Hacker News new | past | comments | ask | show | jobs | submit login

Ah well. Somebody already has obtained the sample from the url for us. Most likely bruteforced the address.

http://twitter.com/jduck1337/status/239875285913317376




Reverse-DNS'ing the IP address gave me the URL they mentioned and censored in the article. I didn't want to post it here on HN because this isn't the place for that. I would think FireEye's blog would be that place. I'll have to get with my FireEye sales engineer to see why they censor there.


How did you find the domain through reverse dns? None of the queries I ran gave any useful results.


I use robtex.com to reverse-DNS [1]. It tells you if the address is listed in any blacklists, what domains are registered there, who owns the network, and where the geographical region of the server is. Listed in the registered domains is something awfully similar to what FireEye has censored out.

[1] http://www.robtex.com/ip/59.120.154.62.html#ip




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: