It comes mainly from mapping the subdomains over time and analysis of the ASNs. This is key. You will often see a company with perhaps 200 or so subdomains, that only does business in the United States.
But then you will see one subdomain that maps to ASN 4803 or whatever, which then leads to “China Telecom xinjiang”. In fact I encourage you to type:
org:”China Telecom xinjiang” “NSFOCUS” into Shodan.
Also look at the capital expenditures psychz.net claims on their about page. There is no IaaS company in the world that can afford to lay down as much hardware as they are claiming.
Another thing btw is these sites never seem to have job openings. That is common pattern that applies to perhaps 60% of the firms listed.
So you're saying "typical intelligence analyst stuff" is the reasoning here?
Generally analysts produce questions which operations runs down to figure out if what they think is going on, is actually going on.
Correct me if I'm wrong here but you're basically saying that you have done the first part and found some suspicious links but not the second part do develop actual evidence one way or the other, is that a fair assessment?
They subcontract their support to India. William Lu is a scammer and a well known liar. He pays people on web hosting forums to keep it quiet about how he scams his customers. The guy has cockroaches in his data center. He has no money and has lost more than half his ip space in the past year. He even got recorded a few months back in a big conference call admitting he lies about everything and charges his customers for services he doesn't even provide. https://www.youtube.com/watch?v=PzHS4E2e8Bg there's also a dope ass diss track about how garbage their service is on there too. https://www.youtube.com/watch?v=mZBWd1Z2yY0
> org:”China Telecom xinjiang” “NSFOCUS” into Shodan.
I'm going to admit I didn't try putting this into Shodan because for whatever reason I don't have access to it right now. But won't this just show a list of servers running a NSFOCUS WAF? How do you connect that to ProtonMail or LeaseWeb?
Are you suggesting they are an "open secret"? EG, They are not "covert", but they are secretive in that they only sell to maybe western intelligence agencies, etc. Could be why they never have real "openings", they got a hot pipeline constantly exiting from the intelligence community looking to make some real money.
sergiomattei|6 years ago
Back it up or nothin'.
rshnotsecure|6 years ago
But then you will see one subdomain that maps to ASN 4803 or whatever, which then leads to “China Telecom xinjiang”. In fact I encourage you to type:
org:”China Telecom xinjiang” “NSFOCUS” into Shodan.
Also look at the capital expenditures psychz.net claims on their about page. There is no IaaS company in the world that can afford to lay down as much hardware as they are claiming.
Another thing btw is these sites never seem to have job openings. That is common pattern that applies to perhaps 60% of the firms listed.
ChuckMcM|6 years ago
Generally analysts produce questions which operations runs down to figure out if what they think is going on, is actually going on.
Correct me if I'm wrong here but you're basically saying that you have done the first part and found some suspicious links but not the second part do develop actual evidence one way or the other, is that a fair assessment?
gspd|6 years ago
zer0tonin|6 years ago
I'm going to admit I didn't try putting this into Shodan because for whatever reason I don't have access to it right now. But won't this just show a list of servers running a NSFOCUS WAF? How do you connect that to ProtonMail or LeaseWeb?
modwest|6 years ago
GhettoMaestro|6 years ago
Are you suggesting they are an "open secret"? EG, They are not "covert", but they are secretive in that they only sell to maybe western intelligence agencies, etc. Could be why they never have real "openings", they got a hot pipeline constantly exiting from the intelligence community looking to make some real money.
Apofis|6 years ago
ryanlol|6 years ago
No results found