Barry's Profile

Member since March 4, 2005

Favorite Files

Recent Posts

  1. Comment - eBay Redirect Becomes Phishing Tool

    (Mar 4, 2005 - 10:55 PM)

    Yup thanks, I know about China and Rumania and plenty other places the Spammer's make a living with them... My annoyance is that ebay wonder how much ebay is pursuing the matter I got a "final notice" same place 2 days later. They must have some pull...

    Barry

  2. Comment - eBay Redirect Becomes Phishing Tool

    (Mar 4, 2005 - 3:11 PM)

    Here's my alert message to ebay:
    Here is the spoof post with header: the actual path "to the spoof site and a trace as to who it is...
    Barry Weiser
    Return-Path:
    Received: from fltr01.dmz.ftsm.vlnx.net (fltr01.dmz.ftsm.vlnx.net [208.189.209.16])
    by ns3.weiser.net (8.11.6/8.11.6) with ESMTP id j1OGjao26123
    for ; Thu, 24 Feb 2005 11:45:36 -0500
    Received: (from root@localhost)
    by fltr01.dmz.ftsm.vlnx.net (8.11.6/8.11.6) id j1OFvXA22367;
    Thu, 24 Feb 2005 09:57:33 -0600
    Date: Thu, 24 Feb 2005 09:57:33 -0600
    Message-Id:
    To: nyacc@weiser.com
    Subject: TKO Notice: ***Urgent Safeharbor Department Notice***
    From: "aw-confirm@eBay.com"
    Content-Type: text/html
    X-UIDL: >`L"!Z:V!!]_^"!f9C!!
    X-Antivirus: avast! (VPS 0508-2, 02/23/2005), Inbound message
    X-Antivirus-Status: Clean

    eBay Suspension Need Help?

    Dear valued eBay member,

    We regret to inform you that your eBay account has been suspended due to concerns we have for the safety and integrity of the eBay community.

    Per the User Agreement, Section 9, we may immediately issue a warning, temporarily suspend, indefinitely suspend or terminate your membership and refuse to provide our services to you if we believe that your actions may cause financial loss or legal liability for you, our users or us. We may also take these actions if we are unable to verify or authenticate any information you provide to us.

    Due to the suspension of this account, please be advised you are prohibited from using eBay in any way. This includes the update of your actual account.

    If you could please take 5-10 minutes out of your online experience and update your personal records you will not run into any future problems with the online service.

    Please update your records by the 28th of February.

    Once you have updated your account records your eBay session will not be interrupted and will
    continue as normal.

    To update your eBay records click on the following link:
    http://cgi1.ebay.com/aw-cgi/ebayISAPI.dll?UPdate

    Regards,

    Safeharbor Department
    eBay, Inc.

    Copyright © 1995-2005 eBay Inc. All Rights Reserved.
    Designated trademarks and brands are the property of their respective owners.
    Use of this Web site constitutes acceptance of the eBay User Agreement and Privacy Policy.
    []
    ------------------------------------------------------------------------------------------------------------------------------------
    Actual path from message source:
    http://cgi1.ebay.com/aw-cgi/ebayISAPI.dll?UPdate
    ------------------------------------------------------------------------------------------------------------------------------------------------
    The sites ownership Domain information

    WHOIS results for 211.153.20.121

    Generated by www.DNSstuff.com

    Country: CHINA

    Looking up 211.153.20.121 at whois.apnic.net.

    % [whois.apnic.net node-1]
    % Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

    inetnum: 211.153.0.0 - 211.153.255.255
    netname: BJENET
    descr: ±±¾©½ÌÓýÐÅÏ¢Íø·þÎñÖÐÐÄÓÐÏÞÔðÈι«Ë¾
    descr: Beijing Educational Information Network Service Center Co., Ltd.
    country: CN
    admin-c: HM66-AP
    tech-c: KF31-AP
    mnt-by: MAINT-CNNIC-AP
    mnt-lower: MAINT-BJENET-CNNIC-AP
    changed: ****@cnnic.cn 20040402
    status: ALLOCATED PORTABLE
    source: APNIC

