0% found this document useful (0 votes)

33 views172 pages

Full Report

The report provides a comprehensive assessment of the security posture of the mmc.com domain as of September 30, 2025, highlighting various vulnerabilities and risks. Key findings include a Domain Risk Score of 602, indicating areas of concern such as risky ports, expired certificates, and blacklisted IPs. The report also outlines next steps for remediation and continuous monitoring through the CyberMindr platform.

Uploaded by

sreeh8n

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

33 views172 pages

Full Report

Uploaded by

sreeh8n

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

Attack path

Management Report

Customer Organization / Domain

- [Link]

Business Impact Assessment Date

- September 30, 2025

Generated by: CyberMindr Platform

Attack Path [Link]
Discovery Report September 30, 2025

Table of Contents
EXECUTIVE SUMMARY

INFRASTRUCTURE
• Risky Ports
• Expired Certificates
• Blacklisted IPs
• Email Security Configuration

EXPOSURE
• JavaScript Secret Exposures
• Sensitive Exposures
• Exposed Panels
• Git Leaks

VULNERABILITY
• CVEs
• CNVDs
• Web Applications Vulnerabilities
• Misconfigurations
• SSL Vulnerability
• Default Logins
• Subdomain takeover

DARK WEB
• Leaked Credentials
• Botnet Leaks
• Ransomware Group Leaks

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 1
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Exe cu tive Su m m a r y

Domain Risk Score Summary

Hacker score
900

800 596 603 602

The Domain Risk Score reflects
600 organization security posture from an
attackers perspective, higher scores
400 indicating robustness and lower scores
indicating increased risk.
200
602
0
CyberMindr Score
Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
Max.900

Domain Risk Score is derived

from four key exposure areas, D A+ C F
reflecting granular view of the
external risk.
Infrastructure Exposure Vulnerability Dark
Score Score Score Web

Assets and Digital Footprint Vulnerabilities Discovered

CyberMindr maps external-facing assets through active scanning, DNS analysis, and OSINT. CyberMindr uncovers a wide range of security weaknesses across
the environment and categorizes by type and severity to enable
targeted remediation.
4.32K In total Gitleak 3 Web Server 0

Subdomains 1.28K
SSL
Certificate
36 Technologies 19 957 In total
Critical
11
High
22
Medium
7
Low
6

Hosting Subdomain
IP Addresses 732 DNS Records 1.97K 26 CVE's 39 3
Providers Takeovers

Associated Default Js
Open Ports 140 112 Mobile Apps 4 0 0
Domains Logins Secrets

Exposed Sensitive
Email Security Configurations 0 0
Panels Exposures

SPF Non-Compliant DMARC Compliant Other

Misconfigurations 72 102
Vulnerabilities
BIMI Non-Compliant DKIM Non-Compliant
SSL
4 CNVD 0
Vulnerabilities
Dark Web Exposures
Risky Blacklisted
5 732
Leaked Botnet Ransomware Ports IPs
29.30K 336 -
Credentials Infections Group Leaks

Leaked in Leaked in Leaked in Expired

0 0 0 0
Last 90 days Last 60 days Last 30 days Certificates

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 2
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

INFRASTRUCTURE
This section outlines the current exposures detected under various categories of Infrastructure and Network Security. 'Critical' and 'High'
severity findings are identified through CyberMindr's active reconnaissance and threat intelligence correlation engine.

A+
A
Infrastructure Score exhibited an
B downward trend, reflecting latest of code
C D D D misconfigurations and vulnerability
D remediation. D
F
Jan Feb Mar Apr May Jun Jul AugSep Oct NovDec

Risky Ports 5 Blacklisted IPs 732 Expired Certificate 0

Email Security Configurations

SPF Non-Compliant DMARC Compliant BIMI Non-Compliant DKIM Non-Compliant

Risky Ports

Description Internet facing ports running outdated or insecure services (e.g., CyberMindr's approach Performs active port scans and flags high risk or
Telnet, RDP) increase the risk of unauthorized access. deprecated services by matching with a curated risk list.

Port Numbers
IP Address Total Risky Ports
(Red = Risky)

[Link] 2 22, 990

[Link] 1 25

[Link] 1 22

Expired Certificates

Description Expired SSL/TLS certificates can break secure communication CyberMindr's approach Continuously monitors certificate validity and alerts on expired
and erode user trust. or soon-to-expire certs.

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 3
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Days to
Host Port Issuer Expiry Date Certificates Status
Expire

[Link] 443 Amazon RSA 2048 M03 2025-12-20 [Link] Expired Soon 78 days

[Link] 443 COMODO RSA Organiza 2025-12-17 [Link] Expired Soon 75 days
tion Validation Secure S
erver CA

[Link] 443 R10 2025-11-04 [Link] Expired Soon 32 days

Blacklisted IPs

Description IPs found on threat intelligence or reputation blacklists indicate CyberMindr's approach Correlates scanned IPs against threat intelligence feeds and
prior malicious activity or compromise. blacklists to detect compromised reputation.

IP Address Source(s)

[Link] SenderScore BL, Madavi DNSBL

[Link] Spamhaus SBL, Spamhaus PBL, Madavi DNSBL, Spamhaus Zen, SenderScore BL, Spamhaus SBL
-XBL, Abuseat CBL, Spamhaus XBL

[Link] Madavi DNSBL, SenderScore BL

[Link] MailCleaner NIPRBL, NSZones BL, SenderScore BL, NSZones SBL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SpamGrouper NETBLOCKBL, SenderScore BL, Madavi DNSBL

[Link] SenderScore BL, Madavi DNSBL

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 4
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

IP Address Source(s)

[Link] Spamhaus SBL-XBL, Spamhaus XBL, SenderScore BL, Spamhaus PBL, Madavi DNSBL, Spamhau
s Zen, Abuseat CBL, Spamhaus SBL

[Link] SenderScore BL, Madavi DNSBL

[Link] Gremlin Work, Madavi DNSBL, SenderScore BL, SpamGrouper NETBLOCKBL, Gremlin Vote

[Link] SenderScore BL, Madavi DNSBL, SpamGrouper NETBLOCKBL

[Link] V4BL IP, Madavi DNSBL, Gremlin Vote, SenderScore BL, SpamGrouper NETBLOCKBL, Gremlin
Work

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SpamGrouper NETBLOCKBL, Madavi DNSBL, SenderScore BL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 5
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

IP Address Source(s)

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] Madavi DNSBL, SenderScore BL, Tuxad Hartkore

[Link] Madavi DNSBL, SenderScore BL

[Link] Madavi DNSBL, SpamGrouper NETBLOCKBL, SenderScore BL

[Link] Madavi DNSBL, SenderScore BL

[Link] Tuxad Hartkore, SenderScore BL, Madavi DNSBL

[Link] SPFBL DNSBL, SenderScore BL, Madavi DNSBL, SpamGrouper NETBLOCKBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] Madavi DNSBL, Gremlin Work, SpamGrouper NETBLOCKBL, SenderScore BL, Gremlin Vote

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 6
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

IP Address Source(s)

[Link] Madavi DNSBL, SenderScore BL

[Link] Madavi DNSBL, SPFBL DNSBL, SenderScore BL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Spamhaus SBL-XBL, Madavi DNSBL, Spamhaus XBL, Spamhaus Zen, Abuseat
CBL, Spamhaus PBL, Spamhaus SBL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] Madavi DNSBL, V4BL IP, SenderScore BL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] Spamhaus SBL, Spamhaus PBL, Madavi DNSBL, Spamhaus SBL-XBL, Spamhaus Zen, Abuseat C
BL, Spamhaus XBL, SenderScore BL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 7
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

IP Address Source(s)

[Link] Madavi DNSBL, SenderScore BL

[Link] SpamGrouper NETBLOCKBL, SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, Tuxad Hartkore, SenderScore BL

[Link] SpamGrouper NETBLOCKBL, Madavi DNSBL, SenderScore BL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] SpamGrouper NETBLOCKBL, Madavi DNSBL, SenderScore BL

[Link] Madavi DNSBL, SenderScore BL

[Link] SpamGrouper NETBLOCKBL, Gremlin Vote, Madavi DNSBL, Gremlin Work, SenderScore BL

[Link] Madavi DNSBL, SenderScore BL

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 8
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

IP Address Source(s)

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL, SPFBL DNSBL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 9
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

IP Address Source(s)

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] Gremlin Work, SpamGrouper NETBLOCKBL, Gremlin Vote, Tuxad Hartkore, Madavi DNSBL, Sen
derScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] SenderScore BL, SpamGrouper NETBLOCKBL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL, SpamGrouper NETBLOCKBL

[Link] SenderScore BL, Madavi DNSBL

[Link] SenderScore BL, Madavi DNSBL, SPFBL DNSBL

[Link] SenderScore BL, Madavi DNSBL

[Link] Gremlin Vote, Madavi DNSBL, SenderScore BL, SpamGrouper NETBLOCKBL, Gremlin Work

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Gremlin Work, Madavi DNSBL, Gremlin Vote, SpamGrouper NETBLOCKBL, SenderScore BL

[Link] Madavi DNSBL, SenderScore BL

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 10
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

IP Address Source(s)

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL, SpamGrouper NETBLOCKBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] SenderScore BL, SpamGrouper NETBLOCKBL, Madavi DNSBL

[Link] SenderScore BL, Madavi DNSBL

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 11
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

IP Address Source(s)

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Spamhaus PBL, Tuxad Hartkore, SpamGrouper NETBLOCKBL, Gremlin Vote, Madavi DNSBL, Gre
mlin Work, SenderScore BL

[Link] Madavi DNSBL, SenderScore BL

[Link] V4BL IP, Madavi DNSBL, SenderScore BL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] Madavi DNSBL, SenderScore BL, SpamGrouper NETBLOCKBL

[Link] Gremlin Work, Madavi DNSBL, Gremlin Vote, SenderScore BL, SpamGrouper NETBLOCKBL

[Link] Madavi DNSBL, SenderScore BL

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 12
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

IP Address Source(s)

[Link] SPFBL DNSBL, Threatint DNSBL, Spamhaus PBL, Madavi DNSBL, SenderScore BL, Calivent

[Link] Madavi DNSBL, SenderScore BL

[Link] Madavi DNSBL, SpamGrouper NETBLOCKBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] Spamhaus SBL, Madavi DNSBL, Spamhaus Zen, Spamhaus PBL, SenderScore BL, Abuseat CBL,
Spamhaus SBL-XBL, Spamhaus XBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] Madavi DNSBL, SpamGrouper NETBLOCKBL, Gremlin Vote, Gremlin Work, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 13
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

IP Address Source(s)

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] MailCleaner NIPRBL, SenderScore BL, Madavi DNSBL

[Link] Tuxad Hartkore, SpamGrouper NETBLOCKBL, Madavi DNSBL, SenderScore BL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Tuxad Dunk, Tuxad Hartkore, SpamGrouper NETBLOCKBL, SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 14
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

IP Address Source(s)

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] Gremlin Work, Gremlin Vote, Madavi DNSBL, SpamGrouper NETBLOCKBL, SenderScore BL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] Gremlin Vote, Gremlin Work, SenderScore BL, SpamGrouper NETBLOCKBL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] 0spam NBL, SpamGrouper NETBLOCKBL, Gremlin Work, Madavi DNSBL, Polspam BL-H2, Gremli
n Vote, SenderScore BL, UCEProtect Level 2, MailCleaner NIPRBL, FusionZero 0spam-N

[Link] Madavi DNSBL, SpamGrouper NETBLOCKBL, SenderScore BL

[Link] Madavi DNSBL, SenderScore BL

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 15
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

IP Address Source(s)

[Link] SenderScore BL, Madavi DNSBL

[Link] NSZones BL, SpamGrouper NETBLOCKBL, Madavi DNSBL, NSZones DYN, Tuxad Hartkore, Send
erScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Abuseat CBL, Spamhaus PBL, Spamhaus Zen, SenderScore BL, Spamhaus SBL, Madavi DNSBL,
Spamhaus SBL-XBL, Spamhaus XBL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SpamGrouper NETBLOCKBL, SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] Madavi DNSBL, SpamGrouper NETBLOCKBL, SenderScore BL, Spamhaus Zen

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] SenderScore BL, Gremlin Vote, SpamGrouper NETBLOCKBL, Gremlin Work, Madavi DNSBL

[Link] SenderScore BL, Madavi DNSBL

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 16
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

IP Address Source(s)

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] SpamGrouper NETBLOCKBL, Madavi DNSBL, SenderScore BL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, MailCleaner NIPRBL, SpamGrouper NETBLOCKBL, Madavi DNSBL

[Link] SenderScore BL, SpamGrouper NETBLOCKBL, MailCleaner NIPRBL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] Madavi DNSBL, SpamGrouper NETBLOCKBL, Gremlin Work, Gremlin Vote, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 17
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

