Skip to content
This repository has been archived by the owner on May 18, 2020. It is now read-only.

Strongarm blockpage update #3

Open
chrisforce1 opened this issue May 8, 2018 · 1 comment
Open

Strongarm blockpage update #3

chrisforce1 opened this issue May 8, 2018 · 1 comment
Assignees
@chrisforce1
Labels
bug help wanted

Comments

@chrisforce1
Copy link

chrisforce1 commented May 8, 2018
edited
Loading

The Strongarm section within services.ini should be updated. Here's the offending section:

dingoes/services.ini

Lines 41 to 44 in 7105d7a

[Strongarm]
resolvers = 54.174.40.213, 52.3.100.184
blockpages = filtered.strongarm.io
homepage = https://strongarm.io/

From running a known bad C2 domain through the Strongarm resolver, they are now using a different blockpage and seem to have been acquired by WatchGuard:

$ dig a darlinculture.tk @54.174.40.213 +short
filtered.dnswatch.watchguard.com.
production-elb-filterhole-108254034.us-east-1.elb.amazonaws.com.
52.21.63.113
34.205.111.245

Please update services.ini when you can, thanks!
@gszathmari
Copy link
Member

Hi Chris, thank you for your report. Would you mind submitting a pull request for this? Thanks

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@chrisforce1 chrisforce1

Labels
bug help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@chrisforce1 @gszathmari