09-30-2016, 11:30 AM
(09-30-2016, 12:12 AM)pragmatic Wrote: TL;DR version of your original question: it's very doubtful you're going to be able to make this correlation, at least not without more information.
Thank you for that very informative post, I assumed as much but I still wanted to see if there was someone out there that could give me some more infromation, which you did, unfortunately it was the same conclusion...
(09-30-2016, 12:12 AM)pragmatic Wrote: I did recover the posting-host, but you said that was irrelevant so i'm assuming that won't help you.
Yes, it's just a md5 IP, so that cracks in under a second with hashcat.
(09-30-2016, 12:12 AM)pragmatic Wrote: As for the "individual.net stuff", that's even more opaque. Assuming that encoding is base64, the output is 37 randomish bytes with no obvious meaningful structure. Without more samples I got nothing.
Well, for what it's worth, here are the X-Trace headers from my last individual posts:
individual.net OeIYWJPyf5rdp0IlMHyBPAFnfp+RA412tm285iqgU5R6GiiRk=
individual.net LOkweuyhAZuVtYh9sAtC5AJeEIgSU2RT25gUNxzG0xx1ze9j0=
individual.net do7lyjDwZBsEDkl3V3q0Jg27QQiDB1Q/brYTJlqRdlnKr/Skw=
individual.net KAJewCub4zOMAv+7HVArZw+ysZQhuLv37WsdhQE5gOshhPV88=
individual.net AIIglA/DMVTRxkskLXEyLAG3ukdyoCF4SPzBmP8zSfxajJIpk=
individual.net wBJOpYtROJaMKAjShzcN3ggCHF0w5HTy8TxTjXMcau0woXlZY=
individual.net tK0QZOrtHraHc8fegGuEGANQGNuTmZq+dQpPojyyM3alEel8U=
individual.net r5L2+sLwdfJH+cnD7gCQ7wILmf9fQym1/Arh9hMwmSpBp91As=
individual.net OVsCAsn++wCb53848c8NmQ09ttXdO1Y0jKKg46nQ2kfzX2OgI=
individual.net 4TPo539ILKqS7CsJ8U5xsAweUszdWqVRh58abc8milnuIX2ko=
If the IP is in there, it's the same for all of these.