Tracking Proxy Scans with IPv4.Games

Published: 2024-08-01. Last Updated: 2024-08-01 17:00:53 UTC
by Johannes Ullrich (Version: 1)
1 comment(s)

Today, I saw a proxy scan that was a little bit different:

http://ipv4.games/claim?name=gang
http://ipv4.games/claim?name=napucan

I wasn't familiar with ipv4.games, so of course, I had to check out the site. I liked it for a couple of reasons. First, the design is just how I think ISC should look. Second, the site's purpose is somewhat like what "hacking" was like when I first got into security. The site will track how many different IP addresses you can connect from. 

screen shot from ipv4.games

There are various "leaderboards" based on the number of IP addresses or networks that a particular player was able to connect from. There appears to be no authentication or other fancy newfangled stuff. Instead, you add your username to the URL, and well, if someone else copies your username, they will just help you increase your "rank". There are also some options to associate an email address or a URL with your username.

We are seeing this URL in proxy scans because, of course, no game is fun without a bit of cheating. Or maybe it isn't even cheating but part of the game to find proxies, and have the proxies IP associated with your account. Personally, I do not consider this kind of proxy scan all that malicious. On the other hand, the IPv4.Games site may give attackers hints as to where to look for proxies, assuming many of the "claimed" IPs are proxy servers.

ipv6.games appears to be registered but not active at this time.

---

Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|

Keywords: ipv4games
1 comment(s)
ISC Stormcast For Thursday, August 1st, 2024 https://isc.sans.edu/podcastdetail/9078

Comments


Diary Archives