Author |
Message |
dogsbum
NN's whore
Joined: 08 Jan 2010
Posts: 381
Location: under my desk - licking my balls
|
Posted:
Wed Mar 17, 2010 11:42 pm |
|
Hey all
One of my lads got clever and sent a reply with hidden code (link).
I was tired and clicked without thinking ...
This was in it ... DO NOT CLICK LINK - DO NOT CLICK LINK
Code: |
http://fr.mc249.mail.yahoo.com/mc/showMessage?fid=Sent&sort=date&order=down&startMid=0&filterBy=&.rand=211591725&midIndex=2&mid=1_18266_AIhuUtQAAV4%2BS5%2FuewMlwC6wqCw&enc=auto&cmd=msg.scan&pid=2&tnef=&fn=SWEETGIRL.JPG |
It opened up a browser tab with my yahoo mail account ... which sucks.
What does the code do and is my account about to be hijacked? |
_________________ DogsBum
<a href="/forum/donate.php">[Make a lad cry today and God will reward you.]</a>
* Help Keep Eater Running - Click here to donate
Zombie or Steward (real) returns - you decide.
Steward is a Delete sensitive material regarding identity - Steward
Exproba tuos pusiones saepe et quam saevissime!
(Slap lads often and as hard as possible!!)
Miseria et tardum letium omnibus factoribus doli!
(Woe and a slow death to all scammer lads!)
(Thanks Otterfan for the Latin) |
|
|
|
Fowan Nyne
Baiting Guru
Joined: 12 Aug 2009
Posts: 3720
Location: Miniluv
|
Posted:
Thu Mar 18, 2010 12:27 am |
|
The giveaway is "fr.mc249.mail.yahoo.com"
Generally, the first part of the address (before the slash) is the legit side.
I don't think that this address belongs to Yahoo.
If you didn't login, you'll be fine. If you did, I suggest cleaning up and changing any passwords that might be associated with this account.
Your mentor (having the experience that she does) will, I'm sure, be able to advise on this. |
_________________
I can't wait for 'Eater Easter!
Find out about Rental Scams
"Note I am very weak by straight"
"Did you want to cheat me or play on my intelligent?"
"All necessary preparation for the movement of the stool are in the pipe line" - Stan "the man" Agbley
Click here to see a proper scam
|
|
|
|
dogsbum
NN's whore
Joined: 08 Jan 2010
Posts: 381
Location: under my desk - licking my balls
|
Posted:
Thu Mar 18, 2010 12:32 am |
|
^^^ Thanks 419 ...
And there is the rub. I was logged in ... and it did pull up my yahoo mail.
But I can't see anything that was sent ... which sorta might be good.
If the hack effort (which is what I believe it is) opened my email account then
they *maybe* can reset my password and lock me out entirely.
Or email everyone in the contact list ... not a desperate loss since most are lads anyhoo.
We hear about this sort of thing from victims all the time. OMFG ... I am a victim
Grrrrr ... oh this cow so has got to die! I feel a mass bait in the making .. |
_________________ DogsBum
<a href="/forum/donate.php">[Make a lad cry today and God will reward you.]</a>
* Help Keep Eater Running - Click here to donate
Zombie or Steward (real) returns - you decide.
Steward is a Delete sensitive material regarding identity - Steward
Exproba tuos pusiones saepe et quam saevissime!
(Slap lads often and as hard as possible!!)
Miseria et tardum letium omnibus factoribus doli!
(Woe and a slow death to all scammer lads!)
(Thanks Otterfan for the Latin) |
|
|
|
bobdemol
Baiting Guru
Joined: 30 Dec 2008
Posts: 2212
Location: Belgium
|
Posted:
Thu Mar 18, 2010 12:33 am |
|
I don't think you need to worry. I checked the link and I was offered Ymail login page. When I logged in with one of my accounts I got a screen saying that the message cannot be found.
The code refers to an image file in JPG format. |
_________________ yOU WICKED AND EVIL MAN,PERISH TO HELL WHERE YOU BELONG - Obinna
You have made me get to take my drugs. -Claude Dominique after ticking over 1000 boxes-
FOR THE LAST TIME DONT EVER SENT ME EMTY SLIP AGAIN -Barrister Mustapha-
why must you act like childish game. -Eng Uzeze-
why are u so stupid and fullish like that go to hall. u idiot - Topman Stephen
LOOK AM SICK AND TYRED WITH ALL THIS TAMBAMBLING OF YOUR. -Barr. Bulunga-
Linos: Togo-Benin Mike Obidi: Onitsha-Lagos-Accra (1800KM/1120Miles)
Felix: Accra-Lomé (x3)
Pic of a beer drinking goat |
|
|
|
Technomancer
Master of Master Baiters
Joined: 08 Dec 2009
Posts: 671
Location: Sailing the infinite sea of the Net
|
Posted:
Thu Mar 18, 2010 1:02 am |
|
Hmm, a tech-savvy lad?
I've been hoping to run into one of them at some point. My technomantic skills are pretty much wasted on the average lad |
_________________ ***************
* TechnomanceR *
***************
-------------------------------------------------------
I went to the Mr Biggs' drive-in... And all I got was this lousy Easter Egg with fries!
x1 |
|
|
|
dogsbum
NN's whore
Joined: 08 Jan 2010
Posts: 381
Location: under my desk - licking my balls
|
Posted:
Thu Mar 18, 2010 1:39 am |
|
^^^ Hey Technomancer ... burn this fucker please
This insult upon the Eater community must not go unanswered.
@ bobdemol ... thanks dude. I really really really loath techno-lads. Really.
I think we should get him to milk bulls ... lots of bulls.
Header FYI wrote: |
Delivered-To: [email protected]
Received: by 10.231.172.213 with SMTP id m21cs319851ibz;
Wed, 17 Mar 2010 09:49:50 -0700 (PDT)
Received: by 10.142.210.18 with SMTP id i18mr571310wfg.179.1268844586938;
Wed, 17 Mar 2010 09:49:46 -0700 (PDT)
Return-Path: <[email protected]>
Received: from n22.bullet.mail.ukl.yahoo.com (n22.bullet.mail.ukl.yahoo.com [87.248.110.139])
by mx.google.com with SMTP id 7si11846211pzk.104.2010.03.17.09.49.45;
Wed, 17 Mar 2010 09:49:45 -0700 (PDT)
Received-SPF: pass (google.com: domain of [email protected] designates 87.248.110.139 as permitted sender) client-ip=87.248.110.139;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of [email protected] designates 87.248.110.139 as permitted sender) [email protected]; dkim=pass (test mode) [email protected]
Received: from [217.146.182.180] by n22.bullet.mail.ukl.yahoo.com with NNFMP; 17 Mar 2010 16:49:43 -0000
Received: from [87.248.110.203] by t6.bullet.ukl.yahoo.com with NNFMP; 17 Mar 2010 16:49:43 -0000
Received: from [127.0.0.1] by omp233.mail.ukl.yahoo.com with NNFMP; 17 Mar 2010 16:49:43 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: [email protected]
Received: (qmail 78073 invoked by uid 60001); 17 Mar 2010 16:49:43 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1268844583; bh=EiUhMmR1EVX5lbQ6CyFnd9nE6dB/r8lxQ8/YEsC3X/8=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type;
DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.com;
h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type;
Message-ID: <[email protected]>
X-YMail-OSG: tH0kUTgVM1kNQQdy2H6OiDsJ55XyHodTb9UqIu38IhnK06V
GVfL1M.iCv_XRiDXnOtlh2E_.kMpqCw1hdwf_tlmYpgqsY0EDaW4hDLSRefQ
AX.GQuabDAePqzJRCU3MB5iggp7_xVJAwj9SeApfcnfOaVc.XSuTLeRNVr8.
6
JcvrfPErGeM6lMX43Lllm2Uaa1RryGuZTQV59XcQ-
Received: from [41.208.135.99] by web24908.mail.ird.yahoo.com via HTTP; Wed, 17 Mar 2010 09:49:43 PDT
X-Mailer: YahooMailClassic/10.0.8 YahooMailWebService/0.8.100.260964
Date: Wed, 17 Mar 2010 09:49:43 -0700 (PDT)
From: Morine Ogwo <[email protected]>
Subject: I HOPE TO HERE FROM YOU
To: Ima Hunt <[email protected]>
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-1585706-1268844583=:77846"
--0-1585706-1268844583=:77846
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable |
Code: |
SWEETGIRL.JPG=0A =20
My Dear
I am more than happy in your reply to my mail
How is=0Ayour day?. Mine is a bit colder here in Dakar Senegal..My I Ogwo M=
orin=0Aname is 23 years of Sudan, in Africa, 5.11ft tall, Fair in complexio=
n,=0A(never married before) and am currently residing in the refugee camp h=
ere in Dakar as a result of the administration
=0Awar in country.My my late father was Dr. Ogwo management
Ogwo=0Adirector and Associates (Ltd), and was the personal advice to the=0A=
former head of state before the rebels attacked our house one early=0Amorni=
ng and killed
=0Amy mother and father in cold blood.It only now that I was alive and mana=
ged to make my way to a near by country Senegal, where I am now living in a=
refugee
=0Acamp, and this team is owned by a revrend that is incharge of a church h=
ere in the camp.
I=0Awould like to know more about you.Your likes and dislikes, your hobbies=
=0Aand what you are doing presently..I will tell you more about myself in=
=0Amy next mail.
=0AAttached here is my picture.
Waiting to hear from you as soon as possible
Morine
--- En date de=A0: Mer 17.3.10, Ima Hunt <[email protected]> a =E9crit=A0:
De: Ima Hunt <[email protected]>
Objet: Re: HELLO
=C0: "Morine Ogwo" <[email protected]>
Date: Mercredi 17 mars 2010, 8h30
Hi Morine
Odd that you did not include any pics with your email.
I like both men and women.
What next?
Ima
On 15 March 2010 06:06, Morine Ogwo <[email protected]> wrote:
=0A=0A
My name is Morine ogwo I am a girl, I saw your profile www.=A0 in here and =
my spirite ask me to contact you about this important issue so please, I wo=
uld like you to send me mail here ([email protected]), so that i will t=
ell you about the important issue and also give you my sweet picture. I am =
waiting for your urgent and immediate reply thank you
=0Amorine ogwo
=0A=0A=0A=0A=0A =20
=0A=0A=0A=0A
--0-1585706-1268844583=:77846
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
<table cellspacing=3D"0" cellpadding=3D"0" border=3D"0" ><tr><td valign=3D"=
top" style=3D"font: inherit;"><div class=3D"row"><ul class=3D"tmbnails clea=
rfix"><li class=3D"img"><a class=3D"imgname" href=3D"http://fr.mc249.mail.y=
ahoo.com/mc/showMessage?fid=3DSent&sort=3Ddate&order=3Ddown&sta=
rtMid=3D0&filterBy=3D&.rand=3D211591725&midIndex=3D2&mid=3D=
1_18266_AIhuUtQAAV4%2BS5%2FuewMlwC6wqCw&enc=3Dauto&cmd=3Dmsg.scan&a=
mp;pid=3D2&tnef=3D&fn=3DSWEETGIRL.JPG" title=3D"SWEETGIRL.JPG"><img=
alt=3D"SWEETGIRL.JPG" src=3D"http://thumbp2.mail.vip.ird.yahoo.com/tn?sid=
=3D69805794405104698amp;fid=3DSent">SWEETGIRL.JPG</a></l=
i></ul></div>=0A <br>My Dear<br>I am more than happy in your=
reply to my mail<br>How is=0Ayour day?. Mine is a bit colder here in Dakar=
Senegal..My I Ogwo Morin=0Aname is 23 years of Sudan, in Africa, 5.11ft ta=
ll, Fair in complexion,=0A(never married before) and am currently residing =
in the <span><span><span><span style=3D"background: transparent none repeat=
scroll 0% 0%; -moz-background-clip: border; -moz-background-origin: paddin=
g; -moz-background-inline-policy: continuous;">refugee camp</span></span></=
span></span> here in <span><span><span><span>Dakar</span></span></span></sp=
