URL |
Domain |
IP Address |
Threat Actor Email(s) |
|---|---|---|---|
http://alerteg3husg4yagaandme.xyz/system.zip |
alerteg3husg4yagaandme.xyz |
199.188.200.52 |
N/A |
http://allmails.ga/QuotaLimit.zip |
allmails.ga |
111.90.142.141 |
`123@airs |
Alan Neilan ANeilan
ANeilan
/ stuff-i-found-yesterday-2020-05-07.md
Created
May 7, 2020 16:19
stuff i found yesterday using certstream data from 2020/05/05
ANeilan
/ blogspam-links-from-blogspot-2020-05-04.md
Last active
May 4, 2020 23:30
a large chunk of blogspot blogspam scraped from a group on facebook group that was overrun with spambots
URL |
Blogger Profile URL |
Blogger Profile Name |
Link Redirect |
|---|---|---|---|
https://007-california2020.blogspot.com/ |
https://www.blogger.com/profile/08001925292236921561 |
Blogger: User Profile: shazi |
`https://www.pktechz.com/california- |
ANeilan
/ shells-on-freenoms-2020-04-29.md
Last active
April 29, 2020 17:19
bunch of webshells that i found on freenom domains. all follow the format (domain)/shell.php
URL of Shell |
IP Address |
|---|---|
hxxp://accept-71.cf/shell.php |
192.254.134.208 |
hxxp://accept-71.ga/shell.php |
192.254.134.208 |
hxxp://cojastic-71.cf/shell.php |
192.254.134.208 |
hxxp://cojastic-71.ga/shell.php |
192.254.134.208 |
hxxp://cojastic-71.gq/shell.php |
192.254.134.208 |
hxxp://cojastic-71.ml/shell.php |
192.254.134.208 |
hxxp://estate-71.ga/shell.php |
192.254.161.35 |
hxxp://estate-71.tk/shell.php |
192.254.161.35 |
ANeilan
/ whatsapp-and-other-weird-domains-2020-04-29.md
Last active
April 29, 2020 12:07
whatsapp group invites and other weirdness from bruteforced subdomains
URL |
Site Title |
IP Address |
|---|---|---|
bkp-manz.resmi1.xyz |
WhatsApp |
89.47.165.172 |
bkpgrupjoin.resmi1.xyz |
WhatsApp Group Invite |
89.47.165.172 |
bokep-virall.resmi1.xyz |
WhatsApp Group Invite |
89.47.165.172 |
bokep-virall66.resmi1.xyz |
WhatsApp Group Invite |
89.47.165.172 |
bokephits.resmi1.xyz |
WhatsApp Grup Join |
89.47.165.172 |
bokepjepang.resmi1.xyz |
WhatsApp Grup Join |
ANeilan
/ more-stuff-i-found-yesterday-2020-04-28.md
Created
April 29, 2020 11:15
more stuff i found yesterday, all of them are up as of 7:15am EST, 2020-04-29
URL |
Domain |
IP Address |
Threat Actor Email(s) |
|---|---|---|---|
http://abalancingactbook.xyz/fresh/onedriveGT.zip |
abalancingactbook.xyz |
91.234.99.221 |
ahmedwire2015@gmail.com |
http://biltomsen.ga/moearthlink.zip |
biltomsen.ga |
5.182.210.2 |
itachi900@yandex.com |
http://campuspolicy.icu/fresh/onedriveGT.zip |
campuspolicy.icu |
91.234.99.221 |
ahmedwire2015@gmail.com |
| `http://camtos.ml/moearthlink.zi |
ANeilan
/ whatsap-phishing-urls-2020-04-28.md
Created
April 28, 2020 19:27
bunch of Whatsapp Phishing urls i found from bruteforcing some subdomains of resmi91.tk
URL |
urlscan result |
|---|---|
http://gabung-wagrup.resmi91.tk |
http://urlscan.io/result/36785856-f11b-4024-b5a8-260299930ab5/ |
http://groupdewasa.resmi91.tk |
http://urlscan.io/result/f3c179f2-3caa-405f-b543-6e632429e98b/ |
http://grouphotviral.resmi91.tk |
http://urlscan.io/result/71c4b80f-1592-4538-9e96-2aeffc6b3e6b/ |
http://grubuwoeebudi01gaming.resmi91.tk |
http://urlscan.io/result/e65c220d-19a2-4527-9811-8f645dc8753d/ |
http://grupbudi01gaming.resmi91.tk |
http://urlscan.io/result/0749c1ad-5f92-4157-a1e5-5b455b187445/ |
http://joingrup11.resmi91.tk |
http://urlscan.io/result/92babd5d-a919-4be5-900c-9675ca3e2316/ |
http://joingrupsahurwoyy.resmi91.tk |
`http://urlscan.io/result/3d1a2d9b-1ba |
ANeilan
/ stuff-i-found-2020-04-28.md
Created
April 28, 2020 17:48
stuff i found from last nights certstream data during my shift
URL |
Domain |
IP Address |
Threat Actor Email(s) |
|---|---|---|---|
http://airasiaexpress.icu/jpmc/ |
airasiaexpress.icu |
178.159.36.51 |
N/A |
http://allnepaltrekking.icu/Financial/afzz.zip |
allnepaltrekking.icu * |
178.159.36.137 |
boxoffice794@gmail.com |
http://anaboliccooking.icu/document/Adobe%20PDF%20.zip |
anaboliccooking.icu |
178.159.36.53 |
alanking105@gmail.com |
ANeilan
/ stuff-i-found-2020-04-24.md
Created
April 25, 2020 02:54
stuff i found while i was on my shift at work
URL |
Domain |
IP Address |
Threat Actor Email(s) |
|---|---|---|---|
http://alkalabs.cf/1/Desktop.zip |
alkalabs.cf |
104.254.213.2 |
n/a |
http://alkalabs.cf/adobe.zip |
alkalabs.cf |
104.254.213.2 |
Robert.Heuschneider@lutz-jesco.epizy.com |
http://alkalabs.cf/jj/top.zip |
ANeilan
/ stuff-i-found-2020-04-22.md
Created
April 22, 2020 21:29
stuff i found since the last 'stuff i found' gist
URL |
Domain |
IP Address |
Threat Actor Email(s) |
|---|---|---|---|
http://allprojectsunlimited.top/Firstbank2.zip |
allprojectsunlimited.top |
91.234.99.220 |
zate123man@gmail.com,pronc@prontomail.com |
http://checkout-enchanced.ddns.net/Europe.zip |
checkout-enchanced.ddns.net |
62.4.21.167 |
yanko.pro@protonmail.com |
http://expire-enhanced.ddns.net/Europe.zip |
expire-enhanced.ddns.net |
62.4.21.167 |
yanko.pro@protonmail.com |
ANeilan
/ stuff-i-found-2020-04-21.md
Created
April 22, 2020 00:04
stuff i found over the past 24 hours or so, combing through cert data / opendirectories
URL |
Domain |
IP Address |
Threat Actor Email(s) |
|---|---|---|---|
http://batricka-71.gq/fax/Whyxoffice365%202018.zip |
batricka-71.gq |
35.157.48.36 |
None (Unconfigured) |
http://beethemovies.ml/Ourtime/Ourtime1.zip |
beethemovies.ml |
192.210.199.68 |
amadareed7@gmail.com |
http://bethasda-71.ga/fax/Whyxoffice365%202018.zip |
bethasda-71.ga |
15.223.67.215 |
None (Unconfigured) |