It seems that Scirge is advertising their solution to companies, promising to go away with password-related breaches. Unfortunately, the browser extension they use doesn’t appear to be public. Does anyone have access to it and could give to me so that I can have a look?
@WPalant A certificate transparency search for "scirge" on https://sslmate.com/ct_search_api/ turned up a bunch of hostnames like this: icy-venom.scirge.com, long-cosmic.scirge.com, silver-breeze.scirge.com, solid-creek.scirge.com, steep-autumn.scirge.com -- which I suspect are backing the "scirge-connect" domain for some customers. So I combined that with a URL from their user guide <https://docs.scirge.com/user-guide/3.2.0/#/> and:
@WPalant Here are all the files I could find: https://sandstorm.appux.com/shared/QZo7-WXNcANeHH_-qiCSf-XaziBSQtC85ojh6PHE76d
I think those are all version 3.3.0. Version 3.3.0 of the *user guide* stops mentioning those URLs, though. :-)
@WPalant Of those domains, steep-autumn and solid-creek also resolve. I downloaded the same files from solid-creek and the files are identical. Probably just a triplet of identical distribution servers.
@varx Nice! I actually tried the exact same thing but somehow didn’t find any domains that would resolve. Thanks a lot!
@WPalant Weird! And I tried crt.sh at first and didn't get any hits at all, which was sus, but I think that site is just having downtime. -.-
@varx I did use crt.sh, and I did get hits. Also checked out these names, but none of them resolved and I just assumed that they were used on some intranet. Should have been more thorough I guess.
A Mastodon instance for info/cyber security-minded people.