Home page logo

fulldisclosure logo Full Disclosure mailing list archives

RE: [inbox] Is this a paypal scam?
From: "Dolinar, Jon" <Jon.Dolinar () tri-c edu>
Date: Thu, 18 Mar 2004 16:08:39 -0500

Actually a WHOIS of the address returns a site in China so unless Paypal
was outsourced I would guess a scam.

If you want to see what the page is telnet to port 80 and do a GET
/verify.html it is a javascript from the site but using graphics and
links from paypal.com

An invalid get returns the server: Apache/1.3.14 Server at net2M.dsd.cc
Port 80

inetnum: -
netname:      CNCGROUP-JL
country:      CN
descr:        CNCGROUP jilin province network
admin-c:      CH444-AP
tech-c:       WT92-AP
changed:      abuse () cnc-noc net 20031016
mnt-by:       APNIC-HM
mnt-lower:    MAINT-CNCGROUP-JL
changed:      hm-changed () apnic net 20040301
source:       APNIC

person:       CNCGroup Hostmaster
nic-hdl:      CH444-AP
e-mail:       abuse () cnc-noc net
address:      No.156,Fu-Xing-Men-Nei Street,
address:      Beijing,100031,P.R.China
phone:        +86-10-82990775
fax-no:       +86-10-82990885
country:      CN
changed:      abuse () cnc-noc net 20031027
mnt-by:       MAINT-CNCGROUP
source:       APNIC

person:       Wang Tiegang
nic-hdl:      WT92-AP
e-mail:       wtg () mail jl cn
address:      96,JieFang Road ChangChun 130021 China.
phone:        +86-431-8925217
fax-no:       +86-431-8925190
country:      CN
changed:      wtg () mail jl cn 20030117
mnt-by:       MAINT-CNCGROUP-JL
source:       APNIC

-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of Curt Purdy
Sent: Thursday, March 18, 2004 1:21 PM
To: jschmidt () buhler com; full-disclosure () lists netsys com
Subject: RE: [inbox] [Full-disclosure] Is this a paypal scam?

jschmidt () buhler com wrote:

Signed up for paypal 2 weeks ago, and then this came in the mail as a 
link in a paypal looking html email asking me to confirm by entering 
my credit card/account info.

Be cluefull:

1) Don't ever click a link with an ip address.
2) Don't ever put your cc info into any site you did not directly go to
and trust.
3) nslookup - Non-existent domain
   nslookup paypal.com -

Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA Information Security Engineer
DP Solutions


If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- White House cybersecurity adviser Richard Clarke

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
  • RE: [inbox] Is this a paypal scam? Dolinar, Jon (Mar 18)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]