"Download Password Here"....

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I just came across an (already suspicious because of the context)
encrypted .RAR, and it was accompanied by a .TXT file whose contents
consisted of:

Download PASSWORD here :   http://goo.gl/wXcjcN

Personally, I would not want to click on that link...

But curiosity calls and I'm wondering if anybody has a 'Safe' PC from
which they could open the link and satisfy my idle curiosity.

I've got some ideas - none of them pleasant.... -)
--  
Pete Cresswell

Re: "Download Password Here"....

On 03/02/2015 10:16 AM, (PeteCresswell) wrote:
Quoted text here. Click to load it

Then why didn't you obfuscate it?

Quoted text here. Click to load it


Re: "Download Password Here"....


Quoted text here. Click to load it

It redirects to hxxp://shortz.so/bcb

One of the lines from the html returned from that link ...
"This page will immediately unlock and restore normal access upon your participation in an offer below."

The offers include things like "Play Taichi Panda - ONLY $1.19!".

I didn't bother looking any further.

Regards, Dave Hodgins

--  
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)

Re: "Download Password Here"....

PeteCresswell wrote:

Quoted text here. Click to load it

The goo.gl domain is owned by Google.  To verify, see:

http://www.whois.com/whois/goo.gl

You can create shortcuts of long URLs.  You can use the Google URL
shortener service yourself by visiting:

http://goo.gl/

There is a link at the bottom of the page for help which goes to:

https://support.google.com/faqs/answer/190768?rd=1

Giving someone a 200 character URL means they are likely to get it wrong
or not even bother trying to go there.  TinyURL has the same URL
shortening service.  With them, and if the person doling out the URL
doesn't include it, you can add the "preview" hostname to the domain so
you can see to where the shortened hyperlink will redirect.  Although
not very long, an example is where:

http://www.intel.com/p/en_US/support/highlights/processors/toolspiu

gets shortened to:

http://tinyurl.com/27l8znh

but if you want to preview to where that redirection link leads then
use:

http://preview.tinyurl.com/27l8znh

I don't see any mention at goo.gl on how to preview the target of their
shortened URL.  There are many such URL shortening services and many of
them offer no means to see to where the short link will redirect them.
As a consequence, and to prevent visiting an unwanted site by letting
you the target site BEFORE going there, some sites will figure out what
is the long URL.  They take the shortened URL and determine what is the
long URL to what the short link points.  Of course, since they are
resolving the shortened link to something now, the long URL them compute
may differ from the original long URL that got shortened.

http://longurl.org/

For example, when I enter http://tinyurl.com/27l8znh (although the
preview mode is available for that service by adding the "preview"
hostname), it tells me the long URL is:

http://www.intel.com/p/en_US/support/highlights/processors/toolspiu

Well, that what I expected but it's possible the long URL could be
different (but still point at the same page).  When I entered the
suspect URL you gave of:

http://goo.gl/wXcjcN

LongURL says the long version is:

http://shortz.so/bcb

To check that the "long" URL isn't another redirection service, I enter
the shortz.so URL into LongURL but it comes back as the same URL.  Yet I
still suspect shortz.so is another redirection service.  With scripting
and metarefresh disabled in my web browser, visiting that target URL
results in a page claiming "nothing found".  They are using Javascript
code in their web page to redirect you elsewhere.

http://www.whois.com/whois/shortz.so

That shows whomever is the real registrant of that domain is using
GoDaddy's private service.  IANA requires that a domain registration
specify who is responsible for the domain.  Registrars, at an extra fee,
while assume that responsibility by listing themselves as the
responsible party while keeping hidden who is the real registrant.  That
means the real domain owner is hiding.  You don't hide for good reasons.

nslookup shortz.so
returns  69.65.45.16
  yet
nslookup 69.65.45.16
returns  ip-69.65.45.16.servernap.net

So the web host is not operating their own web server.  They syntax of
the reverse DNS lookup indicates it is someone's home PC but it could be
a web site hosted at servernap.net.

So just from where did you download the .rar file?  Are you trying to
get a cracked version of software?  Is this some software you're trying
to get for free using trailpay or similar scheme?

I suspect there's more to the story than you "just came across" an
encrypted .rar file.  Obviously if there were reasons to encrypt a file
then it would be stupid to include the decryption key within the .rar
file.  That is like taping your house key to your door when you left.
The password or key has to be delivered via some other venue else there
would be no reason to encrypt the file.  When you send an e-mail to
someone that has an attachment which is an encrypted file, do you give
the password within the body of that same e-mail?

Re: "Download Password Here"....

(PeteCresswell) wrote :
Quoted text here. Click to load it

There's an e-mail address if you want help.

dmca at shortz.so



Re: "Download Password Here"....

wrote:

Quoted text here. Click to load it

    Only download torrents from trusted sources, and read the
comments first. Password protected content is banned on all serious
torrent sites.
    It's usually a scam to get your financial details. The rest
they get when you use the password and open the keylogger/trojan  you
downloaded.
    []'s
--  
Don't be evil - Google 2004
We have a new policy  - Google 2012

Re: "Download Password Here"....

Per Shadow:
Quoted text here. Click to load it

Points taken.

Thanks.    

I was hoping to hear the part about password-protected content being
banned - and the keylogger/trojan scenario was high on my list... but
that was just my inner paranoid talking and I did not really know
anything.

--  
Pete Cresswell

Re: "Download Password Here"....

(PeteCresswell) formulated on Monday :
Quoted text here. Click to load it

I suffered no noticeable ill effects from the visit, there was no  
attempt to keep me on the page.



Re: "Download Password Here"....


Quoted text here. Click to load it

Link not clicked!   :)

--  
Jax        

Re: "Download Password Here"....

Jax explained :
Quoted text here. Click to load it

Chicken!



Re: "Download Password Here"....

El lunes, 2 de marzo de 2015, 0:16:19 (UTC-3), (PeteCresswell)  escribió:
Quoted text here. Click to load it
  ARAR
  Suerte


Re: "Download Password Here"....

On Monday, March 2, 2015 at 11:16:19 AM UTC+8, (PeteCresswell) wrote:
Quoted text here. Click to load it

polis evo


Re: "Download Password Here"....

On Monday, March 2, 2015 at 8:46:19 AM UTC+5:30, (PeteCresswell) wrote:
Quoted text here. Click to load it

find the password is http://goo.gl/wXcjcN


Re: "Download Password Here"....

On Monday, March 2, 2015 at 8:46:19 AM UTC+5:30, (PeteCresswell) wrote:
Quoted text here. Click to load it

please send the passwords  

Re: "Download Password Here"....

El domingo, 1 de marzo de 2015, 20:16:19 (UTC-7), (PeteCresswell)  escribi
ó:
Quoted text here. Click to load it



El domingo, 1 de marzo de 2015, 20:16:19 (UTC-7), (PeteCresswell)  escribi
ó:
Quoted text here. Click to load it



El domingo, 1 de marzo de 2015, 20:16:19 (UTC-7), (PeteCresswell)  escribi
ó:
Quoted text here. Click to load it



El domingo, 1 de marzo de 2015, 20:16:19 (UTC-7), (PeteCresswell)  escribi
ó:
Quoted text here. Click to load it



El domingo, 1 de marzo de 2015, 20:16:19 (UTC-7), (PeteCresswell)  escribi
ó:
Quoted text here. Click to load it



El domingo, 1 de marzo de 2015, 20:16:19 (UTC-7), (PeteCresswell)  escribi
ó:
Quoted text here. Click to load it

Re: "Download Password Here"....

On Monday, March 2, 2015 at 8:46:19 AM UTC+5:30, (PeteCresswell) wrote:
Quoted text here. Click to load it


Re: "Download Password Here"....

On Monday, March 2, 2015 at 8:16:19 AM UTC+5, (PeteCresswell) wrote:
Quoted text here. Click to load it

then how can i download password?

Re: "Download Password Here"....

On Sun, 24 Jul 2016 18:25:27 -0700 (PDT), twinbros73@gmail.com wrote:

Quoted text here. Click to load it

You CAN'T, dumbass.  There IS no password.
It's a SCAM to get hits on a website,  
AND to get you to run his malware!!!






Re: "Download Password Here"....

On Monday, March 2, 2015 at 8:46:19 AM UTC+5:30, (PeteCresswell) wrote:
Quoted text here. Click to load it


Site Timeline