{"id":6193,"date":"2017-08-29T09:14:19","date_gmt":"2017-08-29T14:14:19","guid":{"rendered":"https:\/\/rud.is\/b\/?p=6193"},"modified":"2018-03-10T07:53:51","modified_gmt":"2018-03-10T12:53:51","slug":"rpad-domain-repurposed-to-deliver-creepy-and-potentially-malicious-content","status":"publish","type":"post","link":"https:\/\/rud.is\/b\/2017\/08\/29\/rpad-domain-repurposed-to-deliver-creepy-and-potentially-malicious-content\/","title":{"rendered":"Rpad Domain Repurposed To Deliver Creepy (and potentially malicious) Content"},"content":{"rendered":"<p>I was about to embark on setting up a background task to sift through R package PDFs for traces of functions that &#8220;omit NA values&#8221; as a surprise present for Colin Fay and Sir Tierney:<\/p>\n<blockquote class=\"twitter-tweet\" data-lang=\"en\">\n<p lang=\"en\" dir=\"ltr\">[Please RT]<a href=\"https:\/\/mobile.twitter.com\/hashtag\/RStats?src=hash\">#RStats<\/a> folks, <a href=\"https:\/\/mobile.twitter.com\/nj_tierney\">@nj_tierney<\/a> &amp; I need your help for {naniar}!<br \/>When does R silently drop\/omit NA? <a href=\"https:\/\/t.co\/V5elyGcG8Z\">https:\/\/t.co\/V5elyGcG8Z<\/a> <a href=\"https:\/\/t.co\/VScLXFCl2n\">pic.twitter.com\/VScLXFCl2n<\/a><\/p>\n<p>&mdash; Colin Fay (@_ColinFay) <a href=\"https:\/\/mobile.twitter.com\/_ColinFay\/status\/902481655260119041\">August 29, 2017<\/a><\/p><\/blockquote>\n<p><script async src=\"\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>When I got distracted by a PDF in the CRAN <code>doc\/contrib<\/code> directory: <a href=\"https:\/\/cran.r-project.org\/doc\/contrib\/Short-refcard.pdf\">Short-refcard.pdf<\/a>. I&#8217;m not a big reference card user but students really like them and after seeing what it was I remembered having seen the document ages ago, but never associated it with CRAN before.<\/p>\n<p>I saw:<\/p>\n<blockquote><p>\n  by Tom Short, EPRI PEAC, tshort@epri-peac.com 2004-11-07 Granted to the public domain. See www. Rpad. org for the source and latest version. Includes material from R for Beginners by Emmanuel Paradis (with permission).\n<\/p><\/blockquote>\n<p>at the top of the card. The link (which I&#8217;ve made unclickable for reasons you&#8217;ll see in a sec &#8212; <strong>don&#8217;t visit that URL<\/strong>) was clickable and I tapped it as I wanted to see if it had changed since 2004.<\/p>\n<p><a href=\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2017\/08\/cur_prev.png?ssl=1\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" width=\"510\" height=\"1715\" data-attachment-id=\"6194\" data-permalink=\"https:\/\/rud.is\/b\/2017\/08\/29\/rpad-domain-repurposed-to-deliver-creepy-and-potentially-malicious-content\/cur_prev\/\" data-orig-file=\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2017\/08\/cur_prev.png?fit=1024%2C3444&amp;ssl=1\" data-orig-size=\"1024,3444\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"cur_prev\" data-image-description=\"\" data-image-caption=\"\" data-large-file=\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2017\/08\/cur_prev.png?fit=304%2C1024&amp;ssl=1\" src=\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2017\/08\/cur_prev.png?resize=510%2C1715&#038;ssl=1\" alt=\"\" class=\"aligncenter wp-image-6194\" style=\"width:25%; max-width:100%\" \/><\/a><\/p>\n<p>You can open that image in a new tab to see the full, rendered site and take a moment to see if you can find the section that links to objectionable &#8212; and, potentially malicious &#8212; content. It&#8217;s easy to spot.<\/p>\n<p>I made a likely correct assumption that Tom Short had nothing to do with this and wanted to dig into it a bit further to see when this may have happened. So, don your bestest deerstalker and follow along as we see when this may have happened.<\/p>\n<h2>Digging In Domain Land<\/h2>\n<p>We&#8217;ll need some helpers to poke around this data in a safe manner:<\/p>\n<pre id=\"rpad01\"><code class=\"language-r\">library(wayback) # devtools::install_github(&quot;hrbrmstr\/wayback&quot;)\r\nlibrary(ggTimeSeries) # devtools::install_github(&quot;AtherEnergy\/ggTimeSeries&quot;)\r\nlibrary(splashr) # devtools::install_github(&quot;hrbrmstr\/splashr&quot;)\r\nlibrary(passivetotal) # devtools::install_github(&quot;hrbrmstr\/passivetotal&quot;)\r\nlibrary(cymruservices)\r\nlibrary(magick)\r\nlibrary(tidyverse)<\/code><\/pre>\n<p>(You&#8217;ll need to get a RiskIQ PassiveTotal key to use those functions. Also, please donate to Archive.org if you use the <code>wayback<\/code> package.)<\/p>\n<p>Now, let&#8217;s see if the main Rpad content URL is in the wayback machine:<\/p>\n<pre id=\"rpad02\"><code class=\"language-r\">glimpse(archive_available(&quot;http:\/\/www.rpad.org\/Rpad\/&quot;))\r\n## Observations: 1\r\n## Variables: 5\r\n## $ url        &lt;chr&gt; &quot;http:\/\/www.rpad.org\/Rpad\/&quot;\r\n## $ available  &lt;lgl&gt; TRUE\r\n## $ closet_url &lt;chr&gt; &quot;http:\/\/web.archive.org\/web\/20170813053454\/http:\/\/ww...