If you are a very observant – or cautious – PayPal user you might have noticed that several connection requests are made that are to other domains that are not paypal.com. This can be extremely worrying to users considering that malicious software and attackers also use these kinds of connections for their evil doings.
If you analyze the connections that PayPal makes you notice that the site makes two connections to elements on the domain paypal.112.2o7.net which looks on first glance like a phishing website. The two elements are the smallest in size (both are 43 Bytes) but seem to take the longest to transfer.
The very long url of these requests seems to transfer data about the computer system. It contains the screen resolution and browser plugins among other data which might be even more cause for concern. If you open paypal.112.2o7.net directly you are greeted with an almost blank page.
Not found does not sound good as well. Omniture on the other hand will give many webmasters a clue. It is a service that analyses traffic and it seems that PayPal is one of their customers which is confirmed by a press release on the Omniture website.
The way the data is handled, especially the cryptic url paypal.112.2o7.net can cause concern by users. PayPal should consider changing that url so that the request will come from a PayPal server and not that url.
Attention: Copying articles to your website is not allowed. If you like the article you may copy the code below and post it on your website or user profile.Related Articles:
Update on my PayPal StoryPayPal Login
Ingenious PayPal mimicing spam
PayPal Now Offering Mobile Security Key
Online Paypal Fee Calculator
They aren’t getting things secured.
Think about Omniture get down by someone and they replace the scripts called by Paypal’s server with anything else :)
What would happen?
Good eye!
First off, this is a lack of innovation on PayPal’s part to write their own analytics… Pretty sad if you ask me.. sombody’s god knows they have enough money.
And then to integrate with the 3rd party vendor in this manor (sending end-user to initiate the tracking code…), is amateur at best…
tisk tisk pay pal.
If I see a URL like that I would think phishing definitely and would cancel the site immediately.
Is Paypal really this STUPID?
You should also notice that the script is embedded into another script. Bypassing any protection you have against it, like adblock. Sneaky sneaky. There is no legit reason for that element to be there. It doesn’t enhance privacy or functionality. Avoid ebay-Paypal. They are not a trustworthy company.
What tool is required too analyse a website like that Martin?
You can for instance use Firebug which is what I have used. It is mainly used for web development but excellent for this purpose as well as it shows all connections and elements that are loaded by the website.
Also it isn’t that hard to notice since this considerably slows the transaction down… it took me like 5mn … while the status bar showed “transferrin’ data from paypal.112.2o7.net” … which made me look & find this good explanation u hav here.
Not being an informatic pro, i wonder what “analytics” this Omniture company collects about me…
to block paypal.112.2o7.net, u can use this filter:
|https://paypal.112.2o7.net/*
since i added this filter, there is no upcoming phishing warning from AntiVir.
If u turned Javascript off then its loaded as Gif-Image.
(Sorry for my bad english :O )
~211^
hey brother can some one tel me which software is this please
http://cdn.ghacks.net/wp-content/uploads/2010/02/paypal1-500×381.jpg
That is the firefox add-on firebug
On my Last Post, its “Adblock Plus” a Firefox Plugin.
Internet Explorer 8 doesnt have the same problem, it seems like IE8 is filtering it automatic.
(Sorry for my bad english :O )
~211^
I agree, they should remove objectspaypal.com and 2o7.net
Had to google it out,
I use PC Tools for my AntiVirus/Spyware.
It pops up to the 112.2o7.net and I hit Perm-Block.
End of story.