PCA Forums

Got a spam mail to yet another sex site yesterday. Did the ol' highlight-to-delete manuever, when POOF! my firewall warned me of an outbound connection attempt.

The remote address is 64.38.223.60. The hyperlinks all point to a really odd URL. [url]http://www.ht2.(blahblah).mx=14=02=14=05=14.com|netped.com=(a[/url] bunch more numbers and equal signs).jjjjjjjj.com

Thing is, it advertises "can this be legal?" since they deal with hidden cameras on teens, and then assures the fair reader that whereas this site is outlawed in 26 countries, my country isn't one of them.

I just thought several parts of the URL are weird, like ".mx", "netped" and that seperator. Considering the email tried to "phone home", I'm wondering if it's a hack attempt, or someone is trying to trace my net usage, or the government is trying to entrap people. Any ideas?

What kind of outbound connection attempt was it? TCP? Netbios? maybe it was just sending a response to thier server saying you didn't read the email just deleted it so it would send it again. Not sure.

I did a trace on that IP and it says it's on a network belonging to:

CWIE LLC
Phoenix, AZ

And the coordinator is from cavecreek.net

if that helps any.

[Edited by Kakarot on 04-18-2001 at 06:36 PM]

It's TCP, on port 80. Guess it ain't dubya lookin' to fry my ass...

TCP port 80 is the standard port for HTTP transfers. If the message had any HTML in it at all, I wouldn't be surprised if the email were trying to set a cookie or something else involving an trip to a server (e.g., an 'invisible' GIF…?).

[Edited by kenada on 04-19-2001 at 12:29 AM]