[Scam] ebay message in ebay system that possibly exposes PW in Spam, Scam and Phishbusters http://www.dslreports.com/forum/r19625660 en Tue, 01 Dec 2009 10:08:59 EDT Tue, 01 Dec 2009 10:08:59 EDT Re: [Scam] ebay message in ebay system that possibly exposes PW http://www.dslreports.com/forum/remark,19634192 Andrew J : Thanks.
Ebay doesn't care and the account that sent that is still active.
They haven't even sent the form letter saying they're looking into it.
--
Best Team.]]> http://www.dslreports.com/forum/remark,19634192 Sun, 16 Dec 2007 16:26:16 EDT Re: [Scam] ebay message in ebay system that possibly exposes PW http://www.dslreports.com/forum/remark,19632200 Doctor Olds :
said by antiphishing See Profile :

Connect to 81.20.240.65 on port 80 ... ok
GET /pescas/230201818845.item HTTP/1.1
Host: pescas.net
Connection: close
User-Agent: Web-sniffer/1.0.25 (+»web-sniffer.net/)
Accept-Encoding: gzip
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5[CRLF]
Accept-Language: en-us,en;q=0.5
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Referer: »web-sniffer.net/
Server: Apache/2.2.2 (Fedora)
This info isn't showing the needed Response Headers and is only showing what the Web-sniffer page is sending to the tested remote server with a close response and it is not showing what response is being returned from the tested server.

This is the important "Response Header" info you are leaving out.

HTTP Response Header
Name	Value	Delim
HTTP Status Code: HTTP/1.1 200 OK
Date:	Sun, 16 Dec 2007 12:28:20 GMT	CRLF
Server:	Apache/2.2.2 (Fedora)	CRLF
X-Powered-By:	PHP/5.1.6	CRLF
Connection:	close	CRLF
Transfer-Encoding:	chunked	CRLF
Content-Type:	text/html	CRLF


Then using the suggested Windows Tool ID Serve it gives you this output.

Initiating server query ...
Looking up IP address for domain: pescas.net
The IP address for the domain is: 81.20.240.65
Connecting to the server on standard HTTP port: 80
[Connected] Requesting the server's default page.
The server returned the following response headers:
HTTP/1.1 200 OK
Date: Sun, 16 Dec 2007 12:35:59 GMT
Server: Apache/2.2.2 (Fedora)
X-Powered-By: PHP/5.1.6
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html
Query complete.

See the difference?

--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time?]]> http://www.dslreports.com/forum/remark,19632200 Sun, 16 Dec 2007 09:20:30 EDT Re: [Scam] ebay message in ebay system that possibly exposes PW http://www.dslreports.com/forum/remark,19626398 nwrickert : I retrieved that page using wget. No problems at all. It's a pretty standard eBay phish page.]]> http://www.dslreports.com/forum/remark,19626398 Fri, 14 Dec 2007 23:54:25 EDT Re: [Scam] ebay message in ebay system that possibly exposes PW http://www.dslreports.com/forum/remark,19625809 garys_2k : I get bounced to »www.danapoint.com/ where there are no forms or redirects of any kind.

Trying to retrieve that file "230201818845.item" with wget gets nothing. Are you certain that this is correct?]]> http://www.dslreports.com/forum/remark,19625809 Fri, 14 Dec 2007 21:44:42 EDT Re: [Scam] ebay message in ebay system that possibly exposes PW http://www.dslreports.com/forum/remark,19625798 antiphishing :
said by Andrew J See Profile :

This message was sent inside the ebay system. From what looks like a current user.
I believe the account is hijacked.
I believe going to the site exposes my ebay logon somehow.
Maybe this is not new or special but it is to me.

»pescas DOT net/pescas/230201818845.item
canonical name pescas.net.
aliases
addresses 81.20.240.65
Domain Name: PESCAS.NET
Registrar: NAMESECURE.COM
Whois Server: whois.namesecure.com
Referral URL: »www.namesecure.com
Name Server: NS.CYBERMAP.PT
Name Server: NS2.CYBERMAP.PT
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 05-jun-2007
Creation Date: 03-jan-2003
Expiration Date: 03-jan-2010

inetnum: 81.20.240.0 - 81.20.255.255
netname: TVACOREANA
descr: Cabo TV Acoreana
descr: Av. Antero de Quental, 9
descr: Edificios dos CTT, 1 Andar - 9500 Ponta Delgada
country: PT

Connect to 81.20.240.65 on port 80 ... ok
GET /pescas/230201818845.item HTTP/1.1
Host: pescas.net
Connection: close
User-Agent: Web-sniffer/1.0.25 (+»web-sniffer.net/)
Accept-Encoding: gzip
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5[CRLF]
Accept-Language: en-us,en;q=0.5
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Referer: »web-sniffer.net/
Server: Apache/2.2.2 (Fedora)
--

Specializing in "takes downs" of phishing and advance fee scams
Send your Phishing/Advance fee scams to: phish@antihotmail.com
»/profile/1021645
»fraudwatchers.org/forums/
]]> http://www.dslreports.com/forum/remark,19625798 Fri, 14 Dec 2007 21:42:45 EDT [Scam] ebay message in ebay system that possibly exposes PW http://www.dslreports.com/forum/remark,19625660 Andrew J : This message was sent inside the ebay system. From what looks like a current user.
I believe the account is hijacked.
I believe going to the site exposes my ebay logon somehow.
Maybe this is not new or special but it is to me.

No one on ebay is using my pics. The numbers are my auction number. So the message must be completely bogus. This is a message sent to my account inside ebay.
I added DOT in place of ".".
===============

Hello,

I am very interested in your item, but I have some doubts, as I have seen another eBay member, selling the same item as yours. I think he might have stolen your pictures and description. Please take a look and let me know what's going on.
You can still see the item here: »pescas DOT net/pescas/230201818845.item
--
Best Team.]]> http://www.dslreports.com/forum/remark,19625660 Fri, 14 Dec 2007 21:15:30 EDT