Alan Neilan ANeilan

## exploded_phish_kits_wordlist.dict
.cgi/
.cgi/.htaccess
.cgi/idm/
.cgi/idm/.htaccess
.cgi/idm/index.php
.cgi/idm/oauth2
.cgi/idm/oauth2/authword.php
.cgi/idm/oauth2/context.php
.cgi/idm/oauth2/Email.php
.cgi/idm/oauth2/index.php

## sketchy-facebook-ads-linking-to-cashapp-google-forms.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                ANeilan
                / sketchy-facebook-ads-linking-to-cashapp-google-forms.md
            
            
              Last active
              April 7, 2021 16:23
            
              
                A list of facebook ads (and the accounts) that are linking to google forms purporting to be a "$750 cashapp giveaway" and the resulting URLs they link to
              
          
Facebook Profile
Google Form URL
Resulting Link


Cashapp Orient (Deleted)
https://docs.google.com/forms/d/e/1FAIpQLSdMqzAAYL0mnFUOAII2vvCUC8oos6_4s_NWbjnxzreuQ-WV9w/viewform
https://golakh.com/cashapp


https://www.facebook.com/Added-offer-103593825168714/
https://docs.google.com/forms/d/e/1FAIpQLScFxY2LinIeMlGyeT8DpsG9bJmBSBHWydWGb3bL-Gk1FS-ayg/viewform
https://golakh.com/cashapp


https://www.facebook.com/Announcement-Deals-110229211162881/
`https://docs.google.com/forms/d/e/1FAIpQLSc7oBLr0A9mSBUNMyZLDB5QdppjF4QF


## stuff-i-found-2020-06-09.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                ANeilan
                / stuff-i-found-2020-06-09.md
            
            
              Created
              June 10, 2020 02:03
            
              
                stuff i found going through certificate data
              
          
URL
Domain
IP
Whois/SOA Email
Exfil Email (if any)


http://alegzw.ga/mfa/june/wd.zip
alegzw.ga
50.116.77.99
N/A
thomascreditsfirms@gmail.com


http://www.alegzw.ga/mfa/june/wd.zip
alegzw.ga
50.116.77.99
N/A
thomascreditsfirms@gmail.com


http://aviationsuppliers.ml/aviation.zip
aviationsuppliers.ml
199.188.201.106
N/A
N/A


`http://www.


## bunch-of-ipanel-pro-urls-2020-06-03.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                ANeilan
                / bunch-of-ipanel-pro-urls-2020-06-03.md
            
            
              Last active
              June 4, 2020 02:33
            
              
                Bunch of iPanel Pro URLs all on 190.14.38.22 (including the whois email addresses)
              
          
URL
Domain
Whois Email(s)


hxxp://icloud.com.app-es.live/admin/login.php
app-es.live
ipaypalpay@gmail.com


hxxp://www.icloud.com.app-es.live/admin/login.php
app-es.live
ipaypalpay@gmail.com


hxxp://apple.com.app-logins.live/admin/login.php
app-logins.live
ipaypalpay@gmail.com


hxxp://www.apple.com.app-logins.live/admin/login.php
app-logins.live
ipaypalpay@gmail.com


## bunch-of-whatsapp-spam-pages-2020-05-26.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                ANeilan
                / bunch-of-whatsapp-spam-pages-2020-05-26.md
            
            
              Created
              May 26, 2020 23:03
            
              
                bunch of whatsapp spam pages
              
          
URL
IP


bokep-terbaru.joinsgrup14.ga
91.211.247.214


bokep18.join-gruop.ml
195.181.245.86


bokephotsangeonline.tantehot18.tk
195.181.245.86


bokepsugionobkp.advanced5.cf
95.111.249.144


chatwhatsaapgrupjoin.whatsapp20.cf
195.181.245.86


gabung-grup-bokep.whatsapp20.cf
195.181.245.86


group-chat-bokep.hot11.ga
95.111.226.177


groupbokep2020.zxuv.ga
95.111.249.144


## oneamericacampaign-subdomains-2020-05-25.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                ANeilan
                / oneamericacampaign-subdomains-2020-05-25.md
            
            
              Created
              May 25, 2020 16:30
            
              
                subdomains that some schmuck keeps registering (they don't really have anything deployed, simply returning an error "Server unable to read htaccess file, denying access to be safe")
              
          
URL
Domain
IP
DNS Servers
ASN


appleidrecoveraccount85236552phd.oneamericacampaign.com
oneamericacampaign.com
64.131.69.72
ns1.icna.us,ns2.icna.us
30633


netfilx-restart-membership-z.oneamericacampaign.com
oneamericacampaign.com
64.131.69.72
ns1.icna.us,ns2.icna.us
30633


www.appleidrecoveraccount85236552phd.oneamericacampaign.com
oneamericacampaign.com
64.131.69.72
ns1.icna.us,ns2.icna.us
30633


www.netfilx-restart-membership-z.oneamericacampaign.com
oneamericacampaign.com
64.131.69.72
ns1.icna.us,ns2.icna.us
30633


