ComplementaryCash
Newbie
- Dec 19, 2008
- 2
- 1
I'm not sure if it's common knowledge by now, but I've built a script to check sites for inactive Administrative Contact emails (whois) and register those domains so that one may take possession of the original domain (by requesting "forgotten password" from the registrar, which send to the new email on the domain you just registered). This vulnerability allows one to take full control of the site owner's registrar account.
Anyway, it's been running for a while now and so far it's gone through about 50,000 sites--of these, I'd say there are probably close to 40 that are vulnerable, ranging from PR3 - PR6.
I still have several hundred thousand sites left to check, but assuming the same ratio holds true, I will probably have several hundred highly valuable, vulnerable domains in a list.
Unfortunately I don't have any blackhat projects I can use this for at the moment, but I wanted to feel out the response on the board and see if this is something people might be interested in.
If you are interested, I'd love to get a ballpark estimate of what you think content like this is worth--if it's worth it, I'll keep scraping the rest and sell the list when it's done!
[edit] More estimates are in, and it's looking like the total count will amount to 800 sites give or take a few. Of this, an average of 75% will be PR 3 or higher, many 4s and 5s as well though I don't have exact projections as there aren't enough to be statistically significant. I am thinking thinking holding an auction and selling a single copy of the master list (through escrow of course) based on gauged interest, so let me know if you would have use for this list.
DISCLAIMER: The information I am selling is solely for educational and instructive purposes, and the buyer warrants that (s)he does not intend to use this material for any action which is a direct violation of local, state, or federal law. I am selling this publicly-collected information with this understanding, and as such cannot be held liable for either the actions or inactions of the purchasing party, or the consequences that result thereof.
Anyway, it's been running for a while now and so far it's gone through about 50,000 sites--of these, I'd say there are probably close to 40 that are vulnerable, ranging from PR3 - PR6.
I still have several hundred thousand sites left to check, but assuming the same ratio holds true, I will probably have several hundred highly valuable, vulnerable domains in a list.
Unfortunately I don't have any blackhat projects I can use this for at the moment, but I wanted to feel out the response on the board and see if this is something people might be interested in.
If you are interested, I'd love to get a ballpark estimate of what you think content like this is worth--if it's worth it, I'll keep scraping the rest and sell the list when it's done!
[edit] More estimates are in, and it's looking like the total count will amount to 800 sites give or take a few. Of this, an average of 75% will be PR 3 or higher, many 4s and 5s as well though I don't have exact projections as there aren't enough to be statistically significant. I am thinking thinking holding an auction and selling a single copy of the master list (through escrow of course) based on gauged interest, so let me know if you would have use for this list.
DISCLAIMER: The information I am selling is solely for educational and instructive purposes, and the buyer warrants that (s)he does not intend to use this material for any action which is a direct violation of local, state, or federal law. I am selling this publicly-collected information with this understanding, and as such cannot be held liable for either the actions or inactions of the purchasing party, or the consequences that result thereof.
Last edited: