hi,

i googled today a little bit by searching a british sitcom from the 90ies, my search keywords were : league of gentlemen stream

I noticed several sites, which urls are always formed after this pattern:

[nameoftvshow].[dyndnsdomain]

All of this sites point to some fake, spamming and scamming, video hosting site (casubi) with some obscure javascript on it and asking to take some yet more obscure surveys....

Just out of curiosity i pinged and nmapped this urls with OS detection and on every url this was the result:

not shown: 996 filtered ports
PORT    STATE  SERVICE
25/tcp  closed smtp
80/tcp  open   http
135/tcp closed msrpc
139/tcp closed netbios-ssn

Device type: general purpose|WAP|storage-misc|firewall|VoIP phone|specialized
Running (JUST GUESSING) : Linux 2.6.X|2.4.X (94%), Adaptec embedded (91%), Fortinet embedded (91%), Linksys Linux 2.4.X (91%), Netgear embedded (91%), Secure Computing Linux 2.4.X (91%), T-Home embedded (91%), Infoblox NIOS 4.X (90%)
Aggressive OS guesses: Linux 2.6.21 (94%), Linux 2.6.9 - 2.6.19 (94%), Linux 2.6.20 (94%), Linux 2.6.20 (Ubuntu, x86_64) (94%), Linux 2.6.24 (94%), OpenWrt 7.09 (Linux 2.6.22) (94%), Linux 2.6.22 (93%), Linux 2.6.24 - 2.6.25 (93%), OpenWrt 0.9 - 7.09 (Linux 2.4.30 - 2.4.34) (93%), Linux 2.6.20-1 (Fedora Core 5) (92%)
No exact OS matches for host (test conditions non-ideal).

What are these? infested zombie OpenWrt machines or something similar?

asking just out of curiosity,

cheers....