Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Spam, Scam and Phishbusters » [Scam] ebay message in ebay system that possibly exposes PW
Uniqs:
419		 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Phish Tracker ·Anti-Phishing Work Group ·Avoid Phishing
[Scam] Car Scam? »
« Nigerian Idiots ' Phishing ' for Yahoo email accounts  

Andrew J
Premium
join:2001-11-09
Lancaster, PA
clubs:
·Comcast
·Vonage
·Verizon Online DSL

[Scam] ebay message in ebay system that possibly exposes PW

This message was sent inside the ebay system. From what looks like a current user.
I believe the account is hijacked.
I believe going to the site exposes my ebay logon somehow.
Maybe this is not new or special but it is to me.

No one on ebay is using my pics. The numbers are my auction number. So the message must be completely bogus. This is a message sent to my account inside ebay.
I added DOT in place of ".".
===============

Hello,

I am very interested in your item, but I have some doubts, as I have seen another eBay member, selling the same item as yours. I think he might have stolen your pictures and description. Please take a look and let me know what's going on.
You can still see the item here: »pescas DOT net/pescas/230201818845.item
--
Best Team.
permalink · 2007-12-14 21:15:30 · Print · Reply to this

antiphishing
Phishing Scam Terminator
Premium
join:2004-06-09
Wilkes Barre, PA

Re: [Scam] ebay message in ebay system that possibly exposes PW

said by Andrew J See Profile :

This message was sent inside the ebay system. From what looks like a current user.
I believe the account is hijacked.
I believe going to the site exposes my ebay logon somehow.
Maybe this is not new or special but it is to me.

»pescas DOT net/pescas/230201818845.item
canonical name pescas.net.
aliases
addresses 81.20.240.65
Domain Name: PESCAS.NET
Registrar: NAMESECURE.COM
Whois Server: whois.namesecure.com
Referral URL: »www.namesecure.com
Name Server: NS.CYBERMAP.PT
Name Server: NS2.CYBERMAP.PT
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 05-jun-2007
Creation Date: 03-jan-2003
Expiration Date: 03-jan-2010

inetnum: 81.20.240.0 - 81.20.255.255
netname: TVACOREANA
descr: Cabo TV Acoreana
descr: Av. Antero de Quental, 9
descr: Edificios dos CTT, 1 Andar - 9500 Ponta Delgada
country: PT

Connect to 81.20.240.65 on port 80 ... ok
GET /pescas/230201818845.item HTTP/1.1
Host: pescas.net
Connection: close
User-Agent: Web-sniffer/1.0.25 (+»web-sniffer.net/)
Accept-Encoding: gzip
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5[CRLF]
Accept-Language: en-us,en;q=0.5
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Referer: »web-sniffer.net/
Server: Apache/2.2.2 (Fedora)
--

Specializing in "takes downs" of phishing and advance fee scams
Send your Phishing/Advance fee scams to: phish@antihotmail.com
»/profile/1021645
»fraudwatchers.org/forums/
permalink · 2007-12-14 21:42:45 · Print · Reply to this

Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium,VIP
join:2001-04-19
1970 442 W30
clubs:

Re: [Scam] ebay message in ebay system that possibly exposes PW

said by antiphishing See Profile :

Connect to 81.20.240.65 on port 80 ... ok
GET /pescas/230201818845.item HTTP/1.1
Host: pescas.net
Connection: close
User-Agent: Web-sniffer/1.0.25 (+»web-sniffer.net/)
Accept-Encoding: gzip
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5[CRLF]
Accept-Language: en-us,en;q=0.5
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Referer: »web-sniffer.net/
Server: Apache/2.2.2 (Fedora)
This info isn't showing the needed Response Headers and is only showing what the Web-sniffer page is sending to the tested remote server with a close response and it is not showing what response is being returned from the tested server.

This is the important "Response Header" info you are leaving out.

HTTP Response Header
Name	Value	Delim
HTTP Status Code: HTTP/1.1 200 OK
Date:	Sun, 16 Dec 2007 12:28:20 GMT	CRLF
Server:	Apache/2.2.2 (Fedora)	CRLF
X-Powered-By:	PHP/5.1.6	CRLF
Connection:	close	CRLF
Transfer-Encoding:	chunked	CRLF
Content-Type:	text/html	CRLF


Then using the suggested Windows Tool ID Serve it gives you this output.

Initiating server query ...
Looking up IP address for domain: pescas.net
The IP address for the domain is: 81.20.240.65
Connecting to the server on standard HTTP port: 80
[Connected] Requesting the server's default page.
The server returned the following response headers:
HTTP/1.1 200 OK
Date: Sun, 16 Dec 2007 12:35:59 GMT
Server: Apache/2.2.2 (Fedora)
X-Powered-By: PHP/5.1.6
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html
Query complete.

See the difference?

--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time?
permalink · 2007-12-16 09:20:30 · Print · Reply to this

Andrew J
Premium
join:2001-11-09
Lancaster, PA
clubs:

Re: [Scam] ebay message in ebay system that possibly exposes PW

Thanks.
Ebay doesn't care and the account that sent that is still active.
They haven't even sent the form letter saying they're looking into it.
--
Best Team.
permalink · 2007-12-16 16:26:16 · Reply to this
garys_2k

join:2004-05-07
Farmington, MI
·Future Nine Corpor..
·Vonage

 I get bounced to »www.danapoint.com/ where there are no forms or redirects of any kind.

Trying to retrieve that file "230201818845.item" with wget gets nothing. Are you certain that this is correct?
permalink · 2007-12-14 21:44:42 · Reply to this

nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL

Re: [Scam] ebay message in ebay system that possibly exposes PW

I retrieved that page using wget. No problems at all. It's a pretty standard eBay phish page.
permalink · 2007-12-14 23:54:25 · Reply to this
Forums » Up and Running » Security » Spam, Scam and Phishbusters[Scam] Car Scam? »
« Nigerian Idiots ' Phishing ' for Yahoo email accounts  

Thursday, 10-Dec 23:02:33 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [200] Sprint Sued For Distracted Driving Death
· [138] AT&T Launching New 24 Mbps U-Verse Tier
· [87] AT&T Hints At Usage-Based iPhone Data Pricing
· [82] 3G Network Test Says AT&T Is Tops
· [75] WPA Cracker: Test WPA-PSK Networks In 20 Minutes
· [72] Mediacom Unveils 105 Mbps Pricing
· [66] Sprint Poised For A Turnaround?
· [57] Average American Consumes 34 Gigabytes Daily
· [56] AT&T: iPhone Data Pricing Comments 'Taken Out Of Context'
· [51] The Future Of Wi-Fi Is Bright
Most people now reading
· New Mediacom Email [Mediacom]
· ICC strats [World of Warcraft]
· IMG 1.7 (IMG Updates and Discussion) [Verizon FIOS TV]
· [WIN7] Well, I was dumb, but do I have recourse? [Microsoft Help]
· [How to] Install Asterisk on an Asus WL-520GU router [VOIP Tech Chat]
· Windows 7 boot manager editing questions [Microsoft Help]
· Equal speeds ruling [Canadian Broadband]
· persistent connection to qw-in-f113.1e100.net on boot [Security]
· ICC Strats??? [World of Warcraft]