[Dshield] New Paypal scam

Doug White doug at clickdoug.com
Tue Sep 23 00:17:28 GMT 2003


Here is where it sends you: (korea)

Read 20009 bytes from host 211.113.186.42, path /main.htm
HTTP/1.1 200 OK
Date: Tue, 23 Sep 2003 00:43:26 GMT
Server: Apache/1.3.20 (Unix)  (Red-Hat/Linux) mod_python/2.7.6 Python/1.5.2
mod_ssl/2.8.4 OpenSSL/0.9.6b DAV/1.0.2 PHP/4.0.6 mod_perl/1.24_01
mod_throttle/3.1.2
Last-Modified: Wed, 26 Mar 2003 04:23:51 GMT
ETag: "8f775-4cab-3e812b57"
Accept-Ranges: bytes
Content-Length: 19627
Connection: close
Content-Type: text/html

<html>

<head>
<meta http-equiv="content-type" content="text/html; charset=euc-kr">
<title>ÃÊ°í¼ÓÀÎÅÍ³Ý &quot;½Åºñ·Î »þÅ©&quot;</title>
<link rel="stylesheet" href="http://acepr.co.kr/photo/sshark/defult.css"
type="text/css">
<script language="javascript"
src="http://acepr.co.kr/photo/sshark/top_menu.js"></script>
<style type="text/css">
BODY
{scrollbar-face-color: #ffffff; scrollbar-shadow-color: darkcyan
;
scrollbar-highlight-color: #ffffff; scrollbar-3dlight-color: darkcyan
;
scrollbar-darkshadow-color: #ffffff; scrollbar-track-color: #ffffff;
scrollbar-arrow-color: darkcyan
}
</style>
<style>
<!--
  a {cursor:hand;}
  a:link {text-decoration:none; color:#0000ae;},
  a:visited{text-decoration:none; color:#000000;},
  a:active {text-decoration:none; color:#0000ae;},
  a:hover {text-decoration:underline; color:gold; cursor:hand;}
  .z1 {color:#ea0000;}
-->
</style>
<script language="JavaScript">
<!--
function na_restore_img_src(name, nsdoc)
{
  var img = eval((navigator.appName.indexOf('Netscape', 0) != -1) ?
nsdoc+'.'+name : 'document.all.'+name);
  if (name == '')
    return;
  if (img && img.altsrc) {
    img.src    = img.altsrc;
    img.altsrc = null;
  }
}

function na_preload_img()
{
  var img_list = na_preload_img.arguments;
  if (document.preloadlist == null)
    document.preloadlist = new Array();
  var top = document.preloadlist.length;
  for (var i=0; i < img_list.length; i++) {
    document.preloadlist[top+i]     = new Image;
    document.preloadlist[top+i].src = img_list[i+1];
  }
}

function na_change_img_src(name, nsdoc, rpath, preload)
{
  var img = eval((navigator.appName.indexOf('Netscape', 0) != -1) ?
nsdoc+'.'+name : 'document.all.'+name);
  if (name == '')
    return;
  if (img) {
    img.altsrc = img.src;
    img.src    = rpath;
  }
}

// -->
</script>
</head>

<body bgcolor="white" text="black" link="blue" vlink="purple" alink="red"
OnLoad="na_preload_img(false, 'http://acepr.co.kr/photo/sshark/b_menu01_on.jpg',
'http://acepr.co.kr/photo/sshark/b_menu02_on.jpg',
'http://acepr.co.kr/photo/sshark/b_menu03_on.jpg',
'http://acepr.co.kr/photo/sshark/b_menu04_on.jpg',
'http://acepr.co.kr/photo/sshark/b_join_1.gif',
'http://acepr.co.kr/photo/sshark/b_provision_1.gif',
'http://acepr.co.kr/photo/sshark/b_test_1.gif',
'http://acepr.co.kr/photo/sshark/b_notice_1.gif',
'http://acepr.co.kr/photo/sshark/b_site_1.gif');">
<table border="0" cellspacing="0" cellpadding="0" width="766">
  <tr>
    <td rowspan="2" width="586"><font face="µ¸¿ò" size="2"><img
src="http://acepr.co.kr/photo/sshark/p_main01.jpg" border="0" width="586"
height="90"></font></td>
    <td width="180"><A
HREF="http://sshark.shinbiro.com/html/products/sub02.html" target="_blank"><font
face="µ¸¿ò" size="2"><img src="http://acepr.co.kr/photo/sshark/b_main01.jpg"
border="0" width="185" height="45"></font></A></td>
  </tr>
  <tr>
    <td width="180"><A HREF="http://sshark.shinbiro.com/html/products/pc.html"
target="_blank"><font face="µ¸¿ò" size="2"><img
src="http://acepr.co.kr/photo/sshark/b_main02.jpg" border="0" width="185"
height="45"></font></A></td>
  </tr>
  <tr>
    <td width="586"><font face="µ¸¿ò" size="2"><img
src="http://acepr.co.kr/photo/sshark/p_main02.jpg" border="0" width="586"
height="169"></font></td>
    <td width="180"><font face="µ¸¿ò" size="2"><img
src="http://acepr.co.kr/photo/sshark/p_main03.jpg" border="0" width="185"
height="169"></font></td>
  </tr>
</table>
<table border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td valign="top" width="465" align="right">
	<table border="0" cellspacing="0" cellpadding="0">
	  <tr>
	    <td><font face="µ¸¿ò" size="2"><img
src="http://acepr.co.kr/photo/sshark/p_left01.gif" border="0" width="24"
height="87"></font></td>
	    <td><A HREF="http://www.sshark.co.kr/html/about/index.html"
onMouseOut="MM_swapImgRestore(); na_restore_img_src('Image10', 'document')"
onMouseOver="MM_swapImage('Image10','','http://acepr.co.kr/photo/sshark/b_menu01
_off.jpg',1);na_change_img_src('Image10', 'document',
'http://acepr.co.kr/photo/sshark/b_menu01_on.jpg', true);" target="_blank"><font
face="µ¸¿ò" size="2"><img src="http://acepr.co.kr/photo/sshark/b_menu01_off.jpg"
border="0" name="Image10" width="110" height="87"
class="bg_body"></font></A></td>
	    <td><A HREF="http://www.sshark.co.kr/html/products/index.html"
onMouseOut="MM_swapImgRestore(); na_restore_img_src('Image11', 'document')"
onMouseOver="MM_swapImage('Image11','','http://acepr.co.kr/photo/sshark/b_menu02
_off.jpg',1);na_change_img_src('Image11', 'document',
'http://acepr.co.kr/photo/sshark/b_menu02_on.jpg', true);" target="_blank"><font
face="µ¸¿ò" size="2"><img src="http://acepr.co.kr/photo/sshark/b_menu02_off.jpg"
border="0" name="Image11" width="109" height="87"></font></A></td>
	    <td><A HREF="http://acepr.co.kr/giyuk.htm" onMouseOut="MM_swapImgRestore();
na_restore_img_src('Image12', 'document')"
onMouseOver="MM_swapImage('Image12','','http://acepr.co.kr/photo/sshark/b_menu03
_off.jpg',1);na_change_img_src('Image12', 'document',
'http://acepr.co.kr/photo/sshark/b_menu03_on.jpg', true);"><font face="µ¸¿ò"
size="2"><img src="http://acepr.co.kr/photo/sshark/b_menu03_off.jpg" border="0"
name="Image12" width="110" height="87"></font></A></td>
            <td><A HREF="http://www.sshark.co.kr/html/help/index.html"
