Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- RIGEL posted this on telegram a while ago.
- They're trying to FOMO people into thinking that they have to buy because with this marketing the price will go up.
- https://i.imgur.com/D0Vu4OU.png
- Let’s analyze those links.
- https://crymarket.org/2021/02/01/rigel-finance-a-modern-day-cryptocurrency-platform-for-individuals-and-businesses/
- http://www.digitaljournal.com/pr/4959201
- http://markets.financialcontent.com/streetinsider/news/read/40925265
- http://markets.financialcontent.com/wral/news/read/40925265
- http://markets.financialcontent.com/startribune/news/read/40925265
- http://markets.financialcontent.com/ibtimes/news/read/40925265
- http://markets.financialcontent.com/wss/news/read/40925265
- http://markets.financialcontent.com/bostonherald/news/read/40925265
- http://business.dailytimesleader.com/dailytimesleader/news/read/40925265
- http://finance.dailyherald.com/dailyherald/news/read/40925265
- The blue part of the url tells the website which layout to show, the red part is the ID of the article.
- - Mixed ("wrong" hostname and layout) still works
- http://business.dailytimesleader.com/dailyherald/news/read/40925265
- http://finance.dailyherald.com/dailytimesleader/news/read/40925265
- http://finance.dailyherald.com/bostonherald/news/read/40925265
- Both "business.dailytimesleader.com" and "finance.dailyherald.com"
- point to "51.81.67.46 ph3a.us-east-1.financialcontent.com", this is probably subdomain hijacking.
- Open CMD/powershell/terminal and type this:
- (Use -c2 on linux and -n2 on windows)
- $ ping -c2 business.dailytimesleader.com
- PING ph3b.us-east-1.financialcontent.com (51.81.67.47) 56(84) bytes of data.
- 64 bytes from ph3b.us-east-1.financialcontent.com (51.81.67.47): icmp_seq=1 ttl=51 time=118 ms
- 64 bytes from ph3b.us-east-1.financialcontent.com (51.81.67.47): icmp_seq=2 ttl=51 time=118 ms
- $ ping -c2 dailytimesleader.com
- PING dailytimesleader.com (50.28.1.53) 56(84) bytes of data.
- 64 bytes from host3.horizonweb01.com (50.28.1.53): icmp_seq=1 ttl=56 time=134 ms
- 64 bytes from host3.horizonweb01.com (50.28.1.53): icmp_seq=2 ttl=56 time=134 ms
- $ ping -c2 finance.dailyherald.com
- PING ph3a.us-east-1.financialcontent.com (51.81.67.46) 56(84) bytes of data.
- 64 bytes from ph3a.us-east-1.financialcontent.com (51.81.67.46): icmp_seq=1 ttl=50 time=116 ms
- 64 bytes from ph3a.us-east-1.financialcontent.com (51.81.67.46): icmp_seq=2 ttl=50 time=116 ms
- $ ping -c2 dailyherald.com
- PING dailyherald.com (107.154.75.234) 56(84) bytes of data.
- 64 bytes from 107.154.75.234.ip.incapdns.net (107.154.75.234): icmp_seq=1 ttl=58 time=111 ms
- 64 bytes from 107.154.75.234.ip.incapdns.net (107.154.75.234): icmp_seq=2 ttl=58 time=112 ms
- As you can see the subdomains point to a different IP Address than the main domains.
- If you go to "dailytimesleader.com" or "dailyherald.com" and search for "RIGEL" you will find nothing.
- Since I’m a genrous guy here’s 16 more articles for RIGEL’s next PR PACKAGE!
- markets.financialcontent.com/borgernewsherald/news/read/40925265
- markets.financialcontent.com/bpas/news/read/40925265
- markets.financialcontent.com/crain.businessinsurance/news/read/40925265
- markets.financialcontent.com/deseretnews/news/read/40925265
- markets.financialcontent.com/dowtheoryletters/news/read/40925265
- markets.financialcontent.com/fatpitch.valueinvestingnews/news/read/40925265
- markets.financialcontent.com/investplace/news/read/40925265
- markets.financialcontent.com/kelownadailycourier/news/read/40925265
- markets.financialcontent.com/observernewsonline/news/read/40925265
- markets.financialcontent.com/pennwell.bioopticsworld/news/read/40925265
- markets.financialcontent.com/pennwell.cabling/news/read/40925265
- markets.financialcontent.com/presstelegram/news/read/40925265
- markets.financialcontent.com/prnews.pressrelease/news/read/40925265
- markets.financialcontent.com/spoke/news/read/40925265
- markets.financialcontent.com/stocks/news/read/40925265
- markets.financialcontent.com/townhall/news/read/40925265
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement