View-Source hijacked?! (0/1)

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Eriq
    #1

    View-Source hijacked?! (0/1)

    An e-mail to update Citibank account details was sent with a link to a
    server in your net block. Here is the webpage:

    http://%36%36%2E%36%33%2E%38%31%2E%3...78%2E%68%74%6D
    has some %-encoded characters, but decoding those gives

    http://66.63.81.105:87/cit/index.htm


    This means you connect using normal web http on port 87 to host
    66.63.81.105 and fetch /cit/index.htm

    The URL is accessible as http://66.63.81.105:87/cit/index.htm and is
    hosted by 66.63.81.105



    Here is the e-mail header containing the link:



    Return-Path: <supprefnum5927 1791@citibank.c om>

    Received: from cable-161-199.inter.net.i l
    (gwynethfm@cabl e-161-199.inter.net.i l [80.230.161.199])

    by typhon.host4u.n et (8.11.6/8.11.6) with SMTP id
    i8RKLj100950

    for <eriq@net-express.com>; Mon, 27 Sep 2004 15:21:48
    -0500

    Message-Id: <200409272021.i 8RKLj100950@typ hon.host4u.net>

    X-Mozilla-Status: 0001

    X-Mozilla-Status2: 00000000

    FCC: mailbox://supprefnum59271 791@citibank.co m/Sent

    X-Identity-Key: id1

    Date: Mon, 27 Sep 2004 19:23:16 -0200

    From: Citibank <supprefnum5927 1791@citibank.c om>

    X-Mozilla-Draft-Info: internal/draft; vcard=0; receipt=0; uuencode=0

    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4)
    Gecko/20030624 Netscape/7.1 (ax)

    X-Accept-Language: en-us, en

    MIME-Version: 1.0

    To: eriq@net-express.com

    Subject: CitiBank reminder: please update your details

    Content-Type: multipart/related;

    boundary="------------040302030706030 804080005"

    Status:



    Tags: None
    • Eriq
      #2
      Re: View-Source hijacked?! (0/1)

      Aparently some kind of bug that just happened by chance? I cleared my
      cache and the view-source feature started working again.



      On Mon, 27 Sep 2004 20:34:50 -0500, Eriq
      <usenet@net-express.com.rem ove> wrote:
      [color=blue]
      >An e-mail to update Citibank account details was sent with a link to a
      >server in your net block. Here is the webpage:
      >
      >http://%36%36%2E%36%33%2E%38%31%2E%3...78%2E%68%74%6D
      >has some %-encoded characters, but decoding those gives
      >
      >http://66.63.81.105:87/cit/index.htm
      >
      >This means you connect using normal web http on port 87 to host
      >66.63.81.105 and fetch /cit/index.htm
      >
      >The URL is accessible as http://66.63.81.105:87/cit/index.htm and is
      >hosted by 66.63.81.105
      >
      >
      >
      >Here is the e-mail header containing the link:
      >
      >
      >
      >Return-Path: <supprefnum5927 1791@citibank.c om>
      >
      >Received: from cable-161-199.inter.net.i l
      >(gwynethfm@cab le-161-199.inter.net.i l [80.230.161.199])
      >
      > by typhon.host4u.n et (8.11.6/8.11.6) with SMTP id
      >i8RKLj100950
      >
      > for <eriq@net-express.com>; Mon, 27 Sep 2004 15:21:48
      >-0500
      >
      >Message-Id: <200409272021.i 8RKLj100950@typ hon.host4u.net>
      >
      >X-Mozilla-Status: 0001
      >
      >X-Mozilla-Status2: 00000000
      >
      >FCC: mailbox://supprefnum59271 791@citibank.co m/Sent
      >
      >X-Identity-Key: id1
      >
      >Date: Mon, 27 Sep 2004 19:23:16 -0200
      >
      >From: Citibank <supprefnum5927 1791@citibank.c om>
      >
      >X-Mozilla-Draft-Info: internal/draft; vcard=0; receipt=0; uuencode=0
      >
      >User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4)
      >Gecko/20030624 Netscape/7.1 (ax)
      >
      >X-Accept-Language: en-us, en
      >
      >MIME-Version: 1.0
      >
      >To: eriq@net-express.com
      >
      >Subject: CitiBank reminder: please update your details
      >
      >Content-Type: multipart/related;
      >
      > boundary="------------040302030706030 804080005"
      >
      >Status:
      >
      >[/color]

        Comment

        • Michael Winter
          #3
          Re: View-Source hijacked?! (0/1)

          On Mon, 27 Sep 2004 22:29:32 -0500, Eriq <usenet@net-express.com.rem ove>
          wrote:
          [color=blue]
          > Aparently some kind of bug that just happened by chance? I cleared my
          > cache and the view-source feature started working again.[/color]

          I believe you're experiencing a known bug in IE which occurs due to a full
          cache.

          In case you didn't realise, that e-mail's a scam. It very much like ones I
          receive, and I'm not even a Citibank customer, never have been, and never
          will be.

          Finally, in future do not send attachments to this group or any other
          unless they are a binary group. Not only will some clients not be able to
          read the contents, but servers (mine included) will reject binary data.

          [snip]

          Mike

          --
          Michael Winter
          Replace ".invalid" with ".uk" to reply by e-mail.

            Comment

            Previous template Next
            Working...