"Download Password Here"....

[(PeteCresswell)]

I just came across an (already suspicious because of the context)
encrypted .RAR, and it was accompanied by a .TXT file whose contents
consisted of:

Download PASSWORD here : http://goo.gl/wXcjcN

Personally, I would not want to click on that link...

But curiosity calls and I'm wondering if anybody has a 'Safe' PC from
which they could open the link and satisfy my idle curiosity.

I've got some ideas - none of them pleasant.... -)
--
Pete Cresswell

[Eggspurt]

On 03/02/2015 10:16 AM, (PeteCresswell) wrote:
> I just came across an (already suspicious because of the context)
> encrypted .RAR, and it was accompanied by a .TXT file whose contents
> consisted of:
>
> Download PASSWORD here : http://goo.gl/wXcjcN
>
> Personally, I would not want to click on that link...

Then why didn't you obfuscate it?

[David W. Hodgins]

On Sun, 01 Mar 2015 22:16:13 -0500, (PeteCresswell) <x...@y.invalid> wrote:

> I just came across an (already suspicious because of the context)
> encrypted .RAR, and it was accompanied by a .TXT file whose contents
> consisted of:

> Download PASSWORD here : hxxp://goo.gl/wXcjcN

> Personally, I would not want to click on that link...
> But curiosity calls and I'm wondering if anybody has a 'Safe' PC from
> which they could open the link and satisfy my idle curiosity.

It redirects to hxxp://shortz.so/bcb

One of the lines from the html returned from that link ...
"This page will immediately unlock and restore normal access upon your participation in an offer below."

The offers include things like "Play Taichi Panda - ONLY $1.19!".

I didn't bother looking any further.

Regards, Dave Hodgins

--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)

[VanguardLH]

The goo.gl domain is owned by Google. To verify, see:

http://www.whois.com/whois/goo.gl

You can create shortcuts of long URLs. You can use the Google URL
shortener service yourself by visiting:

http://goo.gl/

There is a link at the bottom of the page for help which goes to:

https://support.google.com/faqs/answer/190768?rd=1

Giving someone a 200 character URL means they are likely to get it wrong
or not even bother trying to go there. TinyURL has the same URL
shortening service. With them, and if the person doling out the URL
doesn't include it, you can add the "preview" hostname to the domain so
you can see to where the shortened hyperlink will redirect. Although
not very long, an example is where:

http://www.intel.com/p/en_US/support/highlights/processors/toolspiu

gets shortened to:

http://tinyurl.com/27l8znh

but if you want to preview to where that redirection link leads then
use:

http://preview.tinyurl.com/27l8znh

I don't see any mention at goo.gl on how to preview the target of their
shortened URL. There are many such URL shortening services and many of
them offer no means to see to where the short link will redirect them.
As a consequence, and to prevent visiting an unwanted site by letting
you the target site BEFORE going there, some sites will figure out what
is the long URL. They take the shortened URL and determine what is the
long URL to what the short link points. Of course, since they are
resolving the shortened link to something now, the long URL them compute
may differ from the original long URL that got shortened.

http://longurl.org/

For example, when I enter http://tinyurl.com/27l8znh (although the
preview mode is available for that service by adding the "preview"
hostname), it tells me the long URL is:

http://www.intel.com/p/en_US/support/highlights/processors/toolspiu

Well, that what I expected but it's possible the long URL could be
different (but still point at the same page). When I entered the
suspect URL you gave of:

http://goo.gl/wXcjcN

LongURL says the long version is:

http://shortz.so/bcb

To check that the "long" URL isn't another redirection service, I enter
the shortz.so URL into LongURL but it comes back as the same URL. Yet I
still suspect shortz.so is another redirection service. With scripting
and metarefresh disabled in my web browser, visiting that target URL
results in a page claiming "nothing found". They are using Javascript
code in their web page to redirect you elsewhere.

http://www.whois.com/whois/shortz.so

That shows whomever is the real registrant of that domain is using
GoDaddy's private service. IANA requires that a domain registration
specify who is responsible for the domain. Registrars, at an extra fee,
while assume that responsibility by listing themselves as the
responsible party while keeping hidden who is the real registrant. That
means the real domain owner is hiding. You don't hide for good reasons.

nslookup shortz.so
returns 69.65.45.16
yet
nslookup 69.65.45.16
returns ip-69.65.45.16.servernap.net

So the web host is not operating their own web server. They syntax of
the reverse DNS lookup indicates it is someone's home PC but it could be
a web site hosted at servernap.net.

