[LINK] PayPal phishing scam - is this a domain hijack
Adam Todd
link at todd.inoz.com
Fri Jan 19 23:11:17 AEDT 2007
You forgot Integer Number URL's (discussed on link about 7 years ago).
can't be bothered working out an example, but dnsstuff.com will do them for
you!
At 08:47 PM 19/01/2007, Kim Holburn wrote:
>>LINK: http://www1.paypal.com.cgi-bin.verify-
>>v50lxsecuressl.activate.onlineservice.accounts.raisedtotheground.com/w
>>ebscrcmd=update/
>>signinDQAAAG4AAADZ3XcFqGpyVexZXlp42ILckL16sz8USkBXj2StlL2lq74RZi-
>>ZN0FOU7by8X_Jh2pn3AEECKZo8TFq0WyJ8IIGI0qgARKV_pf27Z0dSdpkBPWqiQQcY0sJJ
>>8txaw-ifZToKQeM9OX1D4LVt4HygyKB.html
>
>There are many many ways to obfuscate the url. This is one of the
>simpler ones. You could use tinyurl. You can use urls like these
>and combine different schemes but most people don't even check the
>host name and why should they have to?
>
>http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D
>http://209.85.135.103
>http://www.paypal.com@www.google.com
>
>There's also language encoding of dns names, like unicode, utf, etc
>
>Then there's the link text if it's an html email.
>
>I've seen phishing sites that almost immediately redirect you through
>to the real website with a special bit of javascript added in.
More information about the Link
mailing list