Another Ebay account scam

[The village idiot]

Here's the real link:

http://216.238.11.49/aw-cgi/SignIn.html

please fill it in with garbage info and help fight these bastards.

[rkr1958]

When you follow this link it asks you to "sign-in". The address of the page is http://216.238.11.49/aw-cgi/SignIn.html Obviously not ebay ... They're trying to spoof you into, at the very least, giving them your User ID and password. These crooks are very good ...

please fill it in with garbage info and help fight these bastards.

TVI ... what are you asking us to fill in? ... If I log in they got my ID and password.

EDIT: O.K. I'm dense ... ANY ID and password will do ...

[Treebeard]

When you follow this link it asks you to "sign-in". The address of the page is http://216.238.11.49/aw-cgi/SignIn.html Obviously not ebay ... They're trying to spoof you into, at the very least, giving them your User ID and password. These crooks are very good ...

please fill it in with garbage info and help fight these bastards.

TVI ... what are you asking us to fill in? ... If I log in they got my ID and password.

He wants you to put in false id and pwd just to waste their time.

[The village idiot]

Yup, ALL false info, every last bit of it. It doesn't really check to see if there exists a member name of Fred_Stoner with a password of SMOKIN. Then fill in the other info with whatever you like, just as long as it isn't real, or at least not your info. You could use an enemy's info if you like, but that is up to you.

[flaninacupboard]

they don't even let you list your country as Iraq! how dull!

[The village idiot]

So here is what the exchange of info looks like from the proxy log (thought some of you might be interested to see what goes on when you click on a link.

+++GET 211+++
Using Proxy - 195.235.81.94:80 <----- important info
POST http://216.238.11.49/aw-cgi/eBayISAPI.dll/ HTTP/1.0
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
Referer: http://216.238.11.49/aw-cgi/eBayISAPI.dll/
Accept-Language: en-us
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Host: 216.238.11.49
Content-Length: 37
Pragma: no-cache
Connection: keep-alive
Browser reload detected...
Posting 37 bytes... <----- sending "log in" data
userid=Harry_peters
password=LongDong
Continue ignored...

+++RESP 211+++
HTTP/1.1 200 OK
Via: 1.1 DANIELA
Connection: close
Content-Type: text/html
Date: Sat, 14 Aug 2004 00:10:42 GMT
Server: Apache/1.3.27 (Unix) PHP/4.3.8 mod_ssl/2.8.12 OpenSSL/0.9.6g
X-Powered-By: PHP/4.3.8
<start> 211: Kill pop-up windows
<start> 211: Force pop-ups to have browser controls
<start> 211: Suppress all JavaScript errors
<start> 211: Stop browser window resizing
Match 211: Frame Jumper-Outer
Match 211: Frame Jumper-Outer
Match 211: Frame Jumper-Outer
Match 211: Frame Jumper-Outer
Match 211: Frame Jumper-Outer
Match 211: Frame Jumper-Outer
Match 211: Frame Jumper-Outer

+++GET 212+++
Using Proxy - 195.235.81.94:80
GET http://216.238.11.49/aw-cgi/eBayISAPI.dll/CCPayment_files/spacer.gif HTTP/1.0
Accept: */*
Referer: http://216.238.11.49/aw-cgi/eBayISAPI.dll/CCPayment_files/spacer.gif
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Host: 216.238.11.49
Connection: keep-alive
Match 211: Frame Jumper-Outer
Match 211: Frame Jumper-Outer
Match 211: Frame Jumper-Outer
Match 211: Frame Jumper-Outer
Match 211: Frame Jumper-Outer

+++RESP 212+++
HTTP/1.1 200 OK
Via: 1.1 DANIELA
Connection: close
Content-Length: 49
Content-Type: image/gif
Date: Sat, 14 Aug 2004 00:10:44 GMT
Server: Apache/1.3.27 (Unix) PHP/4.3.8 mod_ssl/2.8.12 OpenSSL/0.9.6g
Last-Modified: Wed, 11 Aug 2004 22:16:35 GMT
ETag: "143b9-31-411a9ac3"
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=100
+++CLOSE 212+++

+++GET 213+++
Using Proxy - 195.235.81.94:80
GET http://216.238.11.49/aw-cgi/eBayISAPI.dll/CCPayment_files/ebayLogo.gif HTTP/1.0
Accept: */*
Referer: http://216.238.11.49/aw-cgi/eBayISAPI.dll/CCPayment_files/ebayLogo.gif
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Host: 216.238.11.49
Connection: keep-alive

