[tor-bugs] #20348 [Metrics/Censorship analysis]: Kazakhstan blocking of vanilla Tor and obfs4 by Allot Communications hardware, 2016-06

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Jun 14 21:52:05 UTC 2017 

#20348: Kazakhstan blocking of vanilla Tor and obfs4 by Allot Communications
hardware, 2016-06
-----------------------------------------+-------------------------
 Reporter:  dcf                          |          Owner:
     Type:  project                      |         Status:  closed
 Priority:  Medium                       |      Milestone:
Component:  Metrics/Censorship analysis  |        Version:
 Severity:  Normal                       |     Resolution:  invalid
 Keywords:  censorship block kz          |  Actual Points:
Parent ID:                               |         Points:
 Reviewer:                               |        Sponsor:
-----------------------------------------+-------------------------

Comment (by dcf):

 Replying to [comment:145 dcf]:
 > Blocked sites are redirected to !http://92.63.88.128/?NTDzLZ

 Doing a web search for "NTDzLZ" found a few threads with other people
 noticing the blocks. The latest is dated December 25, 2016, which is
 slightly later than the latest injection I saw myself, which was December
 21, 2016 (comment:173).

  * 2016-11-22 http://www.cyberforum.ru/viruses/thread1857039.html
 ([https://web.archive.org/web/20170614212433/http://www.cyberforum.ru/viruses/thread1857039.html
 archive])
      Translated: "Hello, I'm here for the first time. In general, here's
 the problem: I can not go to some sites (xvideos.com, redtube.com) (the
 problem is certainly not in them) but still want to fix them. When I come,
 I throw it at !http://92.63.88.128/?NTDzLZ and there it is empty"
  * 2016-11-25 http://ping-
 admin.ru/free_test/result/148005106722x8h272z9w4y2r3517e7.html
 ([https://web.archive.org/web/20170614213022/http://ping-
 admin.ru/free_test/result/148005106722x8h272z9w4y2r3517e7.html archive])
      Connectivity test. The line for unihost.kz in Alatau refers to the
 URL.
      "rus.porn/videos/14854/
      Казахстан, Алатау При поддержке Unihost.kz. Кол-во редиректов: 1
 !http://92.63.88.128/?NTDzLZ"
  * 2016-12-16 http://www.cyberforum.ru/viruses/thread1880138.html
 ([https://web.archive.org/web/20170614212224/http://www.cyberforum.ru/viruses/thread1880138.html
 archive])
      Translated: "I'm trying to go to the site newgrounds.com, it does not
 enter and I throw it on the link !http://92.63.88.128/?NTDzLZ , but before
 it stopped . Kaspersky swears, writes a virus site, there are no viruses
 on the computer, it was checked by another web, Kaspersky"
  * 2016-12-16 https://prezi.com/vwyiuh9dgbv4/pokemon-bloody-platinum-
 download-free/
 ([https://web.archive.org/web/20170614212749/https://prezi.com/vwyiuh9dgbv4
 /pokemon-bloody-platinum-download-free/ archive])
      Looks like a spam presentation with HTML in the description that
 refers to Kaspersky antivirus. Puts a `=` at the end of the URL, unlike
 other sources.
      "<b>Веб-адрес:</b><br><br><div
 title="!http://92.63.88.128/?NTDzLZ=">!http://92.63.88.128/?NTDzLZ=<br><br>
 </div><b>Заблокирован Веб-Антивирусом</b><br><br> Причина: опасный веб-
 адрес <br><br><a href="!http://touch.kaspersky.com/kfa_cup_f8f731b4-629f-
 4b7c-923c-495d87bf7e09/1481884315">Нажмите здесь, если считаете, что веб-
 страница заблокирована ошибочно.</a><br>"
  * 2016-12-22 https://vk.com/wall297604842_11
 ([https://web.archive.org/web/20170614212555/https://vk.com/wall297604842_11
 archive])
      A wall post that says only "!http://92.63.88.128/?NTDzLZ"
  * 2016-12-25 http://ping-
 admin.com/free_test/result/14817131651081dy5bl67oc53bs4b1081.html
 ([https://web.archive.org/web/20170614213317/http://ping-
 admin.com/free_test/result/14817131651081dy5bl67oc53bs4b1081.html
 archive])
      Connectivity test. The lines for unihost.kz in Alatau, Internet-
 Kompanii PS in Almaty, and hoster.kz in Karaganda refer to the URL.
      "kissk.ru
      Казахстан, Алатау При поддержке Unihost.kz. Кол-во редиректов: 1
 !http://92.63.88.128/?NTDzLZ
      Казахстан, Алматы При поддержке интернет-компании PS. Кол-во
 редиректов: 1 !http://92.63.88.128/?NTDzLZ
      Казахстан, Караганда При поддержке Hoster.KZ. Кол-во редиректов: 1
 !http://92.63.88.128/?NTDzLZ"

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20348#comment:196>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list