onMouseOut="MM_swapImgRestore(); na_restore_img_src('Image13', 'document')"
onMouseOver="MM_swapImage('Image13','','http://acepr.co.kr/photo/sshark/b_menu04
_off.jpg',1);na_change_img_src('Image13', 'document',
'http://acepr.co.kr/photo/sshark/b_menu04_on.jpg', true);" target="_blank"><font
face="µ¸¿ò" size="2"><img src="http://acepr.co.kr/photo/sshark/b_menu04_off.jpg"
border="0" name="Image13" width="112" height="87"></font></A></td>
	  </tr>
	</table>
	<table border="0" cellspacing="0" cellpadding="0" width="442">
	  <tr>
	    <td colspan="3" width="442"><font face="µ¸¿ò" size="2"><img
src="http://acepr.co.kr/photo/sshark/t_title01.gif" border="0" usemap="#notice"
width="442" height="21"></font></td>
	  </tr>
	  <tr>
	    <td colspan="3" align="right" width="442">
<IFRAME
src="http://acepr.co.kr/way-board/way-board.php?j=ntc&amp;db=isosik&amp;cnt=30&a
mp;dv=1"
frameBorder=0 width="430" scrolling="auto" height="200"></IFRAME>	<table
border="0" cellspacing="0" cellpadding="0" width="420">
		  <tr>
		    <td width="387"><font face="µ¸¿ò" size="2"><img
src="http://acepr.co.kr/photo/sshark/d_line01.gif" border="0" width="414"
height="1"></font></td>
		  </tr>
		</table>
		</td>
	  </tr>
	  <tr>
	    <td colspan="3" width="442"><font face="µ¸¿ò" size="2"><a
href="http://acepr.co.kr/way-board/way-board.php?db=isosik&j=lv"
target="_blank"><img src="http://acepr.co.kr/photo/sshark/t_more01.gif"
border="0" usemap="#more1" width="442" height="20"></a></font></td>
	  </tr>
	  <tr>
	    <td colspan="3" width="442"><font face="µ¸¿ò" size="2"><img
src="..http://acepr.co.kr/photo/sshark/d_blank.gif" border="0" width="1"
height="10"></font></td>
	  </tr>
	  <tr>
	    <td width="264"><font face="µ¸¿ò" size="2"><img
src="http://acepr.co.kr/photo/sshark/t_title02.gif" border="0" width="248"
height="21"></font></td>
	    <td rowspan="3" height="140" width="16"><font face="µ¸¿ò" size="2"><img
src="http://acepr.co.kr/photo/sshark/p_middle02.gif" border="0"></font></td>
	    <td rowspan="3" height="140" width="161"><a
href="http://www.printer119.co.kr" target="_blank"><font face="µ¸¿ò"
size="2"><img src="http://acepr.co.kr/photo/sshark/p_bener1.jpg" border="0"
width="151" height="135"></font></a></td>
	  </tr>
	  <tr bordercolor="white">
	    <td align="right" valign="top" height="72" width="264">
		<table border="0" cellspacing="0" cellpadding="0">
		  <tr>
		    <IFRAME
src="http://acepr.co.kr/way-board/way-board.php?j=ntc&amp;db=gonggi&amp;cnt=30&a
mp;dv=1"
frameBorder=0 width="230" scrolling="auto" height="94"></IFRAME></td>
</tR>
		  <tr>
		    <td><font face="µ¸¿ò" size="2"></font></td>
		  </tr>
                            <tr>
		    <td width="234">
</td>
                            </tr>
		</table></td>
	  </tr>
	  <tr>
	    <td width="264"><font face="µ¸¿ò" size="2"><a
href="http://acepr.co.kr/way-board/way-board.php?db=gonggi&j=lv&pg=1&cv=&sf=&sd=
&sw=" target="_blank"><img src="http://acepr.co.kr/photo/sshark/t_more02.gif"
border="0" usemap="#more2" width="248" height="22"></a></font></td>
	  </tr>
	</table>
	</td>
    <td valign="top"><font face="µ¸¿ò" size="2"><img
src="http://acepr.co.kr/photo/sshark/p_middle01.gif" border="0" width="17"
height="249"></font></td>
    <td valign="top" width="175">
	<table border="0" cellspacing="0" cellpadding="0" width="158">
	<tr>
		<td width="158"><a
href="http://acepr.co.kr/way-board/way-board.php?db=bang&j=lv"
target="_blank"><font face="µ¸¿ò" size="2"><img
src="http://acepr.co.kr/photo/sshark/bill2.gif" border=0 width="128"
