Hi folks, got a technical question to the following scenario:

The site http://www.bro[redacted]net.net/ (bronet) seems to have been taken down on first glance, because when I enter it in my browser I'm redirected to libertyreserve.com which is a site that's been taken down by FBI some time ago and has a banner stating the site has been taken down.

Now when I use a proxy to connect to bronet I can use the site, though every link I clicked is apparently not run through the proxy again because it also redirects to libertyreserve.com. But if I input the page link into the proxy directly it works. It functions normally otherwise. However there's a large message in the header stating the following:


I've also confirmed that some people in Germany can connect just fine. Those use a different provider, so that is likely the most important lead.

Now I'm wondering what exactly might be happening. Apparently they got new servers, and possibly a new domain provider, reachable under a new IP adress. Now all that needs to be done is update the DNS, right?

When the DNS hasn't been updated yet, why does it link to a totally different page?
When the DNS has already been updated why does it work only partially?

The answer is probably linked to how the DNS-system works. What if only my forwarder, the DNS of my provider, has still the old IP/name resolution cached, and not updated the DNS? How long does a full DNS update through all levels of DNS take? I'd guess minutes at most because I never had that kind of problem before. But this site is unreachable for hours now. And that still doesn't explain the redirect to libertyreserve.com, which is a different top level domain.
I'd also be surprised if that were a deliberate redirect on my providers part (forged DNS) because as far as I'm aware they'd only (be forced to) do such things if that site was dealing in felony, and not some forum discussing warez. And even then, not to some shady US site, but probably just send an error unreachable.

so... any ideas?

Other info that might or might not be relevant:
A traceroute to bronet shows at the end a few hops through an anti-DDos system run by a company named ovh.

- cutting power to the router for a minute and thus getting a new IP
- ipconfig /flushdns
- and deleting browsercache
all have had no effect

Option 1: Manually configure DNS to a server that has the updated address (may need to clear your own DNS cache after doing so)
Option 2: Wait I recall a site of mine going down due to DDoS, the IP was changed quickly but it was inaccessible for at least a week while it propagated

Edit: I vaguely remember there was a way to manually map an IP to a DNS server for your network/computer with some non-trival method

Post has been edited 1 time(s), last time on Feb 5 2015, 9:05 pm by jjf28.

I can map IPs to domain names in the hosts file in %systemroot%\system32\drivers\etc

But I don't have the new IP address. How can I tell the IP of a site im connected to via proxy, when I can't trust DNS?

1) Is a good idea though. I'll try google.
EDIT: Didn't help. When I directly enter the IP that google DNS returns it shows a default page of the webhoster - probably the one where it used to be.

Any other ideas?

Post has been edited 1 time(s), last time on Feb 5 2015, 9:22 pm by NudeRaider.

Use dns 8.8.8.8 and 8.8.4.4 or openDNS.

You can also use isup.me and an online ping tool to help identify the correct IP.

Wouldn't that give false positives due to the redirect and empty hoster pages?

Interesting. This returns a different IP for bronet, but this IP also leads me to an empty hoster page of the same provider.