Yep; some machine got cracked into, and the person is hosting a site there.
You can usually tell when:
1. the site is on an off-port.
2. the site has no proper domain - just an IP.
3. The site will have a weird directory name. (such as /.d/ebay/)
What I do when I'm feeling especially do-goodie is figure out who owns
the netblock like you did, and write abuse - then I find out who owns
the block above that (if any), and who owns the server in question, and
write abuse@ all those email addresses. Sadly, people don't always know
about it.
Adam
jgribbin@alaska.net wrote:
>I just got another one of these phishing emails purportedly from AlaskaUSA. Usually they have an attachment that ACS detect and remove, so I never see it. I just get notified it was there.
>This time there was no attachment, just a phony link, so it made it through.
>
>The link is http://209.26.255.197:24/ultra ..., which comes up on ARIN as part of a block belonging to the City of Ocoee in Florida.
>
>I'm just curious and leaning to learn. I seriously doubt that the City of Ocoee has anything to do with this.
>
>Does this mean someone has hijacked a computer on their network to host this scam?
>
>
>Jim Gribbin
>
>
>
>-- Binary/unsupported file stripped by Ecartis --
>-- Type: text/x-vcard
>-- File: jgribbin@alaska.net.vcf
>-- Desc: Card for <jgribbin@alaska.net>
>
>
>---------
>To unsubscribe, send email to <aklug-request@aklug.org>
>with 'unsubscribe' in the message body.
>
>
>
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Tue Apr 18 11:12:11 2006
This archive was generated by hypermail 2.1.8 : Tue Apr 18 2006 - 11:12:11 AKDT