Full Disclosure mailing list archives

RE: [inbox] Is this a paypal scam?


From: "Dolinar, Jon" <Jon.Dolinar () tri-c edu>
Date: Thu, 18 Mar 2004 16:08:39 -0500

 
Actually a WHOIS of the address returns a site in China so unless Paypal
was outsourced I would guess a scam.

If you want to see what the page is telnet to port 80 and do a GET
/verify.html it is a javascript from the site but using graphics and
links from paypal.com

An invalid get returns the server: Apache/1.3.14 Server at net2M.dsd.cc
Port 80

inetnum:      218.62.0.0 - 218.62.127.255
netname:      CNCGROUP-JL
country:      CN
descr:        CNCGROUP jilin province network
admin-c:      CH444-AP
tech-c:       WT92-AP
status:       ALLOCATED NON-PORTABLE
changed:      abuse () cnc-noc net 20031016
mnt-by:       APNIC-HM
mnt-lower:    MAINT-CNCGROUP-JL
changed:      hm-changed () apnic net 20040301
source:       APNIC

person:       CNCGroup Hostmaster
nic-hdl:      CH444-AP
e-mail:       abuse () cnc-noc net
address:      No.156,Fu-Xing-Men-Nei Street,
address:      Beijing,100031,P.R.China
phone:        +86-10-82990775
fax-no:       +86-10-82990885
country:      CN
changed:      abuse () cnc-noc net 20031027
mnt-by:       MAINT-CNCGROUP
source:       APNIC

person:       Wang Tiegang
nic-hdl:      WT92-AP
e-mail:       wtg () mail jl cn
address:      96,JieFang Road ChangChun 130021 China.
phone:        +86-431-8925217
fax-no:       +86-431-8925190
country:      CN
changed:      wtg () mail jl cn 20030117
mnt-by:       MAINT-CNCGROUP-JL
source:       APNIC

-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of Curt Purdy
Sent: Thursday, March 18, 2004 1:21 PM
To: jschmidt () buhler com; full-disclosure () lists netsys com
Subject: RE: [inbox] [Full-disclosure] Is this a paypal scam?

jschmidt () buhler com wrote:
http://218.62.43.30/verify.html

Signed up for paypal 2 weeks ago, and then this came in the mail as a 
link in a paypal looking html email asking me to confirm by entering 
my credit card/account info.

Be cluefull:

1) Don't ever click a link with an ip address.
2) Don't ever put your cc info into any site you did not directly go to
and trust.
3) nslookup 218.62.43.30 - Non-existent domain
   nslookup paypal.com - 64.4.241.16

Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA Information Security Engineer
DP Solutions

----------------------------------------

If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- White House cybersecurity adviser Richard Clarke

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Current thread: