lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <405CC69A.7050901@nbnet.nb.ca>
From: smenard at nbnet.nb.ca (Steve Menard)
Subject: Another false Citibank e-mail...a new phishing?

Christian wrote:

> Elia Florio wrote:
>
>> I receveid this bad-spoofed-Citibank e-mail,
>> which points to a PHP page which ask for credit card 
>> number..........and stole it!!!
>> Is it the next phishing e-mail ?
>> The link points to http://218.36.71.193:443/citi/
>
>
> i tried http://218.36.71.193/ then, this seems to be the home of
> www.sk.com (from FAQ: What is SK?
> SK is Korea?s fourth largest conglomerate and one of the leading 
> business organizations in Asia...)
>
> someone has set up a 2nd Apache on :443 (!SSL), and created /citi to 
> phish credit card numbers??
>
> Christian.

Nope.
Just More misdiredction by the miscreants

try the url   
http://218.36.71.193:443/test.php

The requested URL /test.php was not found on this server.

------------------------------------------------------------------------
Apache/1.3.6 Server at proxyegana.goldpfeil.de Port 80

[stm@rp2]$ nslookup www.sk.com
Note:  nslookup is deprecated and may be removed from future releases.
Consider using the `dig' or `host' programs instead.  Run nslookup with
the `-sil[ent]' option to prevent this message from appearing.
Server:         192.168.8.1
Address:        192.168.8.1#53

Non-authoritative answer:
Name:   www.sk.com
Address: 64.227.233.29



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