Does anyone have the Exodus NOC phone number? (Or who I'm supposed to talk to in this situation?): I got a spam mail on AOL, with a link to a decimal IP (the exact link in question is: http://3626046468//nv/zawixmecwhcxejb ). After figuring out the dotted-decimal notation for it (216.33.20.4), I did a whois on arin for that. Turns out it belongs to Exodus, and there's an additional field for rwhois info. I got the rwhois info, and it shows that it belongs to WhoWhere. So I get curious, and go to the URL in question (speaking raw HTTP, as I am wont to do when checking out spam links)... it redirects me to an angelfire.com address. (A transcript is below: $ telnet 216.33.20.4 80 Trying 216.33.20.4... Connected to 216.33.20.4. Escape character is '^]'. GET //nv/zawixmecwhcxejb HTTP/1.1 Host: 3626046468 User-Agent: SecurityBreachDetected/1.0b2 HTTP/1.1 301 Moved Permanently Date: Thu, 02 Nov 2000 05:19:15 GMT Server: Apache/1.3.9 (Unix) FrontPage/4.0.4.3 Set-Cookie: CookieStatus=COOKIE_OK; path=/; domain=angelfire.lycos.com; expires= Fri, 02-Nov-2001 05:19:15 GMT Location: http://www.angelfire.com//nv/zawixmecwhcxejb/ Connection: close Transfer-Encoding: chunked Content-Type: text/html f9 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <HTML><HEAD> <TITLE>301 Moved Permanently</TITLE> </HEAD><BODY> <H1>Moved Permanently</H1> The document has moved <A HREF="http://www.angelfire.com//nv/zawixmecwhcxejb/">h ere</A>.<P> </BODY></HTML> 0 Connection closed by foreign host. $ ) So, I need to inform someone that they need to inform someone that their server's being used for something it's not supposed to be. Thanks for any help! -Mat Butler Systems Engineer Tonbu, Inc
I know this might seem crazy but : % nslookup www.angelfire.com Non-authorative answer: www.angelfire.com canonical name = angelfire.com. Name: angelfire.com Address: 216.33.20.4 So it's on angelfire the whole time ;) and abuse@exodus.net would be a great place to send mail :) On Wed, Nov 01, 2000 at 09:16:25PM -0800, Mathew Butler wrote:
$ telnet 216.33.20.4 80 Trying 216.33.20.4... Connected to 216.33.20.4. Escape character is '^]'.
<TITLE>301 Moved Permanently</TITLE> </HEAD><BODY> <H1>Moved Permanently</H1> The document has moved <A HREF="http://www.angelfire.com//nv/zawixmecwhcxejb/">h
-- ------------------------------------------------------------------------------- : Steven Noble / Network Janitor / Be free my soul and leave this world alone : : My views = My views != The views of any of my past or present employers : -------------------------------------------------------------------------------
On Wed, 1 Nov 2000, Mathew Butler wrote:
Does anyone have the Exodus NOC phone number? (Or who I'm supposed to talk to in this situation?):
From http://www.exodus.net/contact_us.html Response Center: 1.877.393.7878 (from outside the U.S. call 1.800.13937878)
E-Mail: abuse@exodus.net, support@exodus.net morannon:~>dig 4.20.33.216.in-addr.arpa ANY ... snip ... ;; QUERY SECTION: ;; 4.20.33.216.in-addr.arpa, type = ANY, class = IN ;; ANSWER SECTION: 4.20.33.216.in-addr.arpa. 53m47s IN PTR bigip.angelfire.com. I would suggest abuse@angelfire.com, and possibly abuse@aol.com as well.
So all it's doing is redirect to itself.
So, I need to inform someone that they need to inform someone that their server's being used for something it's not supposed to be.
... all in 5 minutes of creative searching ... -- Dominic J. Eidson "Baruk Khazad! Khazad ai-menu!" - Gimli ------------------------------------------------------------------------------- http://www.the-infinite.org/ http://www.the-infinite.org/~dominic/
participants (3)
-
Dominic J. Eidson
-
Mathew Butler
-
Steve Noble