findingassange.com --> need opinion on my finding (pizzagate)

submitted ago by pizzagateishell

Used Maltego CE to run an investigation on findingassange.com domain. Here's the topology it spit back out to me:

Part 1 - https://sli.mg/Z1bHvz.png

Part 2 - https://sli.mg/Ujaxwy.png

This is where I need some help and opinions : wildcard-in-use.findingassange.com

Weird looking website really, and the IP block is originating from somewhere else than the original URL findingassange.com. Also weird privacy statement with no contact info and product reference : http://wildcard-in-use.findingassange.com/privacy

The IP for wildcard-in-use.findingassange.com linked to these two entities: Bodis : https://bodis.com/ --> domain parking Prolexic Technologies : https://en.wikipedia.org/wiki/Prolexic_Technologies --> DDoS mitigation and IT security services

The IP for findingassange.com linked to these two different entities: WILDCARD-AS --> cant find shit on this I Fast Net LTD : https://ifastnet.com/ --> hosting

Also, ftp.findingassange.com prompts for username password, if anyone wants to try to work their way in.

I'll keep digging, but to me, it looks weird, and I need opinions about this! Upvoat for visibility!!!

You are viewing a single comment's thread.

view the rest of the comments →

Fateswebb ago

I'm not understanding why you have put in wildcard-in-use but I can tell you if you put ANYTHING that isn't an actual page at fingingassange.com then you get the same automatically generated page. It appears to simply be a redirect page that is fed when there isn't a page that exists. For instance if you put hdkskskjf.findingassange.com it will show the exact same thing. It looks to me like it may be a redirect from the DNS server that is used to marketing and sales purposes but my the hosting company. If it were my website that would bug me that it does that but I bet they agree to some fine print that says that somewhere. Either way I fell this is nothing but a distraction.

pizzagateishell ago

I tells us that this source is bullshit and to except nothing tomorrow. This is poorly designed.

Fateswebb ago

Not really, this redirect seems to be completely unrelated to the website and is either ddos protection which makes a lot of sense or is kinda sketchy marketing being done by the completely unrelated host. It is a diversion and is completely irrelivent to anything we are discussing. Take it from someone who builds cloud computing solutions as an architect for a living. Nothing at all to see here except people reading something into nothing. For instance you get the exact same pages if you put ANY page that doesn't exist on that domain. Lfjeoodjekpxkencjornekc.findingassange.com for instance gives you the same auto generated marketing page. And this type of page is nothing new. The hosting companies make them to make a little bit of money per visit to any pages that do not exist. They figure if you're going to get a 404 error why not they make ad revenue. It's dumb yes but not even related to the actual website were discussing at all. It serves two purposes. If the page doesn't exist then the request does not reach the server. This helps to defeat ddos attacks. Also it like I said makes money for the hosting company. The only other thing I could see this being, is if someone were smart enough to instigate a ddos attack but in reality they wanted the ad revenue then it could be a scam for that, but this seems very unlikely.