height="81"></font></a><font face="µ¸¿ò" size="2"><br></font><a
href="http://acepr.co.kr/way-board/way-board.php?db=pds&j=lv"
target="_blank"><font face="µ¸¿ò" size="2"><img
src="http://acepr.co.kr/photo/sshark/bill1.gif" vspace=10 border=0 width="128"
height="81"></font></a></td>
	</tr>
	</table><font face="µ¸¿ò" size="2"><img src="../image/d_blank.gif" border="0"
width="1" height="15"><br></font>
	<table border=0 cellspacing=0 cellpadding=0>
	<tr>
	<td valign="top"><font face="µ¸¿ò" size="2"><img
src="http://acepr.co.kr/photo/sshark/t_title04.gif" border="0" width="150"
height="27"></font></td>
	</tr>
	</table>
	<!-- best contents -->
	<table border="0" cellspacing="0" cellpadding="0">
	  <tR>
	    <td width="120"><a href="http://imokpo.co.kr/default.html"
target="_blank"><font face="µ¸¿ò" size="2"><img
src="http://www.imokpo.co.kr/images/top_on_05.gif" border="1" hspace=10
width="105" height="60" ></font></a></td>
	  </tr>
	  <tr>
	    <td><font face="µ¸¿ò" size="2"><img src="../image/d_blank.gif" border=0
width=5 height=5><br></font></td>
	 </tr>
	  <tr>
	  <td width=120 align=center><a href="http://cineone.shinbiro.com"
class="main_link"><b><font face="µ¸¿ò" size="2">[</font></b></a><a
href="http://imokpo.co.kr/default.html"  class="main_link"
target="_blank"><b><font face="µ¸¿ò" size="2">¿ì¼ºÁ¤º¸½Ã½ºÅÛ</font></b></a><a
href="http://cineone.shinbiro.com"  class="main_link"><b><font face="µ¸¿ò"
size="2">]</font></b></a></td>
	  </tr>
	  <tr>
	    <td width=120><font face="µ¸¿ò" size="2"><img src="../image/d_blank.gif"
border="0" width=5 height=5></font></tD>
	  </tr>
	</table>
	<!-- cool update -->
	<table border="0" cellspacing="0" cellpadding="0">
	  <tR>
	    <td width="120" align=center><a href="http://acepr.co.kr/astel.htm"
target="_blank"><font face="µ¸¿ò" size="2"><img
src="http://acepr.co.kr/photo/sshark/jumps.gif" border="0" hspace=10 width="105"
height="60"></font></a></td>
	  </tr>
	  <tr>
	    <td><font face="µ¸¿ò" size="2"><img src="../image/d_blank.gif" border=0
width=5 height=5><br></font></td>
	 </tr>
	  <tr>
	  <td width=120 align=center><a href="http://jump.shinbiro.com"
class="main_link"><b><font face="µ¸¿ò" size="2">[</font></b></a><a
href="http://acepr.co.kr/astel.htm"  class="main_link" target="_blank"><b><font
face="µ¸¿ò" size="2">ÄÄÇ»ÅÍ°ü·Ã
                        A/S</font></b></a><a href="http://jump.shinbiro.com"
class="main_link"><b><font face="µ¸¿ò" size="2">]</font></b></a></td>
	  </tr>
	  <tr>
	    <td width=120><font face="µ¸¿ò" size="2"><img src="../image/d_blank.gif"
border="0" width=5 height=5></font></tD>
	  </tr>
	</table>
	<!-- shinbiro shopping -->
	<table border="0" cellspacing="0" cellpadding="0">
	  <tR>
	    <td width="120">
                        <p align="center"><a href="http://netculture.or.kr"
target="_blank"><img src='http://netculture.or.kr/banner_mini.gif' width="105"
height="37" border=0></a>
</td>
	  </tr>
	  <tr>
	    <td><font face="µ¸¿ò" size="2"><img src="../image/d_blank.gif" border=0
width=5 height=5><br></font></td>
	 </tr>
	  <tr>
	  <td width=120 align=center><a
href="javascript:URL('http://e-hyundai.shinbiro.com/web/chid15/depthinfo/html/to
p.html',%20'http://e-hyundai.shinbiro.com/web/depart/event/html/1001teddy_main.h
tml');"  class="main_link"><b><font face="µ¸¿ò" size="2">[µû¶æÇÑ
                        ¿Â¶óÀÎ]</font></b></a></td>
	  </tr>
	  <tr>
	    <td width=120><font face="µ¸¿ò" size="2"><img src="../image/d_blank.gif"
border="0" width=5 height=5></font></tD>
	  </tr>
	</table>

		<font face="µ¸¿ò" size="2"><!--table>
	  <tr>
	    <td colspan="3"><img src="/image/t_polling.gif" border="0"></td>
	  </tr>
	  <tr>
	    <td bgcolor="#676767"><img src="/image/d_blank.gif" border="0" ></td>
	    <td width="158" align="center"><img src="/image/d_blank.gif" border="0"
height=3><br>
		<!-- polling
		<table border="0" cellspacing="0" cellpadding="0" width="150">
		  <tr>
			<td>
			<iframe width='100%' height=140 marginwidth=0 marginheight=0 hspace=0
vspace=0 frameborder=0 scrolling=no bordercolor=#FCFCFC
src="http://channel.shinbiro.com/cnt/polling/sbrCntPoll_View.jsp?location=sshark
">
			</iframe>
			</td>
		  </tr>
		</table>
		<!-- polling
		</td>
	    <td bgcolor="#676767"><img src="/image/d_blank.gif" border="0"></td>
	  </tr>
	  <tr>
	    <td colspan="3" bgcolor="#676767"><img src="/image/d_blank.gif"
border="0"></td>
	  </tr>
	</table--></font>
	</td>
    <td valign="top"><font face="µ¸¿ò" size="2"><img
src="http://acepr.co.kr/photo/sshark/p_sub01.gif" border="0" width="113"
height="36" name="image1"><br>
	</font><A HREF="http://acepr.co.kr/sinchung/yangsik/form1.htm" target="_blank"
OnMouseOut="na_restore_img_src('image2', 'document')"
OnMouseOver="na_change_img_src('image2', 'document',
'http://acepr.co.kr/photo/sshark/b_join_1.gif', true);"><font face="µ¸¿ò"
size="2"><img src="http://acepr.co.kr/photo/sshark/b_join.gif" border="0"
width="113" height="25" name="image2"></font></A><font face="µ¸¿ò" size="2"><br>
	</font><A HREF="http://www.sshark.co.kr/html/help/agreement/index.html"
target="_blank" OnMouseOut="na_restore_img_src('image3', 'document')"
OnMouseOver="na_change_img_src('image3', 'document',
'http://acepr.co.kr/photo/sshark/b_provision_1.gif', true);"><font face="µ¸¿ò"
size="2"><img src="http://acepr.co.kr/photo/sshark/b_provision.gif" border="0"
width="113" height="28" name="image3"></font></A><font face="µ¸¿ò" size="2"><br>
	</font><A HREF="http://www.sshark.co.kr/html/help/speed_test/index.html"
target="_blank" OnMouseOut="na_restore_img_src('image4', 'document')"
OnMouseOver="na_change_img_src('image4', 'document',
'http://acepr.co.kr/photo/sshark/b_test_1.gif', true);"><font face="µ¸¿ò"
size="2"><img src="http://acepr.co.kr/photo/sshark/b_test.gif" border="0"
width="113" height="30" name="image4"></font></A><font face="µ¸¿ò" size="2"><br>
	</font><A HREF="http://acepr.co.kr/jang.htm" target="main"
OnMouseOut="na_restore_img_src('image5', 'document')"
OnMouseOver="na_change_img_src('image5', 'document',
'http://acepr.co.kr/photo/sshark/b_notice_1.gif', true);"><font face="µ¸¿ò"
size="2"><img src="http://acepr.co.kr/photo/sshark/b_notice.gif" border="0"
width="113" height="29" name="image5"></font></A><font face="µ¸¿ò" size="2"><br>
	</font><A HREF="http://www.sshark.co.kr/html/site_doumi/index.html"
target="_blank" OnMouseOut="na_restore_img_src('image6', 'document')"
OnMouseOver="na_change_img_src('image6', 'document',
'http://acepr.co.kr/photo/sshark/b_site_1.gif', true);"><font face="µ¸¿ò"
size="2"><img src="http://acepr.co.kr/photo/sshark/b_site.gif" border="0"
width="113" height="28" name="image6"></font></A><font face="µ¸¿ò" size="2"><br>
	<img src="http://acepr.co.kr/photo/sshark/b_study.gif" border="0" width="113"
height="28"><br>
	<img src="http://acepr.co.kr/photo/sshark/p_sub02.gif" border="0" width="113"
height="163"></font></td>
  </tr>
  <tr>
    <td colspan="3"><font face="µ¸¿ò" size="2"><img src="../image/d_blank.gif"
