Skip to content

Instantly share code, notes, and snippets.

Avatar

Alan Neilan ANeilan

View GitHub Profile
@ANeilan
ANeilan / sketchy-facebook-ads-linking-to-cashapp-google-forms.md
Last active Apr 7, 2021
A list of facebook ads (and the accounts) that are linking to google forms purporting to be a "$750 cashapp giveaway" and the resulting URLs they link to
View sketchy-facebook-ads-linking-to-cashapp-google-forms.md
Facebook Profile Google Form URL Resulting Link
Cashapp Orient (Deleted) https://docs.google.com/forms/d/e/1FAIpQLSdMqzAAYL0mnFUOAII2vvCUC8oos6_4s_NWbjnxzreuQ-WV9w/viewform https://golakh.com/cashapp
https://www.facebook.com/Added-offer-103593825168714/ https://docs.google.com/forms/d/e/1FAIpQLScFxY2LinIeMlGyeT8DpsG9bJmBSBHWydWGb3bL-Gk1FS-ayg/viewform https://golakh.com/cashapp
https://www.facebook.com/Announcement-Deals-110229211162881/ `https://docs.google.com/forms/d/e/1FAIpQLSc7oBLr0A9mSBUNMyZLDB5QdppjF4QF
@ANeilan
ANeilan / stuff-i-found-2020-06-09.md
Created Jun 10, 2020
stuff i found going through certificate data
View stuff-i-found-2020-06-09.md
URL Domain IP Whois/SOA Email Exfil Email (if any)
http://alegzw.ga/mfa/june/wd.zip alegzw.ga 50.116.77.99 N/A thomascreditsfirms@gmail.com
http://www.alegzw.ga/mfa/june/wd.zip alegzw.ga 50.116.77.99 N/A thomascreditsfirms@gmail.com
http://aviationsuppliers.ml/aviation.zip aviationsuppliers.ml 199.188.201.106 N/A N/A
`http://www.
@ANeilan
ANeilan / bunch-of-ipanel-pro-urls-2020-06-03.md
Last active Jun 4, 2020
Bunch of iPanel Pro URLs all on 190.14.38.22 (including the whois email addresses)
View bunch-of-ipanel-pro-urls-2020-06-03.md
URL Domain Whois Email(s)
hxxp://icloud.com.app-es.live/admin/login.php app-es.live ipaypalpay@gmail.com
hxxp://www.icloud.com.app-es.live/admin/login.php app-es.live ipaypalpay@gmail.com
hxxp://apple.com.app-logins.live/admin/login.php app-logins.live ipaypalpay@gmail.com
hxxp://www.apple.com.app-logins.live/admin/login.php app-logins.live ipaypalpay@gmail.com
View bunch-of-whatsapp-spam-pages-2020-05-26.md
URL IP
bokep-terbaru.joinsgrup14.ga 91.211.247.214
bokep18.join-gruop.ml 195.181.245.86
bokephotsangeonline.tantehot18.tk 195.181.245.86
bokepsugionobkp.advanced5.cf 95.111.249.144
chatwhatsaapgrupjoin.whatsapp20.cf 195.181.245.86
gabung-grup-bokep.whatsapp20.cf 195.181.245.86
group-chat-bokep.hot11.ga 95.111.226.177
groupbokep2020.zxuv.ga 95.111.249.144
@ANeilan
ANeilan / oneamericacampaign-subdomains-2020-05-25.md
Created May 25, 2020
subdomains that some schmuck keeps registering (they don't really have anything deployed, simply returning an error "Server unable to read htaccess file, denying access to be safe")
View oneamericacampaign-subdomains-2020-05-25.md
URL Domain IP DNS Servers ASN
appleidrecoveraccount85236552phd.oneamericacampaign.com oneamericacampaign.com 64.131.69.72 ns1.icna.us,ns2.icna.us 30633
netfilx-restart-membership-z.oneamericacampaign.com oneamericacampaign.com 64.131.69.72 ns1.icna.us,ns2.icna.us 30633
www.appleidrecoveraccount85236552phd.oneamericacampaign.com oneamericacampaign.com 64.131.69.72 ns1.icna.us,ns2.icna.us 30633
