Sorry wayne its been so long since i have looked at that post i didn't realize it was not in there, had I known, I would have said so earlier.

Du - OH! Finally figured it out. Here is the info!

IP Information - 195.161.208.136
Generated by

Only registered users can see links on this forum! Register or Login on forum!

IP address: 195.161.208.136
Reverse DNS: gw-bb-e0.relinfo.ru.
Reverse DNS authenticity: [Verified]
ASN: 8342
ASN Name: RTCOMM-AS (RTComm.RU Autonomous System)
IP range connectivity: 1
Registrar (per ASN): RIPE
Country (per IP registrar): RU [Russian Federation]
Country Currency: RUR [Russia Rubles]
Country IP Range: 195.161.0.0 to 195.161.255.255
Country fraud profile: High
City (per outside source): Unknown
Country (per outside source): RU [Russian Federation]
Private (internal) IP? No
IP address registrar: whois.ripe.net
Known Proxy? No
Link for WHOIS: 195.161.208.136




A map of your IP address.

For even more details about your Internet connection (browser, Operating System, HTTP headers, DNS servers and more), you can go here.

@ikronos1953

Please post this info with the scammer it came from

How do I find the headers?
DP

VVVVVV Look there VVVVVV

another good software is neotrace

Elana. thank you very much for your help. Here is what I found out about Veronika Domaroma.

194.67.28.94 Russian Federation*
88.191.38.179 France*

X-Message-Info: LsUYwwHHNt3660MmjhEvYg2f34OAemlK+ZzoV09lDsZmbz8QigGIQtU5Yvr3lK0P
Received: from srv01.hostgrad.ru ([194.67.28.94]) by bay0-mc6-f16.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668);
Sun, 1 Jul 2007 03:31:12 -0700
Received: from [88.191.38.179] (helo=[127.0.0.1])
by srv01.hostgrad.ru with esmtpa (Exim 4.63)
(envelope-from )
id 1I4why-0000Tv-6y
for

Only registered users can see links on this forum! Register or Login on forum!

; Sun, 01 Jul 2007 14:31:11 +0400
Date: Sun, 1 Jul 2007 14:00:43 +0400
From: Veronika
Reply-To: Veronika
X-Priority: 3 (Normal)
Message-ID: <65657210>
To: Rick Duntz
Subject: Re: Hi...
In-Reply-To:
References:
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - srv01.hostgrad.ru
X-AntiAbuse: Original Domain - hotmail.com
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - postfiber.net
X-Source:
X-Source-Args:
X-Source-Dir:
Return-Path:

Only registered users can see links on this forum! Register or Login on forum!

X-OriginalArrivalTime: 01 Jul 2007 10:31:13.0365 (UTC) FILETIME=[F2BDA050:01C7BBCA]


IP Information for 88.191.38.179
IP Location: France France Paris Dedibox Sas
Revolve Host: 179.38.191.88.in-addr.arpa.10800INPTRyuuko.fansub-center.com.
IP Address: 88.191.38.179 [Whois] [Reverse-Ip] [Ping] [DNS Lookup] [Traceroute]
Blacklist Status: Clear
Whois Record

inetnum: 88.191.3.0 - 88.191.129.255
netname: FR-DEDIBOX
descr: Dedibox SAS
descr: Customers
descr: Paris, France
descr:NCC#2007023902
remarks: trouble: Information:

Only registered users can see links on this forum! Register or Login on forum!

remarks: trouble: Spam/Abuse requests:

Only registered users can see links on this forum! Register or Login on forum!

remarks: trouble: Spam/Abuse requests: mailto:Whois Privacy and Spam Prevention by DomainTools.com
country: FR
admin-c: ACP23-RIPE
tech-c: TCP8-RIPE
status: ASSIGNED PA
mnt-by: PROXAD-MNT
source: RIPE # Filtered

role: Administrative Contact for ProXad
address: Free SAS / ProXad
address: 8, rue de la Ville L'Eveque
address: 75008 Paris
phone: +33 1 73 50 20 00
fax-no: +33 1 73 92 25 69
remarks: trouble: Information:

Only registered users can see links on this forum! Register or Login on forum!