border="0" width="1" height="25"></font></td>
        <td><font face="µ¸¿ò" size="2">&nbsp;</font></td>
  </tr>
</table>
<!---Ä«ÇǶóÀÌÆ®--->
  <table border="0" cellspacing="0" cellpadding="0" width="756">
  <tr>
    <td colspan="2" bgcolor="#06B1B1" align="center" class="copy"
width="735"><font face="µ¸¿ò" size="2"
color="yellow">°¡ÀÔ¹®ÀÇ(061-2727-008/279-5224)</font><font face="µ¸¿ò" size="2"
color="white">
      </font><font face="µ¸¿ò" size="2" color="yellow">|</font><font face="µ¸¿ò"
size="2" color="white"> </font><a class="copy" target="_blank"
title="¿µÇѹø¿ª"><font face="µ¸¿ò" size="2"
color="white">¿µÇѹø¿ª</font></a><font face="µ¸¿ò" size="2"
color="yellow">|</font><font face="µ¸¿ò" size="2" color="white">&nbsp;</font><a
href="http://acepr.co.kr/japan_sajen.htm" class="copy" target="_blank"><font
face="µ¸¿ò" size="2" color="white">ÀϾî¹ø¿ª</font></a><font face="µ¸¿ò" size="2"
color="yellow">|</font><font face="µ¸¿ò" size="2" color="white">&nbsp;</font><a
href="http://acepr.co.kr/colorch1.htm" class="copy" target="_blank"><font
face="µ¸¿ò" size="2" color="white">»ö
            »ó Ç¥</font></a><font face="µ¸¿ò" size="2"
color="yellow">|</font><font face="µ¸¿ò" size="2" color="white">&nbsp;</font><a
href="http://acepr.co.kr/tip1/txt_teg.htm" class="copy" target="_blank"><font
face="µ¸¿ò" size="2" color="white">¿¹»Û±Û¾¾</font></a><font face="µ¸¿ò" size="2"
color="yellow">|</font><font face="µ¸¿ò" size="2" color="white">
            </font><a href="http://acepr.co.kr/tag_simul.htm" class="copy"
target="_blank"><font face="µ¸¿ò" size="2"
color="white">ű׿¬½ÀÀå</font></a><font face="µ¸¿ò" size="2"
color="yellow">|</font><font face="µ¸¿ò" size="2" color="white">&nbsp;</font><a
href="http://acepr.co.kr/tagmoum.htm" class="copy" target="_blank"><font
face="µ¸¿ò" size="2" color="white">±âÃÊű×</font></a><font face="µ¸¿ò" size="2"
color="yellow">|</font><font face="µ¸¿ò" size="2" color="white"> </font><a
href="http://acepr.co.kr/network.htm" class="copy" target="_blank"><font
face="µ¸¿ò" size="2" color="white">³×Æ®À¨»çÀü</font></a><a class="copy"><font
face="µ¸¿ò" size="2" color="yellow">|</font><font face="µ¸¿ò" size="2"
color="white">&nbsp;</font><a href="http://acepr.co.kr/sosview.htm" class="copy"
target="_blank"><font face="µ¸¿ò" size="2" color="white">¼Ò½ºº¸±â</font></a><a
class="copy"><font face="µ¸¿ò" size="2" color="yellow">|</font></a></td>
	<td rowspan="2" height="43" width="21"><font face="µ¸¿ò" size="2"><img
src="http://acepr.co.kr/photo/sshark/p_right01.gif" width="35"
height="45"></font></td>
  </tr>
  <tr>
    <td bgcolor="#06B1B1" height="28" width="242">
<p><a onMouseOver="dcc('<div style=margin-right:0;margin-top:0><table
cellspacing=0 cellpadding=1 width=180 class=box><tr><td><font
class=ver8>Today:20&nbsp;&nbsp;&nbsp;Yesterday:26&nbsp;&nbsp;&nbsp;Max:172</font
></td></tr></table></div>','','20')" onMouseOut="nd()" target="_self"><font
face="µ¸¿ò" size="2" color="white">&nbsp;&nbsp;&nbsp;<iframe frameborder="0"
height="18" width="200" topmargin="0"
    leftmargin="0" marginheight="0" marginwidth="0" scrolling="no"
   src="http://acepr.co.kr/log/log.cgi"></iframe></font></a></td>
    <td bgcolor="#06B1B1" align="right" width="493" height="28"><font
face="µ¸¿ò" size="2" color="white"><img
src="http://acepr.co.kr/photo/sshark/t_copyright.gif" width="288"
height="28"></font></td>
  </tr>
</table>

