“webinar”/ “VOLUUM”/
Welcome to Our Community
Wanting to join the rest of our members? Feel free to sign up today.

Facebook proxy alert

Discussion in 'Research and Intelligence' started by Graybeard, Dec 15, 2018.

Tags:
  1. Graybeard

    Graybeard Well-Known Member affiliate

    4,354
    2,151
    113
    I caught a Facebook proxy bot and can see its attributes and characteristics:

    I set my server to accept HTTP/2.0 http2 only the newest browsers (i.e.; real people can process http2) <<<strike 1
    I am logging .jpg and .js to see how people and bots react

    This morning I wake to see the not so smart Facebook bot has entered the honeypot -- a fly enters the trap ...

    >>>



    1 173.252.87.14 - - [15/Dec/2018:08:39:49 +0000] "GET /img/dog-affiliate_700.jpg HTTP/1.1" 200 166691 "https: //mydomain.com/?fbclid=IwAR1AOR
    WS34r_ec5NLXUD1IJegW15gqxdgFbn0cPAV0QLAvBJJa4zNu7J4k4" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.22
    14.85 Safari/537.36"
    2 173.252.87.15 - - [15/Dec/2018:08:39:49 +0000] "GET /js/wyd.js HTTP/1.1" 200 24 "https: //mydomain.com/?fbclid=IwAR1AORWS34r_ec5NLXUD1IJegW
    15gqxdgFbn0cPAV0QLAvBJJa4zNu7J4k4" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.85 Safari/537.36"
    3 173.252.87.15 - - [15/Dec/2018:08:39:49 +0000] "GET /?fbclid=IwAR1AORWS34r_ec5NLXUD1IJegW15gqxdgFbn0cPAV0QLAvBJJa4zNu7J4k4 HTTP/1.1" 200 511 "
    https: //https: //www. facebook. com/" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.85 Safari/537.36"

    <<<
    • did not request the site robots.txt -- trespassing bot
    • outdated user-agent (browser) probably forged
    • used HTTP/1.1 and requested images and a trap JavaScript <<< hard to detect PhantomJS bot (maybe)

    My 'secret agents' report;
    [email protected]:~$ ./ipintel.sh
    Pls enter your ip:
    173.252.87.15
    0=a[1] is real bad!

    [email protected]:~$ ./ipinfo.sh
    Pls enter your ip:
    173.252.87.15
    {
    "ip": "173.252.87.15",
    "city": "",
    "region": "",
    "country": "US",
    "loc": "37.7510,-97.8220",
    "org": "AS32934 Facebook, Inc."
    }

    tracking 1,2,3

    So, when you say you so smartly *cloak* your links :D:D:D

    OMG they killed Kenny! You bastards! OMG Kenny killed death! You bastard!
     
    Last edited: Dec 15, 2018
  2. Voluum
  3. Graybeard

    Graybeard Well-Known Member affiliate

    4,354
    2,151
    113
  4. Certified
    T J Tutor

    T J Tutor Administrator Administrator Certified Vendor Dojo Master

    10,713
    4,968
    113
    I love you brother! Always showing the truth about things!

    Although, sometimes a little entertaining fairy tale wouldn't hurt!
     
MI