Many businesses in the UK are receiving mails asking them to re-register their details with yellovvpages.com. Yellow Pages, operated by Yell, is one of the UK's main telephone and business directories. www.yellovvpages.com with two 'v's is not connected with Yell, or a US business called Yellow Pages.
Following a current trend, the host referenced in the mails www.yellovvpages.com itself is
a reverse proxy server (shown by the
X-Cache: header it returns).
However, by making an HTTP/1.0 request to this server (without a
Host: header), the address of the server behind the proxy is revealed in the error message. www.yellovvpages.com points to 18.104.22.168, in New York, but the content server is 22.214.171.124 (this can be confirmed by requesting yellovvpages.com directly from it), which is in Colorado.
% telnet 126.96.36.199 http GET / HTTP/1.0 HTTP/1.0 404 Not Found Date: Tue, 04 Nov 2003 14:38:52 GMT Server: Apache/2.0.40 (Unix) mod_perl/1.99_05-dev Perl/v5.6.1 DAV/2 PHP/4.2.3 Content-Length: 271 Content-Type: text/html; charset=iso-8859-1 X-Cache: MISS from optformail.biz Connection: close ... <p>The requested URL / was not found on this server.</p> <hr /> <address>Apache/2.0.40 Server at 188.8.131.52 Port 80</address>
Bona fide businesses can suffer significant brand damage through impersonation. Netcraft can provide an alerting service to businesses of domain names and page content that may form part of attempts to deceive from the content Netcraft retrieves during the Web Server Survey.
Posted by Colin Phipps in Security
Your link here? Advertising on the Netcraft Blog