<!---Ä«ÇǶóÀÌÆ® end--->
<font face="µ¸¿ò" size="2"><MAP NAME="more1">
	<AREA SHAPE="rect" HREF="http://community.shinbiro.com/cug/doum/sshark/L36"
COORDS="5456, 4, 5912, 13" ALT="">
</MAP>
<MAP NAME="more2">
	<AREA SHAPE="rect" HREF="http://event.shinbiro.com" COORDS="1581, 6, 1837, 15"
ALT="">
</MAP>
<map name="notice">
<area href="http://community.shinbiro.com/cug/doum/sshark/L36" shape="rect"
coords="414, 1, 1395, 13"></map>
</font></BODY>
</HTML>



----- Original Message ----- 
From: "John Dalton" <dubuque_1 at msn.com>
To: "General DShield Discussion List" <list at dshield.org>
Sent: Monday, September 22, 2003 5:42 PM
Subject: Re: [Dshield] New Paypal scam


| John, Interesting enough, this is from the source on the original (which I
| think I attached to the original post. Did the person get mixed up in
| obfuscating the address and do it wrong/
|
|
| href="http://www.paypal.com%2f@%32%31%31%2E%31%31%33%2E%31%38%36%2E%34%32/%7
| 0%70/%70%72%6F%63%65%73%73%69%6E%67%2E%68%74%6D">click
|
| ----- Original Message ----- 
| From: "John Hardin" <johnh at aproposretail.com>
| To: "General DShield Discussion List" <list at dshield.org>
| Sent: Monday, September 22, 2003 12:26 PM
| Subject: RE: [Dshield] New Paypal scam
|
|
| > On Mon, 2003-09-22 at 10:03, Blanchard, Joe wrote:
| > > <...isn't the host part delimited by the forward slash, though?
| > >
| > > That said, I wouldn't be at all surprised if the IE URL parser actually
| > > *is* that broken.>
| > >
| > >
| > > Nope. ftp://www.paypal.com@ftp.redhat.com Denotes User at domain_name but
| in
| > > lieu of ftp http: simply suggests login at domain_name. This is an old
| tactic
| > > I seem to remember seeing it in 4.0 days of IE too.
| >
| > The URL syntax is proto://{user{:password}@}host{:port}/path/to/file
| >
| > Note that the original URL had the @ *after* the first forward slash,
| > thus if the URL were being parsed properly it would *not* be an
| > effective redirect attack. Indeed it is not in mozilla/galeon. I got the
| > PayPal welcome page, which I assume is their default for 404s.
| >
| > My questions (stated indirectly) were:
| >
| > 1) was this URL copied properly into the original email?
| >
| > 2) was this (malformed) attack URL indeed causing a "redirect" in some
| > browsers? Meaning, were they helpfully ignoring the forward slash as a
| > delimiter and parsing the "@whatever" as part of the host spec? This
| > would indicate a severely broken URL parser.
| >
| > --
| > John Hardin  KA7OHZ
| > Internal Systems Administrator                    voice: (425) 672-1304
| > Apropos Retail Management Systems, Inc.             fax: (425) 672-0192
| > -----------------------------------------------------------------------
| >   There is no problem that cannot be solved by the appropriate
| >   application of high explosives.
| > -----------------------------------------------------------------------
| >  44 days until Matrix Revolutions
| >
| > _______________________________________________
| > list mailing list
| > list at dshield.org
| > To change your subscription options (or unsubscribe), see:
| http://www.dshield.org/mailman/listinfo/list
| >
|
| _______________________________________________
| list mailing list
| list at dshield.org
| To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
|




More information about the list mailing list