The Singularity System Review C&C Issues

Tod13 · March 07, 2017, 10:56:03 AM

Some code or link on this page is attempting a C&C Callback -- the call is from 50.62.249.1. This means one of the servers linked or some code in the post is trying to send a botnet-like command and control signal to people viewing this page. This does not appear to be from therpgsite.com which is 69.163.179.20.

http://www.therpgsite.com/showthread.php?36228-The-Singularity-System

brettmb · March 07, 2017, 11:26:09 AM

Quote from: Tod13;949814Some code or link on this page is attempting a C&C Callback -- the call is from 50.62.249.1. This means one of the servers linked or some code in the post is trying to send a botnet-like command and control signal to people viewing this page. This does not appear to be from therpgsite.com which is 69.163.179.20.

Appears to be the logo URL and its server. I don't see any issues. If you have further evidence, please let me know.

Tod13 · March 07, 2017, 11:55:32 AM

Quote from: brettmb;949817Appears to be the logo URL and its server. I don't see any issues. If you have further evidence, please let me know.

The logo isn't from the "bad" IP of 50.62.249.1.

It is only on this page. It is something from the //www.endtransmissiongames.com site. Mozilla made it difficult to disable prefetching and the browser is trying to prefetch the site (in case I click on the link) and is triggering the warning. (Now I gotta figure out how to get it to quit prefetching--the instructions I found don't work so far.)

$ ping //www.endtransmissiongames.com
PING endtransmissiongames.com (50.62.249.1) 56(84) bytes of data.
64 bytes from p3nlhg1002c2002.shr.prod.phx3.secureserver.net (50.62.249.1): icmp_seq=1 ttl=47 time=45.5 ms
64 bytes from p3nlhg1002c2002.shr.prod.phx3.secureserver.net (50.62.249.1): icmp_seq=2 ttl=47 time=45.8 ms
64 bytes from p3nlhg1002c2002.shr.prod.phx3.secureserver.net (50.62.249.1): icmp_seq=3 ttl=47 time=44.5 ms

brettmb · March 07, 2017, 12:09:41 PM

The logo is from that site/IP and prefetching appears to have nothing to do with this post, since that is a function of your browser and the endtransmissiongames.com site.

Moving these posts to help section to avoid disruption of this thread.

Tod13 · March 07, 2017, 01:02:31 PM

Quote from: brettmb;949828The logo is from that site/IP and prefetching appears to have nothing to do with this post, since that is a function of your browser and the endtransmissiongames.com site.

Moving these posts to help section to avoid disruption of this thread.

Ah. OK. I wasn't seeing the logo because our Malwarebytes is blocking the logo so it wasn't in the DOM and just reporting the IP, hence my logo confusion and assumption it was prefetching. (And why disabling pre-fetch didn't appear to stop it.)

brettmb · March 07, 2017, 01:14:55 PM

I go through stuff like that all time - it's very frustrating trying to track down issues, when it turns out that it's extensions or third-party software causing the problems (like ad-blockers and price-matchers).