\r\n## $ timestamp  &lt;dttm&gt; 2017-08-13\r\n## $ status     &lt;chr&gt; &quot;200&quot;<\/code><\/pre>\n<p>It is! Let&#8217;s see how many versions of it are in the archive:<\/p>\n<pre id=\"rpad03\"><code class=\"language-r\">x &lt;- cdx_basic_query(&quot;http:\/\/www.rpad.org\/Rpad\/&quot;)\r\n\r\nts_range &lt;- range(x$timestamp)\r\n\r\ncount(x, timestamp) %&gt;%\r\n  ggplot(aes(timestamp, n)) +\r\n  geom_segment(aes(xend=timestamp, yend=0)) +\r\n  labs(x=NULL, y=&quot;# changes in year&quot;, title=&quot;rpad.org Wayback Change Timeline&quot;) +\r\n  theme_ipsum_rc(grid=&quot;Y&quot;)<\/code><\/pre>\n<p><a href=\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2017\/08\/packages_wayback_-_master_-_RStudio.png?ssl=1\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" data-attachment-id=\"6197\" data-permalink=\"https:\/\/rud.is\/b\/2017\/08\/29\/rpad-domain-repurposed-to-deliver-creepy-and-potentially-malicious-content\/__packages_wayback_-_master_-_rstudio\/\" data-orig-file=\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2017\/08\/packages_wayback_-_master_-_RStudio.png?fit=1406%2C456&amp;ssl=1\" data-orig-size=\"1406,456\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"__packages_wayback_-_master_-_RStudio\" data-image-description=\"\" data-image-caption=\"\" data-large-file=\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2017\/08\/packages_wayback_-_master_-_RStudio.png?fit=510%2C165&amp;ssl=1\" src=\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2017\/08\/packages_wayback_-_master_-_RStudio.png?resize=510%2C165&#038;ssl=1\" alt=\"\" width=\"510\" height=\"165\" class=\"aligncenter size-full wp-image-6197\" \/><\/a><\/p>\n<pre id=\"rpad04\"><code class=\"language-r\">count(x, timestamp) %&gt;%\r\n  mutate(Year = lubridate::year(timestamp)) %&gt;%\r\n  complete(timestamp=seq(ts_range[1], ts_range[2], &quot;1 day&quot;))  %&gt;%\r\n  filter(!is.na(timestamp), !is.na(Year)) %&gt;%\r\n  ggplot(aes(date = timestamp, fill = n)) +\r\n  stat_calendar_heatmap() +\r\n  viridis::scale_fill_viridis(na.value=&quot;white&quot;, option = &quot;magma&quot;) +\r\n  facet_wrap(~Year, ncol=1) +\r\n  labs(x=NULL, y=NULL, title=&quot;rpad.org Wayback Change Timeline&quot;) +\r\n  theme_ipsum_rc(grid=&quot;&quot;) +\r\n  theme(axis.text=element_blank()) +\r\n  theme(panel.spacing = grid::unit(0.5, &quot;lines&quot;))<\/code><\/pre>\n<p><a href=\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2017\/08\/Plot_Zoom.png?ssl=1\"><img data-recalc-dims=\"1\" decoding=\"async\" data-attachment-id=\"6198\" data-permalink=\"https:\/\/rud.is\/b\/2017\/08\/29\/rpad-domain-repurposed-to-deliver-creepy-and-potentially-malicious-content\/plot_zoom-10\/\" data-orig-file=\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2017\/08\/Plot_Zoom.png?fit=1204%2C1664&amp;ssl=1\" data-orig-size=\"1204,1664\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"Plot_Zoom\" data-image-description=\"\" data-image-caption=\"\" data-large-file=\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2017\/08\/Plot_Zoom.png?fit=510%2C705&amp;ssl=1\" src=\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2017\/08\/Plot_Zoom.png?w=510&#038;ssl=1\" alt=\"\"  class=\"aligncenter size-full wp-image-6198\" \/><\/a><\/p>\n<p>There&#8217;s a big span between 2008\/9 and 2016\/17. Let&#8217;s poke around there a bit. First 2016:<\/p>\n<pre id=\"rpad05\"><code class=\"language-r\">tm &lt;- get_timemap(&quot;http:\/\/www.rpad.org\/Rpad\/&quot;)\r\n\r\n(rurl &lt;- filter(tm, lubridate::year(anytime::anydate(datetime)) == 2016))\r\n## # A tibble: 1 x 5\r\n##       rel                                                                   link  type\r\n##     &lt;chr&gt;                                                                  &lt;chr&gt; &lt;chr&gt;\r\n## 1 memento http:\/\/web.archive.org\/web\/20160629104907\/http:\/\/www.rpad.org:80\/Rpad\/  &lt;NA&gt;\r\n## # ... with 2 more variables: from &lt;chr&gt;, datetime &lt;chr&gt;\r\n\r\n(p2016 &lt;- render_png(url = rurl$link))<\/code><\/pre>\n<p><a href=\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2017\/08\/p1.png?ssl=1\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" data-attachment-id=\"6200\" data-permalink=\"https:\/\/rud.is\/b\/2017\/08\/29\/rpad-domain-repurposed-to-deliver-creepy-and-potentially-malicious-content\/p1\/\" data-orig-file=\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2017\/08\/p1.png?fit=1024%2C164&amp;ssl=1\" data-orig-size=\"1024,164\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"p1\" data-image-description=\"\" data-image-caption=\"\" data-large-file=\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2017\/08\/p1.png?fit=510%2C82&amp;ssl=1\" src=\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2017\/08\/p1.png?resize=510%2C82&#038;ssl=1\" alt=\"\" width=\"510\" height=\"82\" class=\"aligncenter size-full wp-image-6200\" \/><\/a><\/p>\n<p>Hrm. Could be server or network errors.<\/p>\n<p>Let&#8217;s go back to 2009.<\/p>\n<pre id=\"rpad06\"><code class=\"language-r\">(rurl &lt;- filter(tm, lubridate::year(anytime::anydate(datetime)) == 2009))\r\n## # A tibble: 4 x 5\r\n##       rel                                                                  link  type\r\n##     &lt;chr&gt;                                                                 &lt;chr&gt; &lt;chr&gt;\r\n## 1 memento     http:\/\/web.archive.org\/web\/20090219192601\/http:\/\/rpad.org:80\/Rpad  &lt;NA&gt;\r\n## 2 memento http:\/\/web.archive.org\/web\/20090322163146\/http:\/\/www.rpad.org:80\/Rpad  &lt;NA&gt;\r\n## 3 memento http:\/\/web.archive.org\/web\/20090422082321\/http:\/\/www.rpad.org:80\/Rpad  &lt;NA&gt;\r\n## 4 memento http:\/\/web.archive.org\/web\/20090524155658\/http:\/\/www.rpad.org:80\/Rpad  &lt;NA&gt;\r\n## # ... with 2 more variables: from &lt;chr&gt;, datetime &lt;chr&gt;\r\n\r\n(p2009 &lt;- render_png(url = rurl$link[4]))<\/code><\/pre>\n<p><a href=\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2017\/08\/p2.png?ssl=1\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" data-attachment-id=\"6201\" data-permalink=\"https:\/\/rud.is\/b\/2017\/08\/29\/rpad-domain-repurposed-to-deliver-creepy-and-potentially-malicious-content\/p2\/\" data-orig-file=\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2017\/08\/p2.png?fit=1024%2C3151&amp;ssl=1\" data-orig-size=\"1024,3151\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"p2\" data-image-description=\"\" data-image-caption=\"\" data-large-file=\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2017\/08\/p2.png?fit=333%2C1024&amp;ssl=1\" src=\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2017\/08\/p2.png?resize=510%2C1569&#038;ssl=1\" alt=\"\" width=\"510\" height=\"1569\" class=\"aligncenter wp-image-6201\"  style=\"width:25%; max-width:100%\" \/><\/a><\/p>\n<p>If you poke around that, it looks like the original Rpad content, so it was &#8220;safe&#8221; back then.