2006-11-18 Woozle tech log

Suspicious redirect
I noticed that when I tried to load this URL:

http://www.theage.com.au/news/world/spy-says-alqaeda-tricked-us-into-war/2006/11/17/1163266782059.html

I got redirected to http://0.0.0.0, regardless of the exact path or whether there was a www. in the domain.

So I did some tests, and found that it was only on one computer. Then I did a wget on each computer, to compare the results: Who the freep is 216.234.246.150, and why am I getting redirected to them?? It's apparently someone who gets their hosting through ThePlanet:

whois
woozle@gonzo:~$ whois 216.234.246.150

OrgName:   ThePlanet.com Internet Services, Inc. OrgID:      TPCM Address:   1333 North Stemmons Freeway Address:   Suite 110 City:      Dallas StateProv: TX PostalCode: 75207 Country:   US ReferralServer: rwhois://rwhois.theplanet.com:4321 NetRange:  216.234.224.0 - 216.234.255.255 CIDR:      216.234.224.0/19 NetName:   THEPLANET-BLK-1 NetHandle: NET-216-234-224-0-1 Parent:    NET-216-0-0-0-0 NetType:   Direct Allocation NameServer: NS1.THEPLANET.COM NameServer: NS2.THEPLANET.COM Comment:   ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE RegDate:   1999-08-31 Updated:   2000-10-10

traceroute
woozle@gonzo:~$ traceroute 216.234.246.150
 * traceroute to 216.234.246.150 (216.234.246.150), 30 hops max, 40 byte packets
 * 1 192.168.0.1 (192.168.0.1)  0.626 ms  0.395 ms  0.222 ms
 * 2 10.40.64.1 (10.40.64.1)  7.927 ms  7.518 ms  7.984 ms
 * 3 srp8-0.rlghnca-rtr2.nc.rr.com (24.25.2.163)  7.762 ms  6.048 ms  6.542 ms
 * 4 pos14-0.rlghncrdc-rtr2.nc.rr.com (24.25.0.9)  7.971 ms  11.334 ms  8.169 ms
 * 5 son1-0-1.chrlncsa-rtr6.carolina.rr.com (24.93.64.81)  12.656 ms  15.095 ms  21.170 ms
 * 6 tenge-1-3.car1.Charlotte1.Level3.net (4.71.124.1)  18.333 ms tenge-1-4.car1.Charlotte1.Level3.net (4.71.124.5)  22.878 ms  18.346 ms
 * 7 ae-4-4.ebr1.Atlanta2.Level3.net (4.69.132.162)  28.189 ms * *
 * 8 * * *
 * 9 ae-14-51.car4.Dallas1.Level3.net (4.68.122.16)  41.518 ms ae-14-53.car4.Dallas1.Level3.net (4.68.122.80)  45.108 ms ae-14-55.car4.Dallas1.Level3.net (4.68.122.144)  38.409 ms
 * 10 THE-PLANET.car4.Dallas1.Level3.net (4.71.122.2)  46.355 ms  59.596 ms  49.206 ms
 * 11 te9-2.dsr01.dllstx3.theplanet.com (70.87.253.14)  41.971 ms  41.573 ms  41.397 ms
 * 12 vl22.dsr02.dllstx2.theplanet.com (70.85.127.76)  47.399 ms  43.952 ms  41.928 ms
 * 13 vl1.car02.dllstx2.theplanet.com (12.96.160.12)  45.374 ms  134.767 ms  162.767 ms
 * 14 96.f6.ead8.static.theplanet.com (216.234.246.150)  55.133 ms  43.531 ms  43.024 ms

Googling
A quick search finds a lot of pages mentioning this IP address.
 * It seems to be a DNS server used by the Windows worm Win32.Buchon.B
 * A number of other domains (e.g. foo.com) resolve to that IP, so it may be a web server configured for name-based hosting; apparently, any unrecognized domain gets redirected to 0.0.0.0