lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: ml at (Michael Linke)
Subject: : Attempt to steal paypal password

There seams to be a new faked Email on the way since today morning, with the
subject "PayPal User Agreement 9". 
The Email is in html form and content a Hyperlink named 
But under this hyperlink is not paypal, it is:

So someone is going to collect paypal passwords. Using this password an
attacker can send money from there. The whole action seams to be a spamming
attempt sent to random email addresses, because the receiver Email Address is not registered at paypal.

According ARIN Whois the IP Search belongs to:

OrgName:    Network Operations Center Inc.
OrgID:      NOC
Address:    PO Box 591
City:       Scranton
StateProv:  PA
PostalCode: 18501-0591
Country:    US

The Email comes from
(X-RBL-Warning: ( this mail has been received from
a dialup host.)

Email Header below. The Email Msg is attached to this email.

Return-path: <>
Delivery-date: Tue, 11 Nov 2003 02:46:25 +0100
Received: from []
	by with smtp (Exim 3.35 #1)
	id 1AJNbg-0005Xc-00
	for; Tue, 11 Nov 2003 02:46:17 +0100
Received: from ( [])
	by (Postfix) with ESMTP
id D7A073BEBC
	for <>; Mon, 10 Nov 2003 19:46:12 -0600
From: Support <>
To: Michael <>
Subject: PayPal User Agreement 9
Date: Mon, 10 Nov 2003 19:46:12 -0600
Message-ID: <110001c3a7f5$1fe9490f$>
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
X-Priority: 1 (Highest)
X-MSMail-Priority: High
X-Mailer: Microsoft Outlook, Build 10.0.2616
Importance: High
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
X-RBL-Warning: ( This mail has been received from
a dialup host.
-------------- next part --------------
An HTML attachment was scrubbed...

Powered by blists - more mailing lists