I tried this trick against my personal Apache 2 webserver, and got a 400
bad request as well. The apache log is showing "Client sent malformed
Host header".
It looks like Apache is getting the decimal host header, and doesn't
understand what to do with it. Oddly, the host mentioned in the initial
e-mail is also Apache, but it's Apache 1.3.
Is your Apache on windows server 1.x or 2.x?
On Tue, 14 Mar 2006, Alice Bryson wrote:
BTW, this kind of ip address would not always work. i try to use
http://2887060730/ to access an internal web server
http://172.21.12.250, but failed.
It said 400 bad request.
I use Windows XP IE 6, web server is Apache on Windows 2003, does
anyone know why?
2006/3/11, Jianqiang Xin <[EMAIL PROTECTED]>:
hi,
I received several phishing emails. One interesting thing is the link to
phishing website has the link:
http://1406379699/dbweb/ws/ebay/index.htm
If you click it, it goes to a fake ebay server. The DNS result shows:
1406379699
Server:
Address:
Name: ip-166-179.sn2.eutelia.it
Address: 83.211.166.179
I do not understand why 1406379699 equal to ip-166-179.sn2.eutelia.it?
Thanks for your help.
yours,
jqxin2006
_______________________________________________
Full-Disclosure - We believe in it.
Charter:
http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
Homepage:http://www.lwang.org
We collect spam for research at:
mailto:[EMAIL PROTECTED]
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