remarks: trouble: Spam/Abuse requests: mailto:Whois Privacy and Spam Prevention by DomainTools.com
admin-c: RA999-RIPE
tech-c: FG4214-RIPE
nic-hdl: ACP23-RIPE
mnt-by: PROXAD-MNT
source: RIPE # Filtered
abuse-mailbox: Whois Privacy and Spam Prevention by DomainTools.com

role: Technical Contact for ProXad
address: Free SAS / ProXad
address: 8, rue de la Ville L'Eveque
address: 75008 Paris
phone: +33 1 73 50 20 00
fax-no: +33 1 73 92 25 69
remarks: trouble: Information:

Only registered users can see links on this forum! Register or Login on forum!

remarks: trouble: Spam/Abuse requests: mailto:Whois Privacy and Spam Prevention by DomainTools.com
admin-c: RA999-RIPE
tech-c: FG4214-RIPE
nic-hdl: TCP8-RIPE
mnt-by: PROXAD-MNT
source: RIPE # Filtered
abuse-mailbox: Whois Privacy and Spam Prevention by DomainTools.com

route: 88.160.0.0/11
descr: ProXad network / Free SAS
descr: Paris, France
origin: AS12322
mnt-by: PROXAD-MNT
source: RIPE # Filtered



194.67.28.94 Russian Federation*
208.101.41.98 United States*

X-Message-Status: n:0
X-SID-PRA: Veronika
X-Message-Info: LsUYwwHHNt3dthNkqrXtEZlezE45xXwGWURlRrTkD2JbrYR2291jDM1gypTh6GCy
Received: from srv01.hostgrad.ru ([194.67.28.94]) by bay0-mc4-f11.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668);
Fri, 22 Jun 2007 07:05:14 -0700
Received: from [208.101.41.98] (helo=[127.0.0.1])
by srv01.hostgrad.ru with esmtpa (Exim 4.63)
(envelope-from )
id 1I1jl7-0001Y5-Dd
for

Only registered users can see links on this forum! Register or Login on forum!

; Fri, 22 Jun 2007 18:05:10 +0400
Date: Fri, 22 Jun 2007 17:55:06 +0400
From: Veronika
Reply-To: Veronika
X-Priority: 3 (Normal)
Message-ID: <981744845>
To: Rick Duntz
Subject: Re: Hi again..
In-Reply-To:
References:
MIME-Version: 1.0
Content-Type: text/plain; charset=Windows-1251
Content-Transfer-Encoding: 8bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - srv01.hostgrad.ru
X-AntiAbuse: Original Domain - hotmail.com
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - postfiber.net
X-Source:
X-Source-Args:
X-Source-Dir:
Return-Path:

Only registered users can see links on this forum! Register or Login on forum!

X-OriginalArrivalTime: 22 Jun 2007 14:05:15.0282 (UTC) FILETIME=[5B66E720:01C7B4D6]


IP Information for 208.101.41.98
IP Location: United States United States Waterloo Linux Tech Networks
Revolve Host: 98.41.101.208.in-addr.arpa. 3600 IN PTR 208.101.41.98-static.reverse.softlayer.com.
IP Address: 208.101.41.98 [Whois] [Reverse-Ip] [Ping] [DNS Lookup] [Traceroute]
Blacklist Status: Clear
Whois Record

OrgName: SoftLayer Technologies Inc.
OrgID: SOFTL
Address: 1950 N Stemmons Freeway
City: Dallas
StateProv: TX
PostalCode: 75207
Country: US

ReferralServer:

Only registered users can see links on this forum! Register or Login on forum!

NetRange: 208.101.0.0 - 208.101.63.255
CIDR: 208.101.0.0/18
NetName: SOFTLAYER-NETBLOCK3
NetHandle: NET-208-101-0-0-1
Parent: NET-208-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.SOFTLAYER.COM
NameServer: NS2.SOFTLAYER.COM
Comment: Whois Privacy and Spam Prevention by DomainTools.com
RegDate: 2006-03-10
Updated: 2006-05-12

RAbuseHandle: ABUSE1025-ARIN
RAbuseName: Abuse
RAbusePhone: +1-214-442-0605
RAbuseEmail: Whois Privacy and Spam Prevention by DomainTools.com

RTechHandle: IPADM258-ARIN
RTechName: IP Admin
RTechPhone: +1-214-442-0600
RTechEmail: Whois Privacy and Spam Prevention by DomainTools.com

OrgAbuseHandle: ABUSE1025-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-214-442-0605
OrgAbuseEmail: Whois Privacy and Spam Prevention by DomainTools.com

OrgTechHandle: IPADM258-ARIN
OrgTechName: IP Admin
OrgTechPhone: +1-214-442-0600
OrgTechEmail: Whois Privacy and Spam Prevention by DomainTools.com

OrgName: Linux Tech Networks
OrgID: LTN-1
Address: 229 Parkview BLVD
City: Waterloo
StateProv: IA
PostalCode: 50702
Country: US

NetRange: 208.101.41.96 - 208.101.41.103
CIDR: 208.101.41.96/29
NetName: NET-208-101-41-96
NetHandle: NET-208-101-41-96-1
Parent: NET-208-101-0-0-1
NetType: Reassigned
Comment:
RegDate: 2006-10-18
Updated: 2006-10-18

RAbuseHandle: ABUSE1459-ARIN
RAbuseName: Abuse
RAbusePhone: +1-972-930-0704
RAbuseEmail: Whois Privacy and Spam Prevention by DomainTools.com

OrgTechHandle: NOC2297-ARIN
OrgTechName: Network Operations Center
OrgTechPhone: +1-972-930-0704
OrgTechEmail: Whois Privacy and Spam Prevention by DomainTools.com

I am not sure of why the letters switched IPs. Maybe a computer expert doing a scam?
I would now like permission to add my experience as a scammer. I can upload pictures, I have a domain. Every letter I received from this "Veronika" was a form letter....discovered from

Only registered users can see links on this forum! Register or Login on forum!

...the link you sent me. It was right on target. How did you know? It was incredible.
I received a reply for my request from "her" for an explanation today.

as i am new here I don'tnot know how tho star can someone of you do a favor to my and check this heater for my please . i just meet a woman and
am not feel 100 % sure about this .
i see some similar letters here and this forum here is her email
Svetlana <gentleparadisekiss>
she said that she live in orshanka russia and live with her mom alone no dad
here the heater From Svetlana Sun Apr 20 05:00:13 2008
Return-Path: <gentleparadisekiss>
Authentication-Results: mta538.mail.mud.yahoo.com from=yahoo.com; domainkeys=pass (ok)
Received: from 68.142.206.41 (HELO n14.bullet.mail.mud.yahoo.com) (68.142.206.41)
by mta538.mail.mud.yahoo.com with SMTP; Sun, 20 Apr 2008 06:10:25 -0700
Received: from [68.142.194.244] by n14.bullet.mail.mud.yahoo.com with NNFMP; 20 Apr 2008 13:10:24 -0000
Received: from [68.142.201.68] by t2.bullet.mud.yahoo.com with NNFMP; 20 Apr 2008 13:10:24 -0000
Received: from [127.0.0.1] by omp420.mail.mud.yahoo.com with NNFMP; 20 Apr 2008 13:10:24 -0000
Received: (qmail 79372 invoked from network); 20 Apr 2008 13:10:23 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.com;
h=Received:X-YMail-OSG:X-Yahoo-Newman-Property:Date:From:X-Mailer:Reply-To:X-Priority:Message-ID:To:MIME-Version:Content-Type;
Received: from unknown (HELO ?192.168.0.43?) (gentleparadisekiss@66.74.159.246 with plain)
by smtp128.plus.mail.sp1.yahoo.com with SMTP; 20 Apr 2008 13:10:15 -0000
Date: Sun, 20 Apr 2008 16:00:13 +0400
From: Svetlana <gentleparadisekiss>
Reply-To: Svetlana <gentleparadisekiss>
Message-ID: <976887512>
To:

Only registered users can see links on this forum! Register or Login on forum!

MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----------DDE22114A0C4D5"
Content-Length: 201992

Only registered users can see links on this forum! Register or Login on forum!

Only registered users can see links on this forum! Register or Login on forum!

Only registered users can see links on this forum! Register or Login on forum!

I need help I do love this woman THANKS A ALOT

thanks man .

I STILL CONFUSED .
she said only beautiful things
am getting crazy ,she look like angel .
I am going to ask her know

Im new to all this dating stuff. I was using Match.com and a woman contacted me. We have been sending email back and forth. She has NOT indicated that she wants to meet me now. Just wants to get to know more about me. She says she is from Suslonger, Russia. I am confused about the "header". Im not familiar with all this. I looked at the email she sent me and under her email address this is what it says," Yahoo! DomainKeys has confirmed that this message was sent by yahoo.com" That is all the information I have besides her email address. Is there a way I can look further into this? Any help would be appreciated.

Why not post the headers here so we can have a look?