Following a current trend, the host referenced in the mails www.yellovvpages.com itself is a reverse proxy server (shown by the X-Cache:
header it returns). However, by making an HTTP/1.0 request to this server (without a Host:
header), the address of the server behind the proxy is revealed in the error message. www.yellovvpages.com points to 216.239.250.50, in New York, but the content server is 207.189.212.52 (this can be confirmed by requesting yellovvpages.com directly from it), which is in Colorado.
% telnet 216.239.250.50 http GET / HTTP/1.0 HTTP/1.0 404 Not Found Date: Tue, 04 Nov 2003 14:38:52 GMT Server: Apache/2.0.40 (Unix) mod_perl/1.99_05-dev Perl/v5.6.1 DAV/2 PHP/4.2.3 Content-Length: 271 Content-Type: text/html; charset=iso-8859-1 X-Cache: MISS from optformail.biz Connection: close ... <p>The requested URL / was not found on this server.</p> <hr /> <address>Apache/2.0.40 Server at 207.189.212.52 Port 80</address>
Bona fide businesses can suffer significant brand damage through impersonation. Netcraft can provide an alerting service to businesses of domain names and page content that may form part of attempts to deceive from the content Netcraft retrieves during the Web Server Survey.