Ultrasurf IPs I have found!



  • I found this IPs when doing some test to block ultrasurf 13.04 and 14.05
    I blocked them with a rule doing reject and an alias.
    Now no more ultrasurf from my network (for this versions I suppose).

    65.49.14.0/24
    66.221.109.114/32
    63.223.124.58/32
    63.223.100.138/32
    66.34.20.191/32
    216.97.72.21/32
    216.97.36.31/32
    216.97.66.86/32
    69.13.130.11/32
    64.182.16.67/32
    69.13.5.216/32
    216.97.50.114/32
    216.97.21.89/32
    66.34.133.124/32
    66.221.190.119/32
    69.13.179.113/32
    63.249.138.166/32
    93.158.102.28/32
    69.13.203.106/32
    83.140.221.80/32
    185.13.40.178/32
    185.13.40.178/32
    124.11.168.69/32
    218.173.169.73/32
    66.221.202.93/32
    66.221.105.159/32
    5.133.201.123/32
    198.210.40.91/32
    66.221.86.225/32
    193.181.17.126/32
    118.171.58.5/32
    1.169.209.70/32



  • I think Ultrasurf 14.05 is trying to do a search on google!
    I'm capturing packets with wireshark to try to understand what is this!
    Maybe a way to get new servers?



  • If you create some malware which posts a unique string to some website, you can use Google as a known constant & thus communication server as its almost certain Google will spider the website and they now encrypt their main searchs but for some reason dont encrypt Google Scholar but I digress, so get your malware to search for a unique string, visit the google cache to get rest of message which might be posted by another alias on a website's comments or in a thread on some forum.

    The ways to communicate in plain site without using encryption algo's are enormous, you just need to think of it.



  • Ultrasurf contacted Google and asked this url:

    http://74.125.206.93/gwt/x?u=http://66.221.61.150/news/8VrySXvVPg0QS9Vo/0J_1AaiLjDYLy/3FulZtSTAtNf/1D1-j5O9djWY/Y8y6vO_vyUyfM/_XQoYTfBZa/IP8-XUrNi5/8cUPgaXWe/hNo9SBD1/fnFNkxv-ZLDmH/taEzi0T-QjSZ/9l96mNgMZ/79v2JvVBGgj

    So I tried to open it on Google Chrome and view source but can't find anything that says what it is doing.
    I suppose Ultrasurf is getting new ip addresses of servers using this way.
    So, is google being used by ultrasurf ? Is google aware of this? may this be legal?

    I suppose its legal because is Google Mobilizer Service. A service to show an entire website as mobile friendly.
    Good trick Ultrareach!