findingassange.com --> need opinion on my finding

findingassange.com --> need opinion on my finding ( pizzagate )

submitted 2016-12-15T04:25:07 by pizzagateishell

Used Maltego CE to run an investigation on findingassange.com domain. Here's the topology it spit back out to me:

This is where I need some help and opinions : wildcard-in-use.findingassange.com

Weird looking website really, and the IP block is originating from somewhere else than the original URL findingassange.com. Also weird privacy statement with no contact info and product reference : http://wildcard-in-use.findingassange.com/privacy

The IP for wildcard-in-use.findingassange.com linked to these two entities: Bodis : https://bodis.com/ --> domain parking Prolexic Technologies : https://en.wikipedia.org/wiki/Prolexic_Technologies --> DDoS mitigation and IT security services

The IP for findingassange.com linked to these two different entities: WILDCARD-AS --> cant find shit on this I Fast Net LTD : https://ifastnet.com/ --> hosting

Also, ftp.findingassange.com prompts for username password, if anyone wants to try to work their way in.

I'll keep digging, but to me, it looks weird, and I need opinions about this! Upvoat for visibility!!!

39 comments

pizzagateishell 2016-12-15T18:28:07

Well, I dont have access anymore to --> findingassange.com

https://sli.mg/dAMyEQ.png

link

Warnos44 2016-12-15T17:45:11

when was the counter supposed to be done?

link

NonexistentNihilist 2016-12-15T17:26:25

Even (or especially) if this is legit, the webmaster would be smart to convolute the server etc to protect themselves.

link

reasonedandinformed 2016-12-15T15:37:47

suspect as honey pot. Be careful.

link

belphegorsprime 2016-12-15T14:21:14

So, let me get this straight. These guys have the operational security to handle what might be the biggest leak the world has ever seen, but can't be bothered to get a cert, and use port 443?

This smells like LARPing. We shall see, I suppose.

link

CrackerJacks 2016-12-15T12:06:13

WikiLeaksVerified account ‏ @wikileaksOnly Julian Assange, Sarah Harrison (and sometimes WikiLeaks' lawyers) are authorized to speak on behalf of WikiLeaks.

https://twitter.com/wikileaks/status/809366908470525952

link

standalone 2016-12-15T08:04:15

This is where I need some help and opinions : http://wildcard-in-use.findingassange.com Weird looking website really

That's a domain parking webpage. It's very common when you are using some spammy registar. I bet their registar is the one managing their DNS and added themselves that entry.

link

THE_LIES_OH_THE_LIES 2016-12-15T07:20:35

Considering Assange hasn't signed any statements and won't appear, I think that anything supposedly coming from him or his affiliates should be scrutinized thoroughly.

link

Fateswebb 2016-12-15T06:44:07

I'm not understanding why you have put in wildcard-in-use but I can tell you if you put ANYTHING that isn't an actual page at fingingassange.com then you get the same automatically generated page. It appears to simply be a redirect page that is fed when there isn't a page that exists. For instance if you put hdkskskjf.findingassange.com it will show the exact same thing. It looks to me like it may be a redirect from the DNS server that is used to marketing and sales purposes but my the hosting company. If it were my website that would bug me that it does that but I bet they agree to some fine print that says that somewhere. Either way I fell this is nothing but a distraction.

link

pizzagateishell 2016-12-15T06:46:48

I tells us that this source is bullshit and to except nothing tomorrow. This is poorly designed.

link

Fateswebb 2016-12-15T07:00:20

Not really, this redirect seems to be completely unrelated to the website and is either ddos protection which makes a lot of sense or is kinda sketchy marketing being done by the completely unrelated host. It is a diversion and is completely irrelivent to anything we are discussing. Take it from someone who builds cloud computing solutions as an architect for a living. Nothing at all to see here except people reading something into nothing. For instance you get the exact same pages if you put ANY page that doesn't exist on that domain. Lfjeoodjekpxkencjornekc.findingassange.com for instance gives you the same auto generated marketing page. And this type of page is nothing new. The hosting companies make them to make a little bit of money per visit to any pages that do not exist. They figure if you're going to get a 404 error why not they make ad revenue. It's dumb yes but not even related to the actual website were discussing at all. It serves two purposes. If the page doesn't exist then the request does not reach the server. This helps to defeat ddos attacks. Also it like I said makes money for the hosting company. The only other thing I could see this being, is if someone were smart enough to instigate a ddos attack but in reality they wanted the ad revenue then it could be a scam for that, but this seems very unlikely.

link

MAGA_OR_GTFO 2016-12-15T06:01:08

The whole thing looks fishy. Nonetheless, kudos to OP for making an effort at least to get to the bottom of it.

link

pizzagateishell 2016-12-15T05:29:23

I wish someone could gain access to their FTP server :

ftp://ftp.findingassange.com/

link

sixgorillion 2016-12-15T13:24:13

Anyone skilled enough to have a go, is also afraid that it's a honeypot designed to identify skilled members of this community. The FTP server could basically be injecting upon login.