+++RESP 213+++
HTTP/1.1 200 OK
Via: 1.1 DANIELA
Connection: close
Content-Length: 1431
Content-Type: image/gif
Date: Sat, 14 Aug 2004 00:10:44 GMT
Server: Apache/1.3.27 (Unix) PHP/4.3.8 mod_ssl/2.8.12 OpenSSL/0.9.6g
Last-Modified: Wed, 11 Aug 2004 22:16:31 GMT
ETag: "143ad-597-411a9abf"
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=99
+++CLOSE 213+++

+++GET 214+++
Using Proxy - 195.235.81.94:80
GET http://216.238.11.49/aw-cgi/eBayISAPI.dll/CCPayment_files/questionMark_14x14.gif HTTP/1.0
Accept: */*
Referer: http://216.238.11.49/aw-cgi/eBayISAPI.dll/CCPayment_files/questionMark_14x14.gif
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Host: 216.238.11.49
Connection: keep-alive
<end> 211: Restore pop-ups after a page loads
+++CLOSE 211+++

+++GET 215+++
Using Proxy - 195.235.81.94:80
GET http://216.238.11.49/aw-cgi/eBayISAPI.dll/CCPayment_files/browse.gif HTTP/1.0
Accept: */*
Referer: http://216.238.11.49/aw-cgi/eBayISAPI.dll/CCPayment_files/browse.gif
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Host: 216.238.11.49
Connection: keep-alive

+++RESP 214+++
HTTP/1.1 200 OK
Via: 1.1 DANIELA
Connection: close
Content-Length: 245
Content-Type: image/gif
Date: Sat, 14 Aug 2004 00:10:46 GMT
Server: Apache/1.3.27 (Unix) PHP/4.3.8 mod_ssl/2.8.12 OpenSSL/0.9.6g
Last-Modified: Wed, 11 Aug 2004 22:16:33 GMT
ETag: "143b4-f5-411a9ac1"
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=98
+++CLOSE 214+++

+++GET 216+++
Using Proxy - 195.235.81.94:80
GET http://216.238.11.49/aw-cgi/eBayISAPI.dll/CCPayment_files/search.gif HTTP/1.0
Accept: */*
Referer: http://216.238.11.49/aw-cgi/eBayISAPI.dll/CCPayment_files/search.gif
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Host: 216.238.11.49
Connection: keep-alive

+++RESP 216+++
HTTP/1.1 200 OK
Via: 1.1 DANIELA
Connection: close
Content-Length: 206
Content-Type: image/gif
Date: Sat, 14 Aug 2004 00:10:46 GMT
Server: Apache/1.3.27 (Unix) PHP/4.3.8 mod_ssl/2.8.12 OpenSSL/0.9.6g
Last-Modified: Wed, 11 Aug 2004 22:16:34 GMT
ETag: "143b5-ce-411a9ac2"
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=97
+++CLOSE 216+++

+++GET 217+++
Using Proxy - 195.235.81.94:80
GET http://216.238.11.49/aw-cgi/eBayISAPI.dll/CCPayment_files/myebay.gif HTTP/1.0
Accept: */*
Referer: http://216.238.11.49/aw-cgi/eBayISAPI.dll/CCPayment_files/myebay.gif
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Host: 216.238.11.49
Connection: keep-alive

+++RESP 215+++
HTTP/1.1 200 OK
Via: 1.1 DANIELA
Connection: close
Content-Length: 212
Content-Type: image/gif
Date: Sat, 14 Aug 2004 00:10:46 GMT
Server: Apache/1.3.27 (Unix) PHP/4.3.8 mod_ssl/2.8.12 OpenSSL/0.9.6g
Last-Modified: Wed, 11 Aug 2004 22:16:24 GMT
ETag: "143a6-d4-411a9ab8"
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=100
+++CLOSE 215+++

+++GET 218+++
Using Proxy - 195.235.81.94:80
GET http://216.238.11.49/aw-cgi/eBayISAPI.dll/CCPayment_files/community.gif HTTP/1.0
Accept: */*
Referer: http://216.238.11.49/aw-cgi/eBayISAPI.dll/CCPayment_files/community.gif
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Host: 216.238.11.49
Connection: keep-alive