IP Address Source(s)

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, SpamGrouper NETBLOCKBL, Madavi DNSBL

[Link] Madavi DNSBL, SpamGrouper NETBLOCKBL, SenderScore BL

[Link] SpamGrouper NETBLOCKBL, SenderScore BL, Gremlin Work, Gremlin Vote, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] Madavi DNSBL, SenderScore BL, SpamGrouper NETBLOCKBL, Tuxad Hartkore, Tuxad Dunk

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] Madavi DNSBL, SpamGrouper NETBLOCKBL, Gremlin Work, SenderScore BL, Gremlin Vote

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 18
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

IP Address Source(s)

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] SenderScore BL, SPFBL DNSBL, Madavi DNSBL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] Madavi DNSBL, SenderScore BL, Gremlin Vote, SpamGrouper NETBLOCKBL, Gremlin Work

[Link] SenderScore BL, Madavi DNSBL

[Link] SPFBL DNSBL, SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL, Tuxad Hartkore, Tuxad Dunk, SpamGrouper NETBLOCKBL

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 19
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

IP Address Source(s)

[Link] SenderScore BL, Madavi DNSBL

[Link] Spamhaus PBL, SenderScore BL, Madavi DNSBL, SpamGrouper NETBLOCKBL, Spamhaus Zen

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] Madavi DNSBL, Tuxad Hartkore, SenderScore BL

[Link] Abuseat CBL, Spamhaus PBL, Spamhaus Zen, Spamhaus SBL, Spamhaus XBL, Spamhaus SBL-X
BL, SenderScore BL, Madavi DNSBL

[Link] SenderScore BL, Madavi DNSBL

[Link] SpamGrouper NETBLOCKBL, SenderScore BL, Madavi DNSBL, Tuxad Dunk, Tuxad Hartkore

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 20
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

IP Address Source(s)

[Link] Madavi DNSBL, SpamGrouper NETBLOCKBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL, Tuxad Hartkore

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] 0spam NBL, MailCleaner NIPRBL, Madavi DNSBL, FusionZero 0spam-N, SpamGrouper NETBLOC
KBL, SenderScore BL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL, SpamGrouper NETBLOCKBL

[Link] SenderScore BL, Madavi DNSBL

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 21
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

IP Address Source(s)

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, MailCleaner NIPRBL, Madavi DNSBL, Tuxad Hartkore

[Link] SpamGrouper NETBLOCKBL, Madavi DNSBL, SenderScore BL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 22
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

IP Address Source(s)

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] V4BL IP, SenderScore BL, Madavi DNSBL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 23
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

IP Address Source(s)

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 24
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

IP Address Source(s)

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Spamhaus XBL, Spamhaus PBL, Madavi DNSBL, Spamhaus SBL-XBL, Spamhaus SBL, SenderSco
re BL, Abuseat CBL, Spamhaus Zen

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 25
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

IP Address Source(s)

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL, Tuxad Hartkore

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, Tuxad Hartkore, SenderScore BL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 26
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

IP Address Source(s)

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SpamGrouper NETBLOCKBL, MailCleaner NIPRBL, SenderScore BL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, SpamGrouper NETBLOCKBL, Madavi DNSBL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, SpamGrouper NETBLOCKBL, Madavi DNSBL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 27
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

IP Address Source(s)

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL, SpamGrouper NETBLOCKBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 28
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

IP Address Source(s)

[Link] Madavi DNSBL, SenderScore BL

[Link] Madavi DNSBL, Tuxad Hartkore, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] SpamGrouper NETBLOCKBL, SenderScore BL, Tuxad Dunk, Madavi DNSBL, Tuxad Hartkore

[Link] SenderScore BL, Madavi DNSBL

[Link] SenderScore BL, SpamGrouper NETBLOCKBL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 29
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

IP Address Source(s)

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SpamGrouper NETBLOCKBL, Madavi DNSBL, SenderScore BL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 30
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

IP Address Source(s)

[Link] SpamGrouper NETBLOCKBL, SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] Gremlin Work, SpamGrouper NETBLOCKBL, SenderScore BL, Gremlin Vote, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 31
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

IP Address Source(s)

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL, SpamGrouper NETBLOCKBL

[Link] Madavi DNSBL, SenderScore BL, SPFBL DNSBL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 32
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

IP Address Source(s)

