dennisjudd.com

So I’ve been getting these emails for a while to just about any legitimate email address in my domain. Today I decided to see what exactly was in the install.zip file.
Not surprisingly inside install.zip was a file called install.exe. I ran this file (XP, SP3, no antivirus) and did a packet capture to see where it was phoning home to.

Standard query A pafefrsbasedos.com
Standard query response A

I wasn’t really expecting it to be calling to a US based host:

NameServer: NS2.PWEBTECH.COM
Comment:
RegDate: 2003-06-20
Updated: 2006-05-17
OrgAbuseHandle: FIAD-ARIN
OrgAbuseName: Fortress ITX Abuse Dept
OrgAbusePhone:
OrgAbuseEmail:
OrgTechHandle: FIH2-ARIN
OrgTechName: Fortress ITX Hostmaster
OrgTechPhone:
OrgTechEmail:

Anyways after all this a screen pops up for “Antivirus Pro 2010″ and immediatly starts giving me false positives for infections. Once that’s done it pops up a window that says I need to register it and redirects me to “a-v-pro-21.com”

Arastirilan alan adi: a-v-pro-21.com
Ad / Name Sergey Marshinin
AdresOsenny bulvar d.15 kv.32 Moskva Moskva 121609
Tel
Faks
E-posta ******@ml3.ru
Guncelleme / Updated
Ad gizli
Ad / Name Sergey Marshinin
Adres Osenny bulvar d.15 kv.32 Moskva Moskva 121609
Tel
Faks
E-posta ******@ml3.ru
Guncelleme / Updated
Ad gizli
Ad / Name Sergey Marshinin
Adres Osenny bulvar d.15 kv.32 Moskva Moskva 121609
Tel
Faks
E-posta ******@ml3.ru
Guncelleme / Updated
Alan Adi Sunucusu1 / DNS1 ns3.a-v-pro-21.com

Son Guncelleme/ Last Updated
Kayit Tarihi / Registration Date2009-09-24
SKT / Exp. Date2010-09-24
StatuAktif
2009-10-17

So there you have it…I wonder how often they change IP’s. Hopefully they’ll have to soon once I submit this to the colo.

Ok, now I’m not sure if this falls under the umbrella of Net Neutrality or not but I’m having a hard time believing what I am seeing.
Yesterday I posted a link to a video on my facebook page, this is the link:

I also posted a link to it on my personal webpage as well:

https://dennisjudd.com/2009/10/re_your_brains.html

Now this morning while I was drinking my coffee I decided to pull the video up to show my wife using my iPhone. But when I tried I got a picture of a play icon with a slash through it. Figuring that it was just a weak wifi signal or the facebook app acting up I went to Safari and then tried to use the link from my website.
That didn’t work…in fact when I loaded the YouTube app and tried to search for the video title (and even author) I couldn’t find it. I found other videos by the author (spiffworld) but not the one I was looking for.
At this point the video has 2,792,256 views and I’m sitting here asking myself the question…..”Is Youtube purposely filtering out requests from iPhones to videos that are too popular?”.
To test this I tried to access the video via my personal website link at the same time while tailing my access_log. Since I was using wifi on my iPhone it was using the same WAN IP as my desktop. The same situation occured that I described before….the iPhone no workie but my desktop played it just fine.
At this point I have to think that they’re filtering based on http referral in the browser
[code]
Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0_1 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A400 Safari/528.16
[/code]
So does anyone else think I’m crazy?

Video is kinda ‘meh’ but the song is funny
Here’s a link to his page where you can download it/buy it if you want.
http://www.jonathancoulton.com/2006/03/24/thing-a-week-26-re-your-brains/
Finally realized where I knew his name from…he wrote the ending song to the video game Portal called .

Amelia and Jen decided to play a little dress up today. Yesterday we went to the doctor and got my 15 month stats after only waiting for 1/2 hour. Amelia’s 15 months stats: 32 inches (95th percentile) 26 pounds 13 ounces (90th percentile) as usual big baby!