SmartFeedSmartFeed          

Porsche Hangout


WELCOME - YOU ARE CURRENTLY VIEWING 419EATER AS A GUEST

By joining our community you will have the ability to post topics and access other forums reserved for members. Registration is quick, simple and absolutely free. Join our community today by clicking here.

ScamWarners.com - Internet Anti-Fraud Center - now open!


 Wizls and other strange links

View next topic
View previous topic
 
Post new topicReply to topic
Author Message
Phil Yerboots
Elite Baiter


Joined: 29 Oct 2009
Posts: 1342
Location: Back in Asena's sandbox


PostPosted: Sat Jul 02, 2011 9:25 am Reply with quoteBack to top

A scammer decided he didn't want any part of my plan and the bait fizzled out after a couple of weeks. Then my catcher account started getting things like these.
[I've removed either the www or the http:// on the links so no-one presses inadvertently.

pauline13.de/tmp/templates_c/game.html
berdan.com/wizl.html
cumontitz.com/wizl.html

Needless to say I haven't clicked them but anyone know what they are and what they're designed to do? Apparently a wizl is a bit like a zip file so I presume they are malware. Bin, report, warn? What if anything do I do with this crap?

Also the headers reveal some of the other people these have been sent to.

Delivered-To: XXXXXX@googlemail.com
Received: by 10.142.250.41 with SMTP id x41cs94470wfh;
Mon, 27 Jun 2011 04:12:36 -0700 (PDT)
Received: by 10.223.14.11 with SMTP id e11mr4098190faa.131.1309173152249;
Mon, 27 Jun 2011 04:12:32 -0700 (PDT)
Return-Path: <crystabelldonkor@yahoo.com>
Received: from nm25-vm0.bullet.mail.sp2.yahoo.com (nm25-vm0.bullet.mail.sp2.yahoo.com [98.139.91.228])
by mx.google.com with SMTP id j15si6712913fah.107.2011.06.27.04.12.29;
Mon, 27 Jun 2011 04:12:32 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of crystabelldonkor@yahoo.com designates 98.139.91.228 as permitted sender) client-ip=98.139.91.228;
Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of crystabelldonkor@yahoo.com designates 98.139.91.228 as permitted sender) smtp.mail=crystabelldonkor@yahoo.com; dkim=pass (test mode) header.i=@yahoo.com
Received: from [98.139.91.70] by nm25.bullet.mail.sp2.yahoo.com with NNFMP; 27 Jun 2011 11:12:29 -0000
Received: from [98.139.91.37] by tm10.bullet.mail.sp2.yahoo.com with NNFMP; 27 Jun 2011 11:12:29 -0000
Received: from [127.0.0.1] by omp1037.mail.sp2.yahoo.com with NNFMP; 27 Jun 2011 11:12:29 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 146602.76149.bm@omp1037.mail.sp2.yahoo.com
Received: (qmail 18928 invoked by uid 60001); 27 Jun 2011 11:12:28 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1309173148; bh=rm26CNDmRxC6J/Iv//vmn2JBYbFh+444d8IakmXcKfs=; h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:To:MIME-Version:Content-Type; b=Yz6oSSKBEfW47pFf89brZfO+kjddo3Yy1dwi2bBFU/fe25rYZNKkE08ac+Lhl0s1+waojdNW+bFNV2aNXVObhv9sCbxJmmOaRtOOvEhxGtGoypdK6DNWWNB0elUUKfF//Utks5j0NfeBYhYsa9mgH83tcIjKI+aHhIgZd+jxUrw=
DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.com;
h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:To:MIME-Version:Content-Type;
b=oTVFWY8RiVpflyOLfmsmSJh8EQSIGFR9gtyfJgL+mamAkK87gaxkZvTPyX5oY65zZqBi+BXvWy8RBjKEJmKfVtrXxP4z27Rq3WiEfmYWPxxhIkBYgSuVHy5LKINHbZLDovpFf/sLGX82xholLLgOR8xhWmbbMfiS9KdT4bJ0zTo=;
X-YMail-OSG: s6w7TQgVM1mge7.x2foNEQTy1Sl6GFMv7rRMxndmwSpxO1z
b693dored84AA78SGzGbQYxA7do5DuLw3XTaPtKUjCFHojDU2l7T8RByLVc7
z1b6cPz4RLHTaBotA9fZjP4i87YBrvEFISuBev5NJn51n8KmSorXAUsXxtxl
.yoFjBdYuDBn8XZax.F3E_9kziaYFmAmx1DabjhDmMdvAyK46_L52c32a2hd
6jP759CancBUGrEIg0mZcbNLNI0rZKfnQTs.5Y16K2Fjm.I7XkUalpWyntT.
SI9DzroLsW6kAIlDgbRcfaeVj8wsKNtLuqxSnqenpRw9oKSpvvR4ZEVV7V.e
oQ2ZmYMdTH5i6G1KTAJDj68xR8prP0oZ2F5KzVBRtmo1GOwpI03Uvhsw-
Received: from [79.113.190.189] by web114009.mail.gq1.yahoo.com via HTTP; Mon, 27 Jun 2011 04:12:28 PDT
X-Mailer: YahooMailWebService/0.8.112.307740
Message-ID: <1309173148.15225.YahooMailMobile@web114009.mail.gq1.yahoo.com>
Date: Mon, 27 Jun 2011 04:12:28 -0700 (PDT)
From: crystabell donkor <crystabelldonkor@yahoo.com>
To: bounce@ukafro.com, jakekirk90@yahoo.com, kimoshack@ya.com,
wajid_saad2000@yahoo.com, budnumber1971@yahoo.co.uk, cent292@yahoo.com, jackbylsma@gmail.com, andymcg1974@yahoo.com
MIME-Version: 1.0

_________________
Closed lad accounts Sand Timer Safari Ibadan-Abidjan-Bouake (with Dr Mike & The Monsignor) "i sleep in the park again and am scaring" Ebay Tattoo (with SheepFishing)
Todger Club (Class of 2013)
"I want your head on a platter between my slapping breast-buds." Doughnut
"You are sick and need medical attention. I just realised." Pee
View user's profileSend private message
Display posts from previous:      
Post new topicReply to topic


 Jump to:   



View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



E-Mail Header Analysis


All Content © 2003 - 419Eater.com
Powered by phpBB © 2001, 2002 phpBB Group :S5: FI Theme :: All times are GMT