I asked on this on another list I'm on and didn't get any reply, so I figured I might have better luck here Anyone know what malware.watch. is doing? Below is basically everything I could find: http://www.robtex.net/en/advisory/dns/watch/malware/ssl-scanning-015/ They've got a web page, but nothing there: % curl -I malware.watch HTTP/1.1 200 OK Date: Thu, 13 Nov 2014 19:17:29 GMT Content-Type: text/html Connection: keep-alive Set-Cookie: __cfduid= da37b063f68032dfe5adc07ae35fe27031415906249; expires=Fri, 13-Nov-15 19:17:29 GMT; path=/; domain=.malware.watch; HttpOnly X-Frame-Options: sameorigin Server: cloudflare-nginx CF-RAY: 188d4f4cd3cb0eeb-EWR What I saw was ssl-scanning-###.malware.watch, so after that curl I figured I'd start by blowing up their dns :) % printf '%03d\n' {0..999} | while read f; do dig=$(dig "ssl-scanning-${f}.malware.watch" +short); if [ -n "$dig" ]; then echo "$f: $dig"; fi; done ~ swlap1 015: 85.17.239.155 016: 104.200.21.140 017: 195.154.114.206 (It was pointed out to me this could be more easily written as: dig +noall +ans ssl-scanning-{000..999}.malware.watch) So they only have three in that block, on is in the Netherlands, the other is Linode (US), and the last is French: 8 21.28 ms as4436-1-c.111eighthave.ny.ibone.comcast.net (173.167.57.162) 9 17.01 ms vlan-75.ar2.ewr1.us.as4436.gtt.net (69.31.34.129) 10 15.73 ms as13335.xe-7-0-3.ar2.ewr1.us.as4436.gtt.net (69.31.95.70) 11 15.85 ms 104.28.19.47 7 10.07 ms he-1-15-0-0-cr01.350ecermak.il.ibone.comcast.net (68.86.85.70) 8 9.58 ms ae15.bbr02.eq01.wdc02.networklayer.com (75.149.228.94) 9 10.98 ms ae7.bbr01.eq01.wdc02.networklayer.com (173.192.18.194) 10 23.08 ms ae0.bbr01.tl01.atl01.networklayer.com (173.192.18.153) 11 43.01 ms ae13.bbr02.eq01.dal03.networklayer.com (173.192.18.134) 12 43.02 ms po32.dsr02.dllstx3.networklayer.com (173.192.18.231) 13 44.33 ms po32.dsr02.dllstx2.networklayer.com (70.87.255.70) 14 50.71 ms po2.car01.dllstx2.networklayer.com (70.87.254.78) 15 41.94 ms router1-dal.linode.com (67.18.7.90) 16 42.63 ms li799-140.members.linode.com (104.200.21.140) 7 11.36 ms he-0-13-0-1-pe04.ashburn.va.ibone.comcast.net (68.86.87.142) 8 10.95 ms xe-7-0-2.was10.ip4.gtt.net (77.67.71.193) 9 87.79 ms xe-4-2-0.par22.ip4.gtt.net (89.149.182.98) 10 87.80 ms online-gw.ip4.gtt.net (46.33.93.90) 11 91.82 ms 49e-s46-1-a9k1.dc3.poneytelecom.eu (195.154.1.77) 12 88.27 ms ssl-scanning-017.malware.watch (195.154.114.206)
participants (1)
-
shawn wilson