PRC Scraping Cryptome

Via: Cryptome

This is not about another mythical, horrid Chinese cyber WMD aggression.
See: http://www.cryptome.org/cuw.htm

Since October 2012 Cryptome has been scraped daily by the IP address 211.94.xxx.xxx, which geolocates to coordinates 39.9075, 116.39723 in central Beijing, China, near the Forbidden City and across the street from the Ministry of Public Security which is geolocated at coordinates 39.903904, 116.399143. As Mandiant alleges the geolocations are close enough to implicate the PRC spooks, or some hacker genius or non-PRC spy pretending to be PRC spooks via IP spoofing.

Log file samples: 211.94.163.68 – – [21/Feb/2013:00:00:07 -0500] “GET /0006/nrc123011.htm HTTP/1.0” 200 186076 “http://cryptome.org/nppw-series.htm” “Wget/1.12 (linux-gnu)”
211.94.162.151 – – [18/Sep/2012:00:00:00 -0400] “HEAD /2012-info/free-syria/pict116.jpg HTTP/1.0” 200 – “http://cryptome.org/2012-info/free-syria/free-syria-05.htm” “Wget/1.12 (linux-gnu)”

The scraper runs overnight during the US Eastern Time Zone for about six to eight hours, cycling through the
entire files on the site, averaging 18 hits per second, checking for new files and downloading them as well as repeated downloads of hundreds of random files with no discernible pattern.

Read more: here

Advertisements

Leave a Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s