Closed corumir closed 2 weeks ago
I would be happy to add it, just trying to double check for fidelity. Please help me understand how you got from the Censys search to the Shodan favicon hash. What steps did you take?
My apologies. I got tired and took an easy route with the info I provided to show my work.
Pulled a list of RisePro hits from Censys. Realized the same IP Addresses were not flagged in Shodan. I cross correlated the IP ranges in Fofa:
To tighten this down, I would likely flag it with the tag:c2 in Shodan to make sure and only get the most correct hits.
Thanks for the breakdown! I did some more some research on that favicon and it does not appear to be unique to RisePro so I am electing not to use it here. However the HTTP server response is unique so I added the following to the tracker. I will still credit you for bringing this tool to my attention. Thank you!
Reference: https://news.kaduu.io/blog/2023/07/27/fraudgpt-the-latest-ai-tool-for-sophisticated-cyber-attacks/
Shodan Search --- 'Server: RisePro'
https://www.shodan.io/search?query=http.favicon.hash%3A350958836 Corroborating: https://search.censys.io/search?resource=hosts&sort=RELEVANCE&per_page=25&virtual_hosts=EXCLUDE&q=services.software.product%3A+RisePro
Rise Pro: http.favicon.hash:350958836