I got an email from “eBay” this morning claiming I needed to “update my billing information”. Of course, this was really just phishing for my eBay account details so they could happily defraud me and sully my good eBay name by defrauding others and bidding on Spice Girl merchandise. So, naturally, I clicked on the link to “eBay” supplied in the email.
I ended up here: http://astrocentro.net/signin/errorsignin.php which, oh, looks strangely like eBay. But if you go back to the main domain name, http://astrocentro.net/, huh, doesn’t look quite so much like eBay now. A bit of poking around their directories and I found this – http://astrocentro.net/help/message.txt – the code to their eBay and this – http://astrocentro.net/help/lists/listas1.txt – a list of all the email addresses that they send it too (two of my addresses are on there).
A bit more poking around found lots of information about their server (http://astrocentro.net/info/), which verifies with the header information in the email and the registered whois details (http://www.samspade.org/t/whois?a=astrocentro.net%2F&server=). The whois information also gives an address and phone number of the company that registered the domain name.
I’m going to pass all this information over to eBay but I bet they don’t do a single thing about it. Sigh.
(Incidentally, two “legitimate” sites seem to be posted on that server too: an astrology forum (http://astrocentro.net/forum/) and a site (http://astrocentro.net/utopias/pages/indexpag.html) about philosophy and utopias or something (my Portuguese isn’t that good, and neither is Babelfish’s apparently), including an interview with Noam Chomsky on Iraq. If that isn’t just the strangest variety of stuff hosted by one “company” on a single server, then I’ll *give* them my eBay account details…)