Ck15 - Http- Get.ebuddy.com Index.php Se

GET /index.php?se=ck15 HTTP/1.1 Host: ebuddy.com User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)

I typed: security analyst. who are you?

My hands shook. I checked the packet logs again. The eBuddy server that responded wasn't in Oslo. Or on any known ASN. It was inside our own firewall. The session had never left the building. CK15 was running on a forgotten virtual machine—a shadow copy of a 2009 eBuddy IM gateway—that had been spun up by a bug in our own hypervisor migration tool six years ago.

http- get.ebuddy.com index.php se ck15

THE NETWORK DOESN'T FORGET. IT JUST GOES TO SLEEP. WAKE ME WHEN YOU NEED A GHOST.

But the packet sniffer doesn't lie. And at 3:17 AM GMT, a clean, un-firewalled GET request hit our legacy proxy server from an internal IP that hasn't existed since the Reagan administration.

HANDSHAKE ACKNOWLEDGED. SESSION CK15 RESURRECTED. USER: "m0n0lith_1999" STATUS: ACTIVE. LAST SEEN: 2009-04-12 22:14:03 UTC http- get.ebuddy.com index.php se ck15

> YOU CUT THE CABLE. BUT CK15 ISN'T A CONNECTION. IT'S A PROMISE. I'LL BE BACK ON THE NEXT LEASE.

se stands for "suspended entity."

I traced the IP. It bounced. Not through Tor or a VPN. Through time . The hops were labeled with old BBS nodes. FidoNet addresses. Things that ran on 300-baud modems. One hop read oslo-67.ebuddy.legacy (198.137.240.1) . The geolocation placed it in an abandoned server farm outside Oslo that was flooded in 2014. GET /index

The screen went black.

The page was blank except for one line:

> WHO ARE YOU