lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: rlanguy at hotmail.com (Lan Guy) Subject: : Attempt to steal paypal password At least the page has been taken offline already: I got http://ubrick1.hostnoc.net/suspended.page/ Not Found The requested URL /suspended.page/ was not found on this server. Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request. -------------------------------------------------------------------------------- Apache/1.3.28 Server at ubrick1.hostnoc.net Port 80 ----- Original Message ----- From: Michael Linke To: full-disclosure@...ts.netsys.com Sent: Tuesday, November 11, 2003 11:04 AM Subject: [Full-Disclosure] [Full-Disclosure]: Attempt to steal paypal password There seams to be a new faked Email on the way since today morning, with the subject "PayPal User Agreement 9". The Email is in html form and content a Hyperlink named https://www.paypal.com/cgi-bin/webscr?cmd=login-run But under this hyperlink is not paypal, it is: http://www.paypal.com@...191.16.16/. So someone is going to collect paypal passwords. Using this password an attacker can send money from there. The whole action seams to be a spamming attempt sent to random email addresses, because the receiver Email Address Michael@...ley-power.de is not registered at paypal. According ARIN Whois the IP Search 64.191.16.16 belongs to: OrgName: Network Operations Center Inc. OrgID: NOC Address: PO Box 591 City: Scranton StateProv: PA PostalCode: 18501-0591 Country: US The Email comes from 68.77.201.24. (X-RBL-Warning: (dialup.bl.kundenserver.de) this mail has been received from a dialup host.) Email Header below. The Email Msg is attached to this email. --------------------------------------------- Return-path: <support@...pal.com> Envelope-to: michael@...ley-power.de Delivery-date: Tue, 11 Nov 2003 02:46:25 +0100 Received: from [68.77.201.24] (helo=adsl-68-77-201-24.dsl.milwwi.ameritech.net) by mxng14.kundenserver.de with smtp (Exim 3.35 #1) id 1AJNbg-0005Xc-00 for michael@...ley-power.de; Tue, 11 Nov 2003 02:46:17 +0100 Received: from paypal.com (smtp2.sc5.paypal.com [64.4.244.75]) by adsl-68-77-201-24.dsl.milwwi.ameritech.net (Postfix) with ESMTP id D7A073BEBC for <michael@...ley-power.de>; Mon, 10 Nov 2003 19:46:12 -0600 From: Support <support@...pal.com> To: Michael <michael@...ley-power.de> Subject: PayPal User Agreement 9 Date: Mon, 10 Nov 2003 19:46:12 -0600 Message-ID: <110001c3a7f5$1fe9490f$e212810a@...pal.com> MIME-Version: 1.0 Content-Type: text/html Content-Transfer-Encoding: quoted-printable X-Priority: 1 (Highest) X-MSMail-Priority: High X-Mailer: Microsoft Outlook, Build 10.0.2616 Importance: High X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-RBL-Warning: (dialup.bl.kundenserver.de) This mail has been received from a dialup host. ------------------------------------------------------- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20031111/ec3fa7c4/attachment.html
Powered by blists - more mailing lists