+++RESP 217+++
HTTP/1.1 200 OK
Via: 1.1 DANIELA
Connection: close
Content-Length: 238
Content-Type: image/gif
Date: Sat, 14 Aug 2004 00:10:47 GMT
Server: Apache/1.3.27 (Unix) PHP/4.3.8 mod_ssl/2.8.12 OpenSSL/0.9.6g
Last-Modified: Wed, 11 Aug 2004 22:16:32 GMT
ETag: "143b1-ee-411a9ac0"
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=96
+++CLOSE 217+++

+++GET 219+++
Using Proxy - 195.235.81.94:80
GET http://216.238.11.49/aw-cgi/eBayISAPI.dll/CCPayment_files/sell.gif HTTP/1.0
Accept: */*
Referer: http://216.238.11.49/aw-cgi/eBayISAPI.dll/CCPayment_files/sell.gif
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Host: 216.238.11.49
Connection: keep-alive

+++RESP 218+++
HTTP/1.1 200 OK
Via: 1.1 DANIELA
Connection: close
Content-Length: 251
Content-Type: image/gif
Date: Sat, 14 Aug 2004 00:10:47 GMT
Server: Apache/1.3.27 (Unix) PHP/4.3.8 mod_ssl/2.8.12 OpenSSL/0.9.6g
Last-Modified: Wed, 11 Aug 2004 22:16:28 GMT
ETag: "143aa-fb-411a9abc"
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=99
+++CLOSE 218+++

+++GET 220+++
Using Proxy - 195.235.81.94:80
GET http://216.238.11.49/aw-cgi/eBayISAPI.dll/CCPayment_files/header_partner.gif HTTP/1.0
Accept: */*
Referer: http://216.238.11.49/aw-cgi/eBayISAPI.dll/CCPayment_files/header_partner.gif
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Host: 216.238.11.49
Connection: keep-alive

+++RESP 219+++
HTTP/1.1 200 OK
Via: 1.1 DANIELA
Connection: close
Content-Length: 169
Content-Type: image/gif
Date: Sat, 14 Aug 2004 00:10:47 GMT
Server: Apache/1.3.27 (Unix) PHP/4.3.8 mod_ssl/2.8.12 OpenSSL/0.9.6g
Last-Modified: Wed, 11 Aug 2004 22:16:34 GMT
ETag: "143b6-a9-411a9ac2"
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=95
+++CLOSE 219+++

+++GET 221+++
Using Proxy - 195.235.81.94:80
GET http://216.238.11.49/aw-cgi/eBayISAPI.dll/CCPayment_files/leftLine_16x3.gif HTTP/1.0
Accept: */*
Referer: http://216.238.11.49/aw-cgi/eBayISAPI.dll/CCPayment_files/leftLine_16x3.gif
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Host: 216.238.11.49
Connection: keep-alive

+++RESP 220+++
HTTP/1.1 200 OK
Via: 1.1 DANIELA
Connection: close
Content-Length: 562
Content-Type: image/gif
Date: Sat, 14 Aug 2004 00:10:48 GMT
Server: Apache/1.3.27 (Unix) PHP/4.3.8 mod_ssl/2.8.12 OpenSSL/0.9.6g
Last-Modified: Wed, 11 Aug 2004 22:16:31 GMT
ETag: "143af-232-411a9abf"
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=98
+++CLOSE 220+++

+++GET 222+++
Using Proxy - 195.235.81.94:80
GET http://216.238.11.49/aw-cgi/eBayISAPI.dll/CCPayment_files/crdcards.gif HTTP/1.0
Accept: */*
Referer: http://216.238.11.49/aw-cgi/eBayISAPI.dll/CCPayment_files/crdcards.gif
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Host: 216.238.11.49
Connection: keep-alive

+++RESP 221+++
HTTP/1.1 200 OK
Via: 1.1 DANIELA
Connection: close
Content-Length: 45
Content-Type: image/gif
Date: Sat, 14 Aug 2004 00:10:48 GMT
Server: Apache/1.3.27 (Unix) PHP/4.3.8 mod_ssl/2.8.12 OpenSSL/0.9.6g
Last-Modified: Wed, 11 Aug 2004 22:16:31 GMT
ETag: "143b0-2d-411a9abf"
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=94
+++CLOSE 221+++

+++GET 223+++
Using Proxy - 195.235.81.94:80
GET http://216.238.11.49/aw-cgi/eBayISAPI.dll/CCPayment_files/truste_button.gif HTTP/1.0
Accept: */*
Referer: http://216.238.11.49/aw-cgi/eBayISAPI.dll/CCPayment_files/truste_button.gif
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Host: 216.238.11.49
Connection: keep-alive

+++RESP 222+++
HTTP/1.1 200 OK
Via: 1.1 DANIELA
Connection: close
Content-Length: 2585
Content-Type: image/gif
Date: Sat, 14 Aug 2004 00:10:48 GMT
Server: Apache/1.3.27 (Unix) PHP/4.3.8 mod_ssl/2.8.12 OpenSSL/0.9.6g
Last-Modified: Wed, 11 Aug 2004 22:16:29 GMT
ETag: "143ac-a19-411a9abd"
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=97
+++CLOSE 222+++

+++RESP 223+++
HTTP/1.1 200 OK
Via: 1.1 DANIELA
Connection: close
Content-Length: 765
Content-Type: image/gif
Date: Sat, 14 Aug 2004 00:10:49 GMT
Server: Apache/1.3.27 (Unix) PHP/4.3.8 mod_ssl/2.8.12 OpenSSL/0.9.6g
Last-Modified: Wed, 11 Aug 2004 22:16:36 GMT
ETag: "143ba-2fd-411a9ac4"
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=93
+++CLOSE 223+++

+++GET 224+++
Using Proxy - 195.235.81.94:80
POST http://216.238.11.49/aw-cgi/eBayISAPI.dll/eBayISAPI.php HTTP/1.0
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
Referer: http://216.238.11.49/aw-cgi/eBayISAPI.dll/eBayISAPI.php
Accept-Language: en-us
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Host: 216.238.11.49
Content-Length: 267
Pragma: no-cache
Connection: keep-alive
Browser reload detected...
Posting 267 bytes... <-------- more goodness
firstname=Harry
lastname=Peters
street=900+Long+Way
city=Dongville
state=CA
zip=45879
country=United+States
dayphone12=458
dayphone22=647
dayphone32=9966
dayphone42=
ccnumber=8795452688796548
ccmonth=10
ccyear=2006
cardtype=Credit
pin=5789
cvv=569
action=Continue+%3E
Continue ignored...

+++RESP 224+++
HTTP/1.1 200 OK
Via: 1.1 DANIELA
Connection: close
Content-Type: text/html
Date: Sat, 14 Aug 2004 00:13:43 GMT
Server: Apache/1.3.27 (Unix) PHP/4.3.8 mod_ssl/2.8.12 OpenSSL/0.9.6g
X-Powered-By: PHP/4.3.8
Pragma: no-cache
<start> 224: Kill pop-up windows
<start> 224: Force pop-ups to have browser controls
<start> 224: Suppress all JavaScript errors
<start> 224: Stop browser window resizing
<end> 224: Restore pop-ups after a page loads
+++CLOSE 224+++

+++GET 225+++
Using Proxy - 195.235.81.94:80
GET http://216.238.11.49/signOutConfirm.html HTTP/1.0
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Host: 216.238.11.49
Connection: keep-alive

+++RESP 225+++
HTTP/1.1 200 OK
Via: 1.1 DANIELA
Connection: close
Content-Length: 12878
Content-Type: text/html
Date: Sat, 14 Aug 2004 00:13:45 GMT
Server: Apache/1.3.27 (Unix) PHP/4.3.8 mod_ssl/2.8.12 OpenSSL/0.9.6g
Last-Modified: Wed, 11 Aug 2004 22:15:55 GMT
ETag: "8a326-324e-411a9a9b"
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=100
<start> 225: Kill pop-up windows
<start> 225: Force pop-ups to have browser controls
<start> 225: Suppress all JavaScript errors
<start> 225: Stop browser window resizing
Match 225: Frame Jumper-Outer

[The village idiot]

Now it is time for the fun

[rkr1958]

I've twice entered bogus info (by hand). It was fun but does this small effort do anygood stopping or slowing down these theives?

[The village idiot]

If enough people do it, then yes. If only a few people do it, then it really doesn't amount to much.

Just finished sending 24500 to them, hopefully that will make a difference.

[rkr1958]

If enough people do it, then yes. If only a few people do it, then it really doesn't amount to much.

Just finished sending 24500 to them, hopefully that will make a difference.

24500 that's great!!! TVI, keep up the good fight. You're like a bulldozer ... the rest of us without your expertise are like a teaspoon ... Well ... I'll keep doing two here and there ... It's fun and it makes me feel like at least in spirit I'm making some difference.

[gooberguy]

Hmm, yes im dumb but can someone please fill me in on this packet strom and DoS you keep talking abot, it seems like fun and i wanna screw their inboxes too!