As the year draws to a close, many scammers are eager to use various schemes to swindle your hard-earned money. Therefore, we need to apply what weâve learned to protect ourselves. In fact, the Spring and Autumn Community has a mysterious discussion group dedicated to catching scammers and assisting law enforcement with some odd jobs, fighting evil and promoting good. To write this article well, Iâve outlined it, and upon comparison, it will be easier to read. Due to the length, I plan to split it into two parts.
The first part: QQ location + IP location + common phishing methods and counters + fraud pattern.
The second part: psychology of fraud + behavior habits + common trojan horse frauds and counters + use of alternative tools to capture the masterminds.
Certainly! Please provide the content you would like me to rewrite, and Iâll include the keyword âQQ Location Trackingâ as requested.
QQ Location:
QQ2009 Green Show IP Resurrection Edition, not much in use now, sometimes itâs unable to obtain someoneâs IP.
More commonly used are plugins. By sending an image containing XML via a plugin to another person, thereâs a 90% chance of acquiring an IP if the recipient views the image.
If you feel plugins or other software are unsafe, you can also use Wireshark to unidirectionally obtain the IP of a QQ friend.
Using Wireshark is straightforward, so I wonât elaborate further. If you want to learn more, I recommend two detailed articles. If you still donât get it, I canât help you.
http://www.cnblogs.com/Oran9e/p/7098097.html
http://www.freebuf.com/articles/web/137952.html
This only applies to PC operations, but of course, there are also mobile implementations. For example, thereâs a source code available on GitHub:
https://github.com/PrintNow/QQipTance
Here is an example of an app built using Chameleon.
If posted in a group, you canât obtain all online membersâ IPs. You can send it to individual QQ friends. I previously set up a free version; due to it being free, Chameleonâs ads flooded everywhere, so I shut it down. Interested individuals can set it up for personal use. To deal with scammers, itâs highly effective.
Then look for an interface, input the IP for an approximate location.
Interface 1: https://www.chaidu.com/App/Web/IP/
Interface 2: http://www.ipip.net/ip.html
Interface 3: http://www.hao7188.com/
Interface 4: https://www.opengps.cn/Data/IP/LocHighAcc.aspx
Interface 5: https://ip.rtbasia.com/
Interface 6: https://www.opengps.cn/Data/IP/LocHighAcc.aspx
Interface 7: http://www.ipplus360.com/
The aforementioned methods allow locating someone via QQ. Most scams involving QQ can be traced using these methods to find the opponentâs IP address.
Additionally, regarding website location, it can be divided into two methods:
1. Obtain the IP location of the visitor.
2. Obtain the longitude and latitude for location purposes.
Firstly, for latitude and longitude location, provide the following PHP code, set up and place it in the websiteâs root directory.
It was previously posted by the Foreknowledge group; our communityâs Brother Thumb seems to have written it. The community doesnât seem to have it, havenât searched thoroughly.
Document 
geolocation2.php code<?php
@$time=date(âY-m-d H :i:sâ,time()); //Get the current time $nowLatitude=âlatitudeâ.$_POST[âusernameâ]; //Accept the parameters (longitude coordinates) passed from the previous page
$nowlongitude=âlongitude â.$_POST[âpasswordâ].â ââThe time is â.$time.â\r\nâ;; //Accept the parameters (latitude coordinates) passed from the previous page
$fp=fopen (âgeo.txtâ, âa+â); //Create a geo.txt file fwrite($fp, $nowLatitude); //Write the longitude into geo.txt fwrite($fp, $nowlongitude); //Write the latitude into geo.txt
?>
This PHP script is used to obtain the opponentâs longitude and latitude after they click authorize, and then locate using these coordinates. This is more accurate than IP location since IPs are allocated by regions. The downside is many people subconsciously refuse, so it depends on oneâs idea. The key is not the method but having a good mind.
Query website: http://www.gpsspg.com/maps.htm
The principles of these high-precision IP location methods are:
1. The userâs phone has Baiduâs services installed, such as the Baidu Maps SDK.
2. The userâs phone runs Baidu services, and while using Baidu Maps for navigation, station information, etc., Baiduâs service gets activated.
3. While providing services, Baidu also transmits the current coordinates, IP address, current time, location method, wifi information, and provider base station information to Baiduâs backend server.
The backend server stores this data and provides feedback to the user with the needed content. Baidu uses this anonymous information collection process with user permission.
4. Baidu collects this data to compare IPs and GPS coordinates data.
5. By using this data, it can calculate the coverage area of an IP, obtaining a precise range where the IP has been used. The center of this range is considered the closest location to the user. The margin of error is calculated, thereby having high-precision IP location capability.
Itâs stated that the positioning method used by you is much lower than what police use; donât be fooled by movies.
Additional notes: This service is mainly used under wired broadband with wifi, achieving higher accuracy. If a provider like Unicom allocates public IPs to customers, the local area network operatorâs IP accuracy can reach a few tens of meters.
On the other hand, Mobile networks (2G, 3G, 4G) acquiring an IP for positioning could cover an entire province due to its approach of using a regional IP pool.
If you still do not understand, look at the following from Ji Yulinâs blog on CSDN [Blog Address: http://blog.csdn.net/cuitang1031]
1. The apps on a phone can acquire location data.
2. The apps on the phone can interact with the backend server through the public internet.
3. The phone may be connected to wifi, using a home broadband network.
If using a home broadband network, the network may have public IP characteristics, meaning the home router obtains a public IP address that does not start with 192.168.xx, 10.xxx, or 172.xxx. In this case, the accuracy of the reported IP and GPS data is very high. The maximum accuracy is defined as 30 meters, the largest diameter a standard home Wi-Fi can cover.
5. Had the service been with insufficient IP resources, a technique called NAT forwarding is employed. This might result in a 10.xxx internal network address while the real public IP location is somewhere in the area, causing discrepancies. These discrepancies cover street, city, or provincial scopes depending on the LAN segment under which other mobiles provide such data.
6. If mobile cardsâ GPRS is used to surf the internet, itâs surely through NAT networks. Domestic providers generally use a provincial IP pool for mobile internet outreach; thus, IP and GPS location data submitted range across extensive provincial areas.
7. High-precision IP location obtaining challenges: Devices without location services features have been used under an IP, e.g., openGPS.cn site published on Alibaba Cloudâs Qingdao ECS node. The site owner never used proxy functions on this server; hence the serverâs sole traffic makes sure of no location-based deviceâs report for results.
Understanding these principles is unnecessary. The important thing is knowing how to use them to find what you need; itâs a continuous process of uncovering more facts. Now, moving on to WeChat location: many might not know, but the approach is similar.
Using the WeChat mini-program âGroup Play Assistant.â
Send a mini-program to others, claiming it is a red envelope, 80% will click it, right?
Email IP lookup:
This should be familiar to many. In companies, QQ isnât used for communication; usually, email exchanges are conducted. Some phishing emails are quite indistinguishable, so it can be challenging to tell them apart. A spoofed domain like https://www.ba1du.com/ or www.ic0uld.com can convincingly mimic the real thing. In determining whether the domain belongs to the company, or when facing counterfeit domains, for tracing deception, email IP lookup is used.
Specific execution method:
For example, this one:
I must be a schoolboy to receive such emails every day.
After finding an IP, 114.253.35.150, use the earlier used IP interfaces to locate this address.
0x02
Phishing
Itâs just these few types: QQ space, Taobao refund, bank pages, Tenpay, email, fake base stations, iPhone phishing.
To handle such QQ space phishing, directly use quick login without inputting QQ account and passwordâitâs the simplest. This way, phishers canât obtain your password.
Taobao refunds, bank pages, Tenpay, and emails are quite similar. Many experienced in the community have dealt with this. The key is to insert where thereâs a frame, leveraging XSS (cross-site scripting) to extract cookies into the backend, tracking the phisherâs IP, locating and reporting it to law enforcement. Use a WHOIS search, conduct social engineering on the hosting provider, forge source owner information, get into emails, and with the help of a social engineering database, you can infiltrate most phishing actors.
The most common would perhaps be:
Fake base stations + bank phishing. Everyone must have received similar texts. In todayâs era, does anyone still trust bank points promotions and petty thirty-dollar savings over monthâs savings? If you fall for it, you deserve it for being greedy.
iPhone phishing typically involves sending a phishing link to your email.
High similarity but extremely low security, many publicly available vulnerabilities can be exploited.
These scammers are truly low IQ, canât they use advanced technology for crime?
Letâs look at a case study of a phishing site, âOnline Fake QQ Coin Generatorâ; are such fools still around? Yes, there definitely are not just one but many.
High similarity but extremely low security, many publicly available vulnerabilities can be exploited.
These scammers are truly low IQ, canât they use advanced technology for crime?
Letâs look at a case study of a phishing site, âOnline Fake QQ Coin Generatorâ; are such fools still around? Yes, there definitely are not just one but many.
No way, Iâve studied PS, isnât zero just conveniently P-ed?
Upon finding a blog linked with an email, with two links, open the second one.
Indeed, not only engaging in fraud, tricking students for Q coins but also into gambling. Quite impressive.
Name: Zheng Bintao
Acquired this information.
Full name: Zheng Bintao
Clicking to discover a QQ contact.
QQ: 895015400
Detailed address: Xianyou County, Putian City, Fujian Province, China.
This might be an address from a few years ago; another address is in Xiâan, Shaanxi.
Thank you, TT Brother, for helping with the check.
384a9052d69ff09ccf8c7314d52fd510 Decryption: qaz963
One approach here is a WHOIS search, finding the service provider registered under Sunshine Hosting. Or, continue exploring more information, pairing with QQ to execute tactics to obtain an address. As for criminal evidence, operating such gambling websites can surely get him in trouble, depending on how law enforcement would handle it.
0x03
Fraud Pattern
Fraud patterns are classified into casting a net, targeted scams, and bespoke scams.
As the names imply, casting a net involves posting scam messages online, entrapping who will take the bait, typically aimed at gullible individuals. Targeted scams primarily focus on the elderly, students, and working individuals, online shoppers, etc., like tricking the elderly into buying health supplements, property mortgage dividends, students with part-time jobs, impersonating friends and family for aid, and providing bank account numbers, using fund arrival queries, instructing them to operate ATMs in English mode, transferring funds out. For working individuals, typically impersonating leaders for transfers on behalf of certain companies. Bespoke scams typically target wealthy people by thoroughly researching target habits, lifestyle, and thought modes to devise specific methods.
The law protects the strong; only by understanding the law can one use itâCriminal Law, Network Security Law.
90% of scams occur because of oneâs greed.
Finally, this article is purely personal amusement. If thereâs any offense, please donât come after me. The initial intention is to protect the innocent from being deceived by this treacherous society.