ʀᴇᴅʀᴀʜ.

A new version of #Anket is available at github.com/redrabytes/ank…. I've entirely recoded it in #Python3, the code is much more powerful than the previous version, it may present some bugs/optimization issues, don't hesitate to let me know or submit pull requests on the repo. Enjoy!

@l4663r666h05t not at all, just a little misconfiguration of the webserver.

@redrabytes new cve?

Whoops 🧐

I'm not such a bad guy 😇 youtube.com/watch?v=RgDzZg… 🪽

api[.]jwala[.]applla[.]com – jwala[.]applla[.]com

www[.]aws-recovery[.]net recovery-assessment[.]com eu-west-3[.]console[.]aws[.]recovery-assessment[.]com eu-north-1[.]console[.]aws[.]recovery-assessment[.]com us-west-2[.]console[.]aws[.]recovery-assessment[.]com me-south-1[.]console[.]aws[.]recovery-assessment[.]com sa-east-1[.]console[.]aws[.]recovery-assessment[.]com eu-south-1[.]console[.]aws[.]recovery-assessment[.]com eu-west-1[.]console[.]aws[.]recovery-assessment[.]com eu-west-2[.]console[.]aws[.]recovery-assessment[.]com ap-southeast-1[.]console[.]aws[.]recovery-assessment[.]com eu-central-1[.]console[.]aws[.]recovery-assessment[.]com ap-northeast-1[.]console[.]aws[.]recovery-assessment[.]com console[.]recovery-assessment[.]com cdn[.]console[.]recovery-assessment[.]com b[.]cdn[.]console[.]recovery-assessment[.]com ca-central-1[.]console[.]aws[.]recovery-assessment[.]com ap-southeast-2[.]console[.]aws[.]recovery-assessment[.]com ap-northeast-3[.]console[.]aws[.]recovery-assessment[.]com ap-northeast-2[.]console[.]aws[.]recovery-assessment[.]com a[.]b[.]cdn[.]console[.]recovery-assessment[.]com ap-south-1[.]console[.]aws[.]recovery-assessment[.]com us-west-1[.]console[.]aws[.]recovery-assessment[.]com af-south-1[.]console[.]aws[.]recovery-assessment[.]com ap-east-1[.]console[.]aws[.]recovery-assessment[.]com us-east-1[.]console[.]aws[.]recovery-assessment[.]com console[.]aws[.]recovery-assessment[.]com aws[.]recovery-assessment[.]com us-east-2[.]console[.]aws[.]recovery-assessment[.]com phd[.]aws[.]recovery-assessment[.]com signin[.]aws[.]recovery-assessment[.]com www[.]signin[.]aws[.]aws-recovery[.]net console[.]aws[.]aws-recovery[.]net iq[.]aws[.]aws-recovery[.]net aws-recovery[.]net phd[.]aws[.]aws-recovery[.]net us-east-1[.]console[.]aws[.]aws-recovery[.]net ap-east-1[.]console[.]aws[.]aws-recovery[.]net signin[.]aws[.]aws-recovery[.]net us-east-2[.]console[.]aws[.]aws-recovery[.]net ca-central-1[.]console[.]aws[.]aws-recovery[.]net eu-central-1[.]console[.]aws[.]aws-recovery[.]net console[.]aws-recovery[.]net cdn[.]console[.]aws-recovery[.]net b[.]cdn[.]console[.]aws-recovery[.]net eu-west-3[.]console[.]aws[.]aws-recovery[.]net af-south-1[.]console[.]aws[.]aws-recovery[.]net a[.]b[.]cdn[.]console[.]aws-recovery[.]net me-south-1[.]console[.]aws[.]aws-recovery[.]net ap-northeast-1[.]console[.]aws[.]aws-recovery[.]net ap-southeast-1[.]console[.]aws[.]aws-recovery[.]net us-west-1[.]console[.]aws[.]aws-recovery[.]net eu-north-1[.]console[.]aws[.]aws-recovery[.]net eu-west-1[.]console[.]aws[.]aws-recovery[.]net eu-south-1[.]console[.]aws[.]aws-recovery[.]net ap-northeast-3[.]console[.]aws[.]aws-recovery[.]net sa-east-1[.]console[.]aws[.]aws-recovery[.]net ap-southeast-2[.]console[.]aws[.]aws-recovery[.]net us-west-2[.]console[.]aws[.]aws-recovery[.]net ap-south-1[.]console[.]aws[.]aws-recovery[.]net eu-west-2[.]console[.]aws[.]aws-recovery[.]net ap-northeast-2[.]console[.]aws[.]aws-recovery[.]net 158[.]94[.]208[.]122 AS214943 Railnet LLC 🇩🇪

Domain conn(.)elbbird(.)zip C2 178(.)16(.)54(.)252:443 cc @500mk500 @banthisguy9349

New infrastructure of #Masjesu Botnet discovered Spreader 87(.)120(.)191(.)13 (🇳🇱 AS215925 VPSVAULT.HOST LTD) IP 178(.)16(.)54(.)252 (🇳🇱 AS209800 metaspinner net GmbH) Downloader 1 hxxp://178(.)16(.)54(.)252/bins(.)sh Downloader 2 hxxp://178(.)16(.)54(.)252/(.)shell

#Malware: DDOS:Linux/#Mirai IP 82(.)27(.)2(.)83 Downloader hxxp://82(.)27(.)2(.)83/knet(.)sh FTP ftp://ftp:82(.)27(.)2(.)83:ftp/knet1(.)sh C2 82(.)27(.)2(.)83:1312 SQL server 82(.)27(.)2(.)83:3306 cc @500mk500

#Malware: DDOS:Linux/#Mirai IP 176(.)65(.)149(.)225 (🇩🇪 AS51396 @Pfcloudio UG) Downloader hxxp://176(.)65(.)149(.)225/x86_64 C2 94(.)156(.)152(.)65:61459 (🇿🇦 AS214209 Internet Magnate (Pty) Ltd) DNS rockwood(.)call105(.)net, host117(.)xtpanel(.)org, autodiscover(.)milkir(.)ro

#Malware: DDOS:Linux/#Mirai IP 109(.)205(.)213(.)5 (🇺🇸 AS19318 @Interserver, Inc) Downloader hxxp://109(.)205(.)213(.)5/sh C2 192(.)227(.)134(.)76:3211 (AS36352 @HostPapa) Listener 192(.)227(.)134(.)76:1412 API endpoint 192(.)227(.)134(.)76:10257

#Malware: DDOS:Linux/#Mirai Spreader 31[.]0[.]0[.]75 (🇵🇱 AS8374 Polkomtel Sp. z o.o.) IP 163[.]5[.]63[.]89 (AS215703 @freakhosting) Downloader hxxp://163[.]5[.]63[.]89/1[.]sh FTP: ftp://ftp:163[.]5[.]63[.]89:ftp/2[.]sh C2 163[.]5[.]63[.]89:8080 API Endpoint 163[.]5[.]63[.]89:777

#Malware: Cryptominer/#XMRig Spreader: 217[.]113[.]49[.]161 (🇷🇴 AS47325 VPS4You Kft.) IP: 103[.]245[.]231[.]188 (🇳🇱 AS212477 RoyaleHosting BV) Downloader: hxxp://103[.]245[.]231[.]188/vtuber[.]sh Config: pastebin.com/ZnYG5fsk cc: @RoyaleHostingBV @StanvandeKlippe @500mk500