Posted: 5/18/2003 11:45:33 PM EDT
|
Got this in an email just now... looks all nice and pretty .. even has that ebay "feel" to the Look of the message. Wonder how many people fall for this scam? I am assuming its a scam I didnt click the links... [img]pics.ebay.com/aw/pics/homepage/v2/logo_171x102.gif[/img] Dear eBay User, During our regular update and verification of the accounts, we couldn't verify your current information. Either your information has changed or it is incomplete. Please update and verify your information by clicking [blue]here[/blue] and signing into your account. If the account information is not updated to current information within 5 days then, your access to bid, buy or sell on eBay will be restricted. Thank you Accounts Management Copyright 2003 eBay Inc. All Rights Reserved. As outlined in our User Agreement, eBay will periodically send you information about site changes and enhancements. Visit our Privacy Policy and User Agreement if you have any questions. Announcements | Register | SafeHarbor (Rules & Safety) | Feedback Forum | About eBay ___________________________________________________ the click [blue]HERE[/blue] has a url of http://205.214.89.85/ebay.html.. < didnt click nor do I want you to > |
|
Search results for: 205.214.89.85 OrgName: VONOC OrgID: VONO Address: 5970 S. Greenwood Plaza Blvd City: Englewood StateProv: CO PostalCode: 80111 Country: US NetRange: 205.214.64.0 - 205.214.95.255 CIDR: 205.214.64.0/19 NetName: VONOC-04 NetHandle: NET-205-214-64-0-1 Parent: NET-205-0-0-0-0 NetType: Direct Allocation NameServer: NS1.VONOC.NET NameServer: NS2.VONOC.NET Comment: RegDate: Updated: 2003-01-07 TechHandle: FF186-ARIN TechName: Franzel, Fred TechPhone: +1-720-279-2011 TechEmail: [email protected] OrgAbuseHandle: VAD1-ARIN OrgAbuseName: VODC Abuse Dept OrgAbusePhone: +1-720-279-2011 OrgAbuseEmail: [email protected] OrgTechHandle: FF186-ARIN OrgTechName: Franzel, Fred OrgTechPhone: +1-720-279-2011 OrgTechEmail: [email protected] # ARIN WHOIS database, last updated 2003-05-18 20:10 # Enter ? for additional hints on searching ARIN's WHOIS database. There's the place hosting that URL that was linked from your e-mail. I'd forward a copy of that to their abuse department, and maybe give them a call and let them know what's going on. |
|
Interesting ports on 205.214.89.85: (The 1594 ports scanned but not shown below are in state: closed) Port State Service 1/tcp open tcpmux 21/tcp open ftp 22/tcp open ssh 25/tcp open smtp 53/tcp open domain 67/tcp open dhcpserver 68/tcp open dhcpclient 80/tcp open http 110/tcp open pop-3 111/tcp open sunrpc 143/tcp open imap2 443/tcp open https 465/tcp open smtps 993/tcp open imaps 995/tcp open pop3s 3306/tcp open mysql 6666/tcp open irc-serv Remote operating system guess: Linux Kernel 2.4.0 - 2.5.20 Uptime 17.600 days (since Thu May 1 12:53:42 2003) Trying 205.214.89.85... Connected to 205.214.89.85. Escape character is '^]'. 220-saudi1.vosn.net ESMTP Exim 3.36 #1 Mon, 19 May 2003 02:19:33 -0600 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail. TAKE IT DOWN!! |
|
Quoted: Interesting ports on 205.214.89.85: TAKE IT DOWN!! I'm guessing that a public nmap posting together with the solicitation "Take it down" would make you an accessory should someone actually decide to "Take it down." It's your ass 'n all but damn man... not smart |
|
How do you get info like below? Quoted: Search results for: 205.214.89.85 OrgName: VONOC OrgID: VONO Address: 5970 S. Greenwood Plaza Blvd City: Englewood StateProv: CO PostalCode: 80111 Country: US NetRange: 205.214.64.0 - 205.214.95.255 CIDR: 205.214.64.0/19 NetName: VONOC-04 NetHandle: NET-205-214-64-0-1 Parent: NET-205-0-0-0-0 NetType: Direct Allocation NameServer: NS1.VONOC.NET NameServer: NS2.VONOC.NET Comment: RegDate: Updated: 2003-01-07 TechHandle: FF186-ARIN TechName: Franzel, Fred TechPhone: +1-720-279-2011 TechEmail: [email protected] OrgAbuseHandle: VAD1-ARIN OrgAbuseName: VODC Abuse Dept OrgAbusePhone: +1-720-279-2011 OrgAbuseEmail: [email protected] OrgTechHandle: FF186-ARIN OrgTechName: Franzel, Fred OrgTechPhone: +1-720-279-2011 OrgTechEmail: [email protected] # ARIN WHOIS database, last updated 2003-05-18 20:10 # Enter ? for additional hints on searching ARIN's WHOIS database. There's the place hosting that URL that was linked from your e-mail. I'd forward a copy of that to their abuse department, and maybe give them a call and let them know what's going on. |
|
Quoted: Quoted: Interesting ports on 205.214.89.85: TAKE IT DOWN!! I'm guessing that a public nmap posting together with the solicitation "Take it down" would make you an accessory should someone actually decide to "Take it down." It's your ass 'n all but damn man... not smart Woops. I forgot to add a whole paragraph in that last post, what I [red]meant[/red] to say: ---- Dear admin of faked ebay identity theft server: I have taken a peek at your server (entirely non-intrusive) and found that you have a few services that potentially could be used for a remote user to gain root access to your machine. Now, I would never advocate or actually do such a thing, but it would be a terrible thing if somebody were to crack your server and steal all of the identities which you have rightfully scammed. So, please, in the interest of your own security regarding your server, TAKE IT DOWN!! ---- I apologize for the confusion here, and the accidental omission that did, in fact, insinuate that I would be somebody who would do such a nasty thing which I do not condone. |
|
[/quote] Woops. I forgot to add a whole paragraph in that last post, what I [red]meant[/red] to say: I apologize for the confusion here, and the accidental omission that did, in fact, insinuate that I would be somebody who would do such a nasty thing which I do not condone. [/quote] Yeah Yeah. Tell it to the judge [:D] |
|
Quoted: Yeah Yeah. Tell it to the judge [:D] What, you a judge or something? Like the guy is gonna call the police because all of his credit card info, SSN's, mailing addresses, mother's maiden names, etc. Were hacked/stolen. Puulleeeze. I can't say how the information was found, as that would further implicate me in activities which I don't know nothin about. I posted the mailer line simply because of the hostname (saudi1). [:D] |