Update blockedrepositories.json #1340
Closed
+2
−1
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hello,
I have found an user running hidden socks5 proxy server along with a HTML5 game App.
Dockerhub: https://hub.docker.com/r/holdroot/h5-game
Its been discovered that its been deployed on 600+ nodes on Flux Network.
Previously same user had found running a bandwidth Sharing app (TraffMonetizer) #1090
below screenshot shows startup script tries to remove storage.json ( the same file found on TraffMonetizer, also it tries to figure out the IP type) why does this even included in a game?
![Screenshot1](https://private-user-images.githubusercontent.com/121117160/340551709-39082752-70af-4c80-aec7-049aaeab2c1c.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTk5OTA1NTYsIm5iZiI6MTcxOTk5MDI1NiwicGF0aCI6Ii8xMjExMTcxNjAvMzQwNTUxNzA5LTM5MDgyNzUyLTcwYWYtNGM4MC1hZWM3LTA0OWFhZWFiMmMxYy5wbmc_WC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BS0lBVkNPRFlMU0E1M1BRSzRaQSUyRjIwMjQwNzAzJTJGdXMtZWFzdC0xJTJGczMlMkZhd3M0X3JlcXVlc3QmWC1BbXotRGF0ZT0yMDI0MDcwM1QwNzA0MTZaJlgtQW16LUV4cGlyZXM9MzAwJlgtQW16LVNpZ25hdHVyZT03NDlkODQzOWZjZGRiM2ZhZjg0OTE4MjBjMmQxZDA1YjMwMDMyMmNmNjdiMTkwYzU1YmIwY2M1ODYxMjU0NTQ0JlgtQW16LVNpZ25lZEhlYWRlcnM9aG9zdCZhY3Rvcl9pZD0wJmtleV9pZD0wJnJlcG9faWQ9MCJ9.TphHUXNpvsJMyDTyTXm16gXc4s6buHhxva4086Xxi9k)
Container logs:
![Screenshot2](https://private-user-images.githubusercontent.com/121117160/340551718-ea0a6894-900e-4eeb-babe-849de69e1d79.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTk5OTA1NTYsIm5iZiI6MTcxOTk5MDI1NiwicGF0aCI6Ii8xMjExMTcxNjAvMzQwNTUxNzE4LWVhMGE2ODk0LTkwMGUtNGVlYi1iYWJlLTg0OWRlNjllMWQ3OS5wbmc_WC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BS0lBVkNPRFlMU0E1M1BRSzRaQSUyRjIwMjQwNzAzJTJGdXMtZWFzdC0xJTJGczMlMkZhd3M0X3JlcXVlc3QmWC1BbXotRGF0ZT0yMDI0MDcwM1QwNzA0MTZaJlgtQW16LUV4cGlyZXM9MzAwJlgtQW16LVNpZ25hdHVyZT0wMGRkZDc5OTEyMjJmMjEyYThjMmVjZDA4OTJmMTdlYjhkYzY4YWU0NjE5OWNmN2EyZjFhMDdmODY5MTM1MGU5JlgtQW16LVNpZ25lZEhlYWRlcnM9aG9zdCZhY3Rvcl9pZD0wJmtleV9pZD0wJnJlcG9faWQ9MCJ9.Lammfz0tHN7mSqmNjUW503ggQPj1U1616lvQPVANOrQ)
I checked some of the Flux node IP which runs these DAPP on spur.us, they classified that IP is found on DataImpulse Proxy Pool, ( Owned by Softoria LLC) also owns TraffMonetizer
![Screenshot3](https://private-user-images.githubusercontent.com/121117160/340551720-b317594c-ec21-4963-9dba-d5584583647d.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTk5OTA1NTYsIm5iZiI6MTcxOTk5MDI1NiwicGF0aCI6Ii8xMjExMTcxNjAvMzQwNTUxNzIwLWIzMTc1OTRjLWVjMjEtNDk2My05ZGJhLWQ1NTg0NTgzNjQ3ZC5wbmc_WC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BS0lBVkNPRFlMU0E1M1BRSzRaQSUyRjIwMjQwNzAzJTJGdXMtZWFzdC0xJTJGczMlMkZhd3M0X3JlcXVlc3QmWC1BbXotRGF0ZT0yMDI0MDcwM1QwNzA0MTZaJlgtQW16LUV4cGlyZXM9MzAwJlgtQW16LVNpZ25hdHVyZT04YzdjYjk3N2UyNWZhZTJiNTFhYjkyZTMwN2UwZTI1OTEyYTZiZWY3OTQxZTEwMzU2ZDlkNTA0ZTc4YTNkY2JjJlgtQW16LVNpZ25lZEhlYWRlcnM9aG9zdCZhY3Rvcl9pZD0wJmtleV9pZD0wJnJlcG9faWQ9MCJ9.UUx0xxBGS4muDW0TyFAcqUySbVkqfiB-T8QSR47HXSs)