mypdns / matrix

My Privacy DNS #Matrix lists for blacklisting
https://mypdns.org/
Other
88 stars 13 forks source link

bkengineersindia.com #472

Closed g0d33p3rsec closed 4 months ago

g0d33p3rsec commented 5 months ago

Blacklist domain as

Comments

This domain is now hosting the phishing kit that was previously at englishplusmore[.]com(#404), carnesboinobre[.]com[.]br,  technowide[.]com[.]tr,  jestertunes[.]com, safecartusa[.]com, foreverfarley[.]com, azezieldraconous[.]com, westernautomobileassembly[.]com , littleswanaircon[.]com[.]sg, iwan2travel[.]com, applesforfred[.]com, theaerie[.]ca, nico[.]sa, ajstelecom[.]com[.]mx, and many others (approximately 120 domains since 2021).

Domain records

bkengineersindia.com|phishing

Hosts specific records, not used by DNS RPZ firewalls

No response

Screenshots

Screenshot ![334983428-dd6b6b66-b16e-48c9-95f6-11f78b605127](https://github.com/mypdns/matrix/assets/108126637/5c9b6611-ecf8-45d1-a18b-16525dbf9e14) ![334983477-7928e2b8-c621-4853-b62d-1674658f33b5](https://github.com/mypdns/matrix/assets/108126637/3d316bb3-88da-40c9-98e4-5229997cab88) ![334983533-136e606c-640d-4acc-bac2-8710662ef8e5](https://github.com/mypdns/matrix/assets/108126637/f41ef0f4-3360-4591-b3d7-2333ab339833) ![334986747-fad6385d-5532-4025-93e9-a13e866fcbb8](https://github.com/mypdns/matrix/assets/108126637/8cb21480-66ec-4ff2-a609-d285d5415acb) ![334986784-b66b4954-59b3-4a4f-9846-51c6222849e1](https://github.com/mypdns/matrix/assets/108126637/d086cda7-7ffb-48f2-ada0-80273291a871)

Links to external sources

https://bkengineersindia.com/M3AzSDVuMUQ3SjNZOWw=
https://bkengineersindia.com/M2sxMzhFNm4wZjNJNnk=
https://bkengineersindia.com/M04zTjF1MVE0MTNPNVk=
https://bkengineersindia.com/MnU4RDM4MTE5MDQyNG0=
https://bkengineersindia.com/M0QyMTlMME01VDh3MmE=


### logs from uBlock Origin

_No response_
g0d33p3rsec commented 5 months ago

I'm noticing that most hosts seem to be vulnerable to CVE-2008-3844 when I run them through Shodan. https://www.shodan.io/host/166.62.28.145 image

compare with the host that was being used yesterday https://www.shodan.io/host/50.87.249.228 image

This is a vuln that has consistently shown up on hosts related to this activity group.

spirillen commented 4 months ago

Nice notice, Thanks for sharing