[CR]UserVerify

(Example: Production Builders:Peugeot:PX-10LE)

From: <M4Campy@aol.com>
Date: Wed, 19 May 2004 20:27:09 EDT
To: "jerrymoos" <jerrymoos@sbcglobal.net>, Classic Rendezvous <Classicrendezvous@bikelist.org>
Subject: [CR]UserVerify

In a message dated 5/19/2004 6:04:58 PM Mountain Daylight Time, classicrendezvous-request@bikelist.org writes: Is it legit, or another scam to obtain eBay = account information? Jerry,

Considering that the branded domain in the URL is still "ebay.com" it would seem legit. It is very difficult to hijack a domain to redirect traffic to some sinister site.

The URL itself http://ebay.com/<blah> your browser to access the server(s) named "cgi4.ebay.com" which resolves to two IP address which are in the ebay address space:

http://ws.arin.net/cgi-bin/whois.pl

Plug in the addresses 66.135.194.0 and 66.135.210.0 into the 'whois' search text box...

The rest of the URL tells your browser to use a secure protocol "https" and to invoke some cgi script called UserVerify.

Now, that being said this may have been a spoofed message sent frauduatly. But, following the URL will still get you to ebay. Maye or may not work but IP is is ip does.

Just remember to never ever give someone your password or if the URL was something like:

https://cgi4.hackersarebad.net/aw-cgi/eBayfakeISAPI.dll?UserVerifySoWeCanGetYo urPassword

Don't follow that link:)

I just noticed that Steve said something about the link 'attached' to the visible link not being in the ebay domain. I don't see that. Bad eyes. Steve, where do you see that? Show me off list:)

Mike "Born on the net" Wilkinson
Castle Rock, CO