Who is com.com?

I found a log in my home folder and am not sure how it was created.
The note seems to imply that the site is comprimised with some sort of temporary redirect to a com.com.

–2020-03-02 23:24:55-- https://springfield-ohio-post.com.com/
Resolving springfield-ohio-post.com.com (springfield-ohio-post.com.com)… 79.124.78.101, 79.124.78.105
Connecting to springfield-ohio-post.com.com (springfield-ohio-post.com.com)|79.124.78.101|:443… connected.
HTTP request sent, awaiting response… 302 Moved Temporarily
Location: https://com.com/results?q=springfield-ohio-post [following]
–2020-03-02 23:24:58-- https://com.com/results?q=springfield-ohio-post
Resolving com.com (com.com)… 52.52.5.4, 52.9.157.246
Connecting to com.com (com.com)|52.52.5.4|:443… connected.
HTTP request sent, awaiting response… 200 OK
Length: unspecified [text/html]
Saving to: ‘springfield-ohio-post.com.com/index.html’

 0K ......                                                  463M=0s

Last-modified header missing – time-stamps turned off.
2020-03-02 23:24:59 (463 MB/s) - ‘springfield-ohio-post.com.com/index.html’ saved [7127]

FINISHED --2020-03-02 23:24:59–
Total wall clock time: 3.5s
Downloaded: 1 files, 7.0K in 0s (463 MB/s)
Converting links in springfield-ohio-post.com.com/index.html… 0-8
Converted links in 1 files in 0.001 seconds.

Should I be trashing the server for a replacement?

Quick check with google

Probably the reason why my Pihole resolves it to 0.0.0.0 as it is on a community block list. If you want more accurate information (the blog article is from 2015) it might be hidden somewhere in Google’s universe. :wink:

1 Like

That would appear to be the output of a WGET call. Now, how that made it into a log file in your home directory is a different question and probably a good question but really way beyond the scope of the forum here.

Depending on how critical all of it is, I would either take it to one of the StackExchange forums, a Reddit channel, an IT forensics investigator, or - as you mentioned - set up the machine from scratch.

I am not familiar with com.com - for that I would refer you to the link posted by @MarkMeyer - but to me it seems as if they try to catch domain typos where people double the TLD. Even mymostrandomdotcomdomain.which.still.fits.into.the.sixtythreelabelrestriction.com.com resolves properly to their servers. Subsequently they redirect to their own domain with the original domain as part of the query string.

But why they are doing it is rather irrelevant in this context, the question is why did it end up in your logs and if you cant answer this yourself you best pick one of the aforementioned approaches :slight_smile:

1 Like

Okay. It was me. I remember curling something like my own website because I want to turn it into an embeddable to my customer’s DVD or HD (just in case the internet turns off…seeing as how I just recently received the second warning from the monopoly provider threatening such action).

Still, there must have been a crash while curling… or at some point there must have been a log created (duh), but do you think the coders could maybe put in a tad more effort to making it understandable (I know, I know…it’s another forum).

Yawn, well goodnight then.

This topic was automatically closed after 30 days. New replies are no longer allowed.