It's been extremely hard to keep this one under wraps.
Uncategorized
32
Posts
17
Posters
50
Views
-
It's been extremely hard to keep this one under wraps.
I just published a new blog post, where one weird string that looks like a cookie value turned out to be a whole cryptostealer and database wiping operation.
https://www.labs.greynoise.io/grimoire/2026-02-24-whats-that-string/
I spent some late nights on this one, and am a little bit ridiculously proud of the work I did.
@Dio9sys I'm reminded of the book "The Cuckoo's Egg" by Clifford Stoll, who similarly stumbled upon foreign hacker activity in the computer system at Lawrence Berkley National Laboratory, because of a $0.75 accounting discrepancy in computer usage.
-
@Dio9sys Not finished reading but
The c2c subdomain is an nginx server on ubuntu on a server in japan, per URLScan. I was curious what the top level domain looked like, so I tried www as well. Turns out their www is in a tencent datacenter in singapore. Neat!
Tencent is that company that buys games from indie developers
That seems forboding...
@Epic_Null
Tencent is a megabrand tho. They are basically the chinese AWS if AWS also had a movies division, blogging platform, and game studio -
@Dio9sys I'm reminded of the book "The Cuckoo's Egg" by Clifford Stoll, who similarly stumbled upon foreign hacker activity in the computer system at Lawrence Berkley National Laboratory, because of a $0.75 accounting discrepancy in computer usage.
@Intaglio_Dragon
oh, I should give that one a read -
@Epic_Null
Tencent is a megabrand tho. They are basically the chinese AWS if AWS also had a movies division, blogging platform, and game studio@Dio9sys Okay so this is more "Someone buying file storage and runtime to run this operation" than "tencent is running cryptominers"
-
It's been extremely hard to keep this one under wraps.
I just published a new blog post, where one weird string that looks like a cookie value turned out to be a whole cryptostealer and database wiping operation.
https://www.labs.greynoise.io/grimoire/2026-02-24-whats-that-string/
I spent some late nights on this one, and am a little bit ridiculously proud of the work I did.
@Dio9sys I love @greynoise š¤
-
@Epic_Null
Tencent is a megabrand tho. They are basically the chinese AWS if AWS also had a movies division, blogging platform, and game studioSo, Amazon (minus the blog platform) -
undefined oblomov@sociale.network shared this topic on
-
It's been extremely hard to keep this one under wraps.
I just published a new blog post, where one weird string that looks like a cookie value turned out to be a whole cryptostealer and database wiping operation.
https://www.labs.greynoise.io/grimoire/2026-02-24-whats-that-string/
I spent some late nights on this one, and am a little bit ridiculously proud of the work I did.
No immediately visible MX server. I wonder if theyāre actually using an email protocol or if itās a front end for sending log files.
this doesn't seem right. your query was for mail.deepgtp.net/health, which is a url, not a domain. querying the domain gives proper mailserver data:$ dig +short deepgtp.net mx 10 mail.deepgtp.net. $ dig +short mail.deepgtp.net a 43.160.236.90 -
It's been extremely hard to keep this one under wraps.
I just published a new blog post, where one weird string that looks like a cookie value turned out to be a whole cryptostealer and database wiping operation.
https://www.labs.greynoise.io/grimoire/2026-02-24-whats-that-string/
I spent some late nights on this one, and am a little bit ridiculously proud of the work I did.
@Dio9sys me at 7:30 am: ahh what a lovely morning to read a hang on let me get my dictionary.
-
It's been extremely hard to keep this one under wraps.
I just published a new blog post, where one weird string that looks like a cookie value turned out to be a whole cryptostealer and database wiping operation.
https://www.labs.greynoise.io/grimoire/2026-02-24-whats-that-string/
I spent some late nights on this one, and am a little bit ridiculously proud of the work I did.
@Dio9sys I've never seen cyberchef before! That looks extremely useful
-
It's been extremely hard to keep this one under wraps.
I just published a new blog post, where one weird string that looks like a cookie value turned out to be a whole cryptostealer and database wiping operation.
https://www.labs.greynoise.io/grimoire/2026-02-24-whats-that-string/
I spent some late nights on this one, and am a little bit ridiculously proud of the work I did.
@Dio9sys that reminds me of the one time my university was attacked by a phishing operation, and the operator of the phishing operation had the stolen auth data publicly visible on their website, got in touch with the university, told them that and they wrote a cron job to see who fell for the phishing site and deactivate their accounts xD
-
It's been extremely hard to keep this one under wraps.
I just published a new blog post, where one weird string that looks like a cookie value turned out to be a whole cryptostealer and database wiping operation.
https://www.labs.greynoise.io/grimoire/2026-02-24-whats-that-string/
I spent some late nights on this one, and am a little bit ridiculously proud of the work I did.
@Dio9sys Oh and thank you, was a fun read and very impressive deduction sequence, hope you had a good night of sleep afterwards :D
Gli ultimi otto messaggi ricevuti dalla Federazione
-
Turns out supporting trans rights is a winning issue. Wake up, Democrats! https://www.erininthemorning.com/p/anti-trans-democrats-blown-out-in
-
Current* conditions near Toledo, OH:
-
@evan I agree... that characterization has been a bugaboo of mine.
"User" is a perfectly cromulent word.
-
@esilvia @filobus cosa hanno da lamentarsi venti milioni di italiani astenuti alle elezioni europee?
-
Crosetto e Meloni da Mattarella. Per il Quirinale la crisi nel Golfo āĆØ graveā. L'esecutivo: āIl momento piĆ¹ difficile degli ultimi decenniā... no, ĆØ stato il COVID e non c'era un governo di scappati da casa!
-
i cant believe Im PUPPY and NONE of u Fuckers Told Me
-
@Gargron you are chaotic evil! š¬
-
@GustavinoBevilacqua hai bisogno di farti bloccare di nuovo? 8-D