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SpamGrouper NETBLOCKBL, SenderScore BL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 33
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

IP Address Source(s)

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, SpamGrouper NETBLOCKBL, Madavi DNSBL

[Link] SenderScore BL, Madavi DNSBL

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 34
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

IP Address Source(s)

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL, V4BL IP

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] SpamGrouper NETBLOCKBL, Madavi DNSBL, SenderScore BL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 35
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

IP Address Source(s)

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, SpamGrouper NETBLOCKBL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, MailCleaner NIPRBL, Madavi DNSBL

[Link] SenderScore BL, Madavi DNSBL, SpamGrouper NETBLOCKBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 36
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

IP Address Source(s)

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] Tuxad Hartkore, Tuxad Dunk, SenderScore BL, SpamGrouper NETBLOCKBL, Madavi DNSBL

[Link] SenderScore BL, Madavi DNSBL

[Link] SenderScore BL, Madavi DNSBL, Tuxad Hartkore

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 37
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

IP Address Source(s)

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] SenderScore BL, NSZones BL, Madavi DNSBL, NSZones DYN

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 38
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

IP Address Source(s)

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, Spamhaus PBL, SenderScore BL

[Link] Madavi DNSBL, SenderScore BL

[Link] Madavi DNSBL, SenderScore BL, SPFBL DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 39
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

IP Address Source(s)

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 40
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

IP Address Source(s)

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 41
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

IP Address Source(s)

[Link] Madavi DNSBL, SenderScore BL

[Link] SenderScore BL, Madavi DNSBL

[Link] Madavi DNSBL, SenderScore BL

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 42
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

IP Address Source(s)

[Link] SenderScore BL, Madavi DNSBL

Email Security Configurations

Description Missing or misconfigured SPF, DKIM, or DMARC records CyberMindr's approach Validates SPF, DKIM, DMARC, and BIMI configurations and flags
enable spoofing and phishing attacks. misconfigurations or missing policies.

Configuration Passed Warning Failed Risk Level

DMARC 87.5% 12.5% 0.0% Low

SPF 80.0% 0.0% 20.0% Low

DKIM 90.0% 0.0% 10.0% Low

BIMI 0.0% 0.0% 100.0% Critical

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 43
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

EXPOSURE
This section outlines the current exposures detected under various categories of Exposure Score. 'Critical' and 'High' severity findings are
identified through CyberMindr's active reconnaissance and threat intelligence correlation engine.

A+ A+ A+

A+
A
B Exposure exhibited an downward trend,
signalling potential attack surface
C expansion.
D A+
F
Jan Feb Mar Apr May Jun Jul AugSep Oct NovDec

JavaScript Git Leaks in

0 Sensitive Exposures 0 Exposed Panels 0 3
Secret Exposure Source Repost

Asset Total Critical High Medium Low Informational

JavaScript Secret Exposure 0 0 0 0 0 0

Exposed Panels 0 0 0 0 0 0

Sensitive Exposures 0 0 0 0 0 0

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 44
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

JavaScript Secret Exposures

Description Sensitive tokens, API keys, or credentials detected in public facing JavaScript CyberMindr's approach Scans and parses JavaScript assets for
files, posing a risk of unauthorized access to services or infrastructure. hardcoded secrets using pattern matching and entropy analysis.

Name/Type Description Affected Host Port Url Severity

No data available

Sensitive Exposures

Description Leaked internal files, source code, or environment variables can CyberMindr's approach Monitors web assets and repositories for code leaks,
expose business logic or credentials. sensitive configs, and exposed internal files.

Name/Type Description Affected Host Port Url Severity

No data available

Exposed Panels

Description Publicly reachable admin or control panels without CyberMindr's approach Scans for commonly known admin paths and interfaces and
authentication invite unauthorized control. flags those lacking authentication.

Name/Type Description Affected Host Port Url Severity

No data available

Git Leaks

Description Directories or leaked GitHub content can reveal CyberMindr's approach Crawls and analyzes Git directories and GitHub activity for secrets,
sensitive code and history. tokens, and code leakage patterns.

