Author |
Message |
Pantsface
419Eater is my life
Joined: 14 Sep 2006
Posts: 465
Location: In Your Pants!
|
Posted:
Tue Jan 23, 2007 6:17 am |
|
Interesting email i got in one of my romance baiting accounts..
Delivered-To: ******
Received: by 10.78.123.3 with SMTP id v3cs783317huc;
Mon, 22 Jan 2007 00:31:02 -0800 (PST)
Received: by 10.90.69.8 with SMTP id r8mr5859405aga.1169454662491;
Mon, 22 Jan 2007 00:31:02 -0800 (PST)
Return-Path: <[email protected]>
Received: from anti-scammers.org (am1-nat-136-12.planetsky.com [82.211.136.12])
by mx.google.com with SMTP id 26si6278190aga.2007.01.22.00.30.59;
Mon, 22 Jan 2007 00:31:02 -0800 (PST)
Received-SPF: neutral (google.com: 82.211.136.12 is neither permitted nor denied by domain of [email protected])
Message-Id: <[email protected]>
From: "AntiScam Group" <[email protected]>
To: *****
Subject: Detect your Love - About your Russian girl
Date: Sun, 21 Jan 2007 11:30:37 +0300
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0000_01C6527E.AE8904D0"
X-Priority: 5 (High)
X-MSMail-Priority: Highest
Importance: Highest
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
new ANTISCAM site
all our bases - it is about 10 million - it is scam girls
It is easy for you to check your new girl from other country.
Thanks you for attention
Edited to remove hotlink. Don't go to this site unless your security applications are up to date! - Stargate
Code: |
http://www.anti-scammers.org |
|
_________________ "TRY TO COMB YOURSELF AND BEWARE OF PEOPLE YOU DO BUSINESS WITH..." - DR TUNDE LEMO
"As an idiot who have not see money?Stupify away from me ungodly person." - Nugo
"I dream how we will sit at you at home I will
sit on your knees, you will iron my face, my legs." - Marina
Click here to support 419Eater.com
|
|
|
|
Azure Sonnet
Master Baiter
Joined: 18 Dec 2006
Posts: 123
Location: UK
|
Posted:
Tue Jan 23, 2007 6:39 am |
|
Well, that was frightening!
Visiting that site (which, incedentally, is just a collection of various anti-scam sites) meant that some sort of remote access program tried to access my machine! I'm not sure of the name, it definitely had remote access written somewhere in its name (on the popup bar at the top of the IE window - Active X maybe?). Luckily it was blocked, but it took my machine a good minute or two to stop what it was doing after I closed the window involved - I ended up unplugging the broadband cable!
An AV and spyware check has come up clean, so I am still not sure what it was, especially as I only saw the name for a fleeting second, but that site has something on it, at the least spy/adware, at worst a virus or similar. Forgive me for not double checking and revisiting the site...
My knowledge on viruses etc is a little rusty, so some of what I'm saying might not be accurate, but I still want to warn anyone who is thinking of clicking on the link to BE CAREFUL! |
_________________ ...you have kept me under expectation by giving a slap of love and i can't hold myself... you have fastinated my love... You are sweat. i want to parade my love with you - Karmin Buhahi, my first *sigh* |
|
|
|
orientfan
Not quite a Newb
Joined: 25 Nov 2006
Posts: 74
Location: The pinnacle of cynical
|
Posted:
Tue Jan 23, 2007 7:14 am |
|
A S,
Just been on there and it looks clean.
OF |
_________________ You are a creature of the white devil - Barrister George |
|
|
|
oopsme
Master Baiter
Joined: 02 Jan 2006
Posts: 114
Location: Wiscon-Sin
|
Posted:
Tue Jan 23, 2007 4:50 pm |
|
My system acted strange when going to this site. I didnt get any warning but my system slowed to a crawl until I was able to leave. |
_________________ I only do what the voices in my head tell me to!
"The only two things you can truly depend upon are gravity and greed." by the late Jack Palance
Support Gun Control! Hit your target with your 1st shot!
