Actually a WHOIS of the address returns a site in China so unless Paypal was outsourced I would guess a scam.
If you want to see what the page is telnet to port 80 and do a GET /verify.html it is a javascript from the site but using graphics and links from paypal.com An invalid get returns the server: Apache/1.3.14 Server at net2M.dsd.cc Port 80 inetnum: 218.62.0.0 - 218.62.127.255 netname: CNCGROUP-JL country: CN descr: CNCGROUP jilin province network admin-c: CH444-AP tech-c: WT92-AP status: ALLOCATED NON-PORTABLE changed: [EMAIL PROTECTED] 20031016 mnt-by: APNIC-HM mnt-lower: MAINT-CNCGROUP-JL changed: [EMAIL PROTECTED] 20040301 source: APNIC person: CNCGroup Hostmaster nic-hdl: CH444-AP e-mail: [EMAIL PROTECTED] address: No.156,Fu-Xing-Men-Nei Street, address: Beijing,100031,P.R.China phone: +86-10-82990775 fax-no: +86-10-82990885 country: CN changed: [EMAIL PROTECTED] 20031027 mnt-by: MAINT-CNCGROUP source: APNIC person: Wang Tiegang nic-hdl: WT92-AP e-mail: [EMAIL PROTECTED] address: 96,JieFang Road ChangChun 130021 China. phone: +86-431-8925217 fax-no: +86-431-8925190 country: CN changed: [EMAIL PROTECTED] 20030117 mnt-by: MAINT-CNCGROUP-JL source: APNIC -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Curt Purdy Sent: Thursday, March 18, 2004 1:21 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: [inbox] [Full-Disclosure] Is this a paypal scam? [EMAIL PROTECTED] wrote: > http://218.62.43.30/verify.html > > Signed up for paypal 2 weeks ago, and then this came in the mail as a > link in a paypal looking html email asking me to confirm by entering > my credit card/account info. Be cluefull: 1) Don't ever click a link with an ip address. 2) Don't ever put your cc info into any site you did not directly go to and trust. 3) nslookup 218.62.43.30 - Non-existent domain nslookup paypal.com - 64.4.241.16 Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA Information Security Engineer DP Solutions ---------------------------------------- If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. -- White House cybersecurity adviser Richard Clarke _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
