Please read through the following chronological order or the sequence of the case:
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
My Client wanted to withdraw money from broker to LR (Liberty Reserve) account,
so he decided to open LR (Liberty Reserve) account, this is the chronological
order or the sequence of his transactions:
1. THE REGISTRATION DAY:
My client opened/registered LR account on the 11 th of March 2013 (03/11/2013) from 08:16 a.m to 09:29 a.m. LR time).
He used his personal computer that is protected by original kaspersky. And the feature on his LR account that is IP Security was enabled. After the account opened, he withdrew $1,000 from his broker to LR account and the money arrived to his account at the same day (03/11/2013) at 08:59 a.m (LR time)
VICTIM's IP:
General IP Information
IP: 39.210.125.113
Decimal: 668106097
Hostname: 39.210.125.113
ISP: Telkomsel
Organization: Telkomsel
Services: None detected
Type:
Assignment: Static IP
Blacklist:
Geolocation Information
Country: Indonesia id flag
State/Region: Kepulauan Bangka Belitung
City: Mulia
Latitude: -2.3333 (2° 19′ 59.88″ S)
Longitude: 106.2667 (106° 16′ 0.12″ E)
----------------------------------
2. My client accessed his account from other city, because he had something to do in that city/office task he accessed on the same day of registration, that is on th 11 th of March 2013 (03/11/2013) from 11.06 a.m to 11.09 am (LR time) with the following IP address (he used his smart phone)
VICTIM's IP
General IP Information
IP: 39.218.155.0
Decimal: 668637952
Hostname: 39.218.155.0
ISP: Telkomsel
Organization: Telkomsel
Services: None detected
Type:
Assignment: Static IP
Blacklist:
Geolocation Information
Country: Indonesia id flag
State/Region: Kepulauan Bangka Belitung
City: Mulia
Latitude: -2.3333 (2° 19′ 59.88″ S)
Longitude: 106.2667 (106° 16′ 0.12″ E)
THE PICTURE 1:
------------------------------------
3. THE DOOM DAY:
On the next day, on the 12 th of March 2013 (03/12/2013) at 08:38 a.m. (LR time). The LR account was accessed with IP adress from PERU (the culprit), and also able to verify the IP address (usually LR will send PIN if the account is accessed from different IP) without the VICTIM's concern/notice. The THIEF needed only 2 minutes to stole/wiped out the money from the VICTIM account. from 08:38 a.m. to 08:40 a.m. (LR time)
This is the CULPRIT/suspected CRIMINAL IP from PERU.
General IP Information
IP: 190.118.22.156
Decimal: 3195410076
Hostname: 190.118.22.156
ISP: Telmex Peru S.A.
Organization: Telmex Peru S.A.
Services: None detected
Type:
Assignment: Static IP
Blacklist:
Geolocation Information
Country: Peru pe flag
State/Region: Lima
City: Lima
Latitude: -12.05 (12° 3′ 0.00″ S)
Longitude: -77.05 (77° 2′ 60.00″ W)
--------------------------------------
4. At the same day too (03/11/2013) my client's account was accessed by two different IPs within 6 Minutes (please look at the picture /attachment) this is little bit strange (if you could analyze this please give your analysis)
THE PICTURE 1:
VICTIM's IP: (accessed LR account at 08:41 then 08:42 then 08:43 then 08:44)
General IP Information
IP: 139.194.72.184
Decimal: 2344765624
Hostname: fm-dyn-139-194-72-184.fast.net.id
ISP: PT. First Media,Tbk
Organization: PT. First Media,Tbk
Services: None detected
Type:
Assignment: Static IP
Blacklist:
Geolocation Information
Country: Indonesia id flag
State/Region: Jawa Barat
City: Tangerang
Latitude: -6.1781 (6° 10′ 41.16″ S)
Longitude: 106.63 (106° 37′ 48.00″ E)
THIEF IP: (accessed LR account from 08:38 then 08:40 then 08:42 then 08:43)
--- There was overlapping 2 different IPs accesses in the following minutes:
08:40 to 08:42 === in which 08:40 (IP from PERU/the suspected culprit)
08:41 === (IP from Indonesia/the victim) then 08:42 (IP from PERU/the suspected culprit)
--- There were 2 different IPs accessed the victim's LR account at the same time:
08:42 and 08:43 (accessed by 2 different IPs from PERU (CULPRIT) and Indonesia (Victim) )
CULPRIT's IP
General IP Information
IP: 190.118.22.156
Decimal: 3195410076
Hostname: 190.118.22.156
ISP: Telmex Peru S.A.
Organization: Telmex Peru S.A.
Services: None detected
Type:
Assignment: Static IP
Blacklist:
Geolocation Information
Country: Peru pe flag
State/Region: Lima
City: Lima
Latitude: -12.05 (12° 3′ 0.00″ S)
Longitude: -77.05 (77° 2′ 60.00″ W)
------------------------------------
5. Withdrawal for the second time: my client did the second withdrawal $8,573 and the thief stole/wiped out right away
This account was accessed from victim IP, on the 12 th of March 2013 (03/12/2013) from 09:42 a.m to 10:34 a.m. (LR time) the money/fund from the broker arrived at 12:56 on the 12 th of march 2013 (03/12/2013)--- the victim didn't know the money had arrived until, he knew that his money was stolen.
and the money was stolen by the thief at 15:15 (03/12/2013)
------------------------------------
6. UnAuthorized Access from IP from INDIA (see the picture) and also another overlapping access from 2 different IPs from 2 different places/country (thief IP and also the victim IP)
The following two IPs is overlapping each other, in accessing the LR account.
Please look at the picture: THE PICTURE 2 :
After the money from the broker arrived at: 12:56 (LR time) then few hours later 15:15 the money was stolen by someone with IP adress from INDIA with the following timeline:
(03/12/2013)
=== 09:42 -to- 10:34 was accessed from victim IP (139.194.72.184 - Indonesia)
------> this can be the thief who monitored the victim LR
=== 15:13 -to- 15:14 was accessed by 2 different IPs at the same time/overlapping that is from the THIEF IP (117.240.178.66 - India) and from victim"s IP (122.200.149.66 -- Indonesia)
------> this is the second IP that is different from the culprit 1st IP
------> the first is from PERU and this second from INDIA
=== 15:15 THIS IS THE OVERLAPPING TIME between 2 different IP address from different country.
------> Both IPs (117.240.178.66 (the culprit from india) & 139.194.72.184 (the victim from Indonesia) accessed the LR account at the same time, and also at that time the money in LR (Liberty Reserve) was also wiped out/stolen.
SUSPECTED CULPRIT IP
General IP Information
IP: 117.240.178.66
Decimal: 1978708546
Hostname: 117.240.178.66
ISP: BSNL
Organization: BSNL
Services: Confirmed proxy server
Type: Broadband
Assignment: Static IP
Blacklist:
Geolocation Information
Country: India in flag
State/Region: Uttar Pradesh
City: Noida
Latitude: 28.57 (28° 34′ 12.00″ N)
Longitude: 77.32 (77° 19′ 12.00″ E)
VICTIM IP
General IP Information
IP: 122.200.149.66
Decimal: 2059965762
Hostname: 122.200.149.66
ISP: Pt Qiandra Information Technology
Organization: Pt Qiandra Information Technology
Services: None detected
Type: Broadband
Assignment: Static IP
Blacklist:
Geolocation Information
Country: Indonesia id flag
State/Region: Jakarta Raya
City: Jakarta
Latitude: -6.1744 (6° 10′ 27.84″ S)
Longitude: 106.8294 (106° 49′ 45.84″ E)
----------------------
7. The VICTIM reported that his account was wiped out/stolen by somebody from somewhere
THE PICTURE 3:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Those were the chronological of the case, if you can analyze well, please give your comment, so that we can find the CULPRIT or at least warning other people about this case, before anothe case happen in the future.
Thank you
