An e-mail to update Citibank account details was sent with a link to a
server in your net block. Here is the webpage:
http://%36%36%2E%36%33%2E%38%31%2E%3...78%2E%68%74%6D
has some %-encoded characters, but decoding those gives
http://66.63.81.105:87/cit/index.htm
This means you connect using normal web http on port 87 to host
66.63.81.105 and fetch /cit/index.htm
The URL is accessible as http://66.63.81.105:87/cit/index.htm and is
hosted by 66.63.81.105
Here is the e-mail header containing the link:
Return-Path: <su****************@citibank.com>
Received: from cable-161-199.inter.net.il
(gw*******@cable-161-199.inter.net.il [80.230.161.199])
by typhon.host4u.net (8.11.6/8.11.6) with SMTP id
i8RKLj100950
for <er**@net-express.com>; Mon, 27 Sep 2004 15:21:48
-0500
Message-Id: <20***********************@typhon.host4u.net>
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
FCC: mailbox://su****************@citibank.com/Sent
X-Identity-Key: id1
Date: Mon, 27 Sep 2004 19:23:16 -0200
From: Citibank <su****************@citibank.com>
X-Mozilla-Draft-Info: internal/draft; vcard=0; receipt=0; uuencode=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4)
Gecko/20030624 Netscape/7.1 (ax)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: er**@net-express.com
Subject: CitiBank reminder: please update your details
Content-Type: multipart/related;
boundary="------------040302030706030804080005"
Status: