Page 1 of 1

* TOP TEN PROXIES OF AFRICAN ROMANCE SCAMMERS *

Posted: Sun Jul 06, 2014 11:04 am
by FrumpyBB
After using ReadNotify email tracing or during a classic email header check on an email you have received from your scammer/newly found internet contact, you may very well get some "location" like this:

LeaseWeb "Netherlands" or "Germany" or the famous "Manassas, VA"
Kaia Global Networks "USA"
SoftLayer "USA" <== very common; added this today (January 2015)
AnchorFree "USA" <== has come a bit out off fashion lately
FDCservers.net "USA"
QuadraNet, Inc "USA"
UK Dedicated Servers Limited "UK"
America Online (IP 172.xx) "USA"
Hetzner AG "Germany"
Portlane Networks AB "Sweden"
RIM (Blackberry) (IP 93.186.xx, 178.xx) "Slough, UK"
OVH SAS "France"
Areti Internet Ltd "UK"

^^These are very popular in Ghana and Nigeria, for the obvious reason of hiding the real location and pretending to be someone else.

These are all among those being added into our "check if IP was used in scams before" tool.

If you get "Mountain View" or "Redmond", don´t look further, it´s the companies Google resp. Microsoft who do not make senders´location-finding email header IP research possible at the moment. Same with "Sunnyvale" at Yahoo, a dead end.

Re: * TOP TEN PROXIES OF AFRICAN ROMANCE SCAMMERS *

Posted: Tue Feb 17, 2015 12:22 am
by FrumpyBB
A typical example from today, what the proxies mean when analyzing the emails from your scammer:
so I did the read notification and came back bad use in scam, so here is the ones that came back. 1. 174.36.222.253, 2. 23.110.11.55, 3.107.170.101.102, 4. 196.46.246.12, they all came back for different states including new York, Arizona, texas, lagos African.
They are all very relevant results, the final fourth one is the only non-proxy leading to the real location of the email writer(s); regarding the first 3, each one is proof of lie and location faking, how to interpret them en detail:

1. 174.36.222.253 => SoftLayer proxy, been used in scams before and appears throughout this board
2. 23.110.11.55 => Nobis Technology Group, LLC, another standardly abused mugu proxy
3. 107.170.101.102 => Digital Ocean, another common one used by Nigerian scammers