Repository Details & Owner URL AI Summary Authors Committers

[Link] The input content contains a [Link] [Link]

Owner: mkltesthead rpAutomationCourse/blob/bb37ff6b sensitive data exposure in th @jltgroupclo @jltgroupclo
8b1aeb08c5bb6f862ac99fbb99a3f35 e form of an SSH public key d [Link],mlar [Link],mlar
Repo: cSharpAutomationCou
1/[Link] irectly associated with an em sen.c@xpan sen.c@xpan
rse
ail address, potentially allowi [Link],sn [Link],sn
ng unwanted access if misus [Link] [Link]
ed. Implement strict access c re@[Link] re@[Link]
ontrols and regular audits to m,mkltesthe m,[Link]
ensure security. ad@[Link] on@[Link]
m,[Link] m
on@[Link]
m

[Link] The code review identified e [Link] [Link]

Owner: mkltesthead rpAutomationCourse/blob/bb37ff6b mail addresses within a dicti @jltgroupclo @jltgroupclo

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 45
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Repository Details & Owner URL AI Summary Authors Committers

Repo: cSharpAutomationCou 8b1aeb08c5bb6f862ac99fbb99a3f35 onary managing contact infor [Link],mlar [Link],mlar

rse 1/noel-code/12_CollectionsFramewo mation, specifically entries lik sen.c@xpan sen.c@xpan
rk/CollectionsDemoExamples/Progra e "john@[Link]" and "a [Link],sn [Link],sn
[Link] lice@[Link]." These ar [Link] [Link]
e potential sensitive data exp re@[Link] re@[Link]
osures, although the risk is m,mkltesthe m,[Link]
minimal if they are placehold ad@[Link] on@[Link]
er values. No API keys, datab m,[Link] m
ase credentials, cryptographi on@[Link]
c secrets, or hardcoded pass m
words were found in the sam
ple, making it relatively secur
e against high-risk data expo
sure. Nevertheless, it's prude
nt to validate the nature of th
e emails provided to assess t
heir sensitivity accurately.

[Link] The code contains several e [Link] [Link]

Owner: mkltesthead rpAutomationCourse/blob/bb37ff6b mail addresses in the `Demo @jltgroupclo @jltgroupclo
8b1aeb08c5bb6f862ac99fbb99a3f35 Dictionary` method, which is [Link],mlar [Link],mlar
Repo: cSharpAutomationCou
1/12_CollectionsFramework/Collecti considered Personally Identif sen.c@xpan sen.c@xpan
rse
onsDemoExamples/[Link] iable Information (PII) and pre [Link],sn [Link],sn
sents a potential data leak if t [Link] [Link]
he information is sensitive or re@[Link] re@[Link]
not meant for public exposur m,mkltesthe m,[Link]
e. Overall, there are no other ad@[Link] on@[Link]
high-risk exposures such as m,[Link] m
API keys, passwords, or cryp on@[Link]
tographic secrets found in th m
is snippet. However, these e
mail addresses should be ha
ndled more securely.

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 46
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

VULNERABILITY
This section outlines the current vulnerabilities detected across various categories contributing to the overall Vulnerability Score. 'Critical'
and 'High' severity issues are identified through CyberMindr's active scanning, software fingerprinting, and threat intelligence correlation
engine.
These findings include publicly known vulnerabilities (CVEs), insecure configurations, SSL/TLS weaknesses, exposed default credentials, and
other misconfigurations that increase the attack surface. Each issue highlights potential points of exploitation by malicious actors and
requires prompt remediation to reduce technical risk.

A+
A
B C C C Vulnerability score exhibited an downward
trend, signalling potential attack surface
C expansion.
D C
F
Jan Feb Mar Apr May Jun Jul AugSep Oct NovDec

Web App Subdomain Takeovers 3

CVEs 39 CNVDs 0 102
Vulnerabilities
Confirmed 1

SSL Subdomain Potential 2

Misconfigurations 72 4 3
Vulnerability Takeover

CVEs

Description Unpatched services with known CVEs pose CyberMindr's approach Fingerprints software versions during scans and maps them against the
significant exploit risks. latest CVE databases.

Name/Type Description Affected Host Port Verified By Severity

CVE-2022-23943 out-of-bounds write vulnerabilit [Link] 443 Version : A Critical

y in mod_sed of apache http ser pache HTT
ver allows an attacker to overwri P Server
te heap memory with possibly at
tacker provided data. this issue
affects apache http server 2.4 ve
rsion 2.4.52 and prior versions.

