got root?
Tuesday, June 28, 2005
Fwd: Phishing website in AoL IP range

--- hypronix <hypronix@yahoo.com> wrote:

> From hypronix Tue Jun 28 22:08:14 2005
> Received: from [70.71.13.135] by web40728.mail.yahoo.com via HTTP; Tue,
> 28 Jun 2005 22:08:14 PDT
> Date: Tue, 28 Jun 2005 22:08:14 -0700 (PDT)
> From: hypronix <>
> Subject: Phishing website in AoL IP range
> To: abuse@aol.net
> CC: spoof@ebay.com
> Bcc: this.blog
> MIME-Version: 1.0
> Content-Type: multipart/mixed; boundary="0-642443547-1120021694=:317"
> Content-Transfer-Encoding: 8bit
> Content-Length: 5279
>
> Hello!
>
> I would like to bring to your attention a possible phishing scam that is
> hosted on an IP withing the AoL Network.
>
> The attached message is pointing to http:\\ebaymain.com
>
> Relevant information:
> [code]
>
> $ traceroute ebaymain.com
> traceroute to ebaymain.com (172.203.43.102), 64 hops max, 52 byte
> packets
> 1 gw.freeshell.org (192.94.73.62) 0.663 ms 0.405 ms 0.393 ms
> 2 sl-gw28-fw-6-1-0-TS12.sprintlink.net (160.81.88.133) 5.043 ms
> sl-gw28-fw-6-1-0-TS22.sprintlink.net (160.81.88.169) 4.322 ms
> sl-gw28-fw-6-1-0-TS12.sprintlink.net (160.81.88.133) 4.315 ms
> 3 sl-bb22-fw-2-0.sprintlink.net (144.232.12.162) 4.869 ms 4.133 ms
> 4.001 ms
> 4 sl-bb25-atl-6-0.sprintlink.net (144.232.8.20) 20.910 ms 20.961 ms
> 20.972 ms
> 5 sl-bb23-atl-14-0.sprintlink.net (144.232.12.1) 30.688 ms 20.920 ms
>
> 20.865 ms
> 6 144.232.8.210 (144.232.8.210) 21.501 ms 31.014 ms 21.179 ms
> 7 bb1-atm-P4-0.atdn.net (66.185.150.0) 21.971 ms 21.480 ms 22.616
> ms
> 8 bb1-cha-P6-0.atdn.net (66.185.152.183) 26.556 ms 26.275 ms 29.865
> ms
> 9 bb1-vie-P12-0.atdn.net (66.185.152.29) 46.841 ms 37.408 ms 37.245
> ms
> 10 bb2-vie-P3-0.atdn.net (66.185.152.207) 37.543 ms 37.149 ms 37.066
> ms
> 11 bb2-nye-P4-0.atdn.net (66.185.152.200) 45.435 ms 43.024 ms 42.894
> ms
> 12 bb2-loh-S1-2-0.atdn.net (66.185.152.140) 110.725 ms 110.535 ms
> 110.456 ms
> 13 pop1-loh-S0-1-0.atdn.net (66.185.136.227) 110.318 ms 113.236 ms
> pop1-loh-S1-1-0.atdn.net (66.185.136.239) 110.895 ms
> 14 accessl1-loh-S0-2-0.atdn.net (66.185.143.198) 111.243 ms 113.222
> ms
> 110.646 ms
> 15 * * *
> 16 rt-lostd06.proxy.aol.com (195.93.17.102) 110.280 ms 139.351 ms
> 131.437 ms
> 17 ACCB2B66.ipt.aol.com (172.203.43.102) 138.179 ms 138.427 ms
> 139.934
> ms
> $ whois ebaymain.com
>
> Whois Server Version 1.3
>
> Domain Name: EBAYMAIN.COM
> Registrar: YESNIC CO. LTD.
> Whois Server: whois.yesnic.com
> Referral URL: http://www.yesnic.com
> Name Server: NS8969.EBAYMAIN.COM
> Name Server: NS1608.EBAYMAIN.COM
> Status: ACTIVE
> Updated Date: 28-jun-2005
> Creation Date: 23-jun-2005
> Expiration Date: 23-jun-2006
>
> -----------------------------------------------
> Queried Domain Information as follows
> -----------------------------------------------
>
> Domain Name : ebaymain.com
>
> ::Registrant::
> Name : Brian J Findlay
> Email : e3baymain@mail.com
> Address : 45B Lazulite Dr.
> Zipcode : Y1A 6A5
> Nation : CA
> Tel : 58621963281