So just from where did you download the .rar file? Are you trying to
get a cracked version of software? Is this some software you're trying
to get for free using trailpay or similar scheme?

I suspect there's more to the story than you "just came across" an
encrypted .rar file. Obviously if there were reasons to encrypt a file
then it would be stupid to include the decryption key within the .rar
file. That is like taping your house key to your door when you left.
The password or key has to be delivered via some other venue else there
would be no reason to encrypt the file. When you send an e-mail to
someone that has an attachment which is an encrypted file, do you give
the password within the body of that same e-mail?

[FromTheRafters]

(PeteCresswell) wrote :

There's an e-mail address if you want help.

dmca at shortz.so

[Shadow]

On Sun, 01 Mar 2015 22:16:13 -0500, "(PeteCresswell)" <x...@y.Invalid>
wrote:

Only download torrents from trusted sources, and read the
comments first. Password protected content is banned on all serious
torrent sites.
It's usually a scam to get your financial details. The rest
they get when you use the password and open the keylogger/trojan you
downloaded.
[]'s
--
Don't be evil - Google 2004
We have a new policy - Google 2012

[(PeteCresswell)]

Per Shadow:

>
> Only download torrents from trusted sources, and read the
>comments first. Password protected content is banned on all serious
>torrent sites.
> It's usually a scam to get your financial details. The rest
>they get when you use the password and open the keylogger/trojan you
>downloaded.

Points taken.

Thanks.

I was hoping to hear the part about password-protected content being
banned - and the keylogger/trojan scenario was high on my list... but
that was just my inner paranoid talking and I did not really know
anything.

--
Pete Cresswell

[FromTheRafters]

(PeteCresswell) formulated on Monday :

I suffered no noticeable ill effects from the visit, there was no
attempt to keep me on the page.

[Jax]

"(PeteCresswell)" <x...@y.Invalid> wrote in
news:6al7fadjeld5pg34d...@4ax.com:

Link not clicked! :)

--
Jax

[FromTheRafters]

Jax explained :

Chicken!

[Diesel]

Jax <remove.bea...@gmail.com> news:XnsA4619A...@127.0.0.1

No big deal. It's probably not something you'd be able to get up and
running without extensive hand holding.


--
Hey, I found your nose. It was in my business again.

[nilda...@gmail.com]

Dadada

[frodo2...@gmail.com]

El lunes, 2 de marzo de 2015, 0:16:19 (UTC-3), (PeteCresswell) escribió:
> I just came across an (already suspicious because of the context)
> encrypted .RAR, and it was accompanied by a .TXT file whose contents
> consisted of:
>
> Download PASSWORD here : http://goo.gl/wXcjcN
>

> repair rar y listo !
ARAR
Suerte

[hana...@gmail.com]

On Monday, March 2, 2015 at 11:16:19 AM UTC+8, (PeteCresswell) wrote:
> I just came across an (already suspicious because of the context)
> encrypted .RAR, and it was accompanied by a .TXT file whose contents
> consisted of:
>
> Download PASSWORD here : http://goo.gl/wXcjcN
>
> Personally, I would not want to click on that link...
>
> But curiosity calls and I'm wondering if anybody has a 'Safe' PC from
> which they could open the link and satisfy my idle curiosity.

polis evo

[bharatk...@gmail.com]

find the password is http://goo.gl/wXcjcN

[bharatk...@gmail.com]

On Monday, March 2, 2015 at 8:46:19 AM UTC+5:30, (PeteCresswell) wrote:

please send the passwords

[reyl...@gmail.com]

[srhin...@spartanburg2.k12.sc.us]

[ebrahim...@gmail.com]

On Monday, March 2, 2015 at 8:46:19 AM UTC+5:30, (PeteCresswell) wrote:

[twinb...@gmail.com]

then how can i download password?

[The New Other Guy]

You CAN'T, dumbass. There IS no password.
It's a SCAM to get hits on a website,
AND to get you to run his malware!!!

[Matthew Lackman]

+ User FidoNet address: 1:154/10
Gave the link a shot on my iPhone ...

"Safari cannot open the page because the server cannot be found"

bogus address.....

-RootDoctor
--
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ The FidoNet News Gate (Huntsville, AL - USA) +
+ The views of this user are strictly his or her own. +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++

---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

[anshga...@gmail.com]

On Monday, March 2, 2015 at 8:46:19 AM UTC+5:30, (PeteCresswell) wrote:

[nazary...@gmail.com]

password this please : http://shortz.so/YsU

[nirut...@gmail.com]

On Monday, March 2, 2015 at 8:46:19 AM UTC+5:30, (PeteCresswell) wrote:

[Shadow]

On Sun, 01 Mar 2015 22:16:13 -0500, "(PeteCresswell)" <x...@y.Invalid>
wrote:

Search for "unshorten" URL

Though most of them are just dataminers. Never use them for a
personal link.

