The world's premier anti internet scam, anti fraud information website 

  • How to - request site closure of these types

  • Exposed fake banks, courier sites, escrow services, law firms, and other fraudulent websites used in scams. 6,444+ fake sites documented with evidence.
Who are you really talking to? Check their location - InfoSniper
Exposed fake banks, courier sites, escrow services, law firms, and other fraudulent websites used in scams. 6,444+ fake sites documented with evidence.
  Been Targeted by This Scam?

Here's how to report a scam to the FBI, FTC, and other agencies. Read our guides on fake check scams, sugar daddy scams, and sextortion. Not sure? Try our free Scam Checker Tool.

  by Snowderblazer
 
HI all

for many years i have helped people shut websites down as long as there is enough evidence
here is how to find out some stuff and what you need to do

1: Received Email
always open the email header ( original email option )
look for
Received:
Received-SPF:
Authentication-Results:
X-Spam-Processed:
X-Authenticated-Sender:
X-Return-Path:


below is an example of how i knew this was fake

Received: by 10.170.213.196
Received-SPF: softfail (google.com: domain of transitioning [email protected] does not designate 91.233.15.200 as permitted sender) client-ip=91.233.15.200;
Authentication-Results: mx.google.com;
spf=softfail (google.com: domain of transitioning [email protected] does not designate 91.233.15.200 as permitted sender) smtp.mail=[email protected];
dmarc=fail (p=NONE dis=NONE) header.from=gmail.com
X-Spam-Processed: mail.crystalbet.com
X-Authenticated-Sender: [email protected]
X-MDRemoteIP: 23.24.254.169

network tools
http://network-tools.com/default.asp?pr ... 70.213.196

http://network-tools.com/default.asp?pr ... 233.15.200
this ip pointed to ( mail.crystalbet.com )
91.233.15.200 is from Georgia(GE) in region Northern and Central Asia

all thats left to do is contact their hosting provider with the header information
which is enough proof its being used for phishing scams

2) if they contact you sing a gmail or other email account cliaming to be a company etc request they
contact you from a trusted domain for example their company email account, this is exactly what i done when
[email protected] contacted me

they then contacted me on from [email protected] via acrux.eatserver.nl
again here are matches in the header

Received: by 10.170.213.196
Return-Path: <[email protected]> - certainly not [email protected]

i generally report them to their ISP too or a DNSBL list
  by Bryon Williams
 
Pm sent directing to Eater.