## ebay-phishing-domains-2020-05-18.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                ANeilan
                / ebay-phishing-domains-2020-05-18.md
            
            
              Created
              May 18, 2020 21:05
            
              
                a list of ebay phishing domains that i discovered when combing through certificate data (through the .top TLD) 
              
          
URL
Domain
IP
Whois Emails
DNS Servers
Mail Servers


ebay.com-item-1990-winnebago-minnie-winnie.a4dsd.top
a4dsd.top
104.219.248.88
87537f5e04cf452ba11aec2a0e06fa3b.protect@whoisguard.com,abuse@namecheap.com
dns1.namecheaphosting.com,dns2.namecheaphosting.com
smx1.web-hosting.com,smx2.web-hosting.com,smx3.web-hosting.com


ebay.com-item-2-0-1-8-mac-book-pro-touch-bar.eacs.top
eacs.top


## stuff-i-found-on-stream-2020-05-16.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                ANeilan
                / stuff-i-found-on-stream-2020-05-16.md
            
            
              Created
              May 16, 2020 21:22
            
              
                things i found while going through certificate data on stream
              
          
Type
URL
IP


Citibank Phish
http://onlineincitiprof.thatssometal.icu/ced398e2e89ba5d2840497063e42b1ad/login.php
178.159.36.51


Citibank Phish
http://www.citiaccessjbrhjefe.carlylecommunity.icu/login.php
178.159.36.51


Discovercard
http://www.discoveraccess.wwwhealthypets.icu/6454ab20dc1465af4efadb97684328fa/login.php
178.159.36.51


Facebook Phish
https://review-quality-152.info/
162.0.229.6


Facebook Phish
https://review-quality-1625.info/
162.0.229.6


Facebook Phish
https://review-quality-2635.info/


## stuff-i-found-on-stream-2020-05-09.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                ANeilan
                / stuff-i-found-on-stream-2020-05-09.md
            
            
              Last active
              May 9, 2020 15:12
            
              
                stuff i found while on twitch last night into this morning
              
          
Type/Title
URL
Domain
IP Address
Threat Actor Email(s)


Applekit (probably)
https://apple.com-m.us/admin/login
com-m.us
103.67.236.176
appleautha@gmail.com


Broken AppleKit
https://icloud.com-m.us/
com-m.us
103.67.236.176
appleautha@gmail.com


Broken iPanel
https://apple.com-sign-in.xyz/
com-sign-in.xyz
31.31.198.115
N/A


Broken iPanel
https://icloud.com-findmyphone.com/
com-findmyphone.com
31.31.196.132
messi.xboxlive@gmail.com


## tech-support-scammer-kits-2020-05-08.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                ANeilan
                / tech-support-scammer-kits-2020-05-08.md
            
