Used Maltego CE to run an investigation on findingassange.com domain. Here's the topology it spit back out to me:
Part 1 -
https://sli.mg/Z1bHvz.png
Part 2 -
https://sli.mg/Ujaxwy.png
This is where I need some help and opinions : wildcard-in-use.findingassange.com
Weird looking website really, and the IP block is originating from somewhere else than the original URL findingassange.com.
Also weird privacy statement with no contact info and product reference : http://wildcard-in-use.findingassange.com/privacy
The IP for wildcard-in-use.findingassange.com linked to these two entities:
Bodis : https://bodis.com/ --> domain parking
Prolexic Technologies : https://en.wikipedia.org/wiki/Prolexic_Technologies --> DDoS mitigation and IT security services
The IP for findingassange.com linked to these two different entities:
WILDCARD-AS --> cant find shit on this
I Fast Net LTD : https://ifastnet.com/ --> hosting
Also, ftp.findingassange.com prompts for username password, if anyone wants to try to work their way in.
I'll keep digging, but to me, it looks weird, and I need opinions about this! Upvoat for visibility!!!
view the rest of the comments →
RebelSkum ago
Seems like protection from DDoS. It's believed the Dyncorp Cyberattack may have suppressed Wikileaks releases, so it could be an added countermeasure against that. Their enemies have no shortage of horsepower.
pizzagateishell ago
gotta admit this is weird tho right ? http://wildcard-in-use.findingassange.com
RebelSkum ago
Yeah, it's definitely suspect. Again, could be an offensive countermeasure against something attacking the site, but I'd say this gets a red flag