It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
Opspeculate
Why is it every time our IDS interacts with abovetopsecret.com a positive dynamic DNS exploit is attempted from 173.193.40.5 ?
This is abovetopsecret.com www.urlvoid.com...
Opspeculate
This means that any DNS requests made to abovetopsecret.com after a successful execution ends up at malicious DNS servers. (Honey Pot Tested & Confirmed)
Opspeculate
Why...?
No other site out of thousands monitored set of this positive alarm. Only abovetopsecret.com @
173.193.40.5 Every Single Time !!!
jedi_hamster
reply to post by IkNOwSTuff
no need to know. people are usually running some firewall with integrated IDS, so assuming he's using something popular, tons of people would rise alarm - unless, as i've said, it's not ATS server that is 'attacking' him, but the dns server he's using - if that's the case, the whole issue may be very localized and perhaps he's the only one affected - but then it's the dns server he's using that is to blame, not ATS.
abovetopsecret.com nameserver = ns1.dnsmadeeasy.com
abovetopsecret.com nameserver = ns2.dnsmadeeasy.com
abovetopsecret.com nameserver = ns0.dnsmadeeasy.com
abovetopsecret.com nameserver = ns4.dnsmadeeasy.com
abovetopsecret.com nameserver = ns3.dnsmadeeasy.com
ns0.dnsmadeeasy.com internet address = 208.94.148.2
ns1.dnsmadeeasy.com internet address = 208.80.124.2
ns2.dnsmadeeasy.com internet address = 208.80.126.2
ns3.dnsmadeeasy.com internet address = 208.80.125.2
ns3.dnsmadeeasy.com AAAA IPv6 address = 2600:1801:3::1
ns4.dnsmadeeasy.com internet address = 208.80.127.2
ns4.dnsmadeeasy.com AAAA IPv6 address = 2600:1802:4::1
Opspeculate
Happens from all 4 corners of the planet using different isp''s routes, OS's, hardware.. Every single time...
This is abovetopsecret.com www.urlvoid.com...
Just wondering why...? It only happens with abovetopsevret.com nothing else... ever...
This means that any DNS requests made to abovetopsecret.com after a successful execution ends up at malicious DNS servers.
James1982
Just seems a little odd SO many people are having issues with ATS in this manner, as am I, and NEVER on ANY other sites, just ATS.