I guess all we can do is wait for the dump, which should consist of passwords.

link

SomeD 2016-12-15T08:37:51

yeah and getting trouble if it's not safe at all

link

yabbadoody 2016-12-15T05:24:41

interesting... is it possible they're using distributed networking, and the files ALREADY exist "out here" on a huge, virtual server with thousands of backups?

if so, that's cool as hell... and might be a little troublesome, but hey... it's been years since I was full-time IT, so this probably sounds like some Ford Edsel-level shit to ya'll.

link

webofslime 2016-12-15T05:19:01

We'll know tomorrow

link

dafacts 2016-12-15T05:06:52

what it comes down to is if they deliver anything, the content needs to be heavily scrutinised and somehow authenticated before we can believe it. The release of manipulated content will be so incredibly damaging if it is first thought to be legit.

link

Fateswebb 2016-12-15T06:48:32

All of the podesta emails have hashes on them that legitimate them, those are from the source not added by wikileaks, if they are real it will be easy to prove.

link

nomorepizza 2016-12-15T06:01:02

It's my understanding they will release the passwords but not the files

link

Thrash57 2016-12-15T08:30:41

I didnt even think of this. If they release passwords for two of the insurance files, then we already have 256bit hashes to verify them.

link

unfuckitup 2016-12-15T04:59:00

Why are they warning ahead if they're fighting off DDoS? weird.

link

pizzagateishell 2016-12-15T05:09:00

EXACTLY - why not just release it live ?? trust me if 15.000 podesta emails would be released instantly it would go around and spread very fast. They are trying to reach out to as many people as possible to download the "file".

I really don't think it's legit, I'd download that in a safe environment (VM, sandbox).

link

Fateswebb 2016-12-15T06:50:11

Because they are hoping for a proof of life on Assange and if they get one they won't release the data. It's an insurance package for Assange. Saying either prove he is alive or the cats out of the bag.

link

Hashtag_pedofiles 2016-12-15T07:44:54

Sounds like a credible reason. But we'll see what happens tomorrow

link

pizzagateishell 2016-12-15T04:44:36

Like do we really want to trust this shit ? It almost looks like a scam to attract high volume to their website for ad revenue or even maybe upselling the domain. I dont know man. All im saying is that it doesnt really look "official" , specifically this : http://wildcard-in-use.findingassange.com/privacy

link

dindonufin 2016-12-15T06:55:46

It's a publicity stunt, a distraction, and looks like a honeypot.

link

DopeandDiamonds 2016-12-15T05:30:42

The FB group page for this was deleted today. I wonder if there are archives.

I don't understand it. Do they think he is alive or dead? If the keys and the info staying private are what is keeping him alive, Why release it? I get we have no PoL but if he is alive and this is legit, The group trying to find the man just got him killed.

Is it a bluff to try to get PoL or get in contact with the former employees who have scattered? I don't like the sounds of this.

How does a site no one knew about and just went live already get a DDoS? Wouldn't it better to just make the site, send the emails, make the post and downloads available all at the same time or at least not give a countdown? This smells fishy like the kind you use for bait.

link

pizzagateishell 2016-12-15T04:47:22

http://findingassange.com/privacy

redirects here

http://parked-domain.org/

Explanations anybody?

link

j_m_d 2016-12-15T06:13:27

Whoever set up the site probably just redirected the link for /privacy to go to that URL. Similar to http://itanimulli.com redirecting to the NSA dot gov site. And that prilosec company or whatever is just ddos protection like cloudflare is. I wouldn't waste my time with it.

link

pizzagateishell 2016-12-15T06:26:04

Tell me, why waste money employing Prolexic (which doesnt look to come cheap $$$) to prevent DDoS attacks when you can just straight up release the data without a countdown. I'll tell you why, because that dump is litterally a dump of shit, and they are protecting their MSM pile of shit from being taken down. I bet you they will talk about this website tomorrow in the MSM attracting even more attention to it!

link

RebelSkum 2016-12-15T04:34:28

Seems like protection from DDoS. It's believed the Dyncorp Cyberattack may have suppressed Wikileaks releases, so it could be an added countermeasure against that. Their enemies have no shortage of horsepower.

link

pizzagateishell 2016-12-15T04:37:23

gotta admit this is weird tho right ? http://wildcard-in-use.findingassange.com

link

Freemasonsrus 2016-12-15T05:07:09

Weird bc of the topics? I could see an outline here making sense, but I'm no IT genius. Could be legit categories of info, no?

link

pizzagateishell 2016-12-15T05:11:13

Most random privacy statement i've ever read, vague as fuck, no product, company, entity, nothing. http://wildcard-in-use.findingassange.com/privacy

link

Freemasonsrus 2016-12-15T05:23:28

Ya I don't get my hopes up for this kind of crap. If they have something, great, if not, they just wasted a bunch of time bc most of us know 99% of the time it's BS.

link

Fateswebb 2016-12-15T06:53:48

None of that stuff is even related to findingassange.com it's all a redirect that is employed when you put ANY webpage before findingassange that does not exist. For instance kfjehifjrbicjenwhdicjsvdoeje.findingassange.com does the same thing. It's a marketing trick done by the host that has nothing at all to do with the website. Nothing to see here...... If anything it's a ddos safeguard, forwarding any non relevant traffic to an unrelated domain.

link

Freemasonsrus 2016-12-15T07:04:45

Thanks for the explanation. I guess we'll see tomorrow. BTW, judging by language and timing I believe they are overseas.

link

RebelSkum 2016-12-15T04:40:37

Yeah, it's definitely suspect. Again, could be an offensive countermeasure against something attacking the site, but I'd say this gets a red flag

link