www.netfilx-restart-membership-z.oneamericacampaign.com oneamericacampaign.com 64.131.69.72 ns1.icna.us,ns2.icna.us 30633
@ANeilan
ANeilan / ebay-phishing-domains-2020-05-18.md
Created May 18, 2020
a list of ebay phishing domains that i discovered when combing through certificate data (through the .top TLD)
View ebay-phishing-domains-2020-05-18.md
URL Domain IP Whois Emails DNS Servers Mail Servers
ebay.com-item-1990-winnebago-minnie-winnie.a4dsd.top a4dsd.top 104.219.248.88 87537f5e04cf452ba11aec2a0e06fa3b.protect@whoisguard.com,abuse@namecheap.com dns1.namecheaphosting.com,dns2.namecheaphosting.com smx1.web-hosting.com,smx2.web-hosting.com,smx3.web-hosting.com
ebay.com-item-2-0-1-8-mac-book-pro-touch-bar.eacs.top eacs.top
@ANeilan
ANeilan / stuff-i-found-on-stream-2020-05-16.md
Created May 16, 2020
things i found while going through certificate data on stream
View stuff-i-found-on-stream-2020-05-16.md
Type URL IP
Citibank Phish http://onlineincitiprof.thatssometal.icu/ced398e2e89ba5d2840497063e42b1ad/login.php 178.159.36.51
Citibank Phish http://www.citiaccessjbrhjefe.carlylecommunity.icu/login.php 178.159.36.51
Discovercard http://www.discoveraccess.wwwhealthypets.icu/6454ab20dc1465af4efadb97684328fa/login.php 178.159.36.51
Facebook Phish https://review-quality-152.info/ 162.0.229.6
Facebook Phish https://review-quality-1625.info/ 162.0.229.6
Facebook Phish https://review-quality-2635.info/
@ANeilan
ANeilan / stuff-i-found-on-stream-2020-05-09.md
Last active May 9, 2020
stuff i found while on twitch last night into this morning
View stuff-i-found-on-stream-2020-05-09.md
Type/Title URL Domain IP Address Threat Actor Email(s)
Applekit (probably) https://apple.com-m.us/admin/login com-m.us 103.67.236.176 appleautha@gmail.com
Broken AppleKit https://icloud.com-m.us/ com-m.us 103.67.236.176 appleautha@gmail.com
Broken iPanel https://apple.com-sign-in.xyz/ com-sign-in.xyz 31.31.198.115 N/A
Broken iPanel https://icloud.com-findmyphone.com/ com-findmyphone.com 31.31.196.132 messi.xboxlive@gmail.com
@ANeilan
ANeilan / tech-support-scammer-kits-2020-05-08.md
Created May 8, 2020
handful of tech support scammer kits i found overnight
View tech-support-scammer-kits-2020-05-08.md
URL IP Address Scammer Phone Number
http://jamtaramicro.club/jp%20pop.zip 72.52.229.133 050-5532-1336
http://southafrictekkitech3242.xyz/Southafrica.zip 162.241.27.152 087 821 7499
http://southafrotechie.xyz/new%20zealand.zip 162.241.27.152 04 889 0699
http://www.jamtaramicro.club/jp%20pop.zip 72.52.229.133 050-5532-1336
http://www.southafrotechie.xyz/new%20zealand.zip 162.241.27.152 04 889 0699
@ANeilan
ANeilan / stuff-i-found-yesterday-2020-05-07.md
Created May 7, 2020
stuff i found yesterday using certstream data from 2020/05/05
View stuff-i-found-yesterday-2020-05-07.md
URL Domain IP Address Threat Actor Email(s)
http://alerteg3husg4yagaandme.xyz/system.zip alerteg3husg4yagaandme.xyz 199.188.200.52 N/A
http://allmails.ga/QuotaLimit.zip allmails.ga 111.90.142.141 `123@airs