> Fax :
>
> ::Administrative Contact::
> Name : Brian J Findlay
> Email : e3baymain@mail.com
> Address : 45B Lazulite Dr.
> Zipcode : Y1A 6A5
> Nation : CA
> Tel : 58621963281
> Fax :
>
> ::Technical Contact::
> Name : Brian J Findlay
> Email : e3baymain@mail.com
> Address : 45B Lazulite Dr.
> Zipcode : Y1A 6A5
> Nation : CA
> Tel : 58621963281
> Fax :
>
> ::Name Servers::
> ns5994.ebaymain.com
> ns6582.ebaymain.com
>
> ::Dates & Status::
> Created Date 2005-06-23 06:31:22 EDT
> Updated Date 2005-06-23 06:31:22 EDT
> Valid Date 2006-06-23 06:31:22 EDT
> Status ACTIVE
> $ host ebaymain.com
> ebaymain.com has address 172.203.43.102
> $ host 172.203.43.102
> 102.43.203.172.in-addr.arpa domain name pointer ACCB2B66.ipt.aol.com.
>
> [/code]
>
> I am looking forward to seeing this site taken off and hopefully legal
> action pursued against the person that has registered the domain [if he
> is, indeed, the owner of this domain and not the victim of a hack]. eBay
> is also notified of this [this e-mail sent through CC].
>
> Thank you for your time!
>
> Note: original message attached in HTML and plaintext [including
> headers]
> formats [Fwd: Important information for eBay users conformation code
> ¹1568-UQSQLW]
>
>
> --- hypronix <hypronix@yahoo.com> wrote:
>
> > From hypronix Tue Jun 28 21:43:10 2005
> > X-Apparently-To: hypronix@yahoo.com via 66.218.92.59; Tue, 28 Jun 2005
> > 21:43:10 -0700
> > X-Originating-IP: [66.218.78.164]
> > Return-Path: <hypronix@yahoo.com>
> > Authentication-Results: mta314.mail.scd.yahoo.com
> > from=yahoo.com; domainkeys=pass (ok)
> > Received: from 66.218.78.164 (HELO web40707.mail.yahoo.com)
> > (66.218.78.164)
> > by mta314.mail.scd.yahoo.com with SMTP; Tue, 28 Jun 2005 21:43:10
> > -0700
> > Received: (qmail 58238 invoked by uid 60001); 29 Jun 2005 04:43:10
> -0000
> > DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
> > s=s1024; d=yahoo.com;
> >
> >
>
h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding;
> >
> >
>
> > ;
> > Message-ID: <20050629044310.58236.qmail@web40707.mail.yahoo.com>
> > Received: from [70.71.13.135] by web40707.mail.yahoo.com via HTTP;
> Tue,
> > 28 Jun 2005 21:43:10 PDT
> > Date: Tue, 28 Jun 2005 21:43:10 -0700 (PDT)
> > From: hypronix <hypronix@yahoo.com>
> > Subject: Fwd: Important information for eBay users conformation code
> > ¹1568-UQSQLW
> > To: hypronix <hypronix@yahoo.com>
> > MIME-Version: 1.0
> > Content-Type: multipart/mixed;
> boundary="0-738050629-1120020190=:57405"
> > Content-Transfer-Encoding: 8bit
> > Content-Length: 2824
> >
> > __________________________________
> > Do you Yahoo!?
> > Yahoo! Mail - You care about security. So do we.
> > http://promotions.yahoo.com/new_mail> X-Apparently-To:
> hypronix@yahoo.com via 66.218.92.63; Tue, 28 Jun 2005
> > 19:45:20 -0700
> > X-YahooFilteredBulk: 24.126.238.65
> > X-Originating-IP: [24.126.238.65]
> > Return-Path: <online-team@ebay.com>
> > Authentication-Results: mta196.mail.re2.yahoo.com
> > from=ebay.com; domainkeys=neutral (no sig)
