Re: [Full-disclosure] strange domain name in phishing email

From: Q Beukes <full-disclosure@xxxxxxxxxxx>
Date: Wed, 15 Mar 2006 11:25:04 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I think this would be a client side only thing.
Netcat connected fine when I have such a name (167772398 - 10.0.0.238)
as a target.

The reason I say this is because how would apache know what to do with:
Host: 167772398

It might have been a vhost, so I dont think they have support for this.

NOTE: just my thoughts

Julien GROSJEAN - Proxiad wrote:

I think you try to remove the slash at the end... What about the
logs ?

Alice Bryson a écrit :

BTW, this kind of ip address would not always work. i try to use
http://2887060730/ to access an internal web server
http://172.21.12.250, but failed. It said 400 bad request. I use
Windows XP IE 6, web server is Apache on Windows 2003, does
anyone know why?

_______________________________________________ Full-Disclosure -
We believe in it. Charter:
http://lists.grok.org.uk/full-disclosure-charter.html Hosted and
sponsored by Secunia - http://secunia.com/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEVAwUBRBfdcLEDZDQ16UzTAQK2hQf/bLNUt/NOBlBFjg6x2jaKE2uQGee7uPm0
3TNdye/xgkqCBZ7b2F213fPjm4ERtijyUmKSMxWyMrMM4CSWI354mjVQqqY94FAk
UbUDoZFKqUYAD5EJLuaTBLDPfrJCHJx0YwrZiHNVzGZEe2frEBn9I3AnAKvhjuGw
kc6VIozuo0V8dSbumOTIkX3/ShhvyEnuZKyHD5dP7HW0PXgmV5Uz2oCnKPlSK7Q7
M4tN3jkCQJj7XyeOJuFK16kofnzPWa9B6iswnrQtEGrBLwslcuBDmLJz9HLVsKfy
C3ll6DnG3H53flfFNp9adCl2iP7sPOTTgzSy275pHEg8kWM1j8ZVzQ==
=86fl
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- Re: [Full-disclosure] strange domain name in phishing email
  - From: Julien GROSJEAN - Proxiad

Prev by Date: [Full-disclosure] [SECURITY] [DSA 1002-1] New webcalendar packages fix several vulnerabilities
Next by Date: Re: [Full-disclosure] Internet Explorer 0day
Previous by thread: Re: [Full-disclosure] strange domain name in phishing email
Next by thread: RE: [Full-disclosure] strange domain name in phishing email
Index(es):
- Date
- Thread

Relevant Pages

Re: [Full-disclosure] windows future
... Vista and Windows 7. ... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ...
(Full-Disclosure)
Re: [Full-disclosure] the disappearance of the dog lover Petko D. Petkov
... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ... Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org ...
(Full-Disclosure)
Re: [Full-disclosure] PassMark?
... Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org ... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ...
(Full-Disclosure)
Re: [Full-disclosure] Question about police harassment. Police trying over years to "entrap" me
... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ... Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ ...
(Full-Disclosure)
RE: [Full-disclosure] Defeating Citi-Bank Virtual Keyboard Protection
... Enumerate all the IE windows and look for the one with CitiBank Login ... when 2 Australian banks launched on-screen keypads. ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ...
(Full-Disclosure)