    person: huang minghui
    address: ±±¾©ÊÐÇ°ÃÅÎ÷´ó½Ö109ºÅ No. 109, Qianmenxidajie, Beijing, PRC
    country: CN
    phone: +86-010-66074288
    fax-no: +86-010-66074926
    e-mail: ***@bjedu.gov.cn
    nic-hdl: HM66-AP
    mnt-by: MAINT-CNNIC-AP
    changed: ****@cnnic.net.cn 20000815
    source: APNIC

    person: KANG FENG
    address: ±±¾©ÊÐÇ°ÃÅÎ÷´ó½Ö109ºÅ No. 109, Qianmenxidajie, Beijing, PRC
    country: CN
    phone: +86-010-66074288
    fax-no: +86-010-66074926
    e-mail: **@BJEDU.GOV.CN
    nic-hdl: KF31-AP
    mnt-by: MAINT-CNNIC-AP
    changed: **@bjedu.gov.cn 20010424
    source: APNIC

    ¤º°`°º¤ø Web Hosting, Site Development and Design °º¤øø¤º°
    Weiser Communications
    45 East 33rd St. NYC 10016 212/725-1101http://www.weiser.com

  3. Comment - eBay Redirect Becomes Phishing Tool

    (Mar 4, 2005 - 2:48 PM)

    I get a post that looks like it from safehabor (not the first time)I have a feeling it's bogus so I look at the path in the "source code" not what the screen says. This is it:
    http://211.153.20.121/secure/saw-cgi/DllUpdate/
    signin/ws2/ISAPIDll/eBayISAPIdllSignIn
    _favoritenavid.uproduct.ppco_partnerId2ru.
    http_my.ebay.com_80_Fws2FeBayISAPI.dll3
    FMyeBay26ssPageName3Dh253Ah253
    Amebay_253AUS1ruparams_pageType1883.pa2.
    bshowgif.a1pUserId.errmsg_UsingSSL_0uname
    .siteid0.html"target="_self">http://cgi1.ebay.com/
    aw-cgi/ebayISAPI.dll?UPdate

    A mouth full and it almost looks real cause it mentions ebay a number of times (the path that is)
    I'm still suspicious so I run a who is on the IP numbers in the path (Now why would ebay use an IP number unless they were hiding something. There is a time and a place but this wasn't on of them.

    WHOIS results for 211.153.20.121
    Generated by www.DNSstuff.com
    Country: CHINA

    Looking up 211.153.20.121 at whois.apnic.net.

    % [whois.apnic.net node-1]
    % Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

    inetnum: 211.153.0.0 - 211.153.255.255
    netname: BJENET
    descr: ±±¾©½ÌÓýÐÅÏ¢Íø·þÎñÖÐÐÄÓÐÏÞÔðÈι«Ë¾
    descr: Beijing Educational Information Network Service Center Co., Ltd.
    country: CN
    admin-c: HM66-AP
    tech-c: KF31-AP
    mnt-by: MAINT-CNNIC-AP
    mnt-lower: MAINT-BJENET-CNNIC-AP
    changed: ****@cnnic.cn 20040402
    status: ALLOCATED PORTABLE
    source: APNIC

    person: huang minghui
    address: ±±¾©ÊÐÇ°ÃÅÎ÷´ó½Ö109ºÅ No. 109, Qianmenxidajie, Beijing, PRC
    country: CN
    phone: +86-010-66074288
    fax-no: +86-010-66074926
    e-mail: ***@bjedu.gov.cn
    nic-hdl: HM66-AP
    mnt-by: MAINT-CNNIC-AP
    changed: ****@cnnic.net.cn 20000815
    source: APNIC

    person: KANG FENG
    address: ±±¾©ÊÐÇ°ÃÅÎ÷´ó½Ö109ºÅ No. 109, Qianmenxidajie, Beijing, PRC
    country: CN
    phone: +86-010-66074288
    fax-no: +86-010-66074926
    e-mail: **@BJEDU.GOV.CN
    nic-hdl: KF31-AP
    mnt-by: MAINT-CNNIC-AP
    changed: **@bjedu.gov.cn 20010424
    source: APNIC

    Sounds like a valid ebay address right NOT... Anyways if you do follow it normally you get to what looks like a real ebay screen which asks for your ebay name and password... I went no further but I'd assume sooner or later they would want your paypal account info...

    Happy trails
    Barry