an> as a result of the administration<br>=0Awar in country.My my late fathe=
r was Dr. Ogwo management<br>Ogwo=0Adirector and Associates (Ltd), and was =
the personal advice to the=0Aformer head of state before the rebels attacke=
d our house one early=0Amorning and killed<br>=0Amy mother and father in co=
ld blood.It only now that I was alive and managed to make my way to a near =
by country <span><span><span style=3D"background: transparent none repeat s=
croll 0% 0%; -moz-background-clip: border; -moz-background-origin: padding;=
-moz-background-inline-policy: continuous;"><span>Senegal</span></span></s=
pan></span>, where I am now living in a <span><span><span><span style=3D"ba=
ckground: transparent none repeat scroll 0% 0%; -moz-background-clip: borde=
r; -moz-background-origin: padding; -moz-background-inline-policy: continuo=
us;">refugee<br>=0Acamp</span></span></span></span>, and this team is owned=
by a revrend that is incharge of a church here in the camp.<br>I=0Awould l=
ike to know more about you.Your likes and dislikes, your hobbies=0Aand what=
you are doing presently..I will tell you more about myself in=0Amy next ma=
il.<br>=0AAttached here is my picture.<br>Waiting to hear from you as soon =
as possible<br>Morine<br><br><br>--- En date de : <b>Mer 17.3.10, Ima =
Hunt <i><[email protected]></i></b> a =E9crit :<br><blockquote =
style=3D"border-left: 2px solid rgb(16, 16, 255); margin-left: 5px; padding=
-left: 5px;"><br>De: Ima Hunt <[email protected]><br>Objet: Re: HELL=
O<br>=C0: "Morine Ogwo" <[email protected]><br>Date: Mercredi 17 =
mars 2010, 8h30<br><br><div id=3D"yiv1511167597">Hi Morine<br><br>Odd that =
you did not include any pics with your email.<br><br>I like both men and wo=
men.<br><br>What next?<br><br>Ima<br><br><div class=3D"gmail_quote">On 15 M=
arch 2010 06:06, Morine Ogwo <span dir=3D"ltr"><<a rel=3D"nofollow" ymai=
lto=3D"mailto:[email protected]" target=3D"_blank" href=3D"/mc/compose?=
[email protected]">[email protected]</a>></span> wrote:<br>=
=0A<blockquote class=3D"gmail_quote" style=3D"border-left: 1px solid rgb(20=
4, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><table border=
=3D"0" cellpadding=3D"0" cellspacing=3D"0"><tbody><tr><td style=3D"font-fam=
ily: inherit; font-style: inherit; font-variant: inherit; font-weight: inhe=
rit; font-size: inherit; line-height: inherit; font-size-adjust: inherit; f=
ont-stretch: inherit;" valign=3D"top">=0A<br>My name is Morine ogwo I am a =
girl, I saw your profile www. in here and my spirite ask me to contac=
t you about this important issue so please, I would like you to send me mai=
l here (<a rel=3D"nofollow" ymailto=3D"mailto:[email protected]" target=
=3D"_blank" href=3D"/mc/[email protected]">morine.ogwo@yah=
oo.com</a>), so that i will tell you about the important issue and also giv=
e you my sweet picture. I am waiting for your urgent and immediate reply th=
ank you<br>=0Amorine ogwo<br><br></td></tr></tbody></table><br>=0A=0A=0A=0A=
=0A </blockquote></div><br>=0A</div></blockquote></td></tr></table><br=
>=0A=0A=0A=0A=0A
--0-1585706-1268844583=:77846-- |
Damn this email has some nasty stuff ... links deactivated. Might default to read emails as text only just to be safe and sure.
BTW, Ima Hunt is the sister of Mike Hunt She likes it both ways.
The lad's IP is based in Senegal - 41.208.135.99
Email address: Morine Ogwo <[email protected]>
Avenge teddy!!
Mod edit - deleted domain key to eliminate forum blowout. - JF |
_________________ DogsBum
<a href="/forum/donate.php">[Make a lad cry today and God will reward you.]</a>
* Help Keep Eater Running - Click here to donate
Zombie or Steward (real) returns - you decide.
