SmartFeedSmartFeed          

Porsche Hangout


WELCOME - YOU ARE CURRENTLY VIEWING 419EATER AS A GUEST

By joining our community you will have the ability to post topics and access other forums reserved for members. Registration is quick, simple and absolutely free. Join our community today by clicking here.

ScamWarners.com - Internet Anti-Fraud Center - now open!


 virl.ws/evelynbrown/x/

View next topic
View previous topic
 
Post new topicReply to topic
Author Message
GSN_fan
Hellish Taskmaster


Joined: 31 Dec 2008
Posts: 537


PostPosted: Mon Jun 22, 2009 6:29 pm Reply with quoteBack to top

This is from a job scam email that I posted in surplus. You have to "download an email processing program" for 10 bucks.

Quote:
Domain Name: VIRL.WS

Registrar Name: eNom
Registrar Email: [email protected]
Registrar Telephone: 425-974-4500
Registrar Whois: whois.enom.com

Registrant Name: See registrar info above
Registrant Email: See registrar info above

Administrative Contact Email: See registrar info above
Administrative Contact Telephone: See registrar info above

Domain Created: 2008-11-06
Domain Last Updated: 2008-11-06
Domain Currently Expires: 2009-11-06



I will kill.

_________________
Cellphone x12
Closed lad accounts x23
United Kingdom x6 United States x4 Nigeria Australia Switzerland Russia x2 x2 Germany

Listen very openly Barrister Koffi Adams forward to this or what you sent to him how der you sent such a thing to him with is age am very disapointed in you if by your next mail you could not comeplete sending the right way sorry.

Even my little child know how to send money and give to the taker on how to take it so

Austria is a the name of a country near Australia.

This are the details we required from you so our customer cab infect payment to you.

Our is not ready to receive your incandesces message

send to me their pin code and asses code
Click here to support 419Eater.com
View user's profileSend private message
Artemis
Chief Bankruptor


Joined: 19 Feb 2006
Posts: 31268
Location: Lower Elements


PostPosted: Tue Jun 23, 2009 4:13 pm Reply with quoteBack to top

Is this dead?

_________________
Total kills 21667 + Mugu Reseller x 5 Mortar x10
Star Purple Flower Easter Egg Easter 2015
View user's profileSend private message
GSN_fan
Hellish Taskmaster


Joined: 31 Dec 2008
Posts: 537


PostPosted: Wed Jun 24, 2009 9:13 pm Reply with quoteBack to top

Still works for me.

_________________
Cellphone x12
Closed lad accounts x23
United Kingdom x6 United States x4 Nigeria Australia Switzerland Russia x2 x2 Germany

Listen very openly Barrister Koffi Adams forward to this or what you sent to him how der you sent such a thing to him with is age am very disapointed in you if by your next mail you could not comeplete sending the right way sorry.

Even my little child know how to send money and give to the taker on how to take it so

Austria is a the name of a country near Australia.

This are the details we required from you so our customer cab infect payment to you.

Our is not ready to receive your incandesces message

send to me their pin code and asses code
Click here to support 419Eater.com
View user's profileSend private message
Old No. 7
Master of Master Baiters


Joined: 31 Jul 2007
Posts: 777
Location: Somewhere Else


PostPosted: Wed Jun 24, 2009 9:44 pm Reply with quoteBack to top

This look like a frame where the content has gone.

If you stop http://virl.ws/evelynbrown/x/ before it finished loading you get
Quote:
<frame src="http://ViralURL.com/go.php?id=260528&ua=Mozilla50WindowsUWindowsNT51enGBrv19011Gecko2009060215Firefox3011" name="mainFrame">
<frame src="http://ViralURL.com/aff.php?aff=evelynbrown&showad=yes&url=http://ViralURL.com/go.php?id=260528&

which, when allowed to run, shows up as a "Failed to connect" to me; I got
Quote:
The connection was refused when attempting to contact viralurl.com.

viralurl.com being the source of the content.

This destination is either dead, or is has some form of country-specific feature so only the target audience reach the content (I've seen this sort of thing before on other fake websites).

Can I suggest that GSN_Fan tries clearing cache and cookies and see if it still loads OK?

In the meantime, I'll try a proxy.

