PCTalk.info

[Spock]

Ref: https://www.paypal.com/fightphishing

I recently got a phishing email purporting to be from paypal. I will reproduce most of it below but before you read it, please visit the link above to learn how to recognize phishing emails.

Note: all links have been disabled but the information is still in place so you can check it via Whois yourself. Please be careful as many of these spam sites will infect your computer with a virus or Trojan if you aren't well protected.

From - Sun Feb 24 10:08:49 2008
X-Account-Key: account5
X-UIDL: 1203840973.99466.pctalkin.ipower.com
X-Mozilla-Status: 1000
X-Mozilla-Status2: 00010000
X-Mozilla-Keys:
Return-Path: <SRS0=foJ3H3=TN=paypal.com=reactivate@yourhostingaccount.com>
Delivered-To: ***spock@***
Received: (qmail 99453 invoked from network); 24 Feb 2008 08:16:12 -0000
Received: from unknown (HELO mailout08.yourhostingaccount.com) (65.254.253.233)
by pctalkin.ipower.com with SMTP; 24 Feb 2008 08:16:12 -0000
Received: from mailscan06.yourhostingaccount.com ([10.1.15.6] helo=mailscan06.yourhostingaccount.com)
by mailout08.yourhostingaccount.com with esmtp (Exim)
id 1JTC2W-0008Kk-QH
for spock@***; Sun, 24 Feb 2008 03:16:52 -0500
Received: from impinc03.yourhostingaccount.com ([10.1.13.103] helo=impinc03.yourhostingaccount.com)
by mailscan06.yourhostingaccount.com with esmtp (Exim)
id 1JTC2W-0005WD-MT
for spock@***; Sun, 24 Feb 2008 03:16:52 -0500
Received: from mailout03.dsvr.x-isp.net ([213.253.179.7])
by impinc03.yourhostingaccount.com with NO UCE
id tLGr1Y06W09yK0d0000000; Sun, 24 Feb 2008 03:16:52 -0500
X-EN-CM: 1
X-EN-OrigIP: 213.253.179.7
X-EN-IMPSID: tLGr1Y06W09yK0d0000000
Received: from [212.69.198.194] (helo=triangle.dsvr.co.uk)
by mailout03.dsvr.x-isp.net with esmtp id 1JTC2O-0007CF-FN; Sun, 24 Feb 2008 08:16:44 +0000
Received: from [60.229.250.149] (helo=User)
by triangle.dsvr.co.uk with esmtpa (Exim 4.62)
(envelope-from <reactivate@paypal.com>)
id 1JTC14-0003zg-EW; Sun, 24 Feb 2008 08:15:23 +0000
Reply-To: <no.reply@paypal.com>
From: "PayPal Inc. Security Center"<reactivate@paypal.com>
Subject: Reactivate Your PayPal Account ,
Date: Sun, 24 Feb 2008 19:15:22 +1100
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-Spam: True
X-Antivirus: AVG for E-mail 7.5.516 [269.20.9/1295]
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=Windows-1251

This email confirms that you have sent an eBay payment of $47.85 USD to
achad13@yahoo.com for an eBay item.


-----------------------------------
Payment Details
-----------------------------------


Amount: $47.85 USD

Transaction ID: 2LC956793J776333Y

Subject: Digimax 130

Note:
If you haven't authorized this charge ,click the link below to dispute transaction
and get full refund

Click on the link bellow to dispute transaction
http:// lpy1.gs-ys.com /www.paypal.com /cgi-bin /webscr=cmd=p /index.php
Note: The above link has been broken by adding spaces. Please do not actually visit this site!

*SSL connection:
PayPal automatically encrypts your confidential information
in transit from your computer to ours using the Secure
Sockets Layer protocol (SSL) with an encryption key length
of 128-bits (the highest level commercially available)

-----------------------------------
Item Information
-----------------------------------


eBay User ID: scratchandgnaw2


----------------------------------------------------------------
Edward Harrell's UNCONFIRMED Address
----------------------------------------------------------------

Edward Harrell
211 David St.
Springtown, TX 76082
United States

Important Note: Edward Harrell has provided an Unconfirmed Address. If
you are planning on shipping items to Edward Harrell, please check the
Transaction Details page of this payment to find out whether you will
be covered by the PayPal Seller Protection Policy.




----------------------------------------------------------------
This payment was sent using your bank account.

By using your bank account to send money, you just:

- Paid easily and securely

- Sent money faster than writing and mailing paper checks
- Paid instantly -- your purchase won't show up on bills at the end of
the month.

Thanks for using your bank account!



----------------------------------------------------------------

Thank you for using PayPal!
The PayPal Team
PayPal Email ID PP118



--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.516 / Virus Database: 269.20.9/1295 - Release Date: 2/23/2008 9:35 PM

[Spock]

The following is the information returned when I did a Whois on the "click here" link.

Note: All email addresses have been broken using spaces so they do not work. Please do not visit. If it looks or acts like a link, it is. As far as I know, there are only 3 active links in this post and they should all be safe to visit.

Domain: lpy1.gs-ys.com

WhoIs Lookup performed by Karen's WhoIs
http://www.karenware.com/

Whois Server Version 1.3

Domain names in the .com and .net domains can now be registered with many different competing registrars. Go to http://www.internic.net for detailed information.

Domain Name: GS-YS.COM
Registrar: BIZCN.COM, INC.
Whois Server: whois.bizcn.com
Referral URL: http://www.bizcn.com
Name Server: DNS2.LEGEND-NET.COM.CN
Name Server: DNS1.LEGEND-NET.COM.CN
Status: clientTransferProhibited
Status: clientDeleteProhibited
Updated Date: 04-apr-2007
Creation Date: 13-apr-2004
Expiration Date: 13-apr-2008


>>> Last update of whois database: Sun, 24 Feb 2008 11:23:28 UTC <<<

NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration.

TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time.

The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars.
The data in this whois database is provided to you for information purposes only, that is, to assist you in obtaining information about or related to a domain name registration record. We make this information available "as is," and do not guarantee its accuracy. By submitting a whois query, you agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to: (1) enable high volume, automated, electronic processes that stress or load this whois database system providing you this information; or (2) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via direct mail, electronic mail, or by telephone. The compilation, repackaging, dissemination or other use of this data is expressly prohibited without prior written consent from us. We reserve the right to modify these terms at any time. By submitting this query, you agree to abide by these terms.

Domain name: gs-ys.com

Registrant Contact:
Gansu Longyun Group
Kun Yang busi@ west100.com
0931-8851551 fax: 0931-8720000
QingYang Road124.LanZhou.GanSu
LanZhou GanSu 730000
cn

Administrative Contact:
Gang Yang busi@ west100.com
0931-8851551 fax: 0931-8720000
QingYang Road124.LanZhou.GanSu
LanZhou GanSu 730000
cn

Technical Contact:
Gang Yang busi@ west100.com
0931-8851551 fax: 0931-8720000
QingYang Road124.LanZhou.GanSu
LanZhou GanSu 730000
cn

Billing Contact:
Gang Yang busi@ west100.com
0931-8851551 fax: 0931-8720000
QingYang Road124.LanZhou.GanSu
LanZhou GanSu 730000
cn

DNS:
dns1.legend-net.com.cn
dns2.legend-net.com.cn

Created: 2004-04-13
Expires: 2008-04-13