<\/p>\n<pre id=\"rpad07\"><code class=\"language-r\">(rurl &lt;- filter(tm, lubridate::year(anytime::anydate(datetime)) == 2017))\r\n## # A tibble: 6 x 5\r\n##       rel                                                                link  type\r\n##     &lt;chr&gt;                                                               &lt;chr&gt; &lt;chr&gt;\r\n## 1 memento  http:\/\/web.archive.org\/web\/20170323222705\/http:\/\/www.rpad.org\/Rpad  &lt;NA&gt;\r\n## 2 memento http:\/\/web.archive.org\/web\/20170331042213\/http:\/\/www.rpad.org\/Rpad\/  &lt;NA&gt;\r\n## 3 memento http:\/\/web.archive.org\/web\/20170412070515\/http:\/\/www.rpad.org\/Rpad\/  &lt;NA&gt;\r\n## 4 memento http:\/\/web.archive.org\/web\/20170518023345\/http:\/\/www.rpad.org\/Rpad\/  &lt;NA&gt;\r\n## 5 memento http:\/\/web.archive.org\/web\/20170702130918\/http:\/\/www.rpad.org\/Rpad\/  &lt;NA&gt;\r\n## 6 memento http:\/\/web.archive.org\/web\/20170813053454\/http:\/\/www.rpad.org\/Rpad\/  &lt;NA&gt;\r\n## # ... with 2 more variables: from &lt;chr&gt;, datetime &lt;chr&gt;\r\n\r\n(p2017 &lt;- render_png(url = rurl$link[1]))<\/code><\/pre>\n<p>I won&#8217;t break your browser and add another giant image, but that one has the icky content. So, it&#8217;s a relatively recent takeover and it&#8217;s likely that whomever added the icky content links did so to try to ensure those domains and URLs have both good SEO and a positive reputation.<\/p>\n<p>Let&#8217;s see if they were dumb enough to make their info public:<\/p>\n<pre id=\"rpad08\"><code class=\"language-r\">rwho &lt;- passive_whois(&quot;rpad.org&quot;)\r\nstr(rwho, 1)\r\n## List of 18\r\n##  $ registryUpdatedAt: chr &quot;2016-10-05&quot;\r\n##  $ admin            :List of 10\r\n##  $ domain           : chr &quot;rpad.org&quot;\r\n##  $ registrant       :List of 10\r\n##  $ telephone        : chr &quot;5078365503&quot;\r\n##  $ organization     : chr &quot;WhoisGuard, Inc.&quot;\r\n##  $ billing          : Named list()\r\n##  $ lastLoadedAt     : chr &quot;2017-03-14&quot;\r\n##  $ nameServers      : chr [1:2] &quot;ns-1147.awsdns-15.org&quot; &quot;ns-781.awsdns-33.net&quot;\r\n##  $ whoisServer      : chr &quot;whois.publicinterestregistry.net&quot;\r\n##  $ registered       : chr &quot;2004-06-15&quot;\r\n##  $ contactEmail     : chr &quot;411233718f2a4cad96274be88d39e804.protect@whoisguard.com&quot;\r\n##  $ name             : chr &quot;WhoisGuard Protected&quot;\r\n##  $ expiresAt        : chr &quot;2018-06-15&quot;\r\n##  $ registrar        : chr &quot;eNom, Inc.&quot;\r\n##  $ compact          :List of 10\r\n##  $ zone             : Named list()\r\n##  $ tech             :List of 10<\/code><\/pre>\n<p>Nope. #sigh<\/p>\n<p>Is this site considered &#8220;malicious&#8221;?<\/p>\n<pre id=\"rpad09\"><code class=\"language-r\">(rclass &lt;- passive_classification(&quot;rpad.org&quot;))\r\n## $everCompromised\r\n## NULL<\/code><\/pre>\n<p>Nope. #sigh<\/p>\n<p>What&#8217;s the hosting history for the site?<\/p>\n<pre id=\"rpad10\"><code class=\"language-r\">rdns &lt;- passive_dns(&quot;rpad.org&quot;)\r\nrorig &lt;- bulk_origin(rdns$results$resolve)\r\n\r\ntbl_df(rdns$results) %&gt;%\r\n  type_convert() %&gt;%\r\n  select(firstSeen, resolve) %&gt;%\r\n  left_join(select(rorig, resolve=ip, as_name=as_name)) %&gt;% \r\n  arrange(firstSeen) %&gt;%\r\n  print(n=100)\r\n## # A tibble: 88 x 3\r\n##              firstSeen        resolve                                              as_name\r\n##                 &lt;dttm&gt;          &lt;chr&gt;                                                &lt;chr&gt;\r\n##  1 2009-12-18 11:15:20  144.58.240.79      EPRI-PA - Electric Power Research Institute, US\r\n##  2 2016-06-19 00:00:00 208.91.197.132 CONFLUENCE-NETWORK-INC - Confluence Networks Inc, VG\r\n##  3 2016-07-29 00:00:00  208.91.197.27 CONFLUENCE-NETWORK-INC - Confluence Networks Inc, VG\r\n##  4 2016-08-12 20:46:15  54.230.14.253                     AMAZON-02 - Amazon.com, Inc., US\r\n##  5 2016-08-16 14:21:17  54.230.94.206                     AMAZON-02 - Amazon.com, Inc., US\r\n##  6 2016-08-19 20:57:04  54.230.95.249                     AMAZON-02 - Amazon.com, Inc., US\r\n##  7 2016-08-26 20:54:02 54.192.197.200                     AMAZON-02 - Amazon.com, Inc., US\r\n##  8 2016-09-12 10:35:41   52.84.40.164                     AMAZON-02 - Amazon.com, Inc., US\r\n##  9 2016-09-17 07:43:03  54.230.11.212                     AMAZON-02 - Amazon.com, Inc., US\r\n## 10 2016-09-23 18:17:50 54.230.202.223                     AMAZON-02 - Amazon.com, Inc., US\r\n## 11 2016-09-30 19:47:31 52.222.174.253                     AMAZON-02 - Amazon.com, Inc., US\r\n## 12 2016-10-24 17:44:38  52.85.112.250                     AMAZON-02 - Amazon.com, Inc., US\r\n## 13 2016-10-28 18:14:16 52.222.174.231                     AMAZON-02 - Amazon.com, Inc., US\r\n## 14 2016-11-11 10:44:22 54.240.162.201                     AMAZON-02 - Amazon.com, Inc., US\r\n## 15 2016-11-17 04:34:15 54.192.197.242                     AMAZON-02 - Amazon.com, Inc., US\r\n## 16 2016-12-16 17:49:29   52.84.32.234                     AMAZON-02 - Amazon.com, Inc., US\r\n## 17 2016-12-19 02:34:32 54.230.141.240                     AMAZON-02 - Amazon.com, Inc., US\r\n## 18 2016-12-23 14:25:32  54.192.37.182                     AMAZON-02 - Amazon.com, Inc., US\r\n## 19 2017-01-20 17:26:28  52.84.126.252                     AMAZON-02 - Amazon.com, Inc., US\r\n## 20 2017-02-03 15:28:24   52.85.94.225                     AMAZON-02 - Amazon.com, Inc., US\r\n## 21 2017-02-10 19:06:07   52.85.94.252                     AMAZON-02 - Amazon.com, Inc., US\r\n## 22 2017-02-17 21:37:21   52.85.63.229                     AMAZON-02 - Amazon.com, Inc., US\r\n## 23 2017-02-24 21:43:45   52.85.63.225                     AMAZON-02 - Amazon.com, Inc., US\r\n## 24 2017-03-05 12:06:32  54.192.19.242                     AMAZON-02 - Amazon.com, Inc., US\r\n## 25 2017-04-01 00:41:07 54.192.203.223                     AMAZON-02 - Amazon.com, Inc., US\r\n## 26 2017-05-19 00:00:00   13.32.246.44                     AMAZON-02 - Amazon.com, Inc., US\r\n## 27 2017-05-28 00:00:00    52.84.74.38                     AMAZON-02 - Amazon.com, Inc., US\r\n## 28 2017-06-07 08:10:32  54.230.15.154                     AMAZON-02 - Amazon.com, Inc., US\r\n## 29 2017-06-07 08:10:32  54.230.15.142                     AMAZON-02 - Amazon.com, Inc., US\r\n## 30 2017-06-07 08:10:32  54.230.15.168                     AMAZON-02 - Amazon.com, Inc., US\r\n## 31 2017-06-07 08:10:32   54.230.15.57                     AMAZON-02 - Amazon.com, Inc., US\r\n## 32 2017-06-07 08:10:32   54.230.15.36                     AMAZON-02 - Amazon.com, Inc., US\r\n## 33 2017-06-07 08:10:32  54.230.15.129                     AMAZON-02 - Amazon.com, Inc., US\r\n## 34 2017-06-07 08:10:32   54.230.15.61                     AMAZON-02 - Amazon.com, Inc., US\r\n## 35 2017-06-07 08:10:32   54.230.15.51                     AMAZON-02 - Amazon.com, Inc., US\r\n## 36 2017-07-16 09:51:12 54.230.187.155                     AMAZON-02 - Amazon.com, Inc., US\r\n## 37 2017-07-16 09:51:12 54.230.187.184                     AMAZON-02 - Amazon.com, Inc., US\r\n## 38 2017-07-16 09:51:12 54.230.187.125                     AMAZON-02 - Amazon.com, Inc., US\r\n## 39 2017-07-16 09:51:12  54.230.187.91                     AMAZON-02 - Amazon.com, Inc., US\r\n## 40 2017-07-16 09:51:12  54.230.187.74                     AMAZON-02 - Amazon.com, Inc., US\r\n## 41 2017-07-16 09:51:12  54.230.187.36                     AMAZON-02 - Amazon.com, Inc., US\r\n## 42 2017-07-16 09:51:12 54.230.187.197                     AMAZON-02 - Amazon.com, Inc., US\r\n## 43 2017-07-16 09:51:12 54.230.187.185                     AMAZON-02 - Amazon.com, Inc., US\r\n## 44 2017-07-17 13:10:13 54.239.168.225                     AMAZON-02 - Amazon.com, Inc., US\r\n## 45 2017-08-06 01:14:07  52.222.149.75                     AMAZON-02 - Amazon.com, Inc., US\r\n## 46 2017-08-06 01:14:07 52.222.149.172                     AMAZON-02 - Amazon.com, Inc., US\r\n## 47 2017-08-06 01:14:07 52.222.149.245                     AMAZON-02 - Amazon.com, Inc., US\r\n## 48 2017-08-06 01:14:07  52.222.149.41                     AMAZON-02 - Amazon.com, Inc., US\r\n## 49 2017-08-06 01:14:07  52.222.149.38                     AMAZON-02 - Amazon.com, Inc., US\r\n## 50 2017-08-06 01:14:07 52.222.149.141                     AMAZON-02 - Amazon.com, Inc., US\r\n## 51 2017-08-06 01:14:07 52.222.149.163                     AMAZON-02 - Amazon.com, Inc., US\r\n## 52 2017-08-06 01:14:07  52.222.149.26                     AMAZON-02 - Amazon.com, Inc., US\r\n## 53 2017-08-11 19:11:08 216.137.61.247                     AMAZON-02 - Amazon.com, Inc., US\r\n## 54 2017-08-21 20:44:52  13.32.253.116                     AMAZON-02 - Amazon.com, Inc., US\r\n## 55 2017-08-21 20:44:52  13.32.253.247                     AMAZON-02 - Amazon.com, Inc., US\r\n## 56 2017-08-21 20:44:52  13.32.253.117                     AMAZON-02 - Amazon.com, Inc., US\r\n## 57 2017-08-21 20:44:52  13.32.253.112                     AMAZON-02 - Amazon.com, Inc., US\r\n## 58 2017-08-21 20:44:52   13.32.253.42                     AMAZON-02 - Amazon.com, Inc., US\r\n## 59 2017-08-21 20:44:52  13.32.253.162                     AMAZON-02 - Amazon.com, Inc., US\r\n## 60 2017-08-21 20:44:52  13.32.253.233                     AMAZON-02 - Amazon.com, Inc., US\r\n## 61 2017-08-21 20:44:52   13.32.253.29                     AMAZON-02 - Amazon.com, Inc., US\r\n## 62 2017-08-23 14:24:15 216.137.61.164                     AMAZON-02 - Amazon.com, Inc., US\r\n## 63 2017-08-23 14:24:15 216.137.61.146                     AMAZON-02 - Amazon.com, Inc., US\r\n## 64 2017-08-23 14:24:15  216.137.61.21                     AMAZON-02 - Amazon.com, Inc., US\r\n## 65 2017-08-23 14:24:15 216.137.61.154                     AMAZON-02 - Amazon.com, Inc., US\r\n## 66 2017-08-23 14:24:15 216.137.61.250                     AMAZON-02 - Amazon.com, Inc., US\r\n## 67 2017-08-23 14:24:15 216.137.61.217                     AMAZON-02 - Amazon.com, Inc., US\r\n## 68 2017-08-23 14:24:15  216.137.61.54                     AMAZON-02 - Amazon.com, Inc., US\r\n## 69 2017-08-25 19:21:58  13.32.218.245                     AMAZON-02 - Amazon.com, Inc., US\r\n## 70 2017-08-26 09:41:34   52.85.173.67                     AMAZON-02 - Amazon.com, Inc., US\r\n## 71 2017-08-26 09:41:34  