 Andrew JPremium
join:2001-11-09
Lancaster, PA
 ·Comcast
| [Scam] ebay message in ebay system that possibly exposes PW This message was sent inside the ebay system. From what looks like a current user.
I believe the account is hijacked.
I believe going to the site exposes my ebay logon somehow.
Maybe this is not new or special but it is to me.
No one on ebay is using my pics. The numbers are my auction number. So the message must be completely bogus. This is a message sent to my account inside ebay.
I added DOT in place of ".".
===============
Hello,
I am very interested in your item, but I have some doubts, as I have seen another eBay member, selling the same item as yours. I think he might have stolen your pictures and description. Please take a look and let me know what's going on.
You can still see the item here: »pescas DOT net/pescas/230201818845.item
--
Best Team. |
|
|
|
 antiphishingPhishing Scam TerminatorPremium
join:2004-06-09
Wilkes Barre, PA
kudos:2
 ·PenTeleData
·ProLog
| said by Andrew J:This message was sent inside the ebay system. From what looks like a current user. I believe the account is hijacked. I believe going to the site exposes my ebay logon somehow. Maybe this is not new or special but it is to me. » pescas DOT net/pescas/230201818845.item canonical name pescas.net.
aliases
addresses 81.20.240.65
Domain Name: PESCAS.NET
Registrar: NAMESECURE.COM
Whois Server: whois.namesecure.com
Referral URL: »www.namesecure.com
Name Server: NS.CYBERMAP.PT
Name Server: NS2.CYBERMAP.PT
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 05-jun-2007
Creation Date: 03-jan-2003
Expiration Date: 03-jan-2010
inetnum: 81.20.240.0 - 81.20.255.255
netname: TVACOREANA
descr: Cabo TV Acoreana
descr: Av. Antero de Quental, 9
descr: Edificios dos CTT, 1 Andar - 9500 Ponta Delgada
country: PT
Connect to 81.20.240.65 on port 80 ... ok
GET /pescas/230201818845.item HTTP/1.1
Host: pescas.net
Connection: close
User-Agent: Web-sniffer/1.0.25 (+»web-sniffer.net/)
Accept-Encoding: gzip
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5[CRLF]
Accept-Language: en-us,en;q=0.5
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Referer: »web-sniffer.net/
Server: Apache/2.2.2 (Fedora)
--
Specializing in "takes downs" of phishing and advance fee scams
Send your Phishing/Advance fee scams to: phish@antihotmail.com
»/profile/1021645
»fraudwatchers.org/forums/
|
|
garys_2kPremium
join:2004-05-07
Farmington, MI Reviews:
 ·Callcentric
·Future Nine Corp..
| reply to Andrew J
I get bounced to »www.danapoint.com/ where there are no forms or redirects of any kind.
Trying to retrieve that file "230201818845.item" with wget gets nothing. Are you certain that this is correct? |
|
 nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 | I retrieved that page using wget. No problems at all. It's a pretty standard eBay phish page. |
|
 Doctor OldsI Need A Remedy For What's Ailing Me.Premium,VIP
join:2001-04-19
1970 442 W30
kudos:18 | reply to antiphishing
said by antiphishing:Connect to 81.20.240.65 on port 80 ... ok GET /pescas/230201818845.item HTTP/1.1 Host: pescas.net Connection: close User-Agent: Web-sniffer/1.0.25 (+»web-sniffer.net/) Accept-Encoding: gzip Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5[CRLF] Accept-Language: en-us,en;q=0.5 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Referer: »web-sniffer.net/ Server: Apache/2.2.2 (Fedora) This info isn't showing the needed Response Headers and is only showing what the Web-sniffer page is sending to the tested remote server with a close response and it is not showing what response is being returned from the tested server.
This is the important "Response Header" info you are leaving out.
HTTP Response Header
Name Value Delim
HTTP Status Code: HTTP/1.1 200 OK
Date: Sun, 16 Dec 2007 12:28:20 GMT CRLF
Server: Apache/2.2.2 (Fedora) CRLF
X-Powered-By: PHP/5.1.6 CRLF
Connection: close CRLF
Transfer-Encoding: chunked CRLF
Content-Type: text/html CRLF
Then using the suggested Windows Tool ID Serve it gives you this output.
Initiating server query ...
Looking up IP address for domain: pescas.net
The IP address for the domain is: 81.20.240.65
Connecting to the server on standard HTTP port: 80
[Connected] Requesting the server's default page.
The server returned the following response headers:
HTTP/1.1 200 OK
Date: Sun, 16 Dec 2007 12:35:59 GMT
Server: Apache/2.2.2 (Fedora)
X-Powered-By: PHP/5.1.6
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html
Query complete.
See the difference?
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time? |
|
Andrew JPremium
join:2001-11-09
Lancaster, PA | Thanks.
Ebay doesn't care and the account that sent that is still active.
They haven't even sent the form letter saying they're looking into it.
--
Best Team. |
|
