Last night, I received a phishing email wanting my university email account information. Whenever I’m picking through email headers, or any other kind of network forensics, I find it useful to punch the IP addresses I find into Google. You can often build a good image of what that particular system or network is used for, by reading abuse reports, exposed log files, logs of Wiki edits, and all sorts of other situations where an IP address might be indexed by a search engine.
This particular bad-guy IP is a great example of an IP address that has really made its mark on Google, so I’ll link the results here:
Off the eastern coast of Madagascar, there’s an island called Mauritius. On this island there’s the city of Ebene. In this city, there’s this building, the “Cyber Tower”. According to Whois, on the third floor of this building, there’s a computer being used for all sorts of phishing and fraud.
It would be “just another scammer”, but this one has a great sense of humor. Check out this diff on an edit made from that IP address on the Wikipedia entry for Advance fee fraud: