|
Note: if you've got an email client that interprets HTML for you then it'll just look like an email from eBay to you - which is another good reason for disabling 'Show HTML email' in your mail client, or junking Outlook entirely and switching to something else
This is what's actually in the email:
--
Received: from mta04.mx.xxx.xx.xx (localhost [127.0.0.1])
by mta04.mx.xxx.xx.xx (8.11.3/8.11.2_BM26) with ESMTP id hBC02v120079
for <xx@xxxxx.xxxxx.xxx>; Fri, 12 Dec 2003 00:02:57 GMT
Received: from earthling.net (ool-44c62d0d.dyn.optonline.net [68.198.45.13])
by mta04.mx.xxx.xx.xx (8.11.3/8.11.3) with SMTP id hBC02ut20070
for <xx@xxxxx.xxxxx.xxx>; Fri, 12 Dec 2003 00:02:56 GMT
Date: Fri, 12 Dec 2003 00:02:56 GMT
X-Envelope-From: support@ebay.com
Message-Id: <200312120002.hBC02ut20070@mta04.mx.xxx.xx.xx>
To: "xx@xxxxx.xxxxx.xxx" <xx@xxxxx.xxxxx.xxx>
From: eBay <support@ebay.com>
X-Mailer: Microsoft Outlook Express 6
Subject: eBay Account Verification
MIME-Version: 1.0
Content-type: text/html
Content-Transfer-Encoding: 8bit
X-Envelope-To: xx@xxxxx.xxxxx.xxx
X-UIDL: _J6E.zWQ2_.mta04.mx
<x-html><!x-stuff-for-pete base="" src="" id="0" charset=""><html>
<head></head>
<body>
<p align="left">
Dear eBay member #4785072!<br><br>
As part of our continuing commitment to<br>
protect your account and to reduce the instance<br>
of fraud on our website, we are undertaking a<br>
period review of our member accounts. You are<br>
requested to visit our site by following the link<br>
given below. This is required for us to continue<br>
to offer you a safe and risk free environment to<br>
send and receive money online, and maintain the<br>
eBay Experience. Thank you.<br>
<a href="http://ebay.com%69%6E%64%65%78%6C%6F%67
%69%6E%68%74%6D%6C%61%64%73%66%61%73%64%68%6A
%6B%71%77%65%6B%6A%68%61%73%64%61%6C%73%64%61
%6A%6B%73%64%6B%6A%71%70%77%6F%64%61%73%6B%6A
%73%64%68%61%73%64%6B%6A%61%73%64%61%6F%73%64
@%32%30%30%2E%31%36%31%2E%31%35%31%2E%35%34:%38%30">
https://cgi.ebay.com/saw-cgi/eBayISAPI.dll?UpdateInformation</a><br><br>
Visit our <a href="http://pages.ebay.com/help/community/png-priv.html">Privacy Policy</a> and <a href="http://pages.ebay.com/help/community/png-user.html">User Agreement</a> if you have any questions.<br>
Copyright © 2003 eBay Inc. All Rights Reserved.<br>
Designated trademarks and brands are the property of their respective owners.<br>
eBay and the eBay logo are trademarks of eBay Inc.<br>
</p>
</body>
</html>
</x-html>
--
All this stuff:
http://ebay.com%69%6E%64%65%78%6C%6F%67
%69%6E%68%74%6D%6C%61%64%73%66%61%73%64%68%6A
%6B%71%77%65%6B%6A%68%61%73%64%61%6C%73%64%61
%6A%6B%73%64%6B%6A%71%70%77%6F%64%61%73%6B%6A
%73%64%68%61%73%64%6B%6A%61%73%64%61%6F%73%64
@%32%30%30%2E%31%36%31%2E%31%35%31%2E%35%34:%38%30
is a way to hide the fact that - if you click the link that appears to be to:
https://cgi.ebay.com/saw-cgi/eBayISAPI.dll?UpdateInformation
then in fact you're connecting to:
http://ebay.comindexloginhtmladsfasdhjkqwekjhasdalsdajksdkjqpwodaskjsdhasdkjasdaosd@200.161.151.54:80
Remembering, from previous decodings of URLs like this, that the only thing that counts is the bit after the '@' sign, then you'd be headed off to the webserver on the IP address 200.161.151.54
This IP address is part of a block managed by the LacNic in South America:
OrgName: Latin American and Caribbean IP address Regional Registry
OrgID: LACNIC
Address: Potosi 1517
City: Montevideo
StateProv:
PostalCode: 11500
Country: UY
and the machine associated with this particular IP address is on the end of an ADSL line in Brazil:
200-161-151-54.dsl.telesp.net.br
--
simon
|
