[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [inbox] [Full-Disclosure] Is this a paypal scam?

To: <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: RE: [inbox] [Full-Disclosure] Is this a paypal scam?
From: "Dolinar, Jon" <Jon.Dolinar@xxxxxxxxx>
Date: Thu, 18 Mar 2004 16:08:39 -0500

Actually a WHOIS of the address returns a site in China so unless Paypal
was outsourced I would guess a scam.

If you want to see what the page is telnet to port 80 and do a GET
/verify.html it is a javascript from the site but using graphics and
links from paypal.com

An invalid get returns the server: Apache/1.3.14 Server at net2M.dsd.cc
Port 80

inetnum:      218.62.0.0 - 218.62.127.255
netname:      CNCGROUP-JL
country:      CN
descr:        CNCGROUP jilin province network
admin-c:      CH444-AP
tech-c:       WT92-AP
status:       ALLOCATED NON-PORTABLE
changed:      abuse@xxxxxxxxxxx 20031016
mnt-by:       APNIC-HM
mnt-lower:    MAINT-CNCGROUP-JL
changed:      hm-changed@xxxxxxxxx 20040301
source:       APNIC

person:       CNCGroup Hostmaster
nic-hdl:      CH444-AP
e-mail:       abuse@xxxxxxxxxxx
address:      No.156,Fu-Xing-Men-Nei Street,
address:      Beijing,100031,P.R.China
phone:        +86-10-82990775
fax-no:       +86-10-82990885
country:      CN
changed:      abuse@xxxxxxxxxxx 20031027
mnt-by:       MAINT-CNCGROUP
source:       APNIC

person:       Wang Tiegang
nic-hdl:      WT92-AP
e-mail:       wtg@xxxxxxxxxx
address:      96,JieFang Road ChangChun 130021 China.
phone:        +86-431-8925217
fax-no:       +86-431-8925190
country:      CN
changed:      wtg@xxxxxxxxxx 20030117
mnt-by:       MAINT-CNCGROUP-JL
source:       APNIC

-----Original Message-----
From: full-disclosure-admin@xxxxxxxxxxxxxxxx
[mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx] On Behalf Of Curt Purdy
Sent: Thursday, March 18, 2004 1:21 PM
To: jschmidt@xxxxxxxxxx; full-disclosure@xxxxxxxxxxxxxxxx
Subject: RE: [inbox] [Full-Disclosure] Is this a paypal scam?

jschmidt@xxxxxxxxxx wrote:
> http://218.62.43.30/verify.html
>
> Signed up for paypal 2 weeks ago, and then this came in the mail as a 
> link in a paypal looking html email asking me to confirm by entering 
> my credit card/account info.

Be cluefull:

1) Don't ever click a link with an ip address.
2) Don't ever put your cc info into any site you did not directly go to
and trust.
3) nslookup 218.62.43.30 - Non-existent domain
   nslookup paypal.com - 64.4.241.16

Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA Information Security Engineer
DP Solutions

----------------------------------------

If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- White House cybersecurity adviser Richard Clarke

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: [Full-Disclosure] Malware added to transmissions
Next by Date: RE: [Full-Disclosure] Re: Microsoft Security, baby steps ?[Scanned] [Scanned] [Scanned]
Previous by thread: [Full-Disclosure] Malware added to transmissions
Next by thread: RE: [Full-Disclosure] Re: Microsoft Security, baby steps ?[Scanned] [Scanned] [Scanned]
Index(es):
- Date
- Thread