SmartFeedSmartFeed          

Porsche Hangout


WELCOME - YOU ARE CURRENTLY VIEWING 419EATER AS A GUEST

By joining our community you will have the ability to post topics and access other forums reserved for members. Registration is quick, simple and absolutely free. Join our community today by clicking here.

ScamWarners.com - Internet Anti-Fraud Center - now open!


 Venezuela in financial trouble?

View next topic
View previous topic
 
Post new topicReply to topic
Author Message
TheDarkSpecter
Master Baiter


Joined: 06 Oct 2010
Posts: 113
Location: 4th igloo on the left, adjacent to dogsled parking


PostPosted: Wed Dec 29, 2010 12:01 pm Reply with quoteBack to top

Here's one I got in my email today. It is a normal advanced fee lottery/winnings scam. I did the usual IP check just to confirm it was a typical Nigerian 419..... well, to my surprise, it traced back to the Consulate General of Venezuela in Chicago.

Here's the header:

Delivered-To: [email protected]
Received: by 10.142.237.12 with SMTP id k12cs59161wfh;
Wed, 29 Dec 2010 03:18:17 -0800 (PST)
Received: by 10.229.190.147 with SMTP id di19mr13149190qcb.209.1293621496431;
Wed, 29 Dec 2010 03:18:16 -0800 (PST)
Return-Path: <[email protected]>
Received: from blu0-omc2-s32.blu0.hotmail.com (blu0-omc2-s32.blu0.hotmail.com [65.55.111.107])
by mx.google.com with ESMTP id p15si26529295qct.97.2010.12.29.03.18.15;
Wed, 29 Dec 2010 03:18:16 -0800 (PST)
Received-SPF: pass (google.com: domain of [email protected] designates 65.55.111.107 as permitted sender) client-ip=65.55.111.107;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of [email protected] designates 65.55.111.107 as permitted sender) [email protected]
Received: from BLU146-W10 ([65.55.111.71]) by blu0-omc2-s32.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675);
Wed, 29 Dec 2010 03:18:09 -0800
Message-ID: <[email protected]>
Return-Path: [email protected]
Content-Type: multipart/alternative;
boundary="_7666ec9a-6563-448f-8437-a83ef35f3506_"
X-Originating-IP: [69.31.101.94]
From: WESTERN UNION <[email protected]>
To: <[email protected]>
Subject: Congratulation Fill The Form!!!
Date: Wed, 29 Dec 2010 11:18:09 +0000
Importance: Normal
MIME-Version: 1.0
X-OriginalArrivalTime: 29 Dec 2010 11:18:09.0431 (UTC) FILETIME=[12C1F270:01CBA74A]

--_7666ec9a-6563-448f-8437-a83ef35f3506_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

---------snip usual I have won a fortune crap-----

Is Venezuela in such financial trouble that they have to send scams from their own consulate??? Laughing

Any ideas how I should proceed on this one? I think I'm way outta my league with this little juicy tidbit.

_________________
Dark Specter

------------------------------

...(snip) as you can not tell me that by now i am still a scam, because have already given you my word already. (Vincen*t Chen*g)

I want a situation where this money will be used in an ungodly Way.

Motor: The Nigerian Police Force is your Friend (0KEZIE 0KIR0 NELS0N CFR,NPM,FWC, Inspector General of Police)


Closed lad accounts x4
View user's profileSend private message
wowwow
Elite Baiter


Joined: 14 Apr 2009
Posts: 1796
Location: Here is the picture of the cash in the boxes before we send it down to the company to deposited it


PostPosted: Wed Dec 29, 2010 12:43 pm Reply with quoteBack to top

Are you sure, can you post your whois/dig output. It's possible e-mails been sent out from an infected PC. It would be a bit strange to have Nigerian 419 coming from an American consulate.

_________________
Please do not contact anybody again expect me on here because they are many hijackers on internet SGT Tony Benson
OK IF THERE IS A BULLET IN YOUR HEAD IS THAT ENOUGH PROOF Devil Killer Squad
YOU CALL THE F B I BASTARDS. YOU WILL SUFFER FOR THIS. WE HAVE TRACED YOU WITH ALL YOUR DETAILS FBI WARNS
I am the person who owns the safe firm in UK but right now on sick bed for my heart surgery due to my heart failure M Efosa
Tell them to go to hell and burn to arches Prince Jerry Zulusofola
I don’t have job, I am a hacker, hacking jawing stick and Sachet water Udeh Ebuka
http://forum.419eater.com/forum/viewtopic.php?t=162469
Closed lad accounts x5 Easter Egg 2012
View user's profileSend private message
TheDarkSpecter
Master Baiter


Joined: 06 Oct 2010
Posts: 113
Location: 4th igloo on the left, adjacent to dogsled parking


PostPosted: Wed Dec 29, 2010 12:50 pm Reply with quoteBack to top

I'm new to this, so I'm not sure exactly what you're looking for.

I thought it strange as well, that's why I posted here. All I did was copy and paste that header into the IPtrackeronline, and it showed me the consulate building.

_________________
Dark Specter

------------------------------

...(snip) as you can not tell me that by now i am still a scam, because have already given you my word already. (Vincen*t Chen*g)

I want a situation where this money will be used in an ungodly Way.

Motor: The Nigerian Police Force is your Friend (0KEZIE 0KIR0 NELS0N CFR,NPM,FWC, Inspector General of Police)


Closed lad accounts x4
View user's profileSend private message
wowwow
Elite Baiter


Joined: 14 Apr 2009
Posts: 1796
Location: Here is the picture of the cash in the boxes before we send it down to the company to deposited it


PostPosted: Wed Dec 29, 2010 1:37 pm Reply with quoteBack to top

Ah no, you can't think that I.P addresses match up to buildings, they don't unfortunately.
One of the ways I trace I.P addresses is is to set up a dummy web site which has server logs that you can access and give them a unique URL to browse to, you can use any excuse, for example post up your dummy transaction receipt.
(or use WU [email protected] which logs any I.P access)
Make sure you arm yourself with this networking knowledge (being a Systems Administrator myself does help so I'm not crowing or expecting others to know this)

To begin with

10.142.237.12 is private address space (anything beginning with a 10)
65.55.111.107 is Microsoft who own hotmail (http://www.ip-adress.com/whois/65.55.111.107)
69.31.101.94 (the originating I.P) is Chicago

IP address [?]: 69.31.101.94 [Whois] [Reverse IP]
IP country code: US
IP address country: ip address flag United States
IP address state: Illinois
IP address city: Chicago
IP postcode: 60606
IP address latitude: 41.8824
IP address longitude: -87.6376
ISP of this IP [?]: NLAYER COMMUNICATIONS
Organization: nLayer Customer

So who knows!! That flag on google maps also could be just a reference to a small office, it doesn't mean they own the entire building, it could even be the janitor. (How come janitors always get the blame)

http://xkcd.com/195 This 'even though its a cartoon' is quite a good guide to I.P address assingments.

_________________
Please do not contact anybody again expect me on here because they are many hijackers on internet SGT Tony Benson
OK IF THERE IS A BULLET IN YOUR HEAD IS THAT ENOUGH PROOF Devil Killer Squad
YOU CALL THE F B I BASTARDS. YOU WILL SUFFER FOR THIS. WE HAVE TRACED YOU WITH ALL YOUR DETAILS FBI WARNS
I am the person who owns the safe firm in UK but right now on sick bed for my heart surgery due to my heart failure M Efosa
Tell them to go to hell and burn to arches Prince Jerry Zulusofola
I don’t have job, I am a hacker, hacking jawing stick and Sachet water Udeh Ebuka
http://forum.419eater.com/forum/viewtopic.php?t=162469
Closed lad accounts x5 Easter Egg 2012
View user's profileSend private message
Morgain Le Fay
Pistol-packin' Mama


Joined: 14 Oct 2010
Posts: 5800
Location: Taking my new .38 special to the range


PostPosted: Wed Dec 29, 2010 8:31 pm Reply with quoteBack to top

^^^ Thanks for that breakdown of the info re headers.