[Edited to update]

Aha! Thought so. Site loads OK through a USA proxy, but not from Europe. No need to do the cache thing, GSN_Fan. Guess we know where you are now (or at least where you are not Cool )

This gets even more interesting.

The frame pulls content from ViralURL.com, but this is, in turn, a redirect that sends you to

http://emailsendingjobs.com/?id=evelynbrown

This image may not work, as I fetched it off the final site

Image
- oops! yes it does.

The clever thing is that the initial frame will mask the redirect, so the victim can't see where the final content is coming from - assuming that the victim is in the target territories and the redirect lets them in. The victim will either see the site, or the "Failed to connect" page, but the url in their browser will always show "http://virl.ws/evelynbrown/x/"

I hope I'm making myself clear Laughing

This may not be a 419 scam - it asks for $10 for information - the key for me is
Quote:
Once you become a member you will be given a E book about email process and sending. The Email Sending Jobs e book contains a step by step guide which will guide you through each step of how to process emails. You will also gain access to several catalogs of companies who will hire you to process emails for them.


So the victim is paying $10 (with the price being $39.99 from tomorrow - tomorrow never coming, of course) to become a member and gets an eBook that tells them how to make money through email processing. So they are basically buying a an eBook and a list of catalogue companies that might use them, all for $10

[Edited to update 2] (I have to keep doing this as I'm dropping in and out of my proxy and have to reboot FF each time)

The site http://emailsendingjobs.com/?id=evelynbrown can be accessed directly from a non-USA proxy, so the clever territorial bit must be in the redirect site.

I doubt if you'll get much joy with emailsendingjobs.com as you'd have to prove fraud

Quote:
emailsendingjobs.com.

addresses 66.96.130.52
Domain Whois record

Domain Name: EMAILSENDINGJOBS.COM
Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A PUBLICDOMAINREGISTRY.COM
Whois Server: whois.PublicDomainRegistry.com
Referral URL: http://www.PublicDomainRegistry.com
Name Server: NS1.IPOWER.COM
Name Server: NS2.IPOWER.COM
Status: ok
Updated Date: 10-dec-2008
Creation Date: 05-jul-2008
Expiration Date: 05-jul-2009

Queried whois.publicdomainregistry.com with "emailsendingjobs.com"...

Registration Service Provided By: CASTINDIAHOST
Contact: +424.4020404

Domain Name: EMAILSENDINGJOBS.COM

Registrant:
PrivacyProtect.org
Domain Admin ([email protected])
P.O. Box 97
Note - All Postal Mails Rejected, visit Privacyprotect.org
Moergestel
null,5066 ZH
NL
Tel. +45.36946676

Creation Date: 05-Jul-2008
Expiration Date: 05-Jul-2009

Domain servers in listed order:
ns2.ipower.com
ns1.ipower.com

Queried whois.arin.net with "66.96.130.52"...

OrgName: The Endurance International Group, Inc.
OrgID: EIG-12
Address: 70 Blanchard Road
City: Burlington
StateProv: MA
PostalCode: 01803
Country: US

NetRange: 66.96.128.0 - 66.96.191.255
CIDR: 66.96.128.0/18
NetName: BIZLAND-FC01
NetHandle: NET-66-96-128-0-1
Parent: NET-66-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.BIZLAND.COM
NameServer: NS2.BIZLAND.COM
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 2001-04-03
Updated: 2005-03-31

OrgTechHandle: BBR189-ARIN
OrgTechName: Brock, Brian
OrgTechPhone: +1-781-852-3254
OrgTechEmail: [email protected]


PDR might act if you can prove fraud - no idea about the hoster, The Endurance International Group, Inc.

Hope this helps - I think I'll go lie down now and wrap a cold towel around my head Very Happy

_________________
200+ sites killed, from these countries => United Kingdom Netherlands Russia Nigeria Switzerland Ukraine South Africa Germany United States Canada Senegal Benin Spain Ghana Ivory Coast Cambodia Flag United Nations

pony pony pony Closed lad accounts Mortar

Like my flags? Want some of your own? Let justjay teach you how to kill sites here (clicky).

