| ▲ | Spirit Airlines' Abandoned Azure Booking APIs and Exposed Phishing Domains(braydenbte.substack.com) |
| 12 points by BTheEPIC 16 hours ago | 9 comments |
| |
|
| ▲ | dlcarrier 10 hours ago | parent | next [-] |
| Excluding Linux clients, as they are likely crawling bots…
Is this why so many web servers assume I'm a bot? They often don't even give me a captcha, they just straight up deny entry.Should I put Windows or OS X in my user agent? |
| |
| ▲ | BTheEPIC 35 minutes ago | parent [-] | | Honestly, that would likely help. I feel like, even with the flood of people leaving Windows, Linux is still pretty stereotyped. I generalized my numbers in my post as an oversimplification, but I had no idea that web servers were still actively denying Linux clients without a captcha. |
|
|
| ▲ | BTheEPIC 16 hours ago | parent | prev | next [-] |
| When I heard about Spirit's liquidation today, I dug into their web infrastructure. After discovering that their entire booking flow and Azure API was left exactly as it was before their announcement, I grabbed 3 obvious phishing domains for $11.48 each to block malicious actors. |
|
| ▲ | AmazingEveryDay 16 hours ago | parent | prev | next [-] |
| It's like they didn't even consult an LLM on how to perform an orderly shutdown! Thanks for the interesting read, I'd be a bit paranoid registering those domains though you seem to have benign intentions. |
| |
| ▲ | bigfatkitten 15 hours ago | parent | next [-] | | To be fair, if I’m working for a company that just went bust, I’m already an unsecured creditor who is probably facing a long battle to be paid what I’m already owed. I’m sure as hell not going a hang around for free to do an orderly shutdown of their IT infrastructure. | | |
| ▲ | BTheEPIC 15 hours ago | parent [-] | | That's exactly why I don't blame their IT team at all. Truthfully, the reason this story intrigued me was just how little preparation the higher-ups made beforehand. For a company that's been in a bankruptcy case since Aug 2025, you'd think they'd have made some preparations for the worst. |
| |
| ▲ | BTheEPIC 15 hours ago | parent | prev [-] | | Truthfully, I just felt that those three domains were way too predictable to leave open, especially if I wrote about them. I have documented that I have done nothing but redirect to their own site, though it might still be a risk. | | |
|
|
| ▲ | 16 hours ago | parent | prev [-] |
| [deleted] |
