
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="0-2063892513-1272468346=:50955"
Return-Path: [email protected]
X-OriginalArrivalTime: 28 Apr 2010 15:25:47.0168 (UTC) FILETIME=[1373F200:01CAE6E7]
--0-2063892513-1272468346=:50955
Content-Type: multipart/alternative; boundary="0-2108213350-1272468346=:50955"
--0-2108213350-1272468346=:50955
Content-Type: text/plain; charset=us-ascii

hello XXXXX here are some picture for you.

Removed some of the non important information to make the important things stand out - Ralph







-

X-Message-Delivery: Vj0xLjE7dXM9MDtsPTE7YT0xO0Q9MDtTQ0w9MA==
X-Message-Status: n:0
X-SID-PRA: [email protected]
X-AUTH-Result: NONE
X-Message-Info:
Received: from imr-ma02.mx.aol.com ([64.12.206.40]) by bay0-mc4-f38.Bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675);
Fri, 30 Apr 2010 10:09:12 -0700
Received: from imo-da03.mx.aol.com (imo-da03.mx.aol.com [205.188.169.201])
by imr-ma02.mx.aol.com (8.14.1/8.14.1) with ESMTP id o3UH8osP030360
for <xxxxxxxxxxxx >; Fri, 30 Apr 2010 13:08:51 -0400

Received: from [email protected]
by imo-da03.mx.aol.com (mail_out_v42.9.) id i.c81.70a7bd65 (43957)
for <xxxxxxxxxxxxx>; Fri, 30 Apr 2010 13:08:48 -0400 (EDT)
Received: from smtprly-de02.mx.aol.com (smtprly-de02.mx.aol.com [205.188.249.169]) by cia-dd01.mx.aol.com (v128.3) with ESMTP id MAILCIADD016-b23a4bdb0e9a297; Fri, 30 Apr 2010 13:08:46 -0400
Received: from web-mmc-d05 (web-mmc-d05.sim.aol.com [205.188.103.95]) by smtprly-de02.mx.aol.com (v128.3) with ESMTP id MAILSMTPRLYDE025-b23a4bdb0e9a297; Fri, 30 Apr 2010 13:08:42 -0400
References: <[email protected]>
To: xxxxxxxxxxxxxxx
Subject: Re: Leave for Sgt John Williams
Date: Fri, 30 Apr 2010 13:08:42 -0400
X-AOL-IP: 93.91.80.1
In-Reply-To: <[email protected]>
X-MB-Message-Source: WebUI
MIME-Version: 1.0

From: [email protected]

X-MB-Message-Type: User
Content-Type: multipart/mixed;
boundary="--------MB_8CCB69EEBC5E834_6F8_65BD_web-mmc-d05.sysops.aol.com"
X-Mailer: Mail.com Webmail 31509-STANDARD
Received: from 93.91.80.1 by web-mmc-d05.sysops.aol.com (205.188.103.95) with HTTP (WebMailUI); Fri, 30 Apr 2010 13:08:42 -0400
Message-Id: <[email protected]>
X-AOL-VSS-CODE: clean
X-AOL-VSS-INFO: 5400.1158/0
X-Spam-Flag:NO
X-AOL-SENDER: [email protected]
Return-Path: [email protected]
X-OriginalArrivalTime: 30 Apr 2010 17:09:12.0516 (UTC) FILETIME=[DAF46840:01CAE887]

----------MB_8CCB69EEBC5E834_6F8_65BD_web-mmc-d05.sysops.aol.com

Content-Type: multipart/alternative;
boundary="--------MB_8CCB69EEBC5E834_6F8_65BE_web-mmc-d05.sysops.aol.com"


----------MB_8CCB69EEBC5E834_6F8_65BE_web-mmc-d05.sysops.aol.com
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="us-ascii"

FROM DESK OF LT. COL ROBERT.

LEAVE PERMIT PROCESSING DEPARTMENT.

NEW YORK,NEW YORK.

UNITED STATE.


??????????????????????????????????????????????????????? LEAVE REQUEST NOTIFICATION


THIS OFFICE WILL LIKE TO NOTIFY YOU THAT WE RECEIVED SGT. JOHN WILLIAMS LEAVE REQUEST AND IT HAS BEEN APPROVED


WE ARE HAPPY TO TREAT YOUR MESSAGE BUT DUE TO A MILITARY PROTOCOL, A FORM WILL BE COMPLETED CORRECTLY IN BLOCK LETTER AND YOU CAN FIND THE ATTACH? FORM IN

THIS MESSAGE. ONCE THIS FORM HAS BEEN COMPLETED A PROCESSING FEE HAS TO BE PAID ALONG WITH THE FORM COMPLETED AND SENT TO OUR U.K WHILE THE PROCESSING FEE OF $320.00 USD WILL BE SENT TO THE FINANCIAL SECRETARY TO THE BELOW ADDRESS:

NAME??????? : ELIZABETH JANE SMITH

CITY?????????? : CHATHAM, KENT

COUNTRY?? : UNITED KINGDOM

ONCE WE CONFIRM THE RECEIPT OF THE PAYMENT A MESSAGE WILL REACH THE SAID OFFICER AND FLIGHT SCHEDULE WILL BE SENT TO THE COMMANDANT IN-CHARGE TO ANY DESTINATION, THE SAID OFFICER WILL BE ALLOWED TO LEAVE THE CAMP IMMEDIATELY.

IF YOU HAVE ANY QUESTION TO ASK, PLEASE DO NOT HESITATE TO CONTACT THE BELOW ADDRESS.

WE LOOK FORWARD TO WORK ON YOUR RESPONSE.

CONTACT: LT. COL. ROBERT

Some edits made for clarity - Ralph

Thank you, SAL

BOTH headers show the emails came via:

93.91.80.1 United States (Savannah)

However, that I/P resolves to:

Nynex Network Solutions Satellite Networks

So the scammer is sending emails from wherever (& it is still my guess it's Nigeria) using a satellite service!

If they were from genuine US Military sources, they would not be needing to hide behind a satellite service provider!

Thanks

A little bit of extra information;
Sometimes doing a search on the IP address can give you some useful results, in this case, the Satellite IP is used by people in a very large area including the Middle East so this scammer has done his homework in choosing which IP he will use to make himself look as genuine as possible.

Looking through the results, you will also find that other scammers use that same IP including another romance scammer Right Click and open this page in a new window to see the scam profile of another scammer