            
              Created
              May 8, 2020 11:54
            
              
                handful of tech support scammer kits i found overnight
              
          
URL
IP Address
Scammer Phone Number


http://jamtaramicro.club/jp%20pop.zip
72.52.229.133
050-5532-1336


http://southafrictekkitech3242.xyz/Southafrica.zip
162.241.27.152
087 821 7499


http://southafrotechie.xyz/new%20zealand.zip
162.241.27.152
04 889 0699


http://www.jamtaramicro.club/jp%20pop.zip
72.52.229.133
050-5532-1336


http://www.southafrotechie.xyz/new%20zealand.zip
162.241.27.152
04 889 0699
	.cgi/
	.cgi/.htaccess
	.cgi/idm/
	.cgi/idm/.htaccess
	.cgi/idm/index.php
	.cgi/idm/oauth2
	.cgi/idm/oauth2/authword.php
	.cgi/idm/oauth2/context.php
	.cgi/idm/oauth2/Email.php
	.cgi/idm/oauth2/index.php
Facebook Profile	Google Form URL	Resulting Link
`Cashapp Orient (Deleted)`	`https://docs.google.com/forms/d/e/1FAIpQLSdMqzAAYL0mnFUOAII2vvCUC8oos6_4s_NWbjnxzreuQ-WV9w/viewform`	`https://golakh.com/cashapp`
`https://www.facebook.com/Added-offer-103593825168714/`	`https://docs.google.com/forms/d/e/1FAIpQLScFxY2LinIeMlGyeT8DpsG9bJmBSBHWydWGb3bL-Gk1FS-ayg/viewform`	`https://golakh.com/cashapp`
`https://www.facebook.com/Announcement-Deals-110229211162881/`	`https://docs.google.com/forms/d/e/1FAIpQLSc7oBLr0A9mSBUNMyZLDB5QdppjF4QF
`URL`	`Domain`	`IP`	`Whois/SOA Email`	`Exfil Email (if any)`
`http://alegzw.ga/mfa/june/wd.zip`	`alegzw.ga`	`50.116.77.99`	`N/A`	`thomascreditsfirms@gmail.com`
`http://www.alegzw.ga/mfa/june/wd.zip`	`alegzw.ga`	`50.116.77.99`	`N/A`	`thomascreditsfirms@gmail.com`
`http://aviationsuppliers.ml/aviation.zip`	`aviationsuppliers.ml`	`199.188.201.106`	`N/A`	`N/A`
`http://www.
`URL`	`Domain`	`Whois Email(s)`
`hxxp://icloud.com.app-es.live/admin/login.php`	`app-es.live`	`ipaypalpay@gmail.com`
`hxxp://www.icloud.com.app-es.live/admin/login.php`	`app-es.live`	`ipaypalpay@gmail.com`
`hxxp://apple.com.app-logins.live/admin/login.php`	`app-logins.live`	`ipaypalpay@gmail.com`
`hxxp://www.apple.com.app-logins.live/admin/login.php`	`app-logins.live`	`ipaypalpay@gmail.com`
`URL`	`IP`
`bokep-terbaru.joinsgrup14.ga`	`91.211.247.214`
`bokep18.join-gruop.ml`	`195.181.245.86`
`bokephotsangeonline.tantehot18.tk`	`195.181.245.86`
`bokepsugionobkp.advanced5.cf`	`95.111.249.144`
`chatwhatsaapgrupjoin.whatsapp20.cf`	`195.181.245.86`
`gabung-grup-bokep.whatsapp20.cf`	`195.181.245.86`
`group-chat-bokep.hot11.ga`	`95.111.226.177`
`groupbokep2020.zxuv.ga`	`95.111.249.144`
`URL`	`Domain`	`IP`	`DNS Servers`	`ASN`
`appleidrecoveraccount85236552phd.oneamericacampaign.com`	`oneamericacampaign.com`	`64.131.69.72`	`ns1.icna.us,ns2.icna.us`	`30633`
`netfilx-restart-membership-z.oneamericacampaign.com`	`oneamericacampaign.com`	`64.131.69.72`	`ns1.icna.us,ns2.icna.us`	`30633`
`www.appleidrecoveraccount85236552phd.oneamericacampaign.com`	`oneamericacampaign.com`	`64.131.69.72`	`ns1.icna.us,ns2.icna.us`	`30633`
`www.netfilx-restart-membership-z.oneamericacampaign.com`	`oneamericacampaign.com`	`64.131.69.72`	`ns1.icna.us,ns2.icna.us`	`30633`
`URL`	`Domain`	`IP`	`Whois Emails`	`DNS Servers`	`Mail Servers`
`ebay.com-item-1990-winnebago-minnie-winnie.a4dsd.top`	`a4dsd.top`	`104.219.248.88`	`87537f5e04cf452ba11aec2a0e06fa3b.protect@whoisguard.com,abuse@namecheap.com`	`dns1.namecheaphosting.com,dns2.namecheaphosting.com`	`smx1.web-hosting.com,smx2.web-hosting.com,smx3.web-hosting.com`
`ebay.com-item-2-0-1-8-mac-book-pro-touch-bar.eacs.top`	`eacs.top`
`Type`	`URL`	`IP`
`Citibank Phish`	`http://onlineincitiprof.thatssometal.icu/ced398e2e89ba5d2840497063e42b1ad/login.php`	`178.159.36.51`
`Citibank Phish`	`http://www.citiaccessjbrhjefe.carlylecommunity.icu/login.php`	`178.159.36.51`
`Discovercard`	`http://www.discoveraccess.wwwhealthypets.icu/6454ab20dc1465af4efadb97684328fa/login.php`	`178.159.36.51`
`Facebook Phish`	`https://review-quality-152.info/`	`162.0.229.6`
`Facebook Phish`	`https://review-quality-1625.info/`	`162.0.229.6`
`Facebook Phish`	`https://review-quality-2635.info/`
`Type/Title`	`URL`	`Domain`	`IP Address`	`Threat Actor Email(s)`
`Applekit (probably)`	`https://apple.com-m.us/admin/login`	`com-m.us`	`103.67.236.176`	`appleautha@gmail.com`
`Broken AppleKit`	`https://icloud.com-m.us/`	`com-m.us`	`103.67.236.176`	`appleautha@gmail.com`
`Broken iPanel`	`https://apple.com-sign-in.xyz/`	`com-sign-in.xyz`	`31.31.198.115`	`N/A`
`Broken iPanel`	`https://icloud.com-findmyphone.com/`	`com-findmyphone.com`	`31.31.196.132`	`messi.xboxlive@gmail.com`
`URL`	`IP Address`	`Scammer Phone Number`
`http://jamtaramicro.club/jp%20pop.zip`	`72.52.229.133`	`050-5532-1336`
`http://southafrictekkitech3242.xyz/Southafrica.zip`	`162.241.27.152`	`087 821 7499`
`http://southafrotechie.xyz/new%20zealand.zip`	`162.241.27.152`	`04 889 0699`
`http://www.jamtaramicro.club/jp%20pop.zip`	`72.52.229.133`	`050-5532-1336`
`http://www.southafrotechie.xyz/new%20zealand.zip`	`162.241.27.152`	`04 889 0699`