Advert.

Do NOT tell your scammer he is posted here, or report their accounts as it puts others at risk!

WHAT ARE IP ADDRESSES AND WHY ARE THEY SO IMPORTANT?

The FAQs of life. Things your momma was too embarrassed to tell you about scammers.

WHAT ARE IP ADDRESSES AND WHY ARE THEY SO IMPORTANT?

Unread postby Wayne » Mon Apr 30, 2012 11:11 am

Taken from "The Scam Survivors' Handbook"

Whenever you send an email to someone, there's some extra information sent with it that the person receiving it won't see unless they know how to look for it. These are called the email headers, and it includes a lot more information than you'd expect. If you know what to do then you can find out the path the email took, if the email address shown is the real one or if it's faked, also the exact time and date it was sent. When you join the r/s.com forum then we send you a welcome PM with several important links on the forum. How to find headers using the most common email clients is one of them. Each client is different, so the instructions for finding them on Yahoo mail is different to ones for finding them on Gmail and so on. We'll show you an example of what the email headers look like, but don't worry. Most of what you'll see is unimportant and can be ignored. We're only showing you so that you can know what they look like. Here we go, don't be afraid...

Delivered-To: XXXXXX@gmail.com
Received: by 10.204.76.17 with SMTP id a17cs50731bkk;
Fri, 6 Aug 2010 04:06:00 -0700 (PDT)
Received: by 10.216.26.145 with SMTP id c17mr743754wea.70.1281092760535;
Fri, 06 Aug 2010 04:06:00 -0700 (PDT)
Return-Path: <odily4ritaa@yahoo.co.uk>
Received: from n25.bullet.mail.ukl.yahoo.com (n25.bullet.mail.ukl.yahoo.com [87.248.110.142])
by mx.google.com with SMTP id s66si2166278weq.66.2010.08.06.04.05.59;
Fri, 06 Aug 2010 04:05:59 -0700 (PDT)
Received-SPF: neutral (google.com: 87.248.110.142 is neither permitted nor denied by best guess record for domain of odily4ritaa@yahoo.co.uk) client-ip=87.248.110.142;
Authentication-Results: mx.google.com; spf=neutral (google.com: 87.248.110.142 is neither permitted nor denied by best guess record for domain of odily4ritaa@yahoo.co.uk) smtp.mail=odily4ritaa@yahoo.co.uk; dkim=pass (test mode) header.i=@yahoo.co.uk
Received: from [217.146.182.179] by n25.bullet.mail.ukl.yahoo.com with NNFMP; 06 Aug 2010 11:05:44 -0000
Received: from [87.248.111.151] by t5.bullet.ukl.yahoo.com with NNFMP; 06 Aug 2010 11:05:59 -0000
Received: from [127.0.0.1] by omp208.mail.ukl.yahoo.com with NNFMP; 06 Aug 2010 11:05:59 -0000
X-Yahoo-Newman-Property: ymail-5
X-Yahoo-Newman-Id: 248888.94550.bm@omp208.mail.ukl.yahoo.com
Received: (qmail 87758 invoked by uid 60001); 6 Aug 2010 11:05:58 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.co.uk; s=s1024; t=1281092758; bh=u1nEhdUKEy+mJbnm4pJNy76/bzoDhBCAAm3IMDNgQGA=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=G8NuAZr1bKTKjgXOmW9t2nc82TQ9waB0E+SDb968tm1tMB2w69BMXyuLJmvKAVFiypG9bK+0C7IFadhJgnguER+13xXV30qeNsGaw78cLkLkzcY2SJddO77nj/sK937jBL0Jn9lKjXiGPyifBGjU+8S451IGdM4CKLQ6xB+UyNk=
DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.co.uk;
h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type;
b=XMSOGtoSb0gFyCZIYE4MxuUYUuYX16RtbAauG9jXVNyEHURAcUiO96WC0bocS316jrFIQ+RKQvnl568wku0ctOGnWb89SxgKbj4LuOi9e0egVwAXt2iCvf7bJIlwixVbHnVYneUESP1H9om/moX15BVK8a0+uNBMECszaVUNLJ8=;
Message-ID: <918394.63115.qm@web24812.mail.ird.yahoo.com>
X-YMail-OSG: J33bJbwVM1nvKW7FNVxLajOKWyRGNISyWG7dL0S8B95uZCY
QywV0SE8M2FnMjpeAhnmy2HkfW2teigeaCvMm2mkxuDqUi8Npc3qljzRefWJ
ACNS_F8VY.xXjmS0J06iJqwXeN7P0t7V3J3xY1zvwIK..tqUbJgj6eAgRPX3
Dxp4x7taqDqXrdhAxPUmrihkGtD1.LrIQ2kxvm80qd9oai5SmIIL4u0nLLtz
WyG_kUjS9ZBRSTGg6ScVcHpxJzqXr_aHxghuJ_f3Edi_wev0HuvRJNtZK5Kc
HpCOCfxOYKCJ__bc24HzEbxj92ABCOUXSFctR9wmJZJ.5FWu2fGkQk.w-
Received: from [41.208.132.212] by web24812.mail.ird.yahoo.com via HTTP; Fri, 06 Aug 2010 11:05:58 GMT
X-Mailer: YahooMailClassic/11.3.2 YahooMailWebService/0.8.105.279950
Date: Fri, 6 Aug 2010 11:05:58 +0000 (GMT)
From: Rita Usman <odily4ritaa@yahoo.co.uk>
Subject: HONEY PLEASE CONTACT THE BANK TODAY
To: My email address<XXXXXX@gmail.com>
In-Reply-To: <AANLkTikZcJeuRoaYu-W+t2cu52K3uJ1T_rgHGBHfuEQZ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-616293714-1281092758=:63115"

What you're looking for is the "Received: from" part.

You can either find it yourself, or copy and paste the headers into whatismyipaddress.com

Headers show the route from you back to the person that sent it, so you have to look at the last IP address you see rather than the first one. In this case we can see that the IP address we're looking for is 41.208.132.212 and that it leads to Senegal. All that most people will be able to get from the IP address is the location of the internet provider used, but the authorities are able to contact the provider and get the physical location of the computer used to send out the emails. No matter where the scammer claims to be, the IP address will show their true location. Of course nothing is ever that simple. It is possible to fake an IP address by using something called a proxy to connect to the internet from another computer in another part of the world, but a quick Google search will often tell you that it's a proxy and not to be trusted.
Click HERE for webcam blackmail/sextortion help.
Do NOT email me for sextortion help. Use the link above. If you ignore this, your message WILL be deleted.
Image
User avatar
Wayne
Site owner/"cruel and sarcastic" admin.
 
Posts: 59612
Joined: Mon Apr 16, 2012 5:13 pm

Return to Important information.

Who is online

Users browsing this forum: No registered users and 8 guests