By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
440,564 Members | 1,081 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 440,564 IT Pros & Developers. It's quick & easy.

View-Source hijacked?! (0/1)

P: n/a
An e-mail to update Citibank account details was sent with a link to a
server in your net block. Here is the webpage:

http://%36%36%2E%36%33%2E%38%31%2E%3...78%2E%68%74%6D
has some %-encoded characters, but decoding those gives

http://66.63.81.105:87/cit/index.htm

This means you connect using normal web http on port 87 to host
66.63.81.105 and fetch /cit/index.htm

The URL is accessible as http://66.63.81.105:87/cit/index.htm and is
hosted by 66.63.81.105

Here is the e-mail header containing the link:

Return-Path: <su****************@citibank.com>

Received: from cable-161-199.inter.net.il
(gw*******@cable-161-199.inter.net.il [80.230.161.199])

by typhon.host4u.net (8.11.6/8.11.6) with SMTP id
i8RKLj100950

for <er**@net-express.com>; Mon, 27 Sep 2004 15:21:48
-0500

Message-Id: <20***********************@typhon.host4u.net>

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

FCC: mailbox://su****************@citibank.com/Sent

X-Identity-Key: id1

Date: Mon, 27 Sep 2004 19:23:16 -0200

From: Citibank <su****************@citibank.com>

X-Mozilla-Draft-Info: internal/draft; vcard=0; receipt=0; uuencode=0

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4)
Gecko/20030624 Netscape/7.1 (ax)

X-Accept-Language: en-us, en

MIME-Version: 1.0

To: er**@net-express.com

Subject: CitiBank reminder: please update your details

Content-Type: multipart/related;

boundary="------------040302030706030804080005"

Status:

Jul 23 '05 #1
Share this Question
Share on Google+
2 Replies


P: n/a
Aparently some kind of bug that just happened by chance? I cleared my
cache and the view-source feature started working again.

On Mon, 27 Sep 2004 20:34:50 -0500, Eriq
<us****@net-express.com.remove> wrote:
An e-mail to update Citibank account details was sent with a link to a
server in your net block. Here is the webpage:

http://%36%36%2E%36%33%2E%38%31%2E%3...78%2E%68%74%6D
has some %-encoded characters, but decoding those gives

http://66.63.81.105:87/cit/index.htm

This means you connect using normal web http on port 87 to host
66.63.81.105 and fetch /cit/index.htm

The URL is accessible as http://66.63.81.105:87/cit/index.htm and is
hosted by 66.63.81.105

Here is the e-mail header containing the link:

Return-Path: <su****************@citibank.com>

Received: from cable-161-199.inter.net.il
(gw*******@cable-161-199.inter.net.il [80.230.161.199])

by typhon.host4u.net (8.11.6/8.11.6) with SMTP id
i8RKLj100950

for <er**@net-express.com>; Mon, 27 Sep 2004 15:21:48
-0500

Message-Id: <20***********************@typhon.host4u.net>

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

FCC: mailbox://su****************@citibank.com/Sent

X-Identity-Key: id1

Date: Mon, 27 Sep 2004 19:23:16 -0200

From: Citibank <su****************@citibank.com>

X-Mozilla-Draft-Info: internal/draft; vcard=0; receipt=0; uuencode=0

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4)
Gecko/20030624 Netscape/7.1 (ax)

X-Accept-Language: en-us, en

MIME-Version: 1.0

To: er**@net-express.com

Subject: CitiBank reminder: please update your details

Content-Type: multipart/related;

boundary="------------040302030706030804080005"

Status:


Jul 23 '05 #2

P: n/a
On Mon, 27 Sep 2004 22:29:32 -0500, Eriq <us****@net-express.com.remove>
wrote:
Aparently some kind of bug that just happened by chance? I cleared my
cache and the view-source feature started working again.


I believe you're experiencing a known bug in IE which occurs due to a full
cache.

In case you didn't realise, that e-mail's a scam. It very much like ones I
receive, and I'm not even a Citibank customer, never have been, and never
will be.

Finally, in future do not send attachments to this group or any other
unless they are a binary group. Not only will some clients not be able to
read the contents, but servers (mine included) will reject binary data.

[snip]

Mike

--
Michael Winter
Replace ".invalid" with ".uk" to reply by e-mail.
Jul 23 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.