Does anyone have the Exodus NOC phone number? (Or who I'm supposed to talk to in this situation?):
I got a spam mail on AOL, with a link to a decimal IP (the exact link in question is: http://3626046468//nv/zawixmecwhcxejb ). After figuring out the dotted-decimal notation for it (216.33.20.4), I did a whois on arin for that. Turns out it belongs to Exodus, and there's an additional field for rwhois info. I got the rwhois info, and it shows that it belongs to WhoWhere.
So I get curious, and go to the URL in question (speaking raw HTTP, as I am wont to do when checking out spam links)... it redirects me to an angelfire.com address. (A transcript is below:
$ telnet 216.33.20.4 80
Trying 216.33.20.4...
Connected to 216.33.20.4.
Escape character is '^]'.
GET //nv/zawixmecwhcxejb HTTP/1.1
Host: 3626046468
User-Agent: SecurityBreachDetected/1.0b2
HTTP/1.1 301 Moved Permanently
Date: Thu, 02 Nov 2000 05:19:15 GMT
Server: Apache/1.3.9 (Unix) FrontPage/4.0.4.3
Set-Cookie: CookieStatus=COOKIE_OK; path=/; domain=angelfire.lycos.com; expires=
Fri, 02-Nov-2001 05:19:15 GMT
Location: http://www.angelfire.com//nv/zawixmecwhcxejb/
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html
f9
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>301 Moved Permanently</TITLE>
</HEAD><BODY>
<H1>Moved Permanently</H1>
The document has moved <A HREF="http://www.angelfire.com//nv/zawixmecwhcxejb/">h
ere</A>.<P>
</BODY></HTML>
0
Connection closed by foreign host.
$
)
So, I need to inform someone that they need to inform someone that their server's being used for something it's not supposed to be.
Thanks for any help!
-Mat Butler
Systems Engineer
Tonbu, Inc