52.85.173.186                     AMAZON-02 - Amazon.com, Inc., US\r\n## 72 2017-08-26 09:41:34  52.85.173.131                     AMAZON-02 - Amazon.com, Inc., US\r\n## 73 2017-08-26 09:41:34   52.85.173.18                     AMAZON-02 - Amazon.com, Inc., US\r\n## 74 2017-08-26 09:41:34   52.85.173.91                     AMAZON-02 - Amazon.com, Inc., US\r\n## 75 2017-08-26 09:41:34  52.85.173.174                     AMAZON-02 - Amazon.com, Inc., US\r\n## 76 2017-08-26 09:41:34  52.85.173.210                     AMAZON-02 - Amazon.com, Inc., US\r\n## 77 2017-08-26 09:41:34   52.85.173.88                     AMAZON-02 - Amazon.com, Inc., US\r\n## 78 2017-08-27 22:02:41  13.32.253.169                     AMAZON-02 - Amazon.com, Inc., US\r\n## 79 2017-08-27 22:02:41  13.32.253.203                     AMAZON-02 - Amazon.com, Inc., US\r\n## 80 2017-08-27 22:02:41  13.32.253.209                     AMAZON-02 - Amazon.com, Inc., US\r\n## 81 2017-08-29 13:17:37 54.230.141.201                     AMAZON-02 - Amazon.com, Inc., US\r\n## 82 2017-08-29 13:17:37  54.230.141.83                     AMAZON-02 - Amazon.com, Inc., US\r\n## 83 2017-08-29 13:17:37  54.230.141.30                     AMAZON-02 - Amazon.com, Inc., US\r\n## 84 2017-08-29 13:17:37 54.230.141.193                     AMAZON-02 - Amazon.com, Inc., US\r\n## 85 2017-08-29 13:17:37 54.230.141.152                     AMAZON-02 - Amazon.com, Inc., US\r\n## 86 2017-08-29 13:17:37 54.230.141.161                     AMAZON-02 - Amazon.com, Inc., US\r\n## 87 2017-08-29 13:17:37  54.230.141.38                     AMAZON-02 - Amazon.com, Inc., US\r\n## 88 2017-08-29 13:17:37 54.230.141.151                     AMAZON-02 - Amazon.com, Inc., US<\/code><\/pre>\n<p>Unfortunately, I expected this. The owner keeps moving it around on AWS infrastructure.<\/p>\n<h2>So What?<\/h2>\n<p>This was an innocent link in a document on CRAN that went to a site that looked legit. A clever individual or organization found the dead domain and saw an opportunity to legitimize some fairly nasty stuff.<\/p>\n<p>Now, I realize nobody is likely using &#8220;Rpad&#8221; anymore, but this type of situation can happen to any registered domain. If this individual or organization were doing more than trying to make objectionable content legit, they likely could have succeeded, especially if they enticed you with a shiny new <code>devtools::install_\u2026()<\/code> link with promises of statistically sound animated cat emoji gif creation tools. They did an eerily good job of making this particular site still seem legit.<\/p>\n<p>There&#8217;s nothing most folks can do to &#8220;fix&#8221; that site or have it removed. I&#8217;m not sure CRAN should remove the helpful PDF, but with a clickable link, it might be a good thing to suggest.<\/p>\n<p>You&#8217;ll see that I used the <code>splashr<\/code> package (which has been submitted to CRAN but not there yet). It&#8217;s a good way to work with potentially malicious web content since you can &#8220;see&#8221; it and mine content from it without putting your own system at risk.<\/p>\n<p>After going through this, I&#8217;ll see what I can do to put some bows on some of the devel-only packages and get them into CRAN so there&#8217;s a bit more assurance around using them.<\/p>\n<p>I&#8217;m an army of one when it comes to fielding R-related security issues, but if you do come across suspicious items (like this or icky\/malicious in other ways) don&#8217;t hesitate to drop me an @ or DM on Twitter.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I was about to embark on setting up a background task to sift through R package PDFs for traces of functions that &#8220;omit NA values&#8221; as a surprise present for Colin Fay and Sir Tierney: [Please RT]#RStats folks, @nj_tierney &amp; I need your help for {naniar}!When does R silently drop\/omit NA? https:\/\/t.co\/V5elyGcG8Z pic.twitter.com\/VScLXFCl2n &mdash; Colin [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":6198,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"activitypub_content_warning":"","activitypub_content_visibility":"","activitypub_max_image_attachments":3,"activitypub_interaction_policy_quote":"anyone","activitypub_status":"","footnotes":""},"categories":[681,91],"tags":[810],"class_list":["post-6193","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","category-r","tag-post"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Rpad Domain Repurposed To Deliver Creepy (and potentially malicious) Content - rud.is<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/rud.is\/b\/2017\/08\/29\/rpad-domain-repurposed-to-deliver-creepy-and-potentially-malicious-content\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Rpad Domain Repurposed To Deliver Creepy (and potentially malicious) Content - rud.is\" \/>\n<meta property=\"og:description\" content=\"I was about to embark on setting up a background task to sift through R package PDFs for traces of functions that &#8220;omit NA values&#8221; as a surprise present for Colin Fay and Sir Tierney: [Please RT]#RStats folks, @nj_tierney &amp; I need your help for {naniar}!When does R silently drop\/omit NA? https:\/\/t.co\/V5elyGcG8Z pic.twitter.com\/VScLXFCl2n &mdash; Colin [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/rud.is\/b\/2017\/08\/29\/rpad-domain-repurposed-to-deliver-creepy-and-potentially-malicious-content\/\" \/>\n<meta property=\"og:site_name\" content=\"rud.is\" \/>\n<meta property=\"article:published_time\" content=\"2017-08-29T14:14:19+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2018-03-10T12:53:51+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2017\/08\/Plot_Zoom.png?fit=1204%2C1664&ssl=1\" \/>\n\t<meta property=\"og:image:width\" content=\"1204\" \/>\n\t<meta property=\"og:image:height\" content=\"1664\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"hrbrmstr\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"hrbrmstr\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2017\\\/08\\\/29\\\/rpad-domain-repurposed-to-deliver-creepy-and-potentially-malicious-content\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2017\\\/08\\\/29\\\/rpad-domain-repurposed-to-deliver-creepy-and-potentially-malicious-content\\\/\"},\"author\":{\"name\":\"hrbrmstr\",\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/#\\\/schema\\\/person\\\/d7cb7487ab0527447f7fda5c423ff886\"},\"headline\":\"Rpad Domain Repurposed To Deliver Creepy (and potentially malicious) Content\",\"datePublished\":\"2017-08-29T14:14:19+00:00\",\"dateModified\":\"2018-03-10T12:53:51+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2017\\\/08\\\/29\\\/rpad-domain-repurposed-to-deliver-creepy-and-potentially-malicious-content\\\/\"},\"wordCount\":837,\"commentCount\":4,\"publisher\":{\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/#\\\/schema\\\/person\\\/d7cb7487ab0527447f7fda5c423ff886\"},\"image\":{\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2017\\\/08\\\/29\\\/rpad-domain-repurposed-to-deliver-creepy-and-potentially-malicious-content\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/i0.wp.com\\\/rud.is\\\/b\\\/wp-content\\\/uploads\\\/2017\\\/08\\\/Plot_Zoom.png?fit=1204%2C1664&ssl=1\",\"keywords\":[\"post\"],\"articleSection\":[\"Cybersecurity\",\"R\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/rud.is\\\/b\\\/2017\\\/08\\\/29\\\/rpad-domain-repurposed-to-deliver-creepy-and-potentially-malicious-content\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2017\\\/08\\\/29\\\/rpad-domain-repurposed-to-deliver-creepy-and-potentially-malicious-content\\\/\",\"url\":\"https:\\\/\\\/rud.is\\\/b\\\/2017\\\/08\\\/29\\\/rpad-domain-repurposed-to-deliver-creepy-and-potentially-malicious-content\\\/\",\"name\":\"Rpad Domain Repurposed To Deliver Creepy (and potentially malicious) Content - rud.is\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2017\\\/08\\\/29\\\/rpad-domain-repurposed-to-deliver-creepy-and-potentially-malicious-content\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2017\\\/08\\\/29\\\/rpad-domain-repurposed-to-deliver-creepy-and-potentially-malicious-content\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/i0.wp.com\\\/rud.is\\\/b\\\/wp-content\\\/uploads\\\/2017\\\/08\\\/Plot_Zoom.png?fit=1204%2C1664&ssl=1\",\"datePublished\":\"2017-08-29T14:14:19+00:00\",\"dateModified\":\"2018-03-10T12:53:51+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2017\\\/08\\\/29\\\/rpad-domain-repurposed-to-deliver-creepy-and-potentially-malicious-content\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/rud.is\\\/b\\\/2017\\\/08\\\/29\\\/rpad-domain-repurposed-to-deliver-creepy-and-potentially-malicious-content\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2017\\\/08\\\/29\\\/rpad-domain-repurposed-to-deliver-creepy-and-potentially-malicious-content\\\/#primaryimage\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/rud.is\\\/b\\\/wp-content\\\/uploads\\\/2017\\\/08\\\/Plot_Zoom.png?fit=1204%2C1664&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/rud.is\\\/b\\\/wp-content\\\/uploads\\\/2017\\\/08\\\/Plot_Zoom.png?fit=1204%2C1664&ssl=1\",\"width\":1204,\"height\":1664},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2017\\\/08\\\/29\\\/rpad-domain-repurposed-to-deliver-creepy-and-potentially-malicious-content\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/rud.is\\\/b\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Rpad Domain Repurposed To Deliver Creepy (and potentially malicious) Content\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/#website\",\"url\":\"https:\\\/\\\/rud.is\\\/b\\\/\",\"name\":\"rud.is\",\"description\":\"&quot;In God we trust. All others must bring data&quot;\",\"publisher\":{\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/#\\\/schema\\\/person\\\/d7cb7487ab0527447f7fda5c423ff886\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/rud.is\\\/b\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/#\\\/schema\\\/person\\\/d7cb7487ab0527447f7fda5c423ff886\",\"name\":\"hrbrmstr\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/i0.wp.com\\\/rud.is\\\/b\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/ukr-shield.png?fit=460%2C460&ssl=1\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/rud.is\\\/b\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/ukr-shield.png?fit=460%2C460&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/rud.is\\\/b\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/ukr-shield.png?fit=460%2C460&ssl=1\",\"width\":460,\"height\":460,\"caption\":\"hrbrmstr\"},\"logo\":{\"@id\":\"https:\\\/\\\/i0.wp.com\\\/rud.is\\\/b\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/ukr-shield.png?fit=460%2C460&ssl=1\"},\"description\":\"Don't look at me\u2026I do what he does \u2014 just slower. #rstats avuncular \u2022 ?Resistance Fighter \u2022 Cook \u2022 Christian \u2022 [Master] Chef des Donn\u00e9es de S\u00e9curit\u00e9 @ @rapid7\",\"sameAs\":[\"http:\\\/\\\/rud.is\"],\"url\":\"https:\\\/\\\/rud.is\\\/b\\\/author\\\/hrbrmstr\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Rpad Domain Repurposed To Deliver Creepy (and potentially malicious) Content - rud.is","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/rud.is\/b\/2017\/08\/29\/rpad-domain-repurposed-to-deliver-creepy-and-potentially-malicious-content\/","og_locale":"en_US","og_type":"article","og_title":"Rpad Domain Repurposed To Deliver Creepy (and potentially malicious) Content - rud.is","og_description":"I was about to embark on setting up a background task to sift through R package PDFs for traces of functions that &#8220;omit NA values&#8221; as a surprise present for Colin Fay and Sir Tierney: [Please RT]#RStats folks, @nj_tierney &amp; I need your help for {naniar}!When does R silently drop\/omit NA? https:\/\/t.co\/V5elyGcG8Z pic.twitter.com\/VScLXFCl2n &mdash; Colin [&hellip;]","og_url":"https:\/\/rud.is\/b\/2017\/08\/29\/rpad-domain-repurposed-to-deliver-creepy-and-potentially-malicious-content\/","og_site_name":"rud.is","article_published_time":"2017-08-29T14:14:19+00:00","article_modified_time":"2018-03-10T12:53:51+00:00","og_image":[{"width":1204,"height":1664,"url":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2017\/08\/Plot_Zoom.png?fit=1204%2C1664&ssl=1","type":"image\/png"}],"author":"hrbrmstr","twitter_card":"summary_large_image","twitter_misc":{"Written by":"hrbrmstr","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/rud.is\/b\/2017\/08\/29\/rpad-domain-repurposed-to-deliver-creepy-and-potentially-malicious-content\/#article","isPartOf":{"@id":"https:\/\/rud.is\/b\/2017\/08\/29\/rpad-domain-repurposed-to-deliver-creepy-and-potentially-malicious-content\/"},"author":{"name":"hrbrmstr","@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886"},"headline":"Rpad Domain Repurposed To Deliver Creepy (and potentially malicious) Content","datePublished":"2017-08-29T14:14:19+00:00","dateModified":"2018-03-10T12:53:51+00:00","mainEntityOfPage":{"@id":"https:\/\/rud.is\/b\/2017\/08\/29\/rpad-domain-repurposed-to-deliver-creepy-and-potentially-malicious-content\/"},"wordCount":837,"commentCount":4,"publisher":{"@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886"},"image":{"@id":"https:\/\/rud.is\/b\/2017\/08\/29\/rpad-domain-repurposed-to-deliver-creepy-and-potentially-malicious-content\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2017\/08\/Plot_Zoom.png?fit=1204%2C1664&ssl=1","keywords":["post"],"articleSection":["Cybersecurity","R"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/rud.is\/b\/2017\/08\/29\/rpad-domain-repurposed-to-deliver-creepy-and-potentially-malicious-content\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/rud.is\/b\/2017\/08\/29\/rpad-domain-repurposed-to-deliver-creepy-and-potentially-malicious-content\/","url":"https:\/\/rud.is\/b\/2017\/08\/29\/rpad-domain-repurposed-to-deliver-creepy-and-potentially-malicious-content\/","name":"Rpad Domain Repurposed To Deliver Creepy (and potentially malicious) Content - rud.is","isPartOf":{"@id":"https:\/\/rud.is\/b\/#website"},"primaryImageOfPage":{"@id":"https:\/\/rud.is\/b\/2017\/08\/29\/rpad-domain-repurposed-to-deliver-creepy-and-potentially-malicious-content\/#primaryimage"},"image":{"@id":"https:\/\/rud.is\/b\/2017\/08\/29\/rpad-domain-repurposed-to-deliver-creepy-and-potentially-malicious-content\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2017\/08\/Plot_Zoom.png?fit=1204%2C1664&ssl=1","datePublished":"2017-08-29T14:14:19+00:00","dateModified":"2018-03-10T12:53:51+00:00","breadcrumb":{"@id":"https:\/\/rud.is\/b\/2017\/08\/29\/rpad-domain-repurposed-to-deliver-creepy-and-potentially-malicious-content\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/rud.is\/b\/2017\/08\/29\/rpad-domain-repurposed-to-deliver-creepy-and-potentially-malicious-content\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/rud.is\/b\/2017\/08\/29\/rpad-domain-repurposed-to-deliver-creepy-and-potentially-malicious-content\/#primaryimage","url":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2017\/08\/Plot_Zoom.png?fit=1204%2C1664&ssl=1","contentUrl":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2017\/08\/Plot_Zoom.png?fit=1204%2C1664&ssl=1","width":1204,"height":1664},{"@type":"BreadcrumbList","@id":"https:\/\/rud.is\/b\/2017\/08\/29\/rpad-domain-repurposed-to-deliver-creepy-and-potentially-malicious-content\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/rud.is\/b\/"},{"@type":"ListItem","position":2,"name":"Rpad Domain Repurposed To Deliver Creepy (and potentially malicious) Content"}]},{"@type":"WebSite","@id":"https:\/\/rud.is\/b\/#website","url":"https:\/\/rud.is\/b\/","name":"rud.is","description":"&quot;In God we trust. All others must bring data&quot;","publisher":{"@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/rud.is\/b\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886","name":"hrbrmstr","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1","url":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1","contentUrl":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1","width":460,"height":460,"caption":"hrbrmstr"},"logo":{"@id":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1"},"description":"Don't look at me\u2026I do what he does \u2014 just slower. #rstats avuncular \u2022 ?Resistance Fighter \u2022 Cook \u2022 Christian \u2022 [Master] Chef des Donn\u00e9es de S\u00e9curit\u00e9 @ @rapid7","sameAs":["http:\/\/rud.is"],"url":"https:\/\/rud.is\/b\/author\/hrbrmstr\/"}]}},"jetpack_featured_media_url":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2017\/08\/Plot_Zoom.png?fit=1204%2C1664&ssl=1","jetpack_shortlink":"https:\/\/wp.me\/p23idr-1BT","jetpack_likes_enabled":true,"jetpack-related-posts":[{"id":3158,"url":"https:\/\/rud.is\/b\/2014\/12\/29\/making-static-interactive-maps-with-ggvis-using-ggvis-maps-wshiny\/","url_meta":{"origin":6193,"position":0},"title":"Making Static &#038; Interactive Maps With ggvis (+ using ggvis maps w\/shiny)","author":"hrbrmstr","date":"2014-12-29","format":false,"excerpt":"Even though it's still at version `0.4`, the `ggvis` package has quite a bit of functionality and is highly useful for exploratory data analysis (EDA). I wanted to see how geographical visualizations would work under it, so I put together six examples that show how to use various features of\u2026","rel":"","context":"In &quot;cartography&quot;","block_context":{"text":"cartography","link":"https:\/\/rud.is\/b\/category\/cartography\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":11694,"url":"https:\/\/rud.is\/b\/2018\/12\/31\/exploring-2018-r-bloggers-r-weekly-posts-with-feedly-the-seymour-package\/","url_meta":{"origin":6193,"position":1},"title":"Exploring 2018 R-bloggers &#038; R Weekly Posts with Feedly &#038; the &#8216;seymour&#8217; package","author":"hrbrmstr","date":"2018-12-31","format":false,"excerpt":"Well, 2018 has flown by and today seems like an appropriate time to take a look at the landscape of R bloggerdom as seen through the eyes of readers of R-bloggers and R Weekly. We'll do this via a new package designed to make it easier to treat Feedly as\u2026","rel":"","context":"In &quot;Feedly&quot;","block_context":{"text":"Feedly","link":"https:\/\/rud.is\/b\/category\/feedly\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2018\/12\/author-month-1.png?fit=960%2C864&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2018\/12\/author-month-1.png?fit=960%2C864&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2018\/12\/author-month-1.png?fit=960%2C864&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2018\/12\/author-month-1.png?fit=960%2C864&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":3622,"url":"https:\/\/rud.is\/b\/2015\/08\/21\/doh-i-could-have-had-just-used-v8\/","url_meta":{"origin":6193,"position":2},"title":"Doh! I Could Have Had Just Used V8!","author":"hrbrmstr","date":"2015-08-21","format":false,"excerpt":"An R user recently had the need to split a \"full, human name\" into component parts to retrieve first & last names. The full names could be anything from something simple like _\"David Regan\"_ to more complex & diverse such as _\"John Smith Jr.\"_, _\"Izaque Iuzuru Nagata\"_ or _\"Christian Schmit\u2026","rel":"","context":"In &quot;Javascript&quot;","block_context":{"text":"Javascript","link":"https:\/\/rud.is\/b\/category\/javascript\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":11215,"url":"https:\/\/rud.is\/b\/2018\/08\/04\/digging-into-mbox-details-a-tale-of-tm-reticulate\/","url_meta":{"origin":6193,"position":3},"title":"Digging into mbox details: A tale of tm &#038; reticulate","author":"hrbrmstr","date":"2018-08-04","format":false,"excerpt":"\u2728 I had to processes a bunch of emails for a $DAYJOB task this week and my \"default setting\" is to use R for pretty much everything (this should come as no surprise). Treating mail as data is not an uncommon task and many R packages exist that can reach\u2026","rel":"","context":"In &quot;Python&quot;","block_context":{"text":"Python","link":"https:\/\/rud.is\/b\/category\/python-2\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":12749,"url":"https:\/\/rud.is\/b\/2020\/05\/16\/attach-your-r-code-to-charts-you-tweet-for-reproducible-r-tweets\/","url_meta":{"origin":6193,"position":4},"title":"Attach Your R Code To Charts You Tweet For Reproducible R Tweets!","author":"hrbrmstr","date":"2020-05-16","format":false,"excerpt":"I caught this tweet by Terence Eden about using Twitter image alt-text to \"PGP sign\" tweet and my mind immediately went to \"how can I abuse this for covert communications, malicious command-and-control, and embedding R code in tweets?\". When you paste or upload an image to tweet (web interface, at\u2026","rel":"","context":"In &quot;R&quot;","block_context":{"text":"R","link":"https:\/\/rud.is\/b\/category\/r\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":12257,"url":"https:\/\/rud.is\/b\/2019\/06\/02\/trawling-through-ios-backups-for-treasure-a-k-a-how-to-fish-for-target-files-in-ios-backups-with-r\/","url_meta":{"origin":6193,"position":5},"title":"Trawling Through iOS Backups For Treasure (a.k.a. How to fish for target files in iOS backups) with R","author":"hrbrmstr","date":"2019-06-02","format":false,"excerpt":"In a recent previous post I brazenly talked over the \"hard parts\" of how I got to the target SQLite file that houses \"mowing history\" for what has become my weekend obsession. So, we'll cover just how to do that (find things in iOS backups) in this post along with\u2026","rel":"","context":"In &quot;iOS&quot;","block_context":{"text":"iOS","link":"https:\/\/rud.is\/b\/category\/ios\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/posts\/6193","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/comments?post=6193"}],"version-history":[{"count":0,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/posts\/6193\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/media\/6198"}],"wp:attachment":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/media?parent=6193"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/categories?post=6193"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/tags?post=6193"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}