Full Disclosure mailing list archives

RE: Phishing scam - Obfuscated url help please

From: Leif Sawyer <lsawyer () gci com>
Date: Thu, 22 Jan 2004 16:29:21 -0900

Zach Forsyth writes:

Just wondering if someone could help me work out where this 
url actually points.
Or just lead me in the right direction.
Apologies if it has wrapped as it is quiet long.

http://www.netbank.commbank.com.au%6Clogin%6C@%36%31%2E%37%3=0
%2E%31%37%35%2E%31%33%38:%31%31%33%33/%6C%6F%67%69%6E/%69%6E%64%65%78%2E
%6=8%74%6D



First off, you've got those lovely '=' embedded. Strip them

http://www.netbank.commbank.com.au%6Clogin%6C@
%36%31%2E%37%30%2E%31%37%35%2E%31%33%38:%31%31%33%33
/%6C%6F%67%69%6E/%69%6E%64%65%78%2E%68%74%6D

Next, google search:

(wrap..)
keyword:%36%31%2E%37%30%2E%31%37%35%2E%31%33%38:%31%31%33%33/%6C%6F%67%69%6E
/%69%6E%64%65%78%2E%68%74%6D


You'll get the URL parsed back to you:

61.70.175.138:1133/login/index.htm


All Hail Google!

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: Phishing scam - Obfuscated url help please, (continued)
- Re: Phishing scam - Obfuscated url help please Nick FitzGerald (Jan 22)
  - Re: Phishing scam - Obfuscated url help please Valdis . Kletnieks (Jan 22)
    - Re: Phishing scam - Obfuscated url help please Nick FitzGerald (Jan 23)
- Re: Phishing scam - Obfuscated url help please Matthias Benkmann (Jan 23)
  - Re: Phishing scam - Obfuscated url help please Gadi Evron (Jan 23)
    - Re: Phishing scam - Obfuscated url help please Nick FitzGerald (Jan 23)
- Re: Phishing scam - yet another Paypal phishing scam! Tobias Weisserth (Jan 24)
  - Re: Phishing scam - yet another Paypal phishing scam! Valdis . Kletnieks (Jan 24)
  - RE: Phishing scam - yet another Paypal phishingscam! Bill Royds (Jan 24)
    - RE: Phishing scam - yet another Paypal phishingscam! Tobias Weisserth (Jan 25)
- RE: Phishing scam - Obfuscated url help please Leif Sawyer (Jan 22)