.:sp00ky:.
May 14th, 2005, 07:20 PM
jau_peacecraft was kind enough to forward the scam ebay email he got so i could have a closer look and heres what i found out.
the link that was shown in the email (https://signin.ebay.com/aw-cgi/eBayISAPI.dll?OneTimePayment&ssPageName=h:h:sin:US) is a real ebay address pointing to a real ebay server but in the email thats just a cover when you click the link it doesnt take you their it infact takes you to
https://signin.ebay.com.ws1-secure.us/ws/eBayISAPI.dll?SignIn&favoritenav=&sid=&ruproduct=&pp=&co_partnerId=2&ru=&i1=&ruparams=&pageType=&pa2=&bshowgif=&pa1=&pUserId=&errmsg=&UsingSSL=&runame=&siteid=0
you could of easly spoted this by just hovering the mouse over the link and looking at the link in the bottom corner of your browser
as you can see the main site is https://signin.ebay.com.ws1-secure.us as you can see it ends in .us not .com they have just but the official (signin.ebay.com) into their websites name, it just looks like a ebay login site to trick people into putting in their details it even comes with its own SSL Server Certificate(although fireox warned me it was fake it was signed by a company called "snake oi ltdl"when i did a whois of this address i got this
IP 68.142.234.45
HOST NAME p5w2.geo.re2.yahoo.com
OrgName: Inktomi Corporation
OrgID: INKT
Address: 701 First Ave
City: Sunnyvale
StateProv: CA
PostalCode: 94089
Country: US
NetRange: 68.142.192.0 - 68.142.255.255
CIDR: 68.142.192.0/18
NetName: INKTOMI-BLK-4
NetHandle: NET-68-142-192-0-1
Parent: NET-68-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.YAHOO.COM
NameServer: NS2.YAHOO.COM
NameServer: NS3.YAHOO.COM
NameServer: NS4.YAHOO.COM
NameServer: NS5.YAHOO.COM
Comment: For general abuse contact netblockadmin@yahoo-inc.com.
Comment: For Web Crawler questions please visit
Comment: http://help.yahoo.com/help/us/ysearch/slurp/
RegDate: 2004-03-24
Updated: 2005-02-18
AbuseHandle: NA258-ARIN
AbuseName: Netblock Admin
AbusePhone: +1-408-349-3300
AbuseEmail: netblockadmin@yahoo-inc.com
OrgAbuseHandle: NETWO857-ARIN
OrgAbuseName: Network Abuse
OrgAbusePhone: +1-408-349-3300
OrgAbuseEmail: network-abuse@cc.yahoo-inc.com
OrgTechHandle: NA258-ARIN
OrgTechName: Netblock Admin
OrgTechPhone: +1-408-349-3300
OrgTechEmail: netblockadmin@yahoo-inc.com
# ARIN WHOIS database, last updated 2005-05-14 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
If you use ebay please forward this to them as im sure it would help them.
the link that was shown in the email (https://signin.ebay.com/aw-cgi/eBayISAPI.dll?OneTimePayment&ssPageName=h:h:sin:US) is a real ebay address pointing to a real ebay server but in the email thats just a cover when you click the link it doesnt take you their it infact takes you to
https://signin.ebay.com.ws1-secure.us/ws/eBayISAPI.dll?SignIn&favoritenav=&sid=&ruproduct=&pp=&co_partnerId=2&ru=&i1=&ruparams=&pageType=&pa2=&bshowgif=&pa1=&pUserId=&errmsg=&UsingSSL=&runame=&siteid=0
you could of easly spoted this by just hovering the mouse over the link and looking at the link in the bottom corner of your browser
as you can see the main site is https://signin.ebay.com.ws1-secure.us as you can see it ends in .us not .com they have just but the official (signin.ebay.com) into their websites name, it just looks like a ebay login site to trick people into putting in their details it even comes with its own SSL Server Certificate(although fireox warned me it was fake it was signed by a company called "snake oi ltdl"when i did a whois of this address i got this
IP 68.142.234.45
HOST NAME p5w2.geo.re2.yahoo.com
OrgName: Inktomi Corporation
OrgID: INKT
Address: 701 First Ave
City: Sunnyvale
StateProv: CA
PostalCode: 94089
Country: US
NetRange: 68.142.192.0 - 68.142.255.255
CIDR: 68.142.192.0/18
NetName: INKTOMI-BLK-4
NetHandle: NET-68-142-192-0-1
Parent: NET-68-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.YAHOO.COM
NameServer: NS2.YAHOO.COM
NameServer: NS3.YAHOO.COM
NameServer: NS4.YAHOO.COM
NameServer: NS5.YAHOO.COM
Comment: For general abuse contact netblockadmin@yahoo-inc.com.
Comment: For Web Crawler questions please visit
Comment: http://help.yahoo.com/help/us/ysearch/slurp/
RegDate: 2004-03-24
Updated: 2005-02-18
AbuseHandle: NA258-ARIN
AbuseName: Netblock Admin
AbusePhone: +1-408-349-3300
AbuseEmail: netblockadmin@yahoo-inc.com
OrgAbuseHandle: NETWO857-ARIN
OrgAbuseName: Network Abuse
OrgAbusePhone: +1-408-349-3300
OrgAbuseEmail: network-abuse@cc.yahoo-inc.com
OrgTechHandle: NA258-ARIN
OrgTechName: Netblock Admin
OrgTechPhone: +1-408-349-3300
OrgTechEmail: netblockadmin@yahoo-inc.com
# ARIN WHOIS database, last updated 2005-05-14 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
If you use ebay please forward this to them as im sure it would help them.