lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
From: rlanguy at hotmail.com (Lan Guy)
Subject: : Attempt to steal paypal password

At least the page has been taken offline already:
I got
http://ubrick1.hostnoc.net/suspended.page/

Not Found
The requested URL /suspended.page/ was not found on this server. 

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request. 


--------------------------------------------------------------------------------

Apache/1.3.28 Server at ubrick1.hostnoc.net Port 80


  ----- Original Message ----- 
  From: Michael Linke 
  To: full-disclosure@...ts.netsys.com 
  Sent: Tuesday, November 11, 2003 11:04 AM
  Subject: [Full-Disclosure] [Full-Disclosure]: Attempt to steal paypal password


  There seams to be a new faked Email on the way since today morning, with the
  subject "PayPal User Agreement 9". 
  The Email is in html form and content a Hyperlink named

  https://www.paypal.com/cgi-bin/webscr?cmd=login-run 
  But under this hyperlink is not paypal, it is: 

  http://www.paypal.com@...191.16.16/.


  So someone is going to collect paypal passwords. Using this password an
  attacker can send money from there. The whole action seams to be a spamming
  attempt sent to random email addresses, because the receiver Email Address
  Michael@...ley-power.de is not registered at paypal.


  According ARIN Whois the IP Search 64.191.16.16 belongs to:


  OrgName:    Network Operations Center Inc.
  OrgID:      NOC
  Address:    PO Box 591
  City:       Scranton
  StateProv:  PA
  PostalCode: 18501-0591
  Country:    US

  The Email comes from 68.77.201.24.
  (X-RBL-Warning: (dialup.bl.kundenserver.de) this mail has been received from
  a dialup host.)


  Email Header below. The Email Msg is attached to this email.

  ---------------------------------------------
  Return-path: <support@...pal.com>
  Envelope-to: michael@...ley-power.de
  Delivery-date: Tue, 11 Nov 2003 02:46:25 +0100
  Received: from [68.77.201.24]
  (helo=adsl-68-77-201-24.dsl.milwwi.ameritech.net)
  by mxng14.kundenserver.de with smtp (Exim 3.35 #1)
  id 1AJNbg-0005Xc-00
  for michael@...ley-power.de; Tue, 11 Nov 2003 02:46:17 +0100
  Received: from paypal.com (smtp2.sc5.paypal.com [64.4.244.75])
  by adsl-68-77-201-24.dsl.milwwi.ameritech.net (Postfix) with ESMTP
  id D7A073BEBC
  for <michael@...ley-power.de>; Mon, 10 Nov 2003 19:46:12 -0600
  From: Support <support@...pal.com>
  To: Michael <michael@...ley-power.de>
  Subject: PayPal User Agreement 9
  Date: Mon, 10 Nov 2003 19:46:12 -0600
  Message-ID: <110001c3a7f5$1fe9490f$e212810a@...pal.com>
  MIME-Version: 1.0
  Content-Type: text/html
  Content-Transfer-Encoding: quoted-printable
  X-Priority: 1 (Highest)
  X-MSMail-Priority: High
  X-Mailer: Microsoft Outlook, Build 10.0.2616
  Importance: High
  X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
  X-RBL-Warning: (dialup.bl.kundenserver.de) This mail has been received from
  a dialup host.
  -------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20031111/ec3fa7c4/attachment.html

Powered by blists - more mailing lists