Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bkengineersindia.com #472

Closed
1 of 3 tasks
g0d33p3rsec opened this issue May 29, 2024 · 2 comments
Closed
1 of 3 tasks

bkengineersindia.com #472

g0d33p3rsec opened this issue May 29, 2024 · 2 comments
Assignees
@spirillen

Comments

@g0d33p3rsec
Copy link
Collaborator

g0d33p3rsec commented May 29, 2024
edited
Loading

Blacklist domain as

  • Wildcard, The domain should be entirely blacklisted
  • Subdomain, We should not blacklist the entire domain, only sub-domains
  • Both types, category depended, How to Blacklist, depends on category assign per (sub-)domain

Comments

This domain is now hosting the phishing kit that was previously at englishplusmore[.]com(#404), carnesboinobre[.]com[.]br,  technowide[.]com[.]tr,  jestertunes[.]com, safecartusa[.]com, foreverfarley[.]com, azezieldraconous[.]com, westernautomobileassembly[.]com , littleswanaircon[.]com[.]sg, iwan2travel[.]com, applesforfred[.]com, theaerie[.]ca, nico[.]sa, ajstelecom[.]com[.]mx, and many others (approximately 120 domains since 2021).

Domain records

bkengineersindia.com|phishing

Hosts specific records, not used by DNS RPZ firewalls

No response

Screenshots

Screenshot

334983428-dd6b6b66-b16e-48c9-95f6-11f78b605127
334983477-7928e2b8-c621-4853-b62d-1674658f33b5
334983533-136e606c-640d-4acc-bac2-8710662ef8e5
334986747-fad6385d-5532-4025-93e9-a13e866fcbb8
334986784-b66b4954-59b3-4a4f-9846-51c6222849e1

Links to external sources

https://bkengineersindia.com/M3AzSDVuMUQ3SjNZOWw=
https://bkengineersindia.com/M2sxMzhFNm4wZjNJNnk=
https://bkengineersindia.com/M04zTjF1MVE0MTNPNVk=
https://bkengineersindia.com/MnU4RDM4MTE5MDQyNG0=
https://bkengineersindia.com/M0QyMTlMME01VDh3MmE=


### logs from uBlock Origin

_No response_
@g0d33p3rsec
Copy link
Collaborator Author

I'm noticing that most hosts seem to be vulnerable to CVE-2008-3844 when I run them through Shodan.
https://www.shodan.io/host/166.62.28.145
image

compare with the host that was being used yesterday
https://www.shodan.io/host/50.87.249.228
image

This is a vuln that has consistently shown up on hosts related to this activity group.

@spirillen
Copy link
Contributor

Nice notice, Thanks for sharing

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@spirillen spirillen

Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@spirillen @g0d33p3rsec