Send Flowers to Russia, Ukraine and Worldwide with Cyber-Florist.com Fiance.com: Beautiful Russian brides
Home  |  About  |  Forum  |  User Blogs  |  Login  |  Register

	Create New Topic   My Posts   My forum buddies   Invite friends   Private messages Russian brides > Main Forum > Full Header On Email Author Post RK Member send PM   block PM add to buddies Send: 1/16/2006 1:01:53 PM   I'm really not familiar with what all that info on the full header means and figuring out where the originating IP is. So, I have copied one off of an email and if any one could help me decipher what it means, I would appreciate it. I would really like to know what line is the IP address that everyone says you should compare to see if emails are coming from the same IP address. Thanks in advance for your help...Rich Status: U Return-Path: <laveshka_vika@mail.ru> Received: from relay.gts.lg.ua ([195.5.28.2]) by mx-clapper.atl.sa.earthlink.net (EarthLink SMTP Server) with ESMTP id 1eYxd82mc3Nl34b0 for <rk8818@earthlink.net>; Mon, 16 Jan 2006 11:28:02 -0500 (EST) Received: from conser (81.dc.ukrtel.net [82.207.87.81] (may be forged)) by relay.gts.lg.ua (8.12.11/8.12.8) with ESMTP id k0GGRNMs024951 for <rk8818@earthlink.net>; Mon, 16 Jan 2006 18:27:43 +0200 (EET) (envelope-from laveshka_vika@mail.ru) Date: Mon, 16 Jan 2006 11:06:26 +0200 From: "laveshka_vika@mail.ru (Vika S)" <laveshka_vika@mail.ru> X-Mailer: The Bat! (v2.01) Educational Reply-To: "laveshka_vika@mail.ru (Vika S)" <laveshka_vika@mail.ru> Organization: mail.ru X-Priority: 3 (Normal) Message-ID: <16710442312.20060116110626@mail.ru> To: rk8818@earthlink.net Subject: from Vika MIME-Version: 1.0 RK Member send PM   block PM add to buddies Send: 1/16/2006 1:03:52 PM   As a side note...I received three emails today that all had the same information as line three. danny3777 Member send PM   block PM add to buddies Send: 1/16/2006 1:07:40 PM   I'm not a wizz on these things by any means, I'll leave it for others, but I don't like the look of the relay! jetmba. Member send PM   block PM add to buddies Send: 1/16/2006 4:20:31 PM   I'm less of an expert on this than you are or perhaps anyone else is for that matter. So I'm curious - WHY don't you like the look of the relay? What does it mean and what's wrong with it? VNVnation Member send PM   block PM add to buddies Send: 1/16/2006 5:13:12 PM   Geez guys, get with the computer age. : ) Are you still making telephone calls with two coffee cans and a piece of string?? Go to this website: http://www.geobytes.com/IpLocator.htm?GetLocation type in the IP address, in this case 195.5.28.2 It originated from Lugansk. wmferg Member send PM   block PM add to buddies Send: 1/16/2006 6:47:42 PM   Hence the initials lg.ua. danny3777 Member send PM   block PM add to buddies Send: 1/16/2006 6:48:08 PM   VNV, The fact it was relayed via gts.lg.ua, lg being Lugansk, it is not in question that it was transmitted from Lugansk. What might be questioned is, was it transmitted by an individual or an organisation hiding behind supposed private email addresses? RK Member send PM   block PM add to buddies Send: 1/16/2006 7:37:37 PM   So is the closest line to the top with the IP address where it came from? In this case, line three, received from? As you can see as you go down the header, there are a couple of other IP addresses and received from on there, other than my own. So the "received" closest to the top of the header is the orginator of the email? VNV...there's a different way to talk other than the two cans and string?!! danny3777 Member send PM   block PM add to buddies Send: 1/16/2006 7:49:18 PM   RK, On Yahoo you get a line like this, I've changed a couple of the numbers in the IP to conceal identity however: Originating-IP: [65.153.175.35] What I don't like about yours, well point 1 is Lugansk! but it seems to have taken a scenic route from the sender to you, and what about this: Received: from conser (81.dc.ukrtel.net [82.207.87.81] (may be forged)) danny3777 Member send PM   block PM add to buddies Send: 1/16/2006 7:58:18 PM   And, Just for the record, I just got with the computer age and I ran a check, via www.geobytes.com/IpLocator.htm?GetLocation, on an IP address of a PC that I know to be in Zaporozhye, Ukraine. The check tells me that this IP address is in San Fransisco, California where there is a population of 278058881 and the currency is the US Dollar! Oh well, back to two coffee cans and a piece of string!! jetmba. Member send PM   block PM add to buddies Send: 1/16/2006 11:42:07 PM   String BETWEEN the coffee cans? Hey that sounds like it might work! Where I come from we've just been yelling into empty coffee cans. Kinda muffles the sound even if you're only a few feet away. But string BETWEEN the cans? Can't write anymore. I have to go try that. jetmba. Member send PM   block PM add to buddies Send: 1/17/2006 12:09:46 AM   And they told us the stringless coffee cans were CELL PHONES! I wondered why I could never download any ringtones. alexander Member send PM   block PM add to buddies Send: 1/17/2006 1:29:29 AM   Rich, this e-mail address comes from Lugansk and also note that "X-Mailer: The Bat! (v2.01) Educational" means that the girl writes from her own computer... NOT from the Internet Cafe. danny3777 Member send PM   block PM add to buddies Send: 1/17/2006 3:20:42 AM   Or perhaps the letter comes from an organisation's computer, if RK has received 3 letters with the same header information, RK could have found some Loo-Gangsters! danny3777 Member send PM   block PM add to buddies Send: 1/17/2006 4:11:04 AM   And RK, It was always a favourite of the Loo-Gangsters to put an underscore in the email address. Did the other letters you received also have underscores in the addresses? Martin RK Member send PM   block PM add to buddies Send: 1/17/2006 1:45:36 PM   Yes, all three from the same IP had underscores in their email. RK Member send PM   block PM add to buddies Send: 1/17/2006 1:46:27 PM   Here's one from a different IP, but uses an underscore. Anything look suspicious in this header? Status: U Return-Path: <juli_lovely@mail.ru> Received: from mx1.mail.ru ([194.67.23.121]) by mx-bracke.atl.sa.earthlink.net (EarthLink SMTP Server) with ESMTP id 1eYwyg13z3Nl34i0 for <rk8818@earthlink.net>; Mon, 16 Jan 2006 10:45:48 -0500 (EST) Received: from [213.179.235.118] (port=1832 helo=localhost) by mx1.mail.ru with asmtp id 1EyWQb-000P6y-00 for rk8818@earthlink.net; Mon, 16 Jan 2006 18:37:54 +0300 Date: Mon, 16 Jan 2006 17:29:22 +0200 From: juli_lovely <juli_lovely@mail.ru> X-Mailer: The Bat! (v2.11 Beta/5) Business Reply-To: juli_lovely <juli_lovely@mail.ru> Organization: mail.ru X-Priority: 3 (Normal) Message-ID: <861723625.20060116172922@mail.ru> To: "RK" <rk8818@earthlink.net> Subject: From Julia In-Reply-To: <027f01c61a5b$7dd8bca0$0301a8c0@toshibauser> References: <1938762649.20060113174837@mail.ru> <00ac01c618c1$0f6db2c0$0301a8c0@toshibauser> <1023563223.20060114160346@mail.ru> <027f01c61a5b$7dd8bca0$0301a8c0@toshibauser> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----------541ED1D52DB3599" X-ELNK-AV: 0 danny3777 Member send PM   block PM add to buddies Send: 1/17/2006 3:03:36 PM   RK, An addy like juli_lovely is another indication of scammer, a bit like an addy Rich_Hunky! Your Reply: Your name:   New Registration Password:   Forgot password?   refresh Code:   Russian brides > Main Forum > Full Header On Email
	Pages: 1