th3j35t3r’s Saladin Tool Exposed

Greetings my children, it appears as I have stated many times before about th3j35t3r being a charlatan feeding off a fan base of those who do not know better gets more confirmations. I am sure if you are reading this you are aware of th3j35t3r’s new tool “Saladin” that appears to a layman inexperienced with the workings of the internet to have taken down various domains. As I have also stated anyone who knows something, in this case basic knowledge of hosting and domains, would notice a few things I shall outline. I shall start with the 4 obvious ones and how “Saladin” did nothing to take them down progressing to the few left I can only speculate on.

As you can see appears to not “exist” and one may ask why is that? Was there in fact some kind of super secret magickal tool in possession by this “patriotic hacker” or was it something else… Is it some secret line of code once pointed at a domain that makes it “non-existence” to every DNS server around the world? Is it transcendental manipulation of the internet using the pure Force Of American Patriotism to will the Islam away? Perhaps as rjacksix being an avid baptist is he praying the Islam away with the power of eJesus and his sidekick Saint XerXes?

It could be very much so that the Elder Gods exist that Lovecraft wrote so much of. I propose that in explanation th3j35t3r has made contact with the Elder Things from that Nameless City forged of stone with help from the Shoggoths. These workers under th3j35t3r’s control worked tirelessly through the aeons with knowledge of common computers in the present to fulfill such a request having been seen from the timeless void.

Or it could really have been this.

“9. EXPIRATION OF DOMAIN NAME REGISTRATIONS. You agree that we may, but are not obligated to, allow you to renew your domain name after its expiration date has passed. Should you choose not to renew your domain name during any applicable grace period (up to 40 days after domain expiration), you agree that we may at any time during such grace period, in our sole discretion, delete the domain registration, renew the registration or transfer the domain name to a third party on your behalf (the “Transfer”). In the event we are able to identify such a third party (“Third Party”) and effectuate such a Transfer, we will notify you via email after the transaction is completed (“Transfer Notification”). You acknowledge and agree that the Transfer may be facilitated through a single Third Party, or through an auction involving one or more parties interested in your domain name. You agree that we shall have no obligation to pay you, and you shall have no right to receive, any percentage of the proceeds of the Transfer. We cannot guarantee, and we make no representation or promise, that any Transfer will occur with respect to your domain name.”Internic – Main Terms And Conditions

As you can see those domains have expired as the owners have chosen not to renew them. Now I shall go on to the next two not so obvious ones.

It appears “” url redirection services have been discontinued for “ “. When you try to visit any of their previous redirection urls there is no DNS record however when you visit “” it redirects to “”. I would more conclude they have stopped offering url redirection services rather then anything else of a malicious nature.

The next one on the short list is “” which is hosted on url redirection service which redirects to this link “” which is the 5th domain now so far that has expired rather then being renewed by the owners. Now we shall explore the remaining few that are not a result of domain expiration.

Next up are the last ones that I have no real definite answer on which are “” which shows a default apache page (which currently is running an exploitable setup) and “” which is now up again as of this writing and redirects to “” (it was previously nulled routed or offline in some way). The domain “” appears to be down due to the DNS servers for the domain are currently not accepting requests.

So in conclusion I would seriously doubt this is the work of some kind of unknown exploit due to I can account for 5 of the 9 with infallible explanations for them being down due to domain expiration unless Saladin has power over the fabric of time somehow. We have one which is a url redirection service that has stopped offering redirection services which I would seriously doubt is related to Saladin. There is “” DNS servers being down which appears to be the result of technical difficulties for the hosting provider. I only see two of the targets “” and “” as even being remotely possible but given the explanations for the other targets I would say Saladin even existing is in question. I would say Saladin is nothing more then claiming credit where is not due to boost the ego and th3j35t3r impressing his fanbase.

So #whatdidyoudotodayscotty saying of th3j35t3r has reached epic irony due to the taking credit for actions he never committed. I can say I have never seen “scotty” lying or trying impress people bragging about how high profile he is. I would suggest taking a visit to these links written by krypt3ia concerning th3j35t3r Here and Here.

8 Responses to “th3j35t3r’s Saladin Tool Exposed”

  1. […] we have the “Toss My” Saladin effect. is a full explanation of what Saladin is. It’s not a tool like XerXes was (and I reiterate […]

  2. […] comments aimed at reapersec were directed toward an article discrediting Jester’s claims regarding his “Saladin” tool. One of their researchers proved that many sites he claimed to have hit with it were expired […]

  3. […] some media, and even Infosec media at large, who rarely investigated his grandiose claims. As the detailed blog posting demonstrated, the “mechanism” of Saladin was to wait for desired domains to expire, […]

  4. […] Saladin, on the other hand, takes credit for a lot of TANGO DOWNS that actually take the site offline permanently, erasing it from the internet. Is it an advanced piece of cyberweaponry that can literally wipe any trace of an offensive website from the world wide web? Well, maybe, but mostly what seems to happen is a domain that fits The Jester’s List Of Things He Hates expires without renewal or gets taken offline for violating its host’s Terms of Service, then Saladin claims responsibility (excellent write-up on Pastebin here listing all applicable sites, as well as a shorter analysis of nine sites here). […]

Comments are closed.

%d bloggers like this: