lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040221115912.3655D2B4D6F@mail.evilcoder.org>
From: remko at elvandar.org (Remko Lodder)
Subject: Would you trust these Emails (EBAY & PAYPAL)

I Would never trust such emails from EBAY and PAYPAL (and others)
Especially when i know that i don't requested anything at all.
And indeed, investigating the origin of the Emails are far beyond
than the ones propably used by EBAY and PAYPAL, I
am pretty sure they would not send email out via a .edu and via a
host in Shanghai.

Cheers :)

--

Kind regards,

Remko Lodder
Elvandar.org/DSINet.org
www.mostly-harmless.nl Dutch community for helping newcomers on the
hackerscene

-----Oorspronkelijk bericht-----
Van: full-disclosure-bounces@...ts.elvandar.org
[mailto:full-disclosure-bounces@...ts.elvandar.org]Namens Harald Dumdey
Verzonden: zaterdag 21 februari 2004 11:55
Aan: full-disclosure@...ts.netsys.com; harald.dumdey@...go.de
Onderwerp: [Full-Disclosure] Would you trust these Emails (EBAY &
PAYPAL)


Hi,

i've received these two emails, and i dont know why....

What do you think about this?

regards,

Harald Dumdey

---------------------------------------------------------

The EBAY-Mail was sent by in-187-185.dhcp-149-166.iupui.edu

WHOIS-Output

   Search results for: 149.166.187.185


OrgName:    Indiana University-Purdue University at Indianapolis
OrgID:      IUUAI
Address:    University Information Technology Services
Address:    ET 012
Address:    799 West Michigan Street
City:       Indianapolis
StateProv:  IN
PostalCode: 46202
Country:    US

NetRange:   149.166.0.0 - 149.166.255.255
CIDR:       149.166.0.0/16
NetName:    IUPUI-NET2
NetHandle:  NET-149-166-0-0-1
Parent:     NET-149-0-0-0-0
NetType:    Direct Assignment
NameServer: DNS1.IU.EDU
NameServer: DNS2.IU.EDU
Comment:
RegDate:    1991-05-06
Updated:    2003-12-22

TechHandle: ON6-ORG-ARIN
TechName:   INDIANA UNIVERSITY COMPUTING SERVICES
TechPhone:  +1-317-274-7788
TechEmail:  oitnoc@...ui.edu

OrgTechHandle: DBE43-ARIN
OrgTechName:   Beals, Damon
OrgTechPhone:  +1-317-274-7946
OrgTechEmail:  dbeals@...ui.edu

OrgTechHandle: DNSAD60-ARIN
OrgTechName:   DNS Administrator
OrgTechPhone:  +1-317-274-0707
OrgTechEmail:  dns-admin@...ui.edu

# ARIN WHOIS database, last updated 2004-02-20 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.



The PAYPAL-Email shows a link to 210.78.22.113

WHOIS-Output

% [whois.apnic.net node-1]
% Whois data copyright terms    http://www.apnic.net/db/dbcopyright.html

inetnum:      210.78.22.64 - 210.78.22.128
netname:      SHJITONG-CN
descr:        JiTong Shanghai Communications Co.,Ltd
country:      CN
admin-c:      ZQ15-AP
tech-c:       ZQ15-AP
mnt-by:       MAINT-CHINAGBN-AP
changed:      kevin@...com.cn 19990826
status:          ASSIGNED NON-PORTABLE
source:       APNIC
changed:      hm-changed@...ic.net  20020827

person:       Zhongbao Qian
address:      Room 1001,Lekai Builing,Shangcheng Road,
address:      Pudong Xin district,Shanghai
country:      CN
phone:        +86-021-58313170
fax-no:       +86-021-58312630
nic-hdl:      ZQ15-AP
mnt-by:       MAINT-CHINAGBN-AP
changed:      kevin@...com.cn 19990826
source:       APNIC


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