Http- Bkwifi.net -

The domain bkwifi.net was registered by a now-defunct IT consultancy called Starlight Networks in 2014. Their original purpose was noble: a lightweight, offline-capable authentication portal for hotels using backup LTE connections. The system ran on a cheap Raspberry Pi cluster zip-tied to a rack in the basement of the Aurora Grand.

She SSH’d into the Pi. Its local log showed a single line repeated every 90 seconds: http- bkwifi.net

The problem? Starlight Networks went bankrupt in 2019, and no one renewed the domain’s enterprise DNSSEC. The hotel’s internal DNS still pointed to a local IP (192.168.88.2) – but the public registration of bkwifi.net had lapsed. In 2022, a grey-hat hacker known only as "Cipher" noticed the expired domain. He bought it for $11.99 on GoDaddy. The domain bkwifi

She connected. The blue-and-white page appeared: http://bkwifi.net/guest . She typed her room number and last name. She SSH’d into the Pi

It received Cipher’s server.

He didn’t change the IP immediately. Instead, he set up a honeypot. He copied the old blue-and-white portal perfectly, but added one line of JavaScript. It wasn't malicious yet—it was a logger . Every time someone in the world accidentally typed http://bkwifi.net (perhaps misremembering a hotel’s private address), Cipher saw their IP, their browser, their OS.