Scam Number: (877) 841-0186
Domain Used: Security Center Error #0x268d3 (159-89-166-65.plesk.page)
Extra Info: got this from youtuve.com, classic trojan spyware alert scam. I used wireshark during the connection and believe their IP is 43.231.56.182, as this is based in Noida, India. I’m going to see what other passive reconnaissance I can do in order to find out more about them.
Other IPs associated with this call center is 43.231.56.1 and 43.231.56.18.
If you type 43.231.56.182 in the browser, you’ll find a login page for MikroTik’s RouterOS v6.47.10. Going to https://43.231.56.1/simple/view/login.html will allow you to login into a Huawei switch. Honestly, my knowledge of pentesting beyond this is pretty limited. I was debating trying to go into these devices but I’d rather not start trying to do illegal actions, although, for strictly educational purposes, does anyone have any suggestions for how you would penetrate these machines? I was thinking using CVE to look up these devices or using burp suite and modifying HTTP packets to see what happens, but I’m pretty much a noob when it comes to penetration testing.