Psicop
More human than human
Premium
join:2005-12-21
| [Scam] Help with Russian dating scam
I got an e-mail of a lovely lady  and was wondering if she is really living where she says:
Novosibirsk, Russian Federation.
Her e-mail address is "dariaangel333@yahoo.com"
I used Gmail to find her IP and got this:
68.142.237.93
I did a reverse lookup and got this:
CIDR: 68.142.192.0/18
NetName: INKTOMI-BLK-4
NetHandle: NET-68-142-192-0-1
Parent: NET-68-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.YAHOO.COM
NameServer: NS2.YAHOO.COM
NameServer: NS3.YAHOO.COM
NameServer: NS4.YAHOO.COM
NameServer: NS5.YAHOO.COM
Comment:
RegDate: 2004-03-24
Updated: 2005-08-26
RAbuseHandle: NETWO857-ARIN
RAbuseName: Network Abuse
RAbusePhone: +1-408-349-3300
RAbuseEmail: network-abuse@cc.yahoo-inc.com
OrgAbuseHandle: NETWO857-ARIN
OrgAbuseName: Network Abuse
OrgAbusePhone: +1-408-349-3300
OrgAbuseEmail: network-abuse@cc.yahoo-inc.com
OrgTechHandle: NA258-ARIN
OrgTechName: Netblock Admin
OrgTechPhone: +1-408-349-3300
OrgTechEmail: abechtel@inktomi.com
# ARIN WHOIS database, last updated 2008-05-03 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
My question is that I still don't know where the scammer is really living?
Any ideas?
Cheers. |
|
K Patterson
Premium,MVM
join:2006-03-12
Columbus, OH
 ·RoadRunner Cable
| Oh, undoubtedly in Novosibirsk.
A good first gift might be some disposable razors just in case "she" needs to shave her Adam's apple.
The IP looks to be a Yahoo mail server, so he/she is probably using webmail.
Why not share the wealth? Post her picture on Craig's list. |
|
Psicop
More human than human
Premium
join:2005-12-21
edit:
May 4th, @07:11AM
| Thanks for chiming in. But pardon my ignorance. What's Craig's list? 
Cheers. |
|
K Patterson
Premium,MVM
join:2006-03-12
Columbus, OH
·RoadRunner Cable
| Ah, I looked at your pictures.
Not knowing what Craig's list (actually, it's Craigslist) is is the cultural equivalent of not knowing what a 'Roo is, mate. It is a US auction list renowned for inappropriate actions of most any sort. My comment was entirely tongue in cheek.
See
»www.craigslist.org/about/best/all/
for examples.
Cheers, |
|
damn
Premium
join:2002-10-23
hood | reply to Psicop
Just a FYI: very few people in Russia are using yahoo.com. |
|
Psicop
More human than human
Premium
join:2005-12-21
edit:
May 5th, @12:05AM
| reply to Psicop
K Patterson,
Thanks for that but I still don't know how to use that list.
I did type in both her name and e-mail address and zilch.
Anyway this chick said she is coming to Australia to see me. 
I never met her before and only corresponded with her through e-mail twice!!
There must be something dodgy going on in here. Maybe the scam is as follows:
Sorry honey don't have enough money to pay the flight ticket, can you send me some? I'll be in Australia in a couple of days. Looking forward to kiss you.
LOL!
Otherwise I think this girl is just nuts.
What do you think?
Cheers. |
|
K Patterson
Premium,MVM
join:2006-03-12
Columbus, OH | She's not nuts - she just wants your money. |
|
Psicop
More human than human
Premium
join:2005-12-21
edit:
May 6th, @10:11AM
| reply to Psicop
Hey K,
How is she getting my money if she is coming over to Australia!!
Read this e-mail she just sent me today:
Hi dear Psicop!!! ( )
Fantastic! I am in Moscow finally! i just got access to PC.
My flight were delayed and i spend so much hours at the
airport, just waiting for my plane becuase of bad (not-flying) weather.
Finally I have made up a real step on my long way to you.
I never hesitate in my desire to change the life and now I even more sure
that all this is just for good! I was so scared to fly by plane but you know
what I told myself? I said to myself: "Culm down, keep cool, it's just the first part of trip,
just like preparation for another long fly to another country!" So as you see it works well.
I am in good health and mood!
Moscow+ It's really really crowded and noisy.
So much people in the streets! Even more than I expected!
But I have to stay here for just a bit to make final arrangements for my voyage.
Still I am a little nervous I am so far from my home from my parents and friends,
from all the things that are common to me! You know you are the only one that makes me cheer up and keeps me confident.
Here in the capital with all these people hanging around and staring at me strangely I feel so miserable.
I hope you understand me.
I found a room to rent in the flat of an old lady. She is kind to me.
Poor woman needs money and have to give one of the rooms in her 3 rooms flat for rent.
You know just everything here in Moscow is so extremely expensive if comparing to my town!
Unfortunately I don't have enough time to write you a good letter.
I have as always so much to tell you! But i Hope we shall speak a lot when i finally come.
Imagine we shall meet each other very soon! I will go to the travel agency tomorrow or
sunday and as far as i understand i will be able to travel to your country very soon, all my documents will
be ready nearly 10th May.
You know I heard a lot stories about girls who come from little towns to the capital
with a dream to start new life. And majority of that stories didn't finish ok.
I know i should take care too. But I also know there will be you who will protect me and assist.
This thought is keeping me strong. I was really lucky to find you.
Agency will be able to provide me place to work and to live right
into your city, so please confirm me your city name and
please confirm the name of airport and be sure in correct spelling.
I am afraid to make any mistake... I hope everything will be fine.
please write me as soon as possible!See you soon! Great kiss from moscow!!
Yours Daria
p.s. i took cd with my favorite photos
and i send you some more today, they was made in
the disco club in novosibirsk city,i was there with
my girlfirend. I like to have sun tan and i visit Solariums
during the year in my city!
I need to know what is she going to do to con me?
What I said in my previous post about last minute e-mail and being stuck in the airport and needing money to fly over? Or something similar.
I am watching closely. I am looking forward for the moment the freaking scammer reveals itself. Filthy dog!!
That chick is damn hot!!!
I guess that's how they do it: lure you with foxy ladies.
I am waiting!!
Very funny scam trick.
Edit: I found out how they operate: visa and tickets scam.
»www.womenrussia.com/blacklist_su···Archive1
Anyway I will play with the wolf for a while. I am the tiger. |
|
damn
Premium
join:2002-10-23
hood
edit:
May 6th, @06:36PM
| Just google a part of email. Here's what's gonna happen next
»www.delphifaq.com/faq/russian_ma···44.shtml
PS - you really need to raise your standards, she's 5/10 at best  |
|
BabyBear
Keep wise ...with Night-Owl
join:2007-01-11 | reply to Psicop
Just get a copy of the $360 billion dollar check that guy was going to try and cash and send her that.
Then we get moose & squirrel! |
|
MotherNature
Chile peppers are my heroin
Premium
join:2002-08-23
Fontana, CA | reply to Psicop
Be careful... she looka like a maaaa. |
|
tymes
join:2001-07-07
Vancouver, BC
| reply to Psicop
Yes, [68.142.237.93] aka n8.bullet.re3.yahoo.com is the Yahoo IP address of one of their outgoing servers -- it isn't the ipaddress of your lady friend, just the address of the last yahoo server...
You need to look at the full message headers and find the proper IP address of the sender... so for example, hmm let me consult my spam database... here is another message that is via [68.142.237.93] aka n8.bullet.re3.yahoo.com:
Received: from n8.bullet.re3.yahoo.com ([68.142.237.93])
by myservername (mmmMail) with SMTP id CPB07746
for ; Tue, 22 Apr 2008 04:57:46 -0700
Received: from [68.142.237.88] by n8.bullet.re3.yahoo.com with NNFMP; 22 Apr 2008 11:57:44 -0000
Received: from [216.252.111.166] by t4.bullet.re3.yahoo.com with NNFMP; 22 Apr 2008 11:57:44 -0000
Received: from [127.0.0.1] by omp101.mail.re3.yahoo.com with NNFMP; 22 Apr 2008 11:57:44 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 748310.34427.bm@omp101.mail.re3.yahoo.com
Received: (qmail 72646 invoked by uid 60001); 22 Apr 2008 11:57:44 -0000
DomainKey-Signature: *
Received: from [213.136.120.11] by web57508.mail.re1.yahoo.com via HTTP; Tue, 22 Apr 2008 04:57:43 PDT
X-Mailer: YahooMailWebService/0.7.185
Date: Tue, 22 Apr 2008 04:57:43 -0700 (PDT)
From: "Fatimata.I.AHMED Fatimata."
