RE: [Full-Disclosure] Phishing scam - Obfuscated url help please
From: Leif Sawyer (lsawyer_at_gci.com)
Date: 01/23/04
- Previous message: Ben Nelson: "Re: [Full-Disclosure] Security conferences"
- Maybe in reply to: Zach Forsyth: "[Full-Disclosure] Phishing scam - Obfuscated url help please"
- Next in thread: Nick FitzGerald: "Re: [Full-Disclosure] Phishing scam - Obfuscated url help please"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Zach Forsyth <Zach.Forsyth@kiandra.com>, full-disclosure@lists.netsys.com Date: Thu, 22 Jan 2004 16:29:21 -0900
Zach Forsyth writes:
> Just wondering if someone could help me work out where this
> url actually points.
> Or just lead me in the right direction.
> Apologies if it has wrapped as it is quiet long.
>
> http://www.netbank.commbank.com.au%6Clogin%6C@%36%31%2E%37%3=0
> %2E%31%37%35%2E%31%33%38:%31%31%33%33/%6C%6F%67%69%6E/%69%6E%64%65%78%2E
> %6=8%74%6D
First off, you've got those lovely '=' embedded. Strip them
http://www.netbank.commbank.com.au%6Clogin%6C@
%36%31%2E%37%30%2E%31%37%35%2E%31%33%38:%31%31%33%33
/%6C%6F%67%69%6E/%69%6E%64%65%78%2E%68%74%6D
Next, google search:
(wrap..)
keyword:%36%31%2E%37%30%2E%31%37%35%2E%31%33%38:%31%31%33%33/%6C%6F%67%69%6E
/%69%6E%64%65%78%2E%68%74%6D
You'll get the URL parsed back to you:
61.70.175.138:1133/login/index.htm
All Hail Google!
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: Ben Nelson: "Re: [Full-Disclosure] Security conferences"
- Maybe in reply to: Zach Forsyth: "[Full-Disclosure] Phishing scam - Obfuscated url help please"
- Next in thread: Nick FitzGerald: "Re: [Full-Disclosure] Phishing scam - Obfuscated url help please"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
