Ultrasurf IPs I have found!
-
I found this IPs when doing some test to block ultrasurf 13.04 and 14.05
I blocked them with a rule doing reject and an alias.
Now no more ultrasurf from my network (for this versions I suppose).65.49.14.0/24
66.221.109.114/32
63.223.124.58/32
63.223.100.138/32
66.34.20.191/32
216.97.72.21/32
216.97.36.31/32
216.97.66.86/32
69.13.130.11/32
64.182.16.67/32
69.13.5.216/32
216.97.50.114/32
216.97.21.89/32
66.34.133.124/32
66.221.190.119/32
69.13.179.113/32
63.249.138.166/32
93.158.102.28/32
69.13.203.106/32
83.140.221.80/32
185.13.40.178/32
185.13.40.178/32
124.11.168.69/32
218.173.169.73/32
66.221.202.93/32
66.221.105.159/32
5.133.201.123/32
198.210.40.91/32
66.221.86.225/32
193.181.17.126/32
118.171.58.5/32
1.169.209.70/32 -
I think Ultrasurf 14.05 is trying to do a search on google!
I'm capturing packets with wireshark to try to understand what is this!
Maybe a way to get new servers? -
If you create some malware which posts a unique string to some website, you can use Google as a known constant & thus communication server as its almost certain Google will spider the website and they now encrypt their main searchs but for some reason dont encrypt Google Scholar but I digress, so get your malware to search for a unique string, visit the google cache to get rest of message which might be posted by another alias on a website's comments or in a thread on some forum.
The ways to communicate in plain site without using encryption algo's are enormous, you just need to think of it.
-
Ultrasurf contacted Google and asked this url:
http://74.125.206.93/gwt/x?u=http://66.221.61.150/news/8VrySXvVPg0QS9Vo/0J_1AaiLjDYLy/3FulZtSTAtNf/1D1-j5O9djWY/Y8y6vO_vyUyfM/_XQoYTfBZa/IP8-XUrNi5/8cUPgaXWe/hNo9SBD1/fnFNkxv-ZLDmH/taEzi0T-QjSZ/9l96mNgMZ/79v2JvVBGgj
So I tried to open it on Google Chrome and view source but can't find anything that says what it is doing.
I suppose Ultrasurf is getting new ip addresses of servers using this way.
So, is google being used by ultrasurf ? Is google aware of this? may this be legal?I suppose its legal because is Google Mobilizer Service. A service to show an entire website as mobile friendly.
Good trick Ultrareach!