Ponies in the mist – Stressit.org

Ponies in the mist – Stressit.org

You might remember from a previous article that Proginter.com denied any connection with booter.xyz.

All right! we need more facts, so let us have a close look to another stress testing service that seems connected to the same actors: stressit.org.

Stressit.org frontpage
Stressit.org frontpage

According to the owner of Proginter Hosting (Mor Cohen), Poni Walker, that also likes to impersonate the singer Matan Galilov, is just a young guy hanging out in Hack Forums that is using Proginter’s brand to market himself and is not connected at all with his business. Sounds like a very obfuscated technique!

Back in September, Poni Walker placed an add in Hack Forums selling the source code for a stress testing service.

Poni Walker trying to sell stressit source code
Poni Walker trying to sell stressit source code

The screenshoot provided in the posting shows the site stressit.org

We checked where stressit.org is hosted and no surprise the website is hidden behind Cloudflare!

So we looked into Proginter allocated space in Hydra, the mail server of proginter.com is hosted at The prefix is announced by AS200039 and has some interesting upstream providers (More on this in another story!)

inetnum: -
netname:        UK-PROGINTER
descr:          UK Allocation for Proginter
country:        GB
org:            ORG-PA826-RIPE
admin-c:        EH3415-RIPE
tech-c:         EH3415-RIPE
status:         SUB-ALLOCATED PA
mnt-by:         HYDRA-MNT
mnt-by:         PROGINTER-MNT
created:        2015-12-15T19:07:59Z
last-modified:  2015-12-15T19:07:59Z
source:         RIPE

person:         Eden Hen
address:        Israel Afula Borchov 30
phone:          +972732190290
nic-hdl:        EH3415-RIPE
mnt-by:         PROGINTER-MNT
created:        2015-10-06T14:59:04Z
last-modified:  2015-10-06T14:59:05Z
source:         RIPE # Filtered

We reviewed this IP addresses and got some interesting findings.

When placing HTTP requests against with the domain stressit.org, we managed to uncover the hidden origin.

Hidden Origin Stressit.org
Hidden Origin Stressit.org

Javascript Anti-DDOS protection links Proginter.com to Stressit.org

The anti denial of service protection chosen by Proginter.com was also helpful to link both sites together. During the session negotiation, Proginter.com places a cookie in the browser (prog_protects) that later on must be used to navigate further in the website. This anti-ddos protection mechanism is common in the industry and it serves to identify Javascript-enabled devices.

To our surprise, the cookie placed by Proginter.com to bypass the anti-DDOS protection, it also works when re-used in the site stressit.org.


Paypal payment

Stressit.org accepts Pay Pal payments associated with the account yehuda.levy.web@gmx.com


So what this means?

Well, it seems to us that we have gather enough evidence that indicates that:

  • Proginter, Mor Cohen, Naftali, Eden Hen and Poni Walker might be very close friends if not the very same person.
  • That Poni Walker offered in Hack Forums the source code of stressit.org the 3rd September 2016.
  • That Proginter hosted booter.xyz and currently hosts a copy of stressit.org


Credit Card and Identity

As you might remember from our previous article “Eden Hen”, the director of Proginter.com sent us a copy of a “credit card” from “Bank of America” as a proof of identity. One member of our community (thanks again for the tip!) sent us a mail with some interesting info about this card. The number 5300 is the first four digits of the card and is connected with Mastercard.

So how do we find which bank operates this card?

Eden Hen Card
Eden Hen Card

After many hours and some creative ways to search for cards (don’t miss the video at the end of the article!), we found the issuer: Payonner. There is plenty of information online in how to use this pre-paid cards to open Paypal accounts and withdraw money.

For those that wonder, the conditions to get a card in the name of “Homer Simpson” are described in Payonner website

A sample of the requested information to get a card with your name a few years ago:

Please provide a copy of a valid government issued ID with a photo. 
The ID should match the details provided on your Payoneer account. 
Please make sure the document is clear, and has your name and your date 
of birth displayed clearly in English. You can scan or photograph your 
documents and attach them to your reply to this e-mail. We prefer jpg 
format under 1MB. Please make sure to send both sides of the document 
where relevant. 


Payoneer's Account Approval Department is requesting a copy of a valid government 
issued photo ID document, so that we can process your card application. 
Acceptable forms of ID include driver's license, passport, national ID, and military ID.


Payoneer Debit Card
Payoneer Debit Card

How did we found the card?

Let us look for a Mastercard with black color. 🙂