Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A for any cross site scripting information. Feel free to ask away. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
The yahoo, paypal spam phisher connection
Posted by: id
Date: August 25, 2006 03:12PM

I advocate fucking with assholes like this.

-id
(Link text under actual link in the spam)

Dear h@ckers.org,

It has come to our attention that your PayPal® account information needs to be
updated as part of our continuing commitment to protect your account and to
reduce the instance of fraud on our website. If you could please take 5-10 minutes
out of your online experience and update your personal records you will not run into
any future problems with the online service.


However, failure to update your records will result in account suspension.
Please update your records on or before August 27, 2006.

Once you have updated your account records, your PayPal® session will not be
interrupted and will continue as normal.

To update your PayPal® records click on the following link:
http://rds.yahoo.com/_ylt=A0LaSV66fNtDg.kAUoJXNyoA;_ylu=X3oDMTE2ZHVuZ3E3BGNvbG8DdwRsA1dTMQRwb3MDMwRzZWMDc3IEdnRpZANGNjU1Xzc1/SIG=148vsd1jp/EXP=1138544186/**http%3a//72.29.83.93/~sunny/live/link.php
http://www.paypal.com/cgi-bin/webscr?cmd=p/gen/restrictedaccounts.asp




Thank You.
PayPal® UPDATE TEAM

Accounts Management As outlined in our User Agreement, PayPal® will
periodically send you information about site changes and enhancements.

Visit our Privacy Policy and User Agreement if you have any questions.
http://rds.yahoo.com/_ylt=A0LaSV66fNtDg.kAUoJXNyoA;_ylu=X3oDMTE2ZHVuZ3E3BGNvbG8DdwRsA1dTMQRwb3MDMwRzZWMDc3IEdnRpZANGNjU1Xzc1/SIG=148vsd1jp/EXP=1138544186/**http%3a//72.29.83.93/~sunny/live/link.php
http://www.paypal.com/cgi-bin/webscr?cmd=p/gen/ua/policy_privacy-outside

Options: ReplyQuote
Re: The yahoo, paypal spam phisher connection
Posted by: id
Date: August 25, 2006 03:17PM

Interesting ports on 72-29-83-93.static.dimenoc.com (72.29.83.93):
(The 1657 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE VERSION
1/tcp open tcpwrapped
21/tcp open ftp PureFTPd
22/tcp open ssh OpenSSH 3.9p1 (protocol 2.0)
25/tcp open smtp Exim smtpd 4.52
26/tcp open smtp Exim smtpd 4.52
53/tcp open domain ISC Bind 9.2.4
80/tcp open http Apache httpd 1.3.36
110/tcp open pop3 cppop pop3d 20.0
111/tcp open tcpwrapped
143/tcp open imap UW Imapd 2004.357-cpanel
443/tcp open http Apache httpd 1.3.36
465/tcp open ssl/smtp Exim smtpd 4.52
993/tcp open ssl/imap UW Imapd 2004.357-cpanel
995/tcp open ssl/pop3 cppop pop3d 20.0
3306/tcp open mysql MySQL 4.1.21-standard
Device type: general purpose
Running: Linux 2.6.X
OS details: Linux 2.6.10 - 2.6.11
Service Info: Host: dime107.dizinc.com

Options: ReplyQuote
Re: The yahoo, paypal spam phisher connection
Posted by: rsnake
Date: August 25, 2006 03:28PM

Ugh, look at all those ports :( No wonder they got hacked into.

Options: ReplyQuote
Re: The yahoo, paypal spam phisher connection
Posted by: id
Date: August 25, 2006 03:32PM

Some dirty hippy pagan owns it

-id

Name: wiccamagicks.com
Address: 72.29.83.93


Domain Name:wiccamagicks.com
Record last updated at 2005-09-29 13:54:19
Record created on 2005/9/29
Record expired on 2006/9/29


Domain servers in listed order:
ns917.dizinc.com ns918.dizinc.com

Administrator:
5 Saratoga Ave
Ventura
California,
UNITED STATES
93003

name:(Affiliation Sensation)
mail:(rariadne@witchcraftcentral.com) +1.8056441626
Affiliation Sensation
Technical Contactor:
5 Saratoga Ave
Ventura
California,
UNITED STATES
93003

name:(Affiliation Sensation)
mail:(rariadne@witchcraftcentral.com) +1.8056441626
Affiliation Sensation
Billing Contactor:
5 Saratoga Ave
Ventura
California,
UNITED STATES
93003

name:(Affiliation Sensation)
mail:(rariadne@witchcraftcentral.com) +1.8056441626
Affiliation Sensation

Registration Service Provider:
name: CleverDot.com
tel: +
fax: +
web:http://www.cleverdot.com

Options: ReplyQuote
Re: The yahoo, paypal spam phisher connection
Posted by: WhiteAcid
Date: August 25, 2006 04:08PM

there is anonymous FTP access:
Status: Connecting to 72.29.83.93 ...
Status: Connected with 72.29.83.93. Waiting for welcome message...
Response: 220---------- Welcome to Pure-FTPd [TLS] ----------
Response: 220-You are user number 5 of 50 allowed.
So it seems people are connected. Only one empty folder, no upload rights.
Oh, there's also a load of ports that aren't typically used:
1863/tcp open unknown
2082/tcp open unknown
2083/tcp open unknown
2086/tcp open unknown
2087/tcp open unknown
2095/tcp open unknown
2096/tcp open unknown
5190/tcp open aol

Don't forget our IRC: irc://irc.irchighway.net/#slackers
-WhiteAcid - your friendly, very lazy, web developer

Options: ReplyQuote
Re: The yahoo, paypal spam phisher connection
Posted by: id
Date: August 25, 2006 05:22PM

Good call, I just did a standard nmap...too lazy to really care, I get pissed for like 2 min and am done :)

-id

Options: ReplyQuote
Re: The yahoo, paypal spam phisher connection
Posted by: rsnake
Date: August 26, 2006 12:24PM

id, you act like this is the first phishing email you've ever gotten, sheesh! ;)

No but seriously, they probably just used an automated scanner to break in. It's the most economical way to build phishing sites, by far.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: The yahoo, paypal spam phisher connection
Posted by: id
Date: August 26, 2006 10:08PM

I can take spam just fine, but hippies, FUCK THAT.

-id

Options: ReplyQuote
Re: The yahoo, paypal spam phisher connection
Posted by: rsnake
Date: August 26, 2006 10:28PM

Hahah... ./mailbomb.o |patchouli.oil > id

Options: ReplyQuote


Sorry, only registered users may post in this forum.