02
Aug
08

“Interesting Site //” Goes Dark Abruptly

That didn’t take long at all.

I put the newest “interesting” site into the bi-hourly rotation, got about 50 proxies between two runs, and the place went seriously dark.

As in “port 80 closed” dark.

I hope this isn’t permanent.  It was such a good source.  Something, somewhere was obviously feeding the site new data.  I say that because it wasn’t a proxy list.  It was a PHP page that returned nothing but IP:port data without any html markup at all.

The box is still on the Net, and considering it’s a DNS, SMTP/S,  POP3/S, and IMAP/S server – all rolled into one – it may be coming back.  That could be the reason the Google Hack dies on the weekend and resurrects itself Sunday evening.

Let me tell you what I’ve learned about this fellow.

His name is Nick.  He owns 16 IP addresses (no, I haven’t scoped them all out yet).   The DNS name (a “dot-com”) is registered in Australia. 

Some fellow in the UK has evidence that Nick is a criminal.

The name on the Admin/Tech/Billing contact details of the domain whois record is associated with malware domains.

The IP address is alleged to be a “phone home” site for a botnet (makes sense if he’s planting proxies all over the world for his own use).

His hosting provider is in the USA and it has captured the attention of a number of security researchers.

It seems to be part of the infamous “Russian Business Network“.

I told you it was an interesting site.

I still have it in the rotation.  The fact that it doesn’t answer anymore doesn’t affect the operation of the script, so if it comes back online, The List will devour the information.

This is one of the reasons it’s generally not  a Good Idea to use an open proxy.  You don’t know where they come from.  You don’t know where they’ve been.  And you might make a Nasty Person mad at you if you use their proxy.

Advertisements

0 Responses to ““Interesting Site //” Goes Dark Abruptly”



  1. Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s


Archives

Advertisements

%d bloggers like this: