http://219.84.167.230:8888/AD.png?
eid=my_email@domain.com&pid=gao
i copied the address into FireFox, and replaced my e-mail address with the address they spoofed. in my address bar, i entered:
http://219.84.167.230:8888/AD.png?
eid=LiLi_woman@gmail.com&pid=gao
i pressed enter. a blank image appeared on my screen. it instantly clicked in my head what they must be trying to do. they send you an e-mail, you open it and it connects and upon requesting this image it sends your e-mail address to them, confirming you are a real person. they are fishing for real people to spam.
i was curious if they were running apache or micro$oft's iis; i hacked off everything after the last whack:
http://219.84.167.230:8888/
damn! virtual directory listing denied. okay, let's request a document that probably doesn't exist.
http://219.84.167.230:8888/foobar
yes! and it looks like we get the standard iis 404 page not found error. i was still curious who owned this box that had obviously been hacked. i attempted to browse to just the ip address, but nobody was home. i did a reverse dns check on the ip address, which turned up nothing. in my last attempt to find out who this address belonged to, i did a whois and got something:
% [whois.apnic.net node-2]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
inetnum: 219.84.0.0 - 219.85.255.255
netname: SONET-NET
country: TW
descr: Sony Network Taiwan Limited
descr: 2Fl., Building E, No. 19-13, San Chung Road
descr: Taipei Taiwan 115
admin-c: JC417-AP
tech-c: CC115-AP
status: ALLOCATED PORTABLE
changed: hm-changed@apnic.net 20031125
mnt-by: MAINT-TW-TWNIC
source: APNIC
looks like our friends at Sony have been exploited, or are supporting it. well, i guess the moral of today's story is that a quitter never wins and never trust micro$oft.