Full Disclosure mailing list archives
EBAY SPOOF "Your eBay account Registration Suspension"
From: "Morning Wood" <se_cur_ity () hotmail com>
Date: Tue, 25 Nov 2003 17:23:07 +0000
Ebay spoof making the rounds.... headers below... ------------------------ snip ----------------------------------- ----Original Message Follows---- From: eBay custumers service <accounts () eBay com> Reply-To: accounts () eBay com To: se_cur_ity () hotmail com Subject: Your eBay account Registration Suspension Date: 25 Nov 2003 15:40:20 -0000 MIME-Version: 1.0Received: from lucky.phpwebhosting.com ([66.132.128.49]) by mc8-f29.hotmail.com with Microsoft SMTPSVC(5.0.2195.6713); Tue, 25 Nov 2003 07:45:32 -0800
Received: (qmail 1644 invoked by uid 99); 25 Nov 2003 15:40:20 -0000 X-Message-Info: 6sSXyD95QpXJES60C4uZZPRQIObKA87K Message-ID: <20031125154020.1643.qmail () lucky phpwebhosting com> Return-Path: webmaster () julia82 phpwebhosting comX-OriginalArrivalTime: 25 Nov 2003 15:45:33.0205 (UTC) FILETIME=[29495450:01C3B36B]
-------------------- snip ---------------------------------- digging a bit we see... visible url: http://cgi1.ebay.com/aw-cgi/eBayISAPI.dll?accVerifyreal url: http://203.119.5.31/user492450329847532049857302495730249573204985723049857230495723049758374092387409238data3029847530498574538429756349875639487565348975623498563489756634897563924875634503245623948756234239452137542378541238754219374/index.php
203.119.5.31 is running a FTP ( wu-2.6.2(1), SSH, HTTPD ( apache 1.3.26 ) and a HTTPS the IP is that of beyondlimits.ph ( not ebay ) 203.119.5.31 is in Manila, Phillipines (PH ccTLD) looking at the source we see... ----- snip ------ Auto Maximize Window Script- By Nick Lowe (nicklowe () ukonline co uk) For full source code, 100's more free DHTML scripts, and Terms Of Use Visit http://www.dynamicdrive.com ------- snip ------<input type="hidden" name="MfcISAPICommand" value="SellerRegistrationEnterBankInfo">
<input type="hidden" name="cardselected" value="1"> <input type="hidden" name="cardnumber" value="4190087719349127"> <input type="hidden" name="expiryday" value="0"> <input type="hidden" name="expirymonth" value="10"> <input type="hidden" name="expiryyear" value="2006"> <input type="hidden" name="cardholdername" value="Leigh A Wadden"> <input type="hidden" name="address12" value="3305 EP True Pkwy, Unit 801"> <input type="hidden" name="address2" value=""> <input type="hidden" name="city2" value="West Des Moines"> <input type="hidden" name="state" value="IA"> <input type="hidden" name="zip2" value="50265"> <input type="hidden" name="country" value="United States"> <input type="hidden" name="usage" value="1"> ----- snip ------- which is very odd indeed. Donnie Werner exploitlabs.com Secur it today® _________________________________________________________________Groove on the latest from the hot new rock groups! Get downloads, videos, and more here. http://special.msn.com/entertainment/wiredformusic.armx
--- Begin Message --- From: eBay custumers service <accounts () eBay com>
Date: 25 Nov 2003 15:40:20 -0000
