| |||||||||||||
|
| |||||||||||||
The script is SOOOOOO sillyThe script is SOOOOOO sillyPosted Oct 25, 2004 15:06 UTC (Mon) by jeld (guest, #22397)In reply to: The script is SOOOOOO silly by pascal.martin Parent article: Fake Red Hat security update
Obviously it is not running IIS anymore, it runs some sort of apache. Here is the transcript:
HEAD / HTTP/1.0
HTTP/1.1 200 OK
(Log in to post comments)
addlebrain.com Posted Oct 26, 2004 1:57 UTC (Tue) by jtc (subscriber, #6246) [Link] I missed where addlebrain.com fits into this, but I get the following results from HEAD:
$ HEAD addlebrain.com
addlebrain.com Posted Oct 26, 2004 2:54 UTC (Tue) by jeld (guest, #22397) [Link] Well... looks like you are right, except, that addlebrain.com (running IIS 6) is being redirected to www.addlebrain.com running apache. Since this is a valid site, and the email address where the script is sending cracked host info is root@addlebrain.com I figured that someone rooted one of addlebrain's boxes. Otherwise I don't know. addlebrain.com seems to belong to a company called ABM Wireless which sells cell phone accessories. MX record for addlebrain.com points to a server on everyone.net domain which is a mail hosting company. I cannot find much info about addlebrain.com IP address, but www.addlebrain.com address belongs to a dedicated web server/colocation company ThePlanet.com.
|
|
||||||||||||