Daniel Cid

My 7yo: "When I grow up, I want to be just like my daddy. He doesn't work and just spends his day at the computer doing nothing."

🏂 Após bronze nos EUA, Priscila Cid é top 8 na Suíça e se despede de temporada no Snowboard Halfpipe com dois dos melhores resultados da carreira 🔗 Acesse o Brasil Zero Grau! brasilzerograu.com.br/2026/04/prisci…

Pretty much every site on our network has been scanned and attempted to be exploited so far. If you didn't patch over the weekend, it might be safe to consider it compromised. First attempt I see on the logs was on: 2025-12-03 21:00:24 18.182.x.z 403 "POST /_next/static/chunks/react-flight HTTP/1.1" "-" "Mozilla/5.0 (CVE-2025-55182 PoC)" Before most people were even aware of it.

One of the best explanations for CVE-2025-55182 / React2Shell. Recommended reading.

@leomarciano Your email seems to be bouncing. Do you have a different one?

@leomarciano Oh, what's going on? DM me here so I can investigate.

@danielcid how we can get support from NOC.org? We haven't had any support from you for months

@riper81 Pretty cool project. Adding to my list of sites to use.

Today I published a personal project around #WordPress #security awareness. Please test and send me your feedback 🙏 wpsecurityanalyzer.com

@0x6rss Pretty cool tool. Would be interesting to integrate with dnsarchive.net as well (if you want, can give you full access there).

@riper81 Yeah, same here... The interesting part was 4 days before the public disclosure.

@danielcid danny I see a lot of bad traffic from Azure (microsoft) so this does not surprises me. 😢

Interesting.. First scan for CVE-2025-53771 (latest Sharepoint vuln) on our logs was on July 16th, a few days before public disclosure. 172.174.82.132 16/Jul/2025:07:31:10 +0000 "GET /_layouts/15/ToolPane.aspx HTTP/1.1" "http://localhost" "Mozilla/5.0" From a Microsoft IP address...

@riper81 @hotjar @namesilo @AceDataCenters Other domains in the same server: dnsarchive.net/search?q=166.1… hotjar-cdn[.]com statswp[.]org spadeanalytica[.]com Need to check if they are malicious too...

New bad domain doing squatting pretending to be @hotjar <script src="hxxps://cdn-hotjar[.]com/hotjar.min.js"></script> registered on @namesilo on late May this year. hosted on 166.1.209.60 (@AceDataCenters)

Pretty big issue: Google and Microsoft Trusted Them. 2.3 Million Users Installed Them. They Were Malware. blog.koi.security/google-and-mic… Extensions that get hijacked/bought are a common source of malware these days. Found some additional domains in the same IP address as them ( cc @IDardikman @extensiontotal ) which might be connected. dnsarchive.net/search?q=79.14…

Expanded DNSArchive to also add web headers, CMS versions, links , css files, etc. You can now search for it here (in beta): dnsarchive.net/web-search Ex: All sites using PHP/5.2: dnsarchive.net/web-search?q=P… And you can still do DNS specific search here: dnsarchive.net/search Feedback welcome!

@perezbox @USArmyReserve Captain Perez!!! Congrats!

Been two years in the making… today I officially join the @USArmyReserve as a Captain! #warriordiplomat

@riper81 @unmaskparasites Have some examples of sites with it live?

@unmaskparasites Just found a new snippet that was added as well from io548q89[.]evideotected[.]my[.]id --code here pastebin.com/Sq3durLW

New malicious domain found causing redirects: streammain[.]top - sample code can be found here pastebin.com/DNnfsvk3 @unmaskparasites sitecheck is not flagging it yet.

Have you noticed this "?slince_golden=test" requests on your logs? It is for a WordPress Backdoor. We wrote a small summary about it here: trunc.org/learning/slinc… Seeing it on your logs too?

🚀 @logwithtrunc just got a fresh redesign. 🧑‍💻 Built for developers who care about clean, fast, secure log management. 🔍 Check it out: trunc.org #SIEM #LogManagement #CyberSecurity #DevTools #SecOps #Infosec #CloudSecurity

We put up a list with the top domains (most visited) via our DNS intelligence: dnsarchive.net/top-domains top 100 top 1,000 top 10,000

Have you looked at our DNS database? DNS Archive has over 200m domains, IP addresses and historical DNS data: dnsarchive.net

First thing I do on any of my new ubuntu servers: apt install net-tools Just so I can have my old ifconfig back.

Nothing more useful than searching through over 1TB of logs in less than a sec with the Trunc terminal for some threat hunting... Both via the terminal and web. It makes finding issues so quick.