Steward is a Delete sensitive material regarding identity - Steward
Exproba tuos pusiones saepe et quam saevissime!
(Slap lads often and as hard as possible!!)
Miseria et tardum letium omnibus factoribus doli!
(Woe and a slow death to all scammer lads!)
(Thanks Otterfan for the Latin) |
|
|
|
Total Wipeout
Not quite a Newb
Joined: 19 Aug 2009
Posts: 78
|
Posted:
Thu Mar 18, 2010 6:54 am |
|
I had a lad try to phish my log in last week with this http://69.175.126.170/~cheryla2/likakak1/smileys5/yahoo.html
It's a fake Yahoo login, but he said my gmail details would open it up for me.
Presumably the back end logs all the username and pw login attempts. But who gets the info? The lad I was dealing with was thick as sh!te, so either it's one of his crew has created this or someone from outside is offering the service.
Someone in ladland is being very naughty! |
|
|
|
|
Bankster
Baiting Guru
Joined: 22 Jun 2007
Posts: 2239
Location: Gone for a while.
|
Posted:
Thu Mar 18, 2010 8:45 am |
|
I'd say the lad has sent you an embedded image (sweetgirl.jpg) and the link is what Yahoo Mail has made out of it. The random characters in that link identify your Yahoo session and the image file to be displayed. No need to worry. |
_________________ Whoever said you can't touch happiness has never petted a dog.
( ) x10 __ x? |
|
|
|
dogsbum
NN's whore
Joined: 08 Jan 2010
Posts: 381
Location: under my desk - licking my balls
|
Posted:
Thu Mar 18, 2010 8:59 am |
|
Thanks all
So I gather that I can remove all of the cellophane / tinfoil from my head?
Forgot this ... might be useful for context.
I read the email from within a IE 8 tab - using my my GMAIL bait account.
Yahooey mail was open in another tab but did not have focus and did not contain the nasty email.
Clicky on SWEETGIRL.JPB opened yet another tabbed instance of yahooey mail.
No warning message about the errant JPG object or anything else for that matter.
Teddy ran and hid.
See ... this is what I get for doing something so utterly unforgivably dumbass.
And now you know why I run and hide from techno-lads.
They can pinch your kidney while you sleep and you would never know. |
_________________ DogsBum
<a href="/forum/donate.php">[Make a lad cry today and God will reward you.]</a>
* Help Keep Eater Running - Click here to donate
Zombie or Steward (real) returns - you decide.
Steward is a Delete sensitive material regarding identity - Steward
Exproba tuos pusiones saepe et quam saevissime!
(Slap lads often and as hard as possible!!)
Miseria et tardum letium omnibus factoribus doli!
(Woe and a slow death to all scammer lads!)
(Thanks Otterfan for the Latin) |
|
|
|
bobdemol
Baiting Guru
Joined: 30 Dec 2008
Posts: 2212
Location: Belgium
|
Posted:
Thu Mar 18, 2010 9:20 am |
|
Quote: |
So I gather that I can remove all of the cellophane / tinfoil from my head? |
Yes but only after the weekend |
_________________ yOU WICKED AND EVIL MAN,PERISH TO HELL WHERE YOU BELONG - Obinna
You have made me get to take my drugs. -Claude Dominique after ticking over 1000 boxes-
FOR THE LAST TIME DONT EVER SENT ME EMTY SLIP AGAIN -Barrister Mustapha-
why must you act like childish game. -Eng Uzeze-
why are u so stupid and fullish like that go to hall. u idiot - Topman Stephen
LOOK AM SICK AND TYRED WITH ALL THIS TAMBAMBLING OF YOUR. -Barr. Bulunga-
Linos: Togo-Benin Mike Obidi: Onitsha-Lagos-Accra (1800KM/1120Miles)
Felix: Accra-Lomé (x3)
Pic of a beer drinking goat |
|
|
|
Bankster
Baiting Guru
Joined: 22 Jun 2007
Posts: 2239
Location: Gone for a while.
|
Posted:
Thu Mar 18, 2010 9:24 am |
|
Also, your tinfoil design may be flawed. If you just post a few pictures of you wearing it, we'll be happy to help you make it impenetrable. |
_________________ Whoever said you can't touch happiness has never petted a dog.
( ) x10 __ x? |
|
|
|
Technomancer
Master of Master Baiters
Joined: 08 Dec 2009
Posts: 671
Location: Sailing the infinite sea of the Net
|
Posted:
Thu Mar 18, 2010 9:29 am |
|
I followed that link you posted out of curiosity... And my hard drive exploded!
(hehe, just kidding ).
I got the login page too, but I think it is a Yahoo one. Possibly he's sent you an image stored on a Yahoo account that you need a login to see, but I'm not entering my password to find out, just in case.
Might try baiting him and see if he sends me the same thing... |
_________________ ***************
* TechnomanceR *
***************
-------------------------------------------------------
I went to the Mr Biggs' drive-in... And all I got was this lousy Easter Egg with fries!
x1 |
|
|
|
Come-On
Not quite a Newb
Joined: 10 Jun 2009
Posts: 39
|
Posted:
Thu Mar 18, 2010 1:24 pm |
|
bobdemol wrote: |
I don't think you need to worry. I checked the link and I was offered Ymail login page. When I logged in with one of my accounts I got a screen saying that the message cannot be found.
The code refers to an image file in JPG format. |
If you signed in to your Yahoo Mail with this log-in form you very well may have given out your email address and password. If you look at the source code you will see this > > >
<FORM name=login_form onsubmit="return hash2(this)"
action=data.php method=post
Those are "form fields" on this Yahoo log-in page. (Yahoo email address, Yahoo password) that once filled in by you, the form field input is being sent somewhere which means to someone. If I were you, I would change your password ASAP. The fact you got a screen saying the the message can't be found is part of the phishing attempt. This really is not a log-in page for Yahoo, it is a COPY of one set up to phish. Change your password! |
_________________ * Help Keep Eater Running - Click here to donate
<br>
i really really needed you but you make me feel like a big foul. you make me feel like am stupid and i have not done anything wrong. i have never seen things like this before in my life.
why did act so u are hurting me girl? belive me i love u so much ? but i dont no why u always hurt me i will make evry endevure to do this for at least to make u happy |
|
|
|
Come-On
Not quite a Newb
Joined: 10 Jun 2009
Posts: 39
|
Posted:
Thu Mar 18, 2010 1:38 pm |
|
Total Wipeout wrote: |
I had a lad try to phish my log in last week with this http://69.175.126.170/~cheryla2/likakak1/smileys5/yahoo.html
It's a fake Yahoo login, but he said my gmail details would open it up for me.
Presumably the back end logs all the username and pw login attempts. But who gets the info? The lad I was dealing with was thick as sh!te, so either it's one of his crew has created this or someone from outside is offering the service.
Someone in ladland is being very naughty! |
Someone is being VERY NAUGHTY. It may be this lad or a smarter lad getting the input but I really think someone is getting the input. As far as I can tell from the source code these form fields are live. I'm no expert so maybe someone else can take a look, but in the meantime, if anyone has used this Yahoo sign-in out of curiosity and put your REAL password in, CHANGE YOUR PASSWORD. |
_________________ * Help Keep Eater Running - Click here to donate
<br>
i really really needed you but you make me feel like a big foul. you make me feel like am stupid and i have not done anything wrong. i have never seen things like this before in my life.
why did act so u are hurting me girl? belive me i love u so much ? but i dont no why u always hurt me i will make evry endevure to do this for at least to make u happy |
|
|
|
Bankster
Baiting Guru
Joined: 22 Jun 2007
Posts: 2239
Location: Gone for a while.
|
Posted:
Thu Mar 18, 2010 2:00 pm |
|
Quote: |
If you signed in to your Yahoo Mail with this log-in form you very well may have given out your email address and password. |
You mean this link?
Code: |
http://fr.mc249.mail.yahoo.com/mc/showMessage?fid=Sent&sort=date&ord...d=2&tnef=&fn=SWEETGIRL.JPG |
This one points to a Yahoo server and thus can be assumed to be safe. If you're not currently logged into Yahoo it will redirect you to the real Yahoo login page (notice how the URL starts with https:// and check the SSL certificate).
This one
Code: |
http://69.175.126.170/~cheryla2/likakak1/smileys5/yahoo.html |
on the other hand will steal your login. |
_________________ Whoever said you can't touch happiness has never petted a dog.
( ) x10 __ x? |
|
|
|
Come-On
Not quite a Newb
Joined: 10 Jun 2009
Posts: 39
|
Posted:
Thu Mar 18, 2010 2:14 pm |
|
Quote: |
This one
Code: |
http://69.175.126.170/~cheryla2/likakak1/smileys5/yahoo.html |
on the other hand will steal your login. |
Yes, this is the link I'm referring to. |
_________________ * Help Keep Eater Running - Click here to donate
<br>
i really really needed you but you make me feel like a big foul. you make me feel like am stupid and i have not done anything wrong. i have never seen things like this before in my life.
why did act so u are hurting me girl? belive me i love u so much ? but i dont no why u always hurt me i will make evry endevure to do this for at least to make u happy |
|
|
|
Come-On
Not quite a Newb
Joined: 10 Jun 2009
Posts: 39
|
Posted:
Thu Mar 18, 2010 2:29 pm |
|
|
|
|
Bankster
Baiting Guru
Joined: 22 Jun 2007
Posts: 2239
Location: Gone for a while.
|
Posted:
Thu Mar 18, 2010 4:35 pm |
|
Well, the domain name ends in .yahoo.com in all cases, so if it's a phishing page somebody would have to have hacked Yahoo's DNS servers, redirected the domains in question to their own rogue servers and copied Yahoo's entire web environment.
An XSS (cross-site scripting) attack would require you to click on a link on a malicious web page. This is not the case here as you start out with a Yahoo page.
So in order to phish somebody's login using these links, you'd need to sit on Yahoo's servers or hijack their entire internet connection. |
_________________ Whoever said you can't touch happiness has never petted a dog.
( ) x10 __ x? |
|
|
|
Come-On
Not quite a Newb
Joined: 10 Jun 2009
Posts: 39
|
Posted:
Thu Mar 18, 2010 4:51 pm |
|
Bankster wrote: |
Well, the domain name ends in .yahoo.com in all cases, so if it's a phishing page somebody would have to have hacked Yahoo's DNS servers, redirected the domains in question to their own rogue servers and copied Yahoo's entire web environment.
An XSS (cross-site scripting) attack would require you to click on a link on a malicious web page. This is not the case here as you start out with a Yahoo page.
So in order to phish somebody's login using these links, you'd need to sit on Yahoo's servers or hijack their entire internet connection. |
That makes sense what you wrote, unless someone used the words yahoo.com as a sub-domain but if that were the case the URL would have the domain name somewhere in the link too. |
_________________ * Help Keep Eater Running - Click here to donate
<br>
i really really needed you but you make me feel like a big foul. you make me feel like am stupid and i have not done anything wrong. i have never seen things like this before in my life.
why did act so u are hurting me girl? belive me i love u so much ? but i dont no why u always hurt me i will make evry endevure to do this for at least to make u happy |
|
|
|
Bankster
Baiting Guru
Joined: 22 Jun 2007
Posts: 2239
Location: Gone for a while.
|
Posted:
Thu Mar 18, 2010 4:53 pm |
|
Quote: |
unless someone used the words yahoo.com as a sub-domain but if that were the case the URL would have the domain name somewhere in the link too. |
That, and the domain name would look like yahoo.com.cheaphosting.1337h4x0r.com.cn. |
_________________ Whoever said you can't touch happiness has never petted a dog.
( ) x10 __ x? |
|
|
|
Total Wipeout
Not quite a Newb
Joined: 19 Aug 2009
Posts: 78
|
Posted:
Thu Mar 18, 2010 6:10 pm |
|
So this sounds like quite a sophisticated phishing site. However, the dick who sent me that link was REALLY not the brightest bulb in the candelabra. How did he have access to it? He couldn't have created it. But he seems to have been given access to (or a one off use of) the results of my login attempt. That's kinda weird. I've been playing with the lads for years and never come across the potential co-operation that this sort of set up would require.....unless I'm looking at it from the wrong angle of course.
BTW if anyone is wondering, no I didn't try to log in. |
|
|
|
|
Technomancer
Master of Master Baiters
Joined: 08 Dec 2009
Posts: 671
Location: Sailing the infinite sea of the Net
|
Posted:
Thu Mar 18, 2010 7:51 pm |
|
^^^
Might have a friend who knows about such things. Or he could be part of a bigger gang with better tech support.
Either way, sounds like a definite candidate for high priority target practice...
Scammers who can pull tricks like this off can be trouble for real victims. |
_________________ ***************
* TechnomanceR *
***************
-------------------------------------------------------
I went to the Mr Biggs' drive-in... And all I got was this lousy Easter Egg with fries!
x1 |
|
|
|
Total Wipeout
Not quite a Newb
Joined: 19 Aug 2009
Posts: 78
|
Posted:
Thu Mar 18, 2010 9:02 pm |
|
^^^
Agreed, I think he needs our attention. The problem is I have no idea how I originally got contact with the fella. It could have been an ASEM or more likely he was referred to me by another lad. Either way his name is T0la Ch1ldress and if you Google his name you'll find quite a few hits (obviously the 0 and 1 should be o and i).
I think it would be a good idea to dig around with this bloke and see what's what. |
|
|
|
|
dogsbum
NN's whore
Joined: 08 Jan 2010
Posts: 381
Location: under my desk - licking my balls
|
Posted:
Thu Mar 18, 2010 9:23 pm |
|
Technomancer wrote: |
Or he could be part of a bigger gang with better tech support.
Either way, sounds like a definite candidate for high priority target practice...
Scammers who can pull tricks like this off can be trouble for real victims. |
Agreed and happy (sorta) to do a 'hunt, kill - destroy' number on techno-lads.
I think it best to do this from a Linux partition and spanky clean bait accounts though. (just my humble non tech opinion)
Hiding in plain sight is not new but it works. And I have no idea where to look for them nor what they are really after ... doubt this is really just about a scam. (China ???)
We may need a techno guru, probably a site killer ... and lubricant. Lots of lubricant.
Perhaps a copy of Debbie Does Dallas too?
To our techno baiters colleagues ... is this one safe? Serious question.
RL victims would be a whole lot more vulnerable to this form of attack than (maybe) baiters ... which suggests we go hard on the lads. Bricks mandatory. |
_________________ DogsBum
<a href="/forum/donate.php">[Make a lad cry today and God will reward you.]</a>
* Help Keep Eater Running - Click here to donate
Zombie or Steward (real) returns - you decide.
Steward is a Delete sensitive material regarding identity - Steward
Exproba tuos pusiones saepe et quam saevissime!
(Slap lads often and as hard as possible!!)
Miseria et tardum letium omnibus factoribus doli!
(Woe and a slow death to all scammer lads!)
(Thanks Otterfan for the Latin) |
|
|
|
manbiteslion
Baiting Guru
Joined: 12 Dec 2007
Posts: 4816
Location: Connecting my chair and keyboard
|
Posted:
Thu Mar 18, 2010 9:38 pm |
|
I've had a peep at the makeup of the link, and there's nothing to suggest to me you're dealing with anything but an incompetent lad. He probably copied the picture link from an email in Yahoo, without realising it was embedded and so only visible to his own account.
You clicked the link and your browser took you as close as it could - to Yahoo mail, and your browser cookie authenticated your account and took you straight in.
The link doesn't contain any hidden domains, the %2D and %2F do not URL Decode to an @, which could possibly trip up an older browser, but has been killed off for a good 5 years. (Techie bit - it was a way to pass ftp credentials to a server in a single link, and was cunningly abused, then killed)
I am pretty sure rather than a cyber-genius (who'd make more money working legit) you've got a muppet. |
_________________ Premium Wimp Convincer - Click Me! |
|
|
|
|