Content-Type: text/html Content-Transfer-Encoding: 8bit Return-Path: webmaster () julia82 phpwebhosting com X-OriginalArrivalTime: 25 Nov 2003 15:45:33.0205 (UTC) FILETIME=[29495450:01C3B36B] <HTML><HEAD><TITLE>eBay - verify your account information</TITLE> <META http-equiv=Content-Type content="text/html; charset=windows-1252"> <SCRIPT language=JavaScript1.2> <!-- top.window.moveTo(0,0); if (document.all) { top.window.resizeTo(screen.availWidth,screen.availHeight); } else if (document.layers||document.getElementById) { if (top.window.outerHeight<screen.availHeight||top.window.outerWidth<screen.availWidth){ top.window.outerHeight = screen.availHeight; top.window.outerWidth = screen.availWidth; } } //--> </SCRIPT> <SCRIPT language=JavaScript> <!-- var ssl_copartnerid ="2" // --> </SCRIPT> <SCRIPT language=JavaScript> <!-- Hide me from lame browsers function CC_noErrors() { return true; } window.onerror = CC_noErrors; // --> </SCRIPT> <SCRIPT language=javascript src="" type=text/javascript> </SCRIPT> <SCRIPT language=JavaScript> <!-- var pageName = "PageValidateNewSellerShow"; var server = "location.hostname.toLowerCase()"; var channel = "eBay"; //--> </SCRIPT> <SCRIPT language=Javascript> <!-- function popWindow(u,n,o,x,y) { var s = o+',width='+x+',height='+y window.open(u,n,s)} //--> </SCRIPT> <SCRIPT language=JavaScript src="ebay/openHelpWindow.js"></SCRIPT> <!-- header --><!-- test header revamp 5/20--><!-- 0+0 --> <SCRIPT src="ebay/openHelpWindow.js"></SCRIPT> <META content="MSHTML 6.00.2600.0" name=GENERATOR></HEAD> <BODY bgColor=#ffffff> <TABLE cellSpacing=0 cellPadding=0 width=600 border=0> <TBODY> <TR> <TD width=150> <SCRIPT language=JavaScript> <!-- var cbc; if (cbc){ writeBrow(); } // --> </SCRIPT> <A href="http://www.ebay.com/";> <IMG height=78 alt="eBay logo" hspace=0 src="http://pics.ebay.com/aw/pics/homepage/v2/logo_171x102.gif"; width=171 border=0></A> </TD> <TD vAlign=top align=right width=450><MAP name=home_myebay_map_hasJS> <AREA shape=RECT alt=Home coords=209,0,256,15 href="http://pages.ebay.com/index.html";> <AREA shape=RECT alt="My eBay" coords=257,0,318,15 href="http://cgi1.ebay.com/aw-cgi/eBayISAPI.dll?MyEbayLogin";> <AREA shape=RECT alt="Site Map" coords=319,0,383,15 href="http://pages.ebay.com/sitemap.html";> <AREA shape=RECT alt="Sign In/Out" coords=384,0,447,15 href="http://cgi3.ebay.com/aw-cgi/eBayISAPI.dll?SignIn";> </MAP> <MAP name=home_myebay_map_noJS> <AREA shape=RECT alt=Home coords=198,0,245,15 href="http://pages.ebay.com/index.html";> <AREA shape=RECT alt="My eBay" coords=246,0,307,15 href="http://cgi1.ebay.com/aw-cgi/eBayISAPI.dll?MyEbayLogin";> <AREA shape=RECT alt="Site Map" coords=308,0,372,15 href="http://pages.ebay.com/sitemap.html";> <AREA shape=RECT alt="Sign In/Out" coords=373,0,447,15 href="http://cgi3.ebay.com/aw-cgi/eBayISAPI.dll?SignIn";> </MAP> <NOSCRIPT> </NOSCRIPT> </TD> </TR> </TBODY> </TABLE> <P align="left"> <font size="2" face="Verdana, Arial, Helvetica, sans-serif">Dear eBay User,<br> During our regular update and verification of the accounts, we couldn't verify your current information. Either your information has changed or it is incomplete.<br> Please update and verify your information by signing in your account below<br> If the account information is not updated to current information within 5 days then, your access to bid or buy on eBay will be restricted.