Are you looking up my dress again? |
|
|
|
Pantsface
419Eater is my life
Joined: 14 Sep 2006
Posts: 465
Location: In Your Pants!
|
Posted:
Tue Jan 23, 2007 7:40 pm |
|
yeah, its strange. doesnt seem to be the usual "scam warning" people get sometimes. |
_________________ "TRY TO COMB YOURSELF AND BEWARE OF PEOPLE YOU DO BUSINESS WITH..." - DR TUNDE LEMO
"As an idiot who have not see money?Stupify away from me ungodly person." - Nugo
"I dream how we will sit at you at home I will
sit on your knees, you will iron my face, my legs." - Marina
Click here to support 419Eater.com
|
|
|
|
harrya
Elite Baiter
Joined: 23 Jul 2006
Posts: 1489
Location: Not Happy
|
Posted:
Wed Jan 24, 2007 2:49 am |
|
I had this one too but didn't have any probs. However I'm behind a router. Are any of you that saw problems connected directly to the net.
ie modem only.
Since this came in as spam anyway that should be enogh to raise a red flag. |
_________________
|
|
|
|
Azure Sonnet
Master Baiter
Joined: 18 Dec 2006
Posts: 123
Location: UK
|
Posted:
Wed Jan 24, 2007 3:46 am |
|
Yup, I'm behind a router.
Revisiting the site makes a warning popup (I use IE) mentioning that the site wants to run the Active X add on "Microsoft Data Access - Remote Data Services Dat...". There was a ton of activity on my pc and the net reeeeaally slowed down when the site was first accessed, and all of my windows froze for a good ten or fifteen seconds. I have carried out a virus and spy/adware check and nothing iffy seems to have got through. |
_________________ ...you have kept me under expectation by giving a slap of love and i can't hold myself... you have fastinated my love... You are sweat. i want to parade my love with you - Karmin Buhahi, my first *sigh* |
|
|
|
harrya
Elite Baiter
Joined: 23 Jul 2006
Posts: 1489
Location: Not Happy
|
Posted:
Wed Jan 24, 2007 4:39 am |
|
Think I'll just stay clear away from there |
_________________
|
|
|
|
Lpico
Master Baiter
Joined: 16 Nov 2006
Posts: 161
Location: coonztowne
|
Posted:
Wed Jan 24, 2007 4:48 am |
|
No way I'm clickin' on that biz. Thanks for the warning, AS. |
_________________ also for me to continue my education because i am just here surfing doing nothing. --solomon johnson
so i have decided to send you this palm flirt concerning my father. --stella
|
|
|
|
Stepan Fetchit
Elite Baiter
Joined: 09 Nov 2005
Posts: 1977
Location: Anywhere but squaresville, man
|
Posted:
Wed Jan 24, 2007 4:09 pm |
|
dudes, there's planetsky in the headers, and the 'who is' for the domain points to Russia.
I'm guessing this is some sort of evil thing operated by the scammers, or scammer friendly types.
somebody smarter look at this please?
keep away though. can't be good |
_________________ <center> <b>
<A href="http://www.dragonladies.org/bbs">Dragonladies.org</a> |
|
|
|
orientfan
Not quite a Newb
Joined: 25 Nov 2006
Posts: 74
Location: The pinnacle of cynical
|
Posted:
Wed Jan 24, 2007 4:18 pm |
|
@Azure Sonnet,
The HTML was created in MS Word so the activity that you see is related to your PC having to load tons of Office DLLs in the background to display it.
