Re: [Full-Disclosure] Would you trust these Emails (EBAY & PAYPAL)

partysan_FFF_at_gmx.net
Date: 02/21/04

  • Next message: martin f krafft: "[Full-Disclosure] Re: Would you trust these Emails (EBAY & PAYPAL)"
    To: full-disclosure@lists.netsys.com
    Date: Sat, 21 Feb 2004 13:20:26 +0100
    
    

    HD> Hi,

    HD> i've received these two emails, and i dont know why....

    HD> What do you think about this?

    HD> regards,

    HD> Harald Dumdey

    HD> ---------------------------------------------------------

    HD> The EBAY-Mail was sent by in-187-185.dhcp-149-166.iupui.edu

    HD> WHOIS-Output

    HD> Search results for: 149.166.187.185

    HD> OrgName: Indiana University-Purdue University at Indianapolis
    HD> OrgID: IUUAI
    HD> Address: University Information Technology Services
    HD> Address: ET 012
    HD> Address: 799 West Michigan Street
    HD> City: Indianapolis
    HD> StateProv: IN
    HD> PostalCode: 46202
    HD> Country: US

    HD> NetRange: 149.166.0.0 - 149.166.255.255
    HD> CIDR: 149.166.0.0/16
    HD> NetName: IUPUI-NET2
    HD> NetHandle: NET-149-166-0-0-1
    HD> Parent: NET-149-0-0-0-0
    HD> NetType: Direct Assignment
    HD> NameServer: DNS1.IU.EDU
    HD> NameServer: DNS2.IU.EDU
    HD> Comment:
    HD> RegDate: 1991-05-06
    HD> Updated: 2003-12-22

    HD> TechHandle: ON6-ORG-ARIN
    HD> TechName: INDIANA UNIVERSITY COMPUTING SERVICES
    HD> TechPhone: +1-317-274-7788
    HD> TechEmail: oitnoc@iupui.edu

    HD> OrgTechHandle: DBE43-ARIN
    HD> OrgTechName: Beals, Damon
    HD> OrgTechPhone: +1-317-274-7946
    HD> OrgTechEmail: dbeals@iupui.edu

    HD> OrgTechHandle: DNSAD60-ARIN
    HD> OrgTechName: DNS Administrator
    HD> OrgTechPhone: +1-317-274-0707
    HD> OrgTechEmail: dns-admin@iupui.edu

    HD> # ARIN WHOIS database, last updated 2004-02-20 19:15
    HD> # Enter ? for additional hints on searching ARIN's WHOIS database.

    HD> The PAYPAL-Email shows a link to 210.78.22.113

    HD> WHOIS-Output

    HD> % [whois.apnic.net node-1]
    HD> % Whois data copyright terms
    HD> http://www.apnic.net/db/dbcopyright.html

    HD> inetnum: 210.78.22.64 - 210.78.22.128
    HD> netname: SHJITONG-CN
    HD> descr: JiTong Shanghai Communications Co.,Ltd
    HD> country: CN
    HD> admin-c: ZQ15-AP
    HD> tech-c: ZQ15-AP
    HD> mnt-by: MAINT-CHINAGBN-AP
    HD> changed: kevin@gb.com.cn 19990826
    HD> status: ASSIGNED NON-PORTABLE
    HD> source: APNIC
    HD> changed: hm-changed@apnic.net 20020827

    HD> person: Zhongbao Qian
    HD> address: Room 1001,Lekai Builing,Shangcheng Road,
    HD> address: Pudong Xin district,Shanghai
    HD> country: CN
    HD> phone: +86-021-58313170
    HD> fax-no: +86-021-58312630
    HD> nic-hdl: ZQ15-AP
    HD> mnt-by: MAINT-CHINAGBN-AP
    HD> changed: kevin@gb.com.cn 19990826
    HD> source: APNIC

    Hi,
    the site looks exactly like the site at www.paypal.com, however, there
    is no verify.html at the "real" paypal site. This smells very much
    like a scam to get people's billing information. Also, note that
    the "help" (and all other) buttons are linked to www.paypal.com,not
    the site from the email.

    You can report this to paypal (They actually have a "suspicios email"
    Category) here:
    http://www.paypal.com/cgi-bin/webscr?cmd=_contact-general.

    I strongly advise against filling out those forms, and to contact the
    paypal people.

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: martin f krafft: "[Full-Disclosure] Re: Would you trust these Emails (EBAY & PAYPAL)"

    Relevant Pages