Reply-To: fatimata1kk@yahoo.com
Subject: FROM FATIMATA
To: fatimata1kk@yahoo.com
CC:
MIME-Version: 1.0
Content-Type: text/html; charset=us-ascii
Message-ID:
You'll see the last Received: line:
Received: from [213.136.120.11] by web57508.mail.re1.yahoo.com via HTTP;
which is the last line in the list so the first one added (they are added to the top of the message as it travels building upwards) and that is the ORIGIN and the IP address of the sender... It is even special because it is "via HTTP" or a webpage which absolutely means it is the origin address.
So that is the IP Address you need to find, not the other IP addresses of the servers the message passed through (although sometimes message headers are forged after a certain point).
So here in this example, the IP address is 213.136.120.11 and if we go someplace like:
»hostip.info
»www.geobytes.com/IpLocator.htm
»www.ip2location.com/213.136.120.11
We find the IP address's country and perhaps even city... this address is only country specific and is in COTE D'IVOIRE -- which is exactly where in this message "Fatimata" says she is along with her $6 Million.
If I were to put in my own IP address or an IP address from a western more modern country, it should actually be able to identify the city. For example, I just got some other mail from a FOREIGN investor with 19.4 million spam from 216.226.66.237 which turns out to be in Wilmington Delware -- or maybe Miami Florida.
I wasn't gonna use my IP address for fear that you could find out where I was, but if you look to the right where it has my alias, when I joined dslreports, and my location?! It is easy to find me. So my IP address is currently 24.85.85.85 and you'd be able to find that I am in Vancouver Canada (I'm gonna turn off my router for 5 minutes and change it immediately).
So what is this girl's actual IP address and where is she actually located? |
|
Psicop
More human than human
Premium
join:2005-12-21
edit:
May 8th, @07:58AM
| reply to Psicop
No idea, mine looks a bit different.
Here's what I got:
Delivered-To: psicop@lalala.com
Received: by 10.141.171.15 with SMTP id y15cs272902rvo;
Wed, 7 May 2008 02:19:54 -0700 (PDT)
Received: by 10.90.68.3 with SMTP id q3mr2688248aga.15.1210151992391;
Wed, 07 May 2008 02:19:52 -0700 (PDT)
Return-Path:
Received: from n3.bullet.mail.re3.yahoo.com (n3.bullet.mail.re3.yahoo.com [68.142.237.110])
by mx.google.com with SMTP id 23si1759476hsd.10.2008.05.07.02.19.50;
Wed, 07 May 2008 02:19:52 -0700 (PDT)
Received-SPF: pass (google.com: domain of dariaangel333@yahoo.com designates 68.142.237.110 as permitted sender) client-ip=68.142.237.110;
DomainKey-Status: bad (test mode)
Authentication-Results: mx.google.com; spf=pass (google.com: domain of dariaangel333@yahoo.com designates 68.142.237.110 as permitted sender) smtp.mail=dariaangel333@yahoo.com; domainkeys=hardfail (test mode) header.From=dariaangel333@yahoo.com
Received: from [68.142.230.28] by n3.bullet.mail.re3.yahoo.com with NNFMP; 07 May 2008 01:12:29 -0000
Received: from [69.147.75.191] by t1.bullet.re2.yahoo.com with NNFMP; 07 May 2008 09:19:50 -0000
Received: from [127.0.0.1] by omp107.mail.re1.yahoo.com with NNFMP; 07 May 2008 09:19:50 -0000
X-Yahoo-Newman-Id: 508975.30037.bm@omp107.mail.re1.yahoo.com
Received: (qmail 22177 invoked from network); 7 May 2008 09:19:50 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.com;
h=Received:X-YMail-OSG:X-Yahoo-Newman-Property:Date:From:X-Mailer:Reply-To:X-Priority:Message-ID:To:Subject:In-Reply-To:References:MIME-Version:Content-Type;
b=23Ds3LcDwt/mrDwg5MHvVyHtKkS15zLLwCHnKRlAPTgFhlbb+M3Ez2IKgGJvKFchJocY3BbGXcUJ5JodKwx4r33sJmNAODiEJP4d4tgS/NgamQK2Grt9IheCngNbvkuU9uCP2p+DReKsszZSoZt3NYa7EHIZixCw4RGtEEGdfms=
Received: from unknown (HELO localhost) (dariaangel333@195.16.231.114 with plain)
by smtp109.plus.mail.re1.yahoo.com with SMTP; 7 May 2008 09:19:47 -0000
X-YMail-OSG: 5xZqmrgVM1nsDcl7i45.8o.UIYa9nSwpizOwdCqOu5tlsorZxSV5vTlW3DMtLSPaHMjA9m9ro9mb7bVmBTdyFEygfilETFPHZkPPyn6Hy w--
X-Yahoo-Newman-Property: ymail-3
Is this her IP?
dariaangel333@195.16.231.114 with plain
Cheers.
Note: Here where I live that women is a bombshell
LOL!
Edit:
Couldn't help myself. I like playing with wolves:
Hi Daria,
I hope everything is OK with you. I can't wait for the day we meet. I want to fall in love with you.
How many hours are you going to spend on the plane?
I am going to send $5,000 AUD tomorrow to a new address in Moscow. Don't worry about returning the money, you can keep it all. I got plenty of it. Money is not an issue with me. I lead quite a peaceful and prosperous life. I can't imagine you having a bad time in Moscow, probably eating biscuits and drinking cheap milk. I want you to eat well and sleep in a nice hotel. So please, before you leave book yourself a room in a decent hotel. I will send the money there. Please give me the full details of the hotel. I repeat I will send the money there in a couple of days.
By the way, can you buy some sexy clothes because you deserve so much Daria? You are very pretty and need the appropriate outfit for a woman like you. One more thing, and please don't feel offended. I want you to buy sexy underwear as well. It has been many years since I spend an intimate time with a lady; and honestly I want our first night together to be very special. I have planned the following:
1. First, a private dinner for two over at Isis Brasserie. This is a link to the restaurant:
»www.isisbrasserie.com.au/
2. Second, a walk by the Brisbane river. Weather this time of the year is magnificent, not to hot, not too cold.
3. Third, some drinks in quiet chill out bar I know of in James St called Cru Wine Bar. It is quite upmarket and I want you to impress all the ladies that attend that place to make them jealous. You are just so pretty and sexy that I will be very proud of you.
4. Go to my place to have a nice and intimate chat about our lives and how destiny has brought us together.
I haven't told you but I own a 2007 Aston Martin DB9 worth $390,000 AUD. Please don't tell anyone in Russia that I am well-off or they might kidnap you for a ransom. You know how dangerous is the Russian Mafia.
I have attached a photo of my car. I love it so much. It's my baby, the only family I have aside from you my new pretty girlfriend.
One last thing,
I forgot to mention something else. I have received an e-mail today saying that I won £4 million pounds in the British National Lottery. The funny thing is that I don't recall playing that event. That is life, like a box of chocolates and you never know what you're gonna get.
Unbelievable, suddenly I found you and all this money. I am the luckiest guy on earth.
I think angels are watching closely and helping me with heavenly gifts: Daria and lottery money.
OK I gotta go, honey. It's getting late and got a business meeting tomorrow at 9:00 am.
Gerard xxxx Lots of kisses.
Note: Need the address of the hotel in Moscow. Please book a room and show me the reservation so I can send $5,000 AUD asap.
Can't wait to give you a hug and kiss your lips!!!
////////////////////////////////////////////////////////////////
I also included a photo of the damn car, lol!
