| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1D91D7937A3B1745A38DB5DE84248060231A5D@mail5.tri-c.edu> From: Jon.Dolinar at tri-c.edu (Dolinar, Jon) Subject: [inbox] Is this a paypal scam? Actually a WHOIS of the address returns a site in China so unless Paypal was outsourced I would guess a scam. If you want to see what the page is telnet to port 80 and do a GET /verify.html it is a javascript from the site but using graphics and links from paypal.com An invalid get returns the server: Apache/1.3.14 Server at net2M.dsd.cc Port 80 inetnum: 218.62.0.0 - 218.62.127.255 netname: CNCGROUP-JL country: CN descr: CNCGROUP jilin province network admin-c: CH444-AP tech-c: WT92-AP status: ALLOCATED NON-PORTABLE changed: abuse@...-noc.net 20031016 mnt-by: APNIC-HM mnt-lower: MAINT-CNCGROUP-JL changed: hm-changed@...ic.net 20040301 source: APNIC person: CNCGroup Hostmaster nic-hdl: CH444-AP e-mail: abuse@...-noc.net address: No.156,Fu-Xing-Men-Nei Street, address: Beijing,100031,P.R.China phone: +86-10-82990775 fax-no: +86-10-82990885 country: CN changed: abuse@...-noc.net 20031027 mnt-by: MAINT-CNCGROUP source: APNIC person: Wang Tiegang nic-hdl: WT92-AP e-mail: wtg@...l.jl.cn address: 96,JieFang Road ChangChun 130021 China. phone: +86-431-8925217 fax-no: +86-431-8925190 country: CN changed: wtg@...l.jl.cn 20030117 mnt-by: MAINT-CNCGROUP-JL source: APNIC -----Original Message----- From: full-disclosure-admin@...ts.netsys.com [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Curt Purdy Sent: Thursday, March 18, 2004 1:21 PM To: jschmidt@...ler.com; full-disclosure@...ts.netsys.com Subject: RE: [inbox] [Full-Disclosure] Is this a paypal scam? jschmidt@...ler.com wrote: > http://218.62.43.30/verify.html > > Signed up for paypal 2 weeks ago, and then this came in the mail as a > link in a paypal looking html email asking me to confirm by entering > my credit card/account info. Be cluefull: 1) Don't ever click a link with an ip address. 2) Don't ever put your cc info into any site you did not directly go to and trust. 3) nslookup 218.62.43.30 - Non-existent domain nslookup paypal.com - 64.4.241.16 Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA Information Security Engineer DP Solutions ---------------------------------------- If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. -- White House cybersecurity adviser Richard Clarke _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists