View-Source hijacked?! (0/1)

Discussion in 'Javascript' started by Eriq, Sep 28, 2004.

  1. Eriq

    Eriq Guest

    An e-mail to update Citibank account details was sent with a link to a
    server in your net block. Here is the webpage:

    http://66.63.81.105:87/cit/index.htm
    has some %-encoded characters, but decoding those gives

    http://66.63.81.105:87/cit/index.htm

    This means you connect using normal web http on port 87 to host
    66.63.81.105 and fetch /cit/index.htm

    The URL is accessible as http://66.63.81.105:87/cit/index.htm and is
    hosted by 66.63.81.105



    Here is the e-mail header containing the link:



    Return-Path: <>

    Received: from cable-161-199.inter.net.il
    ( [80.230.161.199])

    by typhon.host4u.net (8.11.6/8.11.6) with SMTP id
    i8RKLj100950

    for <>; Mon, 27 Sep 2004 15:21:48
    -0500

    Message-Id: <4u.net>

    X-Mozilla-Status: 0001

    X-Mozilla-Status2: 00000000

    FCC: mailbox:///Sent

    X-Identity-Key: id1

    Date: Mon, 27 Sep 2004 19:23:16 -0200

    From: Citibank <>

    X-Mozilla-Draft-Info: internal/draft; vcard=0; receipt=0; uuencode=0

    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4)
    Gecko/20030624 Netscape/7.1 (ax)

    X-Accept-Language: en-us, en

    MIME-Version: 1.0

    To:

    Subject: CitiBank reminder: please update your details

    Content-Type: multipart/related;

    boundary="------------040302030706030804080005"

    Status:
     
    Eriq, Sep 28, 2004
    #1
    1. Advertising

  2. Eriq

    Eriq Guest

    Aparently some kind of bug that just happened by chance? I cleared my
    cache and the view-source feature started working again.



    On Mon, 27 Sep 2004 20:34:50 -0500, Eriq
    <> wrote:

    >An e-mail to update Citibank account details was sent with a link to a
    >server in your net block. Here is the webpage:
    >
    >http://66.63.81.105:87/cit/index.htm
    >has some %-encoded characters, but decoding those gives
    >
    >http://66.63.81.105:87/cit/index.htm
    >
    >This means you connect using normal web http on port 87 to host
    >66.63.81.105 and fetch /cit/index.htm
    >
    >The URL is accessible as http://66.63.81.105:87/cit/index.htm and is
    >hosted by 66.63.81.105
    >
    >
    >
    >Here is the e-mail header containing the link:
    >
    >
    >
    >Return-Path: <>
    >
    >Received: from cable-161-199.inter.net.il
    >( [80.230.161.199])
    >
    > by typhon.host4u.net (8.11.6/8.11.6) with SMTP id
    >i8RKLj100950
    >
    > for <>; Mon, 27 Sep 2004 15:21:48
    >-0500
    >
    >Message-Id: <4u.net>
    >
    >X-Mozilla-Status: 0001
    >
    >X-Mozilla-Status2: 00000000
    >
    >FCC: mailbox:///Sent
    >
    >X-Identity-Key: id1
    >
    >Date: Mon, 27 Sep 2004 19:23:16 -0200
    >
    >From: Citibank <>
    >
    >X-Mozilla-Draft-Info: internal/draft; vcard=0; receipt=0; uuencode=0
    >
    >User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4)
    >Gecko/20030624 Netscape/7.1 (ax)
    >
    >X-Accept-Language: en-us, en
    >
    >MIME-Version: 1.0
    >
    >To:
    >
    >Subject: CitiBank reminder: please update your details
    >
    >Content-Type: multipart/related;
    >
    > boundary="------------040302030706030804080005"
    >
    >Status:
    >
    >
     
    Eriq, Sep 28, 2004
    #2
    1. Advertising

  3. On Mon, 27 Sep 2004 22:29:32 -0500, Eriq <>
    wrote:

    > Aparently some kind of bug that just happened by chance? I cleared my
    > cache and the view-source feature started working again.


    I believe you're experiencing a known bug in IE which occurs due to a full
    cache.

    In case you didn't realise, that e-mail's a scam. It very much like ones I
    receive, and I'm not even a Citibank customer, never have been, and never
    will be.

    Finally, in future do not send attachments to this group or any other
    unless they are a binary group. Not only will some clients not be able to
    read the contents, but servers (mine included) will reject binary data.

    [snip]

    Mike

    --
    Michael Winter
    Replace ".invalid" with ".uk" to reply by e-mail.
     
    Michael Winter, Sep 28, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Mike
    Replies:
    4
    Views:
    393
    Andrew Davidson
    Nov 15, 2003
  2. Rob
    Replies:
    7
    Views:
    413
    David Segall
    Jan 21, 2007
  3. The Bicycling Guitarist

    is my contact email being hijacked?

    The Bicycling Guitarist, Jul 18, 2007, in forum: HTML
    Replies:
    8
    Views:
    698
    Bergamot
    Jul 20, 2007
  4. Parthiv Joshi
    Replies:
    1
    Views:
    731
    Samuel L Matzen
    Jul 6, 2004
  5. Pete Elmore

    'gets' has been hijacked

    Pete Elmore, Jun 6, 2005, in forum: Ruby
    Replies:
    3
    Views:
    132
    Pete Elmore
    Jun 6, 2005
Loading...

Share This Page