Tracking down Vincent Peet not from the BAHAMAS to the cayman islands

Nigerian 419 Scams

Tracking the Sen. The Hon. Vincent Peet

Here we do a little snooping using every day tools such as Whois - Trace - Ping - reverse DNS lookup, and track down Vinnie right to his desk in the Finance ministry of the Bahamas heh.
Actually we find Vinnie is living in the UK and has registered a Domain through an agency in Australia!
Email addresses altered to xxxxxx to protect the innocent from more spam.

We Got a Reply
- Sen. The Hon. Vincent Peet - Thursday 30th August, 2007 -

Envelope-to: wallabe@xxxxxxxx.com
Delivery-date: Wed, 29 Aug 2007 23:38:46 +1000
Message-ID: 
Content-Type: multipart/alternative;
	boundary="_b0f368f2-68ed-4365-8699-ad2963962b35_"
From: vincent peet 
To: 
Subject: Re: Business Representative Required
Date: Wed, 29 Aug 2007 13:38:42 +0000
Importance: Normal
MIME-Version: 1.0

This guy is good. He has even spent a few bucks and registered a Domain Name as shown in the header of the email, we suddenly have "vincent@vctpeet.net". That's a big stepup from vnctpet@msn.com the day before! A quick browse of http://www.vctpeet.net brings up an under-construction site ready to build into a bodgy business effigy.

A quick search via the OziFree Domain lookup reveals this:

   Domain Name: VCTPEET.NET
   Registrar: MELBOURNE IT, LTD. D/B/A INTERNET NAMES WORLDWIDE
   Whois Server: whois.melbourneit.com
   Referral URL: http://www.melbourneit.com
   Name Server: NS1.OFFICELIVE.COM
   Name Server: NS2.OFFICELIVE.COM
   Status: clientTransferProhibited
   Updated Date: 02-jul-2007
   Creation Date: 02-jul-2007
   Expiration Date: 02-jul-2008

Yep.. he has all the right ingredients. Registered with an Aussie Domain Name Supplier, and a link to Microsoft too. Let's check the IP address while we are here. www.vctpeet.net = 207.46.222.14 hmm. Let's have a DIG over at www.network-tools.com and see what we can find.

Domain Name.......... vctpeet.net
  Creation Date........ 2007-07-02
  Registration Date.... 2007-07-02
  Expiry Date.......... 2008-07-02
  Organisation Name.... vincent peet
  Organisation Address. 12,wakelyn house
  Organisation Address. brockly park
  Organisation Address. london
  Organisation Address. se23 1py
  Organisation Address. 01
  Organisation Address. GREAT BRITAIN (UK)

Admin Name........... vincent peet
  Admin Address........ 12,wakelyn house
  Admin Address........ brockly park
  Admin Address........ london
  Admin Address........ se23 1py
  Admin Address........ 01
  Admin Address........ GREAT BRITAIN (UK)
  Admin Email.......... vincent@vctpeet.net
  Admin Phone.......... +1.4477568846
  Admin Fax............

Tech Name............ Microsoft Office Live
  Tech Address......... One Microsoft Way
  Tech Address.........
  Tech Address......... Redmond
  Tech Address......... 98052
  Tech Address......... WA
  Tech Address......... UNITED STATES
  Tech Email........... support@officelive.com
  Tech Phone........... +1.8665915483
  Tech Fax.............
  Name Server.......... ns1.officelive.com
  Name Server.......... ns2.officelive.com

There we have it! Vincent Peet in the Bahamas.... no not really, more like 12, wakelyn house brockley park london, and a phone number too (looks fake don't it), but whats this Microsoft Tech support stuff, oh I see. he's hosted on a msn.net server. Lets check his "senders IP 82.153.12.235" at www.dnsstuff.com

82.153.12.235 is from United Kingdom(UK) in region Europe

TraceRoute to 82.153.12.235

Hop (ms) (ms) (ms)  IP Address Host name
1 0 0 0  66.98.244.1 gphou-66-98-244-1.ev1servers.net
2 0 0 0  66.98.241.16 gphou-66-98-241-16.ev1servers.net
3 0 0 0  66.98.240.12 gphou-66-98-240-12.ev1servers.net
4 1 1 1  129.250.11.129 ge-1-11.r03.hstntx01.us.bb.gin.ntt.net
5 1 2 9  129.250.2.228 xe-0-1-0.r20.hstntx01.us.bb.gin.ntt.net
6 7 7 7  129.250.3.129 as-0.r20.dllstx09.us.bb.gin.ntt.net
7 Timed out 6 6  129.250.2.154 po-1.r02.dllstx09.us.bb.gin.ntt.net
8 6 6 6  4.68.110.61 te-3-1.car3.dallas1.level3.net
9 6 6 7  4.68.122.97 ae-2-54.bbr2.dallas1.level3.net
10 114 114 114  212.187.128.57 ae-1-0.bbr2.london1.level3.net
11 114 114 114  4.68.116.11 ae-0-51.gar1.london1.level3.net
12 114 115 114  212.113.3.26 so-6-0.metro2-londencyh00.london1.level3.net
13 106 106 105  212.187.151.158 unknown.level3.net
14 106 110 106  82.153.2.52 -
15 Timed out Timed out Timed out   -
16 Timed out Timed out Timed out   -
17 Timed out Timed out Timed out   -
18 Timed out Timed out Timed out   -
Trace aborted.

Old Vinnie must be "Offline". Still we know his ISP through is level3.net owned by markmonitor.inc http://www.markmonitor.com, who according to their webpage specialize in Internet Fraud Prevention...gets better eh! More digging and we come up with Eclipse Networking Ltd!

Information related to '82.153.2.0 - 82.153.2.255'

inetnum:        82.153.2.0 - 82.153.2.255
netname:        ECLINET
descr:          Eclipse Internet Ltd.
country:        GB
admin-c:        ML272-RIPE
tech-c:         JB15805-RIPE
rev-srv:        ns1.eclipse.net.uk
rev-srv:        ns2.eclipse.net.uk
status:         ASSIGNED PA
mnt-by:         ECLINET-NMC
changed:        xxxx@eclipse.net.uk 20060321
source:         RIPE

person:       Mark Lang
address:      c/o Eclipse Internet,
address:      Portland House, Longbrook Street,
address:      Exeter, Devon EX4 6AB
address:      GB
phone:        +44 1392 333309
fax-no:       +44 1392 333319
nic-hdl:      ML272-RIPE
notify:       xxxx@eclipse.net.uk
changed:      xxxx@eclipse.net.uk 19981113
changed:      xxxx@eclipse.net.uk 20010904
source:       RIPE

Bingo .. here's our scammer! His ISP is http://www.eclipse.net.uk/ , which could turn out to be the host for portable or internet cafe public computers, or his dialup! However, when we compare the header from his first email we see that he has also registered www.vctpeet.org as well

Return-path: 
Envelope-to: tracking@xxxxxxxxxxxxxxx.com,
 tech@xxxxxxxxxxxxxx.com,
 info@xxxxxxxxxxxxxxxx.com
Delivery-date: Tue, 28 Aug 2007 20:37:12 +1000
Received: from ochre.srv2.com ([62.149.36.47])
	by xxxxxxxxx.xxxxxxxxxxxxxx.com.au with esmtps (TLSv1:AES256-SHA:256)
	(Exim 4.66)
	(envelope-from )
	id 1IPyRV-0005tP-BW; Tue, 28 Aug 2007 20:37:12 +1000
Received: from vctpeeto by ochre.srv2.com with local (Exim 4.63)
	(envelope-from )
	id 1IPyN1-0003nz-Ri; Tue, 28 Aug 2007 11:32:27 +0100
Received: from 87.194.61.234 ([87.194.61.234])
        (SquirrelMail authenticated user vctpeeto)
        by www.vctpeet.org with HTTP;
        Tue, 28 Aug 2007 11:32:27 +0100 (BST)
Message-ID: <50301.87.194.61.234.1188297147.squirrel@www.vctpeet.org>
Date: Tue, 28 Aug 2007 11:32:27 +0100 (BST)
From: "Hon. Vincent Peet" 
Reply-To: vincent@vctpeet.net
User-Agent: SquirrelMail/1.4.9a

The headers show that his www.vctpeet.org username is "vctpeeto" and that he used squirrel mail probably via CPanel in his www.vctpeet.org account. We find under the .org that he also has the Registrant Email:nlgdr@yahoo.com Registrant Phone:+7.756884671 and has moved down 2 doors to 14,wakelyn house. Very very similar details. So all up he has registered www.vctpeet.com + www.vctpeet.net + www.vctpeet.org

This would be enough for Scotland Yard to have a word to this bloke I reckon! Time to send them the URL of this page!

We are getting tired of this, but we'll wager that his other accounts are hosted here http://www.myqth.co.uk/ MyQTH is owned By Hostroute.co.uk. Just thought we might drop by his cpanel login, drop some garbage into the login boxes twice so Cpanel bring up the "have you lost your password bit,, and then select "Change my password". That will have him wondering why his password was changed! I guess when he reads his email and has a new password heh, love CPanel.

The thing that concerns us most about this scammer, is that some real cash has been spent setting up these domains etc. I mean really, wouldn't the Minister of Finances in the Bahamas have a dot gov address?

We might get started on that letter head for Vinnie, and send him this URL as our Head Office website to look at.

There actually IS a REAL "Vincent Peet" who is a Gov. Minister in the Bahamas?
If "vctpeeto" is the Username for www.vctpeet.org
then would "vctpeetc" be the Username for www.vctpeet.com
would "vctpeetn" be the Username for www.vctpeet.net?
Should we email him at nlgdr@yahoo.com?
You bet we should!
Should we post all his account stuff this here for hackers to get him!
You bet we will!
Should we send this URL to him?
You bet we should!
Is Vinnie a DipShit?
You bet he is!

Advertise

Blokes And Sheilas Dot Com HiSpeed online shopping

Ozi-FREE Internet Stuff

Plugboards - Button Maker - Banner Maker - Currency Converter - Aussie Search - Files - Utilities - Graphics.

NIGERIAN 419 MENU

CURRENT SCAMS

Domain Names

FREE Online Stores