A phisher
I just got an e-mail from a phisher. Their domain info:
Domain Name.......... webscr-login-page-cgi2.com
Creation Date........ 2005-05-26
Registration Date.... 2005-05-26
Expiry Date.......... 2006-05-26
Organisation Name.... Timothy Wong
Organisation Address. 2542 Paseo del Palacio
Organisation Address.
Organisation Address. Chino Hills
Organisation Address. 91709
Organisation Address. CA
Organisation Address. UNITED STATES
Admin Name........... Timothy Wong
Admin Address........ 2542 Paseo del Palacio
Admin Address........
Admin Address........ Chino Hills
Admin Address........ 91709
Admin Address........ CA
Admin Address........ UNITED STATES
Admin Email.......... twongimothy@yahoo.com
Admin Phone.......... +1.6214345183
Admin Fax............
Tech Name............ YahooDomains TechContact
Tech Address......... 701 First Ave.
Tech Address.........
Tech Address......... Sunnyvale
Tech Address......... 94089
Tech Address......... CA
Tech Address......... UNITED STATES
Tech Email........... domain.tech@YAHOO-INC.COM
Tech Phone........... +1.6198813096
Tech Fax............. +1.6198813010
Name Server.......... yns1.yahoo.com
Name Server.......... yns2.yahoo.com
I sent Yahoo an e-mail. At the very least they will have to move their domain name.
...Ah, I discovered that Yahoo does more than host the domain name:
~ $ resolveip webscr-login-page-cgi2.com
IP address of webscr-login-page-cgi2.com is 68.142.234.44
IP address of webscr-login-page-cgi2.com is 68.142.234.45
IP address of webscr-login-page-cgi2.com is 68.142.234.46
IP address of webscr-login-page-cgi2.com is 68.142.234.47
~ $ resolveip 68.142.234.44
Host name of 68.142.234.44 is p5w1.geo.re2.yahoo.com
So maybe my e-mail will get a little more attention than I thought. Most likely, they've already gotten a hundred e-mails about it. Here's the original e-mail, be on the lookout for it:
PayPal is committed to maintaining a safe environment for its community of buyers and sellers.
To protect the security of your account, PayPal employs some of the most advanced security systems in the world and our anti-fraud teams regularly screen the PayPal system for unusual activity.
Recently, our Account Review Team identified some unusual activity in your account. In accordance with PayPal's User Agreement access to your account will be limited. This is a fraud prevention measure meant to ensure that your account is not compromised.
In order to secure your account we may require some specific information from you. We encourage you to log in by clicking on the link below and complete the requested form as soon as possible.
https://www.paypal.com/cgi-bin/webscr?cmd=login-run
Ignoring our request, for an extended period of time, may result in account limitations or may result in eventual account closure.
Thank you for your prompt attention to this matter. Please understand that this is a security measure meant to help protect you and your account.
We apologize for any inconvenience.
Sincerely,
PayPal Account Review Department