_________________
Closed lad accounts X42 Easter Egg 2011 United Kingdom Mc Fry
Safari Nash and 6 friends 488 Km within Ghana - bait with Agda (2012)
Safari Safari Philip Ghana-Benin (bait w/Agda) 2013
Mortar x5
TV Star
.edu's 260 reported
Click here to support 419Eater.com
US Dropbox

"You people are all Junks" - Miss E. Kabx

"Maybe you are insane as your so called sat..." Barrister Insane

The website below is available for Eater folks to use.
Film & Production Needs
View user's profileSend private messageSkype Name
Ezio
Porkicidal


Joined: 03 Nov 2010
Posts: 902
Location: Munching vegetables and hopping around


PostPosted: Wed Dec 29, 2010 8:55 pm Reply with quoteBack to top

My own IP address shows me as being in an archaeological site across the street from a government ministry. I am actually 15+ kilometers away from there.
One lad I'm baiting has his IP show him as being in the middle of the Gambia River.

Take these locations with a highly judicious amount of salt.
The city and general geographic area are probably right, but that's as far as it goes.
Unfortunately, to expect us baiters to be able to figure out the exact street these bozos are on from an e-mail is just plain science fiction. (at least it is for me. Someone more tech-savvy may know how to do it. But I don't.)

_________________
Canada
Closed lad accounts X 1 from team baits (thank you, bait_my_hook!)
Closed lad accounts X 5 on my own
Closed lad accounts X 20 Japan massbait
Closed lad accounts X 2 Peckam massbait
X 16

¨HOW DEER YOU INSULT YOUR FATHERS AGE IN SUCH AN INDISPEAKABLE MANNER? .... YOU WILL ROAST LIKE A ROASTED GOAT. FROM WHICH YOUR ACHES WILL NOT BE AVAILABLE FOR THEE USE OF YOUR BURIAL....YOU TOOTHLESS BOO DOG STEPPING ON MY TOES..... YOU ARE A REJECTED CHILD OF YOUR PARENT AND A BASTARD WHO HAVE NO DIRECTION IN GHANA" (Mr. K. Smith)

"MARK MY WORD. YOU CAN'T LIVE BEYOND THIS MONTH....the only condition that what am saying will not happend this month is if you are not a guy man."(ASEM'd insult lad)
View user's profileSend private message
Morgain Le Fay
Pistol-packin' Mama


Joined: 14 Oct 2010
Posts: 5800
Location: Taking my new .38 special to the range


PostPosted: Wed Dec 29, 2010 9:02 pm Reply with quoteBack to top

My IP shows me within 15-20 miles of my actual physical address and that resolves to the cable provider.

When I use my Verizon Air Card, I can be in the same location and each day it will show a different location over 400-500 miles from my actual location.

_________________
Closed lad accounts X42 Easter Egg 2011 United Kingdom Mc Fry
Safari Nash and 6 friends 488 Km within Ghana - bait with Agda (2012)
Safari Safari Philip Ghana-Benin (bait w/Agda) 2013
Mortar x5
TV Star
.edu's 260 reported
Click here to support 419Eater.com
US Dropbox

"You people are all Junks" - Miss E. Kabx

"Maybe you are insane as your so called sat..." Barrister Insane

The website below is available for Eater folks to use.
Film & Production Needs
View user's profileSend private messageSkype Name
TheDarkSpecter
Master Baiter


Joined: 06 Oct 2010
Posts: 113
Location: 4th igloo on the left, adjacent to dogsled parking


PostPosted: Thu Dec 30, 2010 3:36 am Reply with quoteBack to top

Thanks for that info, really useful.

When I do my IP, it actually shows my house on the satellite map, (well, my front yard anyway). However, there is a cable junction box in my front yard that services my entire block.

So with all this new info, I have to agree that this probably isn't the originating location.... although it was funny for a while. Laughing

Awwww, thats just like getting socks for christmas

_________________
Dark Specter

------------------------------

...(snip) as you can not tell me that by now i am still a scam, because have already given you my word already. (Vincen*t Chen*g)

I want a situation where this money will be used in an ungodly Way.

Motor: The Nigerian Police Force is your Friend (0KEZIE 0KIR0 NELS0N CFR,NPM,FWC, Inspector General of Police)


Closed lad accounts x4
View user's profileSend private message
Display posts from previous:      
Post new topicReply to topic


 Jump to:   



View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



E-Mail Header Analysis


All Content © 2003 - 419Eater.com
Powered by phpBB © 2001, 2002 phpBB Group :S5: FI Theme :: All times are GMT