joepie91's Ramblings

home RSS

Why AnonyUpload is suspicious, and why the latest 'research' pastebins are bullshit.

25 Jan 2012

There has been some commotion lately about a new file uploading site that claims to be an Anonymous-focused alternative to the now defunct MegaUpload. This new site, AnonyUpload, has already sparked quite some controversy. Why?

The most commonly heard complaint is that immediately after 'launching' the temporary frontpage, the site was soliciting donations through PayPal. According to the site's creator, these donations were necessary to pay for servers and bandwidth. According to many anons, this was a scam intended to steal as many 'donations' from unsuspecting anons before vanishing completely. This belief was reinforced by the AnonyUpload site being mostly non-functional, and the many spelling and grammatical errors that were found on the frontpage.

Now two things may be the case: either the owner of AnonyUpload didn't think things through and didn't realize that this order of actions may lead people to believe it's a scam, or it is an actual scam. I would personally advise people to be extremely wary in donating to AnonyUpload until an actually functional site is shown.

However, something far more dangerous is happening now: several pastebins are circulating with 'research' on AnonyUpload, of which one is implying there are links to Russian criminal gangs. Let's look at the first pastebin at, which claims 'weird names'. Clearly the person that compiled this pastebin has never heard of shared hosting services. It is very common for public shared hosting services to have many aliases to their nameservers from sites that are using them. These aliases will show up when using certain research tools (such as Robtex), but apart from all the domains using these same nameservers (that are provided by a shared hosting provider), the domains do not have anything in common in terms of who owns or manages them. They are, simply put, unrelated.

Next there is the pastebin at Apart from it being rather hard to read and interpret, this pastebin goes a step further - it actually accuses the owner of AnonyUpload of being involved in Russian crime gangs. Let's look a bit closer at the WHOIS data.

Domain Name.......... 
Creation Date........ 2012-01-23
Registration Date.... 2012-01-23
Expiry Date.......... 2013-01-23
Organisation Name.... Adrian Jesson
Organisation Address. PO Box 61359
Organisation Address.
Organisation Address. Sunnyvale
Organisation Address. 94088
Organisation Address. CA
Organisation Address. US
Admin Name........... Admin PrivateReg Contact 
Admin Address........ PO Box 61359 
Admin Address........ registered post accepted only 
Admin Address........ Sunnyvale 
Admin Address........ 94088 
Admin Address........ CA 
Admin Address........ US 
Admin Email.......... 
Admin Phone.......... +1.5105952002

To anyone with even basic knowledge of how domain registrars do business, it is obvious that this address belongs to a 'private WHOIS' entry, which basically means the WHOIS of the domain name doesn't show the actual owner, but a generic entity that is often managed by the registrar through which the domain was registered - which, in this case, appears to be Yahoo. If we look further in the Pastebin, we see a lot of references to Yahoo - in fact, all servers that are used seem to belong to Yahoo. From this we can conclude that AnonyUpload is - at least for now - using a shared hosting package offered by Yahoo to run their site. On a shared hosting server, the various hosted sites do not have any connection to each other in terms of ownership or management, just like with the nameservers. All the Pastebin actually shows is that, in the past, there have been criminal operations using the same shared hosting provider and domain registrar as AnonyUpload. No direct ties exist. Not anywhere in the pastebin are any direct ties to these organizations shown.

Now why am I making so much fuss about these pastebins? Let's assume for a moment that the owner of AnonyUpload just didn't think things through and put the cart before the horse - let's assume he was trying to run a legitimate site and was trying to legitimately support Anonymous. Media outlets will see these pastebins and write articles about how 'Anonymous has been massively scammed'. Congratulations, you just dragged one of the very few actively participating supporters of Anonymous through the mud. And why? Because you couldn't be bothered to get a second opinion on your pastebin from someone that actually knows what a private WHOIS is.

If you have ever been actively involved with Anonymous, you will have noticed how many are passive supporters and how few are willing to actually actively participate and put in effort to support Anonymous. We can't miss those few that do. While I absolutely agree that you should be wary in donating to AnonyUpload, we don't need more misinformation, especially not if that means dragging one of the few potential active supporters through the mud. We simply can't afford to do that.