The HTML looks fine, can see nothing dodgy being done in there. |
_________________ You are a creature of the white devil - Barrister George |
|
|
|
Stepan Fetchit
Elite Baiter
Joined: 09 Nov 2005
Posts: 1977
Location: Anywhere but squaresville, man
|
Posted:
Wed Jan 24, 2007 6:00 pm |
|
I see enough suspicious stuff to suggest a mod remove the link to the site which at the least, has nothing of value on it. |
_________________ <center> <b>
<A href="http://www.dragonladies.org/bbs">Dragonladies.org</a> |
|
|
|
Stargate
Baiting Guru
Joined: 08 Feb 2005
Posts: 2301
|
Posted:
Wed Jan 24, 2007 8:49 pm |
|
The only value is that this is visible to other members, and hopefully, they won't click on the link somewhere else. |
_________________ x20 |
|
|
|
Dareth Ioggmao
Master Baiter
Joined: 18 Dec 2006
Posts: 171
Location: Somewhere In Time
|
Posted:
Wed Jan 24, 2007 9:56 pm |
|
If you're going to access it, us a non-Microsoft OS and use a "throwaway" computer with a clean install. I've got an old Sun 10 Ultra running Solaris 10 that I use for things like this. If it even attacks the comp, I can reinstall the OS without any worries, as there is nothing on there anyway. I've also got a dedicated PC set up for my baiting. It doesn't link to any of my other PCs and it has no personal info on it whatsoever. (Well, except my baiter info. ). |
_________________ " I anticipate your unalloyed co-operation" - Gabriel Zigamur
"If i do not hear from you by then..I would have to do what i have to do..cos nobody runs away with my money.." - James Weir |
|
|
|
wayne
Account closed at users request
Joined: 05 Dec 2005
Posts: 3630
|
Posted:
Thu Jan 25, 2007 1:48 pm |
|
In addition to what Stepan's said, hee's some more info on it
Domain ID:D137792790-LROR
Domain Name:ANTI-SCAMMERS.ORG
Created On:20-Jan-2007 19:55:18 UTC
Last Updated On:20-Jan-2007 19:55:23 UTC
Expiration Date:20-Jan-2008 19:55:18 UTC
1 year registrations are an extra cause for concern if you think a site's dodgy. |
_________________ x56 |
|
|
|
Redneck_Bob
Not quite a Newb
Joined: 07 Jan 2007
Posts: 36
Location: Moron City
|
Posted:
Sun Jan 28, 2007 5:54 am |
|
@ Dareth...What an awesome Idea about the dedicated PC for baiting...I've got an older one that is in disuse...what a great use for it! Thanks! |
_________________ The said fund is on a dormat account waiting for transfer .........Peter James
Roosevelt said walk soft and carry a big stick...Baiters say carry a big stick, and use it OFTEN on your lads! |
|
|
|
Grundig
Not quite a Newb
Joined: 14 Feb 2005
Posts: 63
Location: Ministry USA
|
Posted:
Sun Jan 28, 2007 11:53 pm |
|
seem,to be an attempt at a "BOT" scheme,,,,,Goggle the "Honeypot Project".It,ll explain it in more detail.... |
_________________ It is becose of you,I have lost my car and house
I have Invested 28,000 Dollors you have sent none
Barrister ekwuoba chambers |
|
|
|
somejerk
Master Baiter
Joined: 12 Dec 2006
Posts: 104
Location: Between my computer and chair
|
Posted:
Mon Jan 29, 2007 5:38 pm |
|
I looked it up on a school mac with no problems. It's a poorly formatted list of links to legit Russian dating scam blacklists, anti-scam tips, and at least one baiter site. |
|
|
|
|
Rusgirl
Not quite a Newb
Joined: 01 Nov 2006
Posts: 26
Location: Pindosia
|
Posted:
Tue Jan 30, 2007 9:38 am |
|
Stepan is right.
82.211.136.12 is the IP of Mari El scammers. Whenever you see this IP, it means Mari El = scam. This site was created by scammers. I get quite a few of these "promotions", I am on their corporate mailing list. I have to dig through my mailboxes, as I have many. But I got smth like that, too.
Their other "creation" used to be http://detectiveclub.ru , but it was blocked by the webhost |
|
|
|
|
Dareth Ioggmao
Master Baiter
Joined: 18 Dec 2006
Posts: 171
Location: Somewhere In Time
|
Posted:
Tue Jan 30, 2007 7:13 pm |
|
@Redneck_Bob
YW. I originally did it so that I could keep the gmail account separate, along with all the pics that I didn't want anyone else to see. It's also good since I can reformat and not lose any of my valuable data, should something go awry. You can either get a cheap KVM switch, or Google "VNC" for a free alternative to display the screen from one pc on another one. I have to do some rewiring in my basement, but I plan to move the pc to another room and access it that way. Then you are only limited by the number of ports on your router or hub/switch. (24-port ones are pretty cheap second hand.) |
_________________ " I anticipate your unalloyed co-operation" - Gabriel Zigamur
"If i do not hear from you by then..I would have to do what i have to do..cos nobody runs away with my money.." - James Weir |
|
|
|
|