@htmalgae profile picture
htmalgae @htmalgae

Security Researcher & Dark Net Pest, no longer active on X: bsky.app/profile/htmalgae.bs…

Joined September 2023
  • Tweets 35
  • Following 38
  • Followers 331
11 Photos and videos
htmalgae@htmalgae
15 Nov 2024
I'm moving to Bluesky because this platform is total trash: bsky.app/profile/htmalgae.bs…
1
1
1,366
htmalgae@htmalgae
25 Sep 2024
Arc browser's security vulnerability, in case you missed it: kibty.town/blog/arc/
2
1,478
htmalgae@htmalgae
20 Aug 2024
A special source has informed us that Caleb Maddix's Air.ai is actively under investigation by the #FBI and #FCC. Needless to say, we're quite satisfied.
2
1,042
htmalgae@htmalgae
7 Mar 2024
If you haven't seen github.com/Casualtek/Ransomc… yet, go check it out.

GitHub - Casualtek/Ransomchats

Contribute to Casualtek/Ransomchats development by creating an account on GitHub.

github.com
1
1,066
htmalgae@htmalgae
6 Oct 2023
#SharpBoys leaked their #Cloudflare-protected origin IP today. Side note – They should win a web design award. #ransomware #infosec #originleak
6
1,306
htmalgae@htmalgae
5 Oct 2023
"Hulk" really hurt #Donutleaks' feelings. This #ransomware gang is back at it again with another dramatic "appeal" on their blog 🍿
3
960
htmalgae retweeted
The Register
@TheRegister
5 Oct 2023
Someone on the Lorenz ransomware crew is having a very bad day after being called out for misconfiguring an Apache server leading to leaked contact data everywhere.... The Reg's @ConnorLBJones spoke to @htmalgae, who spotted the leak reg.cx/4a3B
2
8
4,189
htmalgae@htmalgae
4 Oct 2023
"Sony Hackers" #RansomedVC can't get it together recently. 🧵They decided to switch their site to WordPress today after setting up a new VPS with @FrantechCA's BuyVM (PONYNET).
2
4
10
3,169
htmalgae@htmalgae
4 Oct 2023
This move leaked their origin IP and a bunch of associated DNS entries when scanned by @censysio.
1
3
506
htmalgae@htmalgae
4 Oct 2023
They're blundering over and over again. CVE-2017-5487 also leaks their origin IP, provided kindly in the profile of the admin user.
3
554
htmalgae@htmalgae
4 Oct 2023
Because I think it's hilarious to de-anonymize their hidden service before they're even finished setting it back up, I've decided to share this information with you all.
1
2
1,265
htmalgae@htmalgae
4 Oct 2023
#FSTeam #ransomware group's hidden service 🫗
1
7
1,124
htmalgae@htmalgae
4 Oct 2023
Hey, Milcidades Garcia (@chosen64). Any explanation why you're hosting this ransomware shame site? Do you know your customers?
3
923
htmalgae@htmalgae
3 Oct 2023
#Donutleaks #ransomware having a little bit of drama right now – The irony is palpable.
1
5
829
htmalgae@htmalgae
29 Sep 2023
🫗#Metaencryptor's claimed 15 years experience isn't enough to hide their hidden service IP: 31.14.41[.]137. Another happy @serverroomnet customer!
1
4
14
1,459
htmalgae@htmalgae
28 Sep 2023
🧵#ThreeAM ransomware gang is using an ancient (released in 2004) PHP script called Yugeon Web Clicks v0.1 to keep track of page views on their shame site.
3
5
660
htmalgae@htmalgae
28 Sep 2023
Source code for Yugeon Web Clicks: script-php.ru/script_schetch…
514
htmalgae@htmalgae
28 Sep 2023
The flatfile database is accessible at threeamkelxicjsaf2czjyz2lc4q3ngqkxhhlexyfcp2o6raw4rphyad[.]onion/cl/inc/clicks.dat, and yes, it's XSS vuln galore.
2
543
htmalgae@htmalgae
27 Sep 2023
#Medusa ransomware's site is exposing their repo's README.md. Includes a cute list of their tech stack.
2
610
htmalgae@htmalgae
27 Sep 2023
#Snatch ransomware group's webserver access logs exposed ✅ krebsonsecurity.com/2023/09/…

‘Snatch’ Ransom Group Exposes Visitor IP Addresses

The victim shaming site operated by the Snatch ransomware group is leaking data about its true online location and internal operations, as well as the Internet addresses of its visitors, KrebsOnSec...

krebsonsecurity.com
1
558
Load more