Close

February 10, 2016 • RBS

Categories: Security News

Just a few days after the DHS and FBI leaks, the site that was used to leak the data, called Cryptobin, is now down.

cryptobin1

RBS researchers discovered today that cryptobin.org was offline and not accessiable via the main domain name, but was still accessible via its dedicated IP (151.236.7.117) address and unsigned SSL.(https://151.236.7.117)

cryptobin2

As we previously reported, this outage comes just days after the @DotGovs Twitter account leaked tens of thousands of government employee details online using the cryptobin.org website. When looking into DNS records, it appears the last update was on 2016-02-09T16:46:59Z and it expires on 2016-04-30. The domain is now currently showing statuses of  “serverHold“, “servedeleteprohibted“, “serverRenewProhibited“, “serverTransferProhibited“, and “serverUpdateProhibited“.  It is very unusual to have all of these statuses indicated on a domain at any one time.

Domain Status: serverDeleteProhibited https://www.icann.org/epp#serverDeleteProhibited“This status code prevents your domain from being deleted. It is an uncommon status that is usually enacted during legal disputes, at your request, or when a redemptionPeriod status is in place.” 

Domain Status: serverHold https://www.icann.org/epp#serverHold“This status code is set by your domain’s Registry Operator.  Your domain is not activated in the DNS.”

Domain Status: serverRenewProhibited https://www.icann.org/epp#serverRenewProhibited“This status code indicates your domain’s Registry Operator will not allow your registrar to renew your domain. It is an uncommon status that is usually enacted during legal disputes or when your domain is subject to deletion.” Domain Status: serverTransferProhibited https://www.icann.org/epp#serverTransferProhibited“This status code prevents your domain from being transferred from your current registrar to another. It is an uncommon status that is usually enacted during legal or other disputes, at your request, or when a redemptionPeriod status is in place.” 

Domain Status: serverUpdateProhibited https://www.icann.org/epp#serverUpdateProhibitedThis status code locks your domain preventing it from being updated. It is an uncommon status that is usually enacted during legal disputes, at your request, or when a redemptionPeriod status is in place.

We have been unsuccessful in finding a working contact at cryptobin.org at this point due to DNS being down.  All emails to [email protected] as you can imagine are not functioning.  We were able to locate a cryptobin developer, but they have not been active answering questions about the site for many years. While it is still unclear the real reason for the outage, based on the timing it does seem that the owners of the crytobin.org website might be asking the same question as a @DotGovs recent tweet.

dotgovs6
Our products
The Platform
Risk Based Intelligence
Learn more
VulnDB
Vulnerability Intelligence
Learn more
Cyber Risk Analytics
Threat Intelligence
Learn more
YourCISO
Risk Management
Learn more