Email provider Cock.li back in "Green" standing
Cock.li links donated e-mail domain 'hitler.rocks' to two intelligence agencies, permanently removes it from registration
Cock.li's administration team has identified connections between the registration and addition to cock.li of the domain
hitler.rocksand two intelligence agencies who directly benefited from its association to the service. The administration team is declining to name the agencies or individuals....
The story of
hitler.rocksdid not get funnier when we uncovered its origins. After a thorough investigation which has taken place over the last several years, we've concluded it is extremely likely thathitler.rockswas originally offered to cock.li as a poison fruit intended to destabilize the service. And we are certain that the same agencies who were in a position to execute such an operation took every advantage of its association to cock.li, including threatening to associate the domain with unrelated parties in order to convince them to antagonize our service in various acts of cowardice.In addition to threats, these same agencies are connected to actual attacks against the service. One individual associated with
hitler.rocksand later connected to the identified agencies admitted to signing cock.li's abuse mailbox up for thousands of mailing lists, resulting in millions of spam e-mails and a measurable and permanent decrease in our efficiency in processing abuse reports....
As a result of our investigation, we've decided that tainted domains like
hitler.rockswhich we conclude were offered to the service maliciously will never be available for registration again, and may be subject to a future sunset period and service closure. Most of the other domains which disappeared from registration at the same time are either not funny enough to re-add, or are still subject to their own investigation.Any complaints about not naming the intelligence agencies responsible are valid. The investigation and disclosure could have been quicker, too. Sorry.
Read the full announcement on https://cock.li/ (archive)
'hitler.rocks' plant sounds like something BKA or CIA would do, we'll see if more information comes out.
Comments
Guess the next honeypot is already there.
Why?
Can anyone explain please how "donated domain" can be a honeypot? Is the idea to change MX records later or what?
Check our KVM VPS (flags are clickable): π΅π± VPS πΈπͺ VPS π΅π±πΈπͺ VDS | Looking glass: π΅π± πΈπͺ
I believe its how it worked, but its hard to say for certain as Vincent isn't providing more details.
" cock.li blocks new accounts from sending mail until they allow their browser to complete a proof-of-work challenge which takes a few minutes of CPU time. " tafak is that... Are you serious? How this can work?
Okay let's say picklerick.com was used for nefarious purposes, it gets donated to someone, the new person changes the MX, if someone responds to an old email or a compromised system continues to report the new MX records will send it to them.
You can use the previous owner's infrastructure against them at this point.
Free Hosting at YetiNode | MicroNode | Cryptid Security | URL Shortener | LaunchVPS | ExtraVM | Host-C | In the Node, or Out of the Loop?
Its simple PoW, there is also a Python script for it so you don't have to use JS. You generate a hash and it validates it, it takes like a minute on a modern cpu. But it makes spam account creation significantly slower.
Proton does the same during account creation, depending on the conditions. Either backup email verification, captcha or PoW, or all of them.
This is an incredible sentence to read.
historically those two agencies build the H.
No wonder they still support it xD