[Wolf K]

On 2016-11-12 07:44, Shadow wrote:
> On Sun, 01 Mar 2015 22:16:13 -0500, "(PeteCresswell)" <x...@y.Invalid>
> wrote:

No he didn't. His whole post was hijacked and reposted by some bot.

--
Best,
Wolf K
kirkwood40.blogspot.ca

[lewig...@gmail.com]

On Sunday, March 1, 2015 at 10:16:19 PM UTC-5, (PeteCresswell) wrote:
> I just came across an (already suspicious because of the context)
> encrypted .RAR, and it was accompanied by a .TXT file whose contents
> consisted of:
>
> Download PASSWORD here : http://goo.gl/wXcjcN
>
> Personally, I would not want to click on that link...
>
> But curiosity calls and I'm wondering if anybody has a 'Safe' PC from
> which they could open the link and satisfy my idle curiosity.
>
> I've got some ideas - none of them pleasant.... -)

> --
> Pete Cresswell

[sanud...@gmail.com]

[David B.]

I got THIS response ......

"Safari can't open the page "shortz.so/bcb" because Safari can't find
the server "shortz.so"

CHROME showed me this .....

The following error was encountered while trying to retrieve the URL:
http://shortz.so/bcb

Unable to determine IP address from host name shortz.so

The DNS server returned:

Server Failure: The name server was unable to process this query.
This means that the system was not able to resolve the hostname
presented in the URL. Check if the address is correct.

HTH

--
The only people who make a difference are the people who believe they can.

[shabb...@gmail.com]

[adaam1...@gmail.com]

[adaam1...@gmail.com]

[nasiral...@gmail.com]

[joyde...@gmail.com]

[pbartol...@gmail.com]

[shagmy...@gmail.com]

I got the same file and the link is the password..... I copied the link and pasted it in the password box

[jeanclaud...@gmail.com]

HHByHnyGD5

[Shadow]

On Tue, 2 Oct 2018 03:11:52 -0700 (PDT), jeanclaud...@gmail.com
wrote:

>HHByHnyGD5

Thank you. I'd completely forgotten it.

[Benny Pedersen]

+ User FidoNet address: 2:230/0
Hello Shadow!

02 Oct 2018 00:26, Shadow wrote to All:

S> From: Shadow <S...@dow.br>

S> On Tue, 2 Oct 2018 03:11:52 -0700 (PDT), jeanclaud...@gmail.com
S> wrote:

>>HHByHnyGD5

S> Thank you. I'd completely forgotten it.

maybe one need a new passwrod now !!!!!!!!


Regards Benny

.. there can only be one way of life, and it works :)

[iindra...@gmail.com]

On Monday, March 2, 2015 at 8:46:19 AM UTC+5:30, (PeteCresswell) wrote:
> I just came across an (already suspicious because of the context)
> encrypted .RAR, and it was accompanied by a .TXT file whose contents
> consisted of:
>
> Download PASSWORD here : http://goo.gl/wXcjcN
>
> Personally, I would not want to click on that link...
>
> But curiosity calls and I'm wondering if anybody has a 'Safe' PC from
> which they could open the link and satisfy my idle curiosity.
>
> I've got some ideas - none of them pleasant.... -)
> --
> Pete Cresswell

do you what is the password of battlefield 2

[mandirip...@gmail.com]

[madanku...@gmail.com]

[bobo...@gmail.com]

https://www.facebook.com/profile.php?id=100035156586726

[minmp...@gmail.com]

Download Password Here

[minmp...@gmail.com]

https://www.facebook.com/profile.php?id=100014530009226

[atsystec...@gmail.com]

Le lundi 2 mars 2015 03:16:19 UTC, (PeteCresswell) a écrit :
> I just came across an (already suspicious because of the context)
> encrypted .RAR, and it was accompanied by a .TXT file whose contents
> consisted of:
>
> Download PASSWORD here : http://goo.gl/wXcjcN
>
> Personally, I would not want to click on that link...
>
> But curiosity calls and I'm wondering if anybody has a 'Safe' PC from
> which they could open the link and satisfy my idle curiosity.
>
> I've got some ideas - none of them pleasant.... -)
> --
> Pete Cresswell

j'ai vraiment besoin du code

[louayh...@gmail.com]