> > Received: from 24.126.238.65 (HELO
> c-24-126-238-65.hsd1.ca.comcast.net)
> > (24.126.238.65)
> > by mta196.mail.re2.yahoo.com with SMTP; Tue, 28 Jun 2005 19:45:19
> > -0700
> > Received: from 147.142.106.128 (unknown [23.28.204.176])
> > by paypal.com (Postfix) with SMTP id oXsNhHfmwo
> > for <hypnos3005@yahoo.com>; Tue, 28 Jun 2005 22:40:44 -0500 (EDT)
> > From: onlineteam@ebay.com
> > To: hypnos3005@yahoo.com
> > Subject: Important information for eBay users conformation code
> > ¹1568-UQSQLW
> > MIME-Version: 1.0
> > Content-Type: multipart/mixed;
> > boundary="--797945826003316371"
> > Content-Length: 2179
> >
>
> ---------------------------------
> Dear valued customerNeed Help?
>
> We regret to inform you that your eBay account could be suspended if
> you
> don't re-update your account information. To resolve this problems
> please
> click here and re-enter your account information. If your problems could
> not be resolved your account will be suspended for a period of 3-4 days,
> after this period your account will be terminated.
>
> For the User Agreement, Section 9, we may immediately issue a warning,
> temporarily suspend, indefinitely suspend or terminate your membership
> and
> refuse to provide our services to you if we believe that your actions
> may
> cause financial loss or legal liability for you, our users or us. We may
> also take these actions if we are unable to verify or authenticate any
> information you provide to us.
>
> Due to the suspension of this account, please be advised you are
> prohibited from using eBay in any way. This includes the registering of
> a
> new account. Please note that this suspension does not relieve you of
> your
> agreed-upon obligation to pay any fees you may owe to eBay.
>
> Regards,Safeharbor Department eBay, Inc
> The eBay team.
>
> This is an automatic message. Please do not reply.
> ---------------------------------
>
> Announcements | Register | Safe Trading Tips | Policies |
>
> Feedback Forum | About eBay
>
> Copyright © 1995-2004 eBay Inc. All Rights Reserved.
> Designated trademarks and brands are the property of their respective
> owners.
> Use of this Web site constitutes acceptance of the eBay User Agreement
> and
> Privacy Policy.


__________________________________
Do you Yahoo!?
Yahoo! Mail - Find what you need with new enhanced search.
http://info.mail.yahoo.com/mail_250

Comments: Post a Comment  | | Home



previously
 'NOT ANOTHER ONE! a BLOG! the tragedy, the bandwid...


archive
 June 2005
 July 2005
 November 2005
 December 2005
 January 2006
 February 2006
 March 2006
 April 2006
 May 2006
 June 2006
 July 2006
 August 2006
 September 2006
 October 2006
 November 2006
 December 2006
 January 2007


feedroll
 zoso
 nihasa
 andressa
 deea
 znuff
 lightning
 sneakysid
 eloa
 curtezana
 jen
 puttycat
 lilbro
 dooda
 eduard
 qdb.us
 f.bash.ro
 bash.ro
 brinkerhoff
 overheard.ro
 fergie
 googlemac


misc
 

AttributionShareAlike

Powered by Blogger