This writeup about how to obtain legitimate bing redirect using your custom domain with bing.com acting as shield to bypass spam filters and malicious link detectors.
General Requirement:
Hostinger based domain
Cloudflare account
Clean Decoy VPS
Offshore Windows RDP/Linux VPS
STEP I:
Register a domain on hoster with tld .eu or .pt, this tld works very well for both c2 endpoints and spam. link the domain to your cloudflare account through ns records and set dns records to the ip of your decoy vps, hetzner gmbh or hostinger will do since they have clean ips (you can buy a clean full subnet from local providers if its large project). From here to set up wordpress hosting on the domain using hostinger, install yoast seo plugin in wordpress and add the site to bing webmaster, this will get your site indexed faster on bing search Setup request proxying/reverse proxy on the decoy vps using nginx to pass through the requests/traffic to your offshore vps/rdp. This will prevent your main offshore vps from getting detected or banned if cloudflare detects phishing.
STEP II:
Setup nginx on the offshore vps to host the redirect script which is based in js, this script will redirect any traffic from the bing query url.
redirect.js
if(window.location.href.includes("ck/a?! &&")){window.location.replace("pageurl");}
STEP III:
We are done with the server side, the bing exploitation is very simple, once the site has been indexed by bing search this normally takes 72 hours,
visit bing.com, search for your site using the bing query site:example.com (replace exaple.com with your domain without the http:///https://)
Your site will appear up once it does right click on the domain name and click 'Copy Link'
the link you copied will act as the open redirect
the site used in this example is beautyshopeurope.eu and its open redirect is https://www.bing.com/ck/a?!&&p=06bb...1aHR0cHM6Ly9iZWF1dHlzaG9wZXVyb3BlLmV1Lw&ntb=1
you can now utilize the link for spam, its tested overtime to inbox any mail provider and pass most spam filters and malicious link detectors. for large scale malware workers who work with cloakers check section of the ksroskis manual volume 2 for an alternative for such large scale projects. Setup sub domains pointing to new subnets if you need multiple openredirects for rotational operation and less cost for new services.
General Requirement:
Hostinger based domain
Cloudflare account
Clean Decoy VPS
Offshore Windows RDP/Linux VPS
STEP I:
Register a domain on hoster with tld .eu or .pt, this tld works very well for both c2 endpoints and spam. link the domain to your cloudflare account through ns records and set dns records to the ip of your decoy vps, hetzner gmbh or hostinger will do since they have clean ips (you can buy a clean full subnet from local providers if its large project). From here to set up wordpress hosting on the domain using hostinger, install yoast seo plugin in wordpress and add the site to bing webmaster, this will get your site indexed faster on bing search Setup request proxying/reverse proxy on the decoy vps using nginx to pass through the requests/traffic to your offshore vps/rdp. This will prevent your main offshore vps from getting detected or banned if cloudflare detects phishing.
STEP II:
Setup nginx on the offshore vps to host the redirect script which is based in js, this script will redirect any traffic from the bing query url.
redirect.js
if(window.location.href.includes("ck/a?! &&")){window.location.replace("pageurl");}
STEP III:
We are done with the server side, the bing exploitation is very simple, once the site has been indexed by bing search this normally takes 72 hours,
visit bing.com, search for your site using the bing query site:example.com (replace exaple.com with your domain without the http:///https://)
Your site will appear up once it does right click on the domain name and click 'Copy Link'
the link you copied will act as the open redirect
the site used in this example is beautyshopeurope.eu and its open redirect is https://www.bing.com/ck/a?!&&p=06bb...1aHR0cHM6Ly9iZWF1dHlzaG9wZXVyb3BlLmV1Lw&ntb=1
you can now utilize the link for spam, its tested overtime to inbox any mail provider and pass most spam filters and malicious link detectors. for large scale malware workers who work with cloakers check section of the ksroskis manual volume 2 for an alternative for such large scale projects. Setup sub domains pointing to new subnets if you need multiple openredirects for rotational operation and less cost for new services.