Hobbes may have retired, but get his brilliant WriteJunk here (clicky) and never touch a .dll again

Proud to be a mouth-breather who posted a load of shit, disappeared into the night but mysteriously reappeared after a long absence

Last edited by Old No. 7 on Wed Jun 24, 2009 10:57 pm; edited 1 time in total
View user's profileSend private message
bill2
Baiting Guru


Joined: 10 Sep 2006
Posts: 5496
Location: Yeah who can tell me where I am?


PostPosted: Wed Jun 24, 2009 10:44 pm Reply with quoteBack to top

I get it, lay down for a bit, GOOD JOB!
I'll see if I can probe a bit further and find something new that you didn't get (small chance, but I like to bring this one down if there is enough reason to do so)
EDIT:
Nothing there, no complaints even, why they don't want Europeans to apply? No clue. Canadians have no problem to get in Very Happy

_________________
I don't do bling, I just do lads Evil or Very Mad
View user's profileSend private message
DoraTheExplorer
Anonymous


Joined: 18 Nov 2008
Posts: 9264
Location: Magnolia, Mississippi


PostPosted: Mon Jul 06, 2009 3:27 am Reply with quoteBack to top

Is this something we deal with here or Misc. Scams?

There are thousands of these scams on the internet. Copyscape of this page: http://emailsendingjobs.com/?id=evelynbrown shows at least 10 complete copies, including:

http://www.emailprocessorjob.com/

http://offto.net/mail_1/

http://emailsendingjob.07x.net/

http://www.emailsendingjob.info/

And on and on... Very Happy

_________________
United StatesCanadaUnited KingdomNigeriaGhanaBeninMalaysiaSouth AfricaSwitzerlandTogoChinaSpainMadagascar FlagBulgeriaUnited Arab EmiratesUkraineUnited NationsItalyLibya FlagCzech Republic
NetherlandsNew ZealandRussiaSaudi ArabiaAustraliaBahamas, TheIvory CoastDenmarkBelgiumHong KongFranceGermanyRomaniaBahamas, TheNew ZealandcameroonBurkina Faso x 2714
Easter Egg 2012 Cellphone Closed lad accounts Mortar pony pony Nurse Nastys Audi TT Nurse Nastys Audi TT Goat Tattoo Mc Fry Elite Ninja Team Member
Safari Vcamera Paga John Safari Vcamera Paga Willie Safari Vcamera Paga Kingsley Safari James

Safari The Dynamic Duo Travels! Vcamera Sand Timer
View user's profileSend private message
HarvestMoon
Elite Baiter


Joined: 02 Sep 2008
Posts: 1006
Location: a sorta fairy tale


PostPosted: Mon Jul 06, 2009 2:28 pm Reply with quoteBack to top

Like ON7 said:
Quote:
This may not be a 419 scam - it asks for $10 for information

So the victim is paying $10 (with the price being $39.99 from tomorrow - tomorrow never coming, of course) to become a member and gets an eBook that tells them how to make money through email processing. So they are basically buying a an eBook and a list of catalogue companies that might use them, all for $10


Will be hard to prove fraud, since they are sending you something for the money you pay.

_________________
After the Gold Rush?
Closed lad accounts x11 United States x37 United Kingdom x25 Malaysia x7 Spain x4 China x3 Nigeria x3 Israel x3 France x2 Canada x2 Ghana Senegal Benin United Arab Emirates Ireland

"You must really think i am a fool.God punish you for taking me for a joke" Dead George
View user's profileSend private message
Ima Baeder
419Eater Admin


Joined: 03 May 2007
Posts: 18314


PostPosted: Mon Jul 06, 2009 3:14 pm Reply with quoteBack to top

Moved here from the fake sites forum.

_________________
348 Fake Sites killed United StatesUnited KingdomUnited NationsMaltaNigeriaGhanaBeninGermanySouth AfricaRussiaTogoMalaysiaEuropean UnionJapanIvory CoastSpainFranceSwitzerlandChinaCanadaItalyThailand

Star Mugu Reseller Mortar Closed lad accounts x 100 Sand Timer 2 Years Pretty Rose Mc Fry Mc Fry Nurse Nastys Audi TT Goat Flying Monkey Easter Egg 2011
View user's profileSend private message
Display posts from previous:      
Post new topicReply to topic


 Jump to:   



View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



E-Mail Header Analysis


All Content © 2003 - 419Eater.com
Powered by phpBB © 2001, 2002 phpBB Group :S5: FI Theme :: All times are GMT