Damn,
Interesting. That lad might be part of the same scam ring. They have also included a copy of the passport and stuff.  |
|
Kringle
Dr.D
Premium
join:2004-02-27
Pierrefonds, QC
 ·Bell Sympatico
| Nice counter-scam.
So she's now emailing out of a server in Austria? The thing that's so ironic is that they're called HAPPYnet!
+++++++++++++++++++++++++++++++++++++++++++++++++
inetnum: 195.16.231.0 - 195.16.231.255
netname: HAPPYNET-DIALIN-NET-1
descr: HAPPYnet Dialin Customer Network
country: AT
admin-c: BS137-RIPE
tech-c: HH8574-RIPE
status: ASSIGNED PA
mnt-by: AS8540-MNT
mnt-lower: AS8540-MNT
mnt-routes: AS8540-MNT
source: RIPE # Filtered
role: HAPPYnet Hostmaster
address: HAPPYnet Dienstleistungs GmbH
address: Viktringerplatz 5
address: A-9073 Klagenfurt-Viktring
address: Austria
phone: +43 463 2080
fax-no: +43 463 292999 800
+++++++++++++++++++++++++++++++++++++++++++++++++
Gotta love it. |
|
Psicop
More human than human
Premium
join:2005-12-21
| reply to Psicop
Hey Kringle,
Yeah man. HAPPYnet, hilarious, isn't it? Maybe the happiness they deliver is this:, cracking, p0rn, rootkits, worms, spam, scam, cyberterrorism...
Back to our wolf, definitively he/she is getting greedier after each e-mail. Last reply was the following:
Hello honey!
I'm so happy that you will help me.
when you will send it via western union,
please e-mail me MTCN and your full name to
receive it,i will immediately pay to the agency.
You can send me only 945 USD!!! It is dangerous to rent
rooms in hotel and send money in chocolades box.
Western union office is near the agency, so i
will receive money and pay them in 2 minutes.
and buy somehting special to look beautiful for you.
I cant wait for our meeting.
Thinking of you all the time.
Yours Daria
p.s. you have beautiful car! will you
ride me on it?
Yeah baby, I will give you the last ride to hell.
OK. I will keep this updated.
I wish I could nail this bird through the local police. It's going to be hard.
Anyway I will try to get her clothes off, lol! |
|
Kringle
Dr.D
Premium
join:2004-02-27
Pierrefonds, QC
·Bell Sympatico
| said by Psicop  :p.s. you have beautiful car! will you ride me on it?... Anyway I will try to get her clothes off, lol! It sounds to me like she already offered - the only catch is the car. |
|
damn
Premium
join:2002-10-23
hood | reply to Psicop
The signature on passport doesn't match the name at all. |
|
pleekmo
Triptoe Through The Tulips
Premium
join:2001-09-14
Manchester, CT
clubs:
·AT&T DSL Service
| said by damn :The signature on passport doesn't match the name at all. The signature may be in Cyrillic script. Are you sure you can read Cyrillic script well enough to tell?
--
HCN: Because you deserve a rest!
Proud member of the Free Omelas Liberation Front. |
|
Psicop
More human than human
Premium
join:2005-12-21
| reply to Psicop
Fishy didn't bite my last bait:
Dear Gegard.
i hope you clearly understand what are you asking for!
No one honesty women such as me will not send you
this provocative photos, because it is against my moral
valuest and against russian laws.
Only "any Russian girls are involved in ilegitimate
activities on the Internet because they are kept captive by the
Russian Mafia" can send you this photos to get your money.
I'm not one of them and if you really want to help you,
you can just send me 945 USD, not 5000 USD and i will
be able to pay to the agency whole sum and come to your
city to work.
Daria
Well, it was funny till it lasted.
Cheers. |
|
damn
Premium
join:2002-10-23
hood
| reply to pleekmo
said by pleekmo :said by damn :The signature on passport doesn't match the name at all. The signature may be in Cyrillic script. Are you sure you can read Cyrillic script well enough to tell? Yes, I'm Russian myself
Signature is something along the lines of "Ari---"
--
The best thing about piracy is the music in the keygens. |
|
