Skip to content

Instantly share code, notes, and snippets.

View ANeilan's full-sized avatar

Alan Neilan ANeilan

24 followers · 8 following
View GitHub Profile
@ANeilan
ANeilan / exploded_phish_kits_wordlist.dict
Last active January 6, 2024 15:11
a wordlist/dictionary file from exploded phish kits. strings to feed to ffuf, dirbuster, gobuster, etc. in order to find phish kit infrastructure/resources
.cgi/
.cgi/.htaccess
.cgi/idm/
.cgi/idm/.htaccess
.cgi/idm/index.php
.cgi/idm/oauth2
.cgi/idm/oauth2/authword.php
.cgi/idm/oauth2/context.php
.cgi/idm/oauth2/Email.php
.cgi/idm/oauth2/index.php
@ANeilan
ANeilan / 16shop_details.txt
Created April 11, 2019 20:06
# registration details from sending post request to 16shop.club/api/setting/get_setting.php "domain=<blah>"
login.appleid.apples.idmsa.account.locked.sumarry-intl-cloud.com
IP: 162.144.72.165
HTTP/1.1 200 OK
Connection: keep-alive
Content-Encoding: gzip
Content-Type: application/json
@ANeilan
ANeilan / sketchy-facebook-ads-linking-to-cashapp-google-forms.md
Last active April 7, 2021 16:23
A list of facebook ads (and the accounts) that are linking to google forms purporting to be a "$750 cashapp giveaway" and the resulting URLs they link to
Facebook Profile Google Form URL Resulting Link
Cashapp Orient (Deleted) https://docs.google.com/forms/d/e/1FAIpQLSdMqzAAYL0mnFUOAII2vvCUC8oos6_4s_NWbjnxzreuQ-WV9w/viewform https://golakh.com/cashapp
https://www.facebook.com/Added-offer-103593825168714/ https://docs.google.com/forms/d/e/1FAIpQLScFxY2LinIeMlGyeT8DpsG9bJmBSBHWydWGb3bL-Gk1FS-ayg/viewform https://golakh.com/cashapp
https://www.facebook.com/Announcement-Deals-110229211162881/ `https://docs.google.com/forms/d/e/1FAIpQLSc7oBLr0A9mSBUNMyZLDB5QdppjF4QF
@ANeilan
ANeilan / phishing_sites_on_178.159.36.41.md
Last active November 29, 2020 19:53
phishing sites i found from certificate data for sites that resolve to 178.159.36.41

IP: 178.159.36.41
Netblock (using Whois info): 178.159.36.0-178.159.36.255
ASN: 35196 IHOR-AS, RU
Whois Email for IP: alexx.person@gmail.com
Whois Email / SOA for domains: zpkgsm96@gmail.com

URL Type
hxxp://icloud.com-findmyphone.in/admin/login.php iPanel Pro
hxxp://www.apps.care/apple/admin/login.php Sign In - iPanel
@ANeilan
ANeilan / stuff-i-found-2020-06-09.md
Created June 10, 2020 02:03
stuff i found going through certificate data
URL Domain IP Whois/SOA Email Exfil Email (if any)
http://alegzw.ga/mfa/june/wd.zip alegzw.ga 50.116.77.99 N/A thomascreditsfirms@gmail.com
http://www.alegzw.ga/mfa/june/wd.zip alegzw.ga 50.116.77.99 N/A thomascreditsfirms@gmail.com
http://aviationsuppliers.ml/aviation.zip aviationsuppliers.ml 199.188.201.106 N/A N/A
`http://www.
@ANeilan
ANeilan / bunch-of-ipanel-pro-urls-2020-06-03.md
Last active June 4, 2020 02:33
Bunch of iPanel Pro URLs all on 190.14.38.22 (including the whois email addresses)
URL Domain Whois Email(s)
hxxp://icloud.com.app-es.live/admin/login.php app-es.live ipaypalpay@gmail.com
hxxp://www.icloud.com.app-es.live/admin/login.php app-es.live ipaypalpay@gmail.com
hxxp://apple.com.app-logins.live/admin/login.php app-logins.live ipaypalpay@gmail.com
hxxp://www.apple.com.app-logins.live/admin/login.php app-logins.live ipaypalpay@gmail.com
@ANeilan
ANeilan / bunch-of-whatsapp-spam-pages-2020-05-26.md
Created May 26, 2020 23:03
bunch of whatsapp spam pages
URL IP
bokep-terbaru.joinsgrup14.ga 91.211.247.214
bokep18.join-gruop.ml 195.181.245.86
bokephotsangeonline.tantehot18.tk 195.181.245.86
bokepsugionobkp.advanced5.cf 95.111.249.144
chatwhatsaapgrupjoin.whatsapp20.cf 195.181.245.86
gabung-grup-bokep.whatsapp20.cf 195.181.245.86
group-chat-bokep.hot11.ga 95.111.226.177
groupbokep2020.zxuv.ga 95.111.249.144
@ANeilan
ANeilan / oneamericacampaign-subdomains-2020-05-25.md
Created May 25, 2020 16:30
subdomains that some schmuck keeps registering (they don't really have anything deployed, simply returning an error "Server unable to read htaccess file, denying access to be safe")
URL Domain IP DNS Servers ASN
appleidrecoveraccount85236552phd.oneamericacampaign.com oneamericacampaign.com 64.131.69.72 ns1.icna.us,ns2.icna.us 30633
netfilx-restart-membership-z.oneamericacampaign.com oneamericacampaign.com 64.131.69.72 ns1.icna.us,ns2.icna.us 30633
www.appleidrecoveraccount85236552phd.oneamericacampaign.com oneamericacampaign.com 64.131.69.72 ns1.icna.us,ns2.icna.us 30633
www.netfilx-restart-membership-z.oneamericacampaign.com oneamericacampaign.com 64.131.69.72 ns1.icna.us,ns2.icna.us 30633
@ANeilan
ANeilan / ebay-phishing-domains-2020-05-18.md
Created May 18, 2020 21:05
a list of ebay phishing domains that i discovered when combing through certificate data (through the .top TLD)
URL Domain IP Whois Emails DNS Servers Mail Servers
ebay.com-item-1990-winnebago-minnie-winnie.a4dsd.top a4dsd.top 104.219.248.88 87537f5e04cf452ba11aec2a0e06fa3b.protect@whoisguard.com,abuse@namecheap.com dns1.namecheaphosting.com,dns2.namecheaphosting.com smx1.web-hosting.com,smx2.web-hosting.com,smx3.web-hosting.com
ebay.com-item-2-0-1-8-mac-book-pro-touch-bar.eacs.top eacs.top
@ANeilan
ANeilan / stuff-i-found-on-stream-2020-05-16.md
Created May 16, 2020 21:22
things i found while going through certificate data on stream
Type URL IP
Citibank Phish http://onlineincitiprof.thatssometal.icu/ced398e2e89ba5d2840497063e42b1ad/login.php 178.159.36.51
Citibank Phish http://www.citiaccessjbrhjefe.carlylecommunity.icu/login.php 178.159.36.51
Discovercard http://www.discoveraccess.wwwhealthypets.icu/6454ab20dc1465af4efadb97684328fa/login.php 178.159.36.51
Facebook Phish https://review-quality-152.info/ 162.0.229.6
Facebook Phish https://review-quality-1625.info/ 162.0.229.6
Facebook Phish https://review-quality-2635.info/