<br> Go to this link below:</font></P> <P align="left" alt="http://cgi1.ebay.com/aw-cgi/eBayISAPI.dll?accVerify";><font size="2" face="Verdana, Arial, Helvetica, sans-serif"><a href="http://203.119.5.31/user492450329847532049857302495730249573204985723049857230495723049758374092387409238data3029847530498574538429756349875639487565348975623498563489756634897563924875634503245623948756234239452137542378541238754219374/index.php";>http://cgi1.ebay.com/aw-cgi/eBayISAPI.dll?accVerify</a><br> <br> ***Please Do Not Reply To This E-Mail As You Will Not Receive A Response***</font></P> <P align="left"><font size="2" face="Verdana, Arial, Helvetica, sans-serif"><br> Thank you <br> Accounts Managent </font></P> <p align="left"><font size="2" face="Verdana, Arial, Helvetica, sans-serif">As outlined in our User Agreement, eBay will periodically send you information about site changes and enhancements. Visit our Privacy Policy and <a href="http://r.aol.com%5Ccgi%5Credir-complex?url=http://pages.ebay.com/help/community/png-user.html?ssPageName=ADME:X:EOA:US:24";>User Agreement</a> if you have any questions. </font></p> <p align="left"><font size="2" face="Verdana, Arial, Helvetica, sans-serif">Copyright 2003 eBay Inc. All Rights Reserved. <br> Designated trademarks and brands are the property of their respective owners. <br> eBay and the eBay logo are trademarks of eBay Inc</font></p> <P align="center"> <SCRIPT src="ebay/ss-secure.js"></SCRIPT> </P> <TABLE cellSpacing=0 cellPadding=0 width=687 border=0> <TBODY> <TR> <TD colSpan=2><BR> <P><BR> </P> <hr align=center width=500> <p></p> <DIV align=center><FONT size=2 face="Verdana, Arial, Helvetica, sans-serif"><A href="http://r.aol.com%5Ccgi%5Credir-complex?url=http://www2.ebay.com/aw/marketing.shtml";>Announcements</A> | <A href="http://r.aol.com%5Ccgi%5Credir-complex?url=http://cgi4.ebay.com/aw-cgi/eBayISAPI.dll?RegisterShow";>Register</A> | <a href="http://pages.ebay.com/help/confidence/hub.html";>Safe Trading Tips</a> | <a href="http://pages.ebay.com/help/policies/hub.html";>Policies</a> | <A href="http://r.aol.com%5Ccgi%5Credir-complex?url=http://pages.ebay.com/services/forum/feedback.html";>Feedback Forum</A> | <A href="http://r.aol.com%5Ccgi%5Credir-complex?url=http://pages.ebay.com/community/aboutebay/index.html";>About eBay</A></FONT></DIV> <P><BR> </P></TD></TR> <TR> <TD vAlign=top align=left width=571 height=31><FONT size=1 face="Verdana, Arial, Helvetica, sans-serif">Copyright © 1995-2003 eBay Inc. All Rights Reserved. <BR> Designated trademarks and brands are the property of their respective owners. <BR> Use of this Web site constitutes acceptance of the eBay <A href="http://r.aol.com%5Ccgi%5Credir-complex?url=http://pages.ebay.com/help/community/png-user.html";>User Agreement</A> and <A href="http://r.aol.com%5Ccgi%5Credir-complex?url=http://pages.ebay.com/help/community/png-priv.html";>Privacy Policy</A>. </FONT><font face="Verdana, Arial, Helvetica, sans-serif"><BR> </font></TD> <TD vAlign=top align=right width=116 height=31><FONT size=2><A href="ebay/png-priv.html"><IMG height=31 alt=TrustE src="http://pics.ebay.com/aw/pics/truste_button.gif"; width=116 align=middle border=0></A> </FONT></TD> </TR></TBODY></TABLE></BODY></HTML>
--- End Message ---
![http://pics.ebay.com/aw/pics/homepage/v2/logo_171x102.gif"](http://pics.ebay.com/aw/pics/homepage/v2/logo_171x102.gif"){kind=link}
![http://pics.ebay.com/aw/pics/truste_button.gif"](http://pics.ebay.com/aw/pics/truste_button.gif"){kind=link}
Current thread:
- EBAY SPOOF "Your eBay account Registration Suspension" Morning Wood (Nov 25)