CVE-2023-25690 some mod_proxy configurations [Link] 443 Version : A Critical

on apache http server versions pache HTT
2.4.0 through 2.4.55 allow a http P Server
request smuggling attack. config
urations are affected when mod_
proxy is enabled along with som
e form of rewriterule or proxypa
ssmatch in which a non-specific

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 47
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Name/Type Description Affected Host Port Verified By Severity

pattern matches some portion o

f the user-supplied request-targ
et (url) data and is then re-insert
ed into the proxied request-targ
et using variable substitution. fo
r example, something like: rewrit
eengine on rewriterule "^/here/(.
*)" "[Link]
ewhere?$1"; [p] proxypassrevers
e /here/ [Link]
0/ request splitting/smuggling c
ould result in bypass of access c
ontrols in the proxy server, prox
ying unintended urls to existing
origin servers, and cache poison
ing. users are recommended to
update to at least version 2.4.56
of apache http server.

CVE-2024-38475 improper escaping of output in [Link] 443 Version : A Critical

mod_rewrite in apache http serv pache HTT
er 2.4.59 and earlier allows an at P Server
tacker to map urls to filesystem l
ocations that are permitted to be
served by the server but are not
intentionally/directly reachable
by any url, resulting in code exec
ution or source code disclosure.
substitutions in server context t
hat use a backreferences or vari
ables as the first segment of the
substitution are affected. some
unsafe rewiterules will be broke
n by this change and the rewrite
flag "unsafeprefixstat" can be us
ed to opt back in once ensuring t
he substitution is appropriately
constrained.

CVE-2022-28615 apache http server 2.4.53 and ea [Link] 443 Version : A Critical
rlier may crash or disclose infor pache HTT
mation due to a read beyond bo P Server
unds in ap_strcmp_match() when
provided with an extremely large
input buffer. while no code distri
buted with the server can be coe
rced into such a call, third-party
modules or lua scripts that use a
p_strcmp_match() may hypotheti
cally be affected.

CVE-2022-22720 apache http server 2.4.52 and ea [Link] 443 Version : A Critical
rlier fails to close inbound conn pache HTT

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 48
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Name/Type Description Affected Host Port Verified By Severity

ection when errors are encounte P Server

red discarding the request body,
exposing the server to http requ
est smuggling

CVE-2022-31813 apache http server 2.4.53 and ea [Link] 443 Version : A Critical
rlier may not send the x-forward pache HTT
ed-* headers to the origin server P Server
based on client side connection
header hop-by-hop mechanism.
this may be used to bypass ip ba
sed authentication on the origin
server/application.

CVE-2022-36760 inconsistent interpretation of htt [Link] 443 Version : A Critical

p requests ('http request smuggli pache HTT
ng') vulnerability in mod_proxy_a P Server
jp of apache http server allows a
n attacker to smuggle requests t
o the ajp server it forwards requ
ests to. this issue affects apache
http server apache http server 2.
4 version 2.4.54 and prior versi
ons.

CVE-2024-38474 substitution encoding issue in m [Link] 443 Version : A Critical

od_rewrite in apache http server pache HTT
2.4.59 and earlier allows attacke P Server
r to execute scripts in directorie
s permitted by the configuration
but not directly reachable by an
y url or source disclosure of scri
pts meant to only to be executed
as cgi. users are recommended t
o upgrade to version 2.4.60, whi
ch fixes this issue. some rewriter
ules that capture and substitute
unsafely will now fail unless rew
rite flag "unsafeallow3f" is specifi
ed.

CVE-2025-23048 in some mod_ssl configurations [Link] 443 Version : A Critical

on apache http server 2.4.35 thr pache HTT
ough to 2.4.63, an access contro P Server
l bypass by trusted clients is pos
sible using tls 1.3 session resum
ption. configurations are affecte
d when mod_ssl is configured fo
r multiple virtual hosts, with eac
h restricted to a different set of t
rusted client certificates (for exa
mple with a different sslcacertific
atefile/path setting). in such a ca

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 49
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Name/Type Description Affected Host Port Verified By Severity

se, a client trusted to access one

virtual host may be able to acces
s another virtual host, if sslstrict
snivhostcheck is not enabled in
either virtual host.

CVE-2024-38476 vulnerability in core of apache ht [Link] 443 Version : A Critical

tp server 2.4.59 and earlier are v pache HTT
ulnerably to information disclos P Server
ure, ssrf or local script executio
n via backend applications whos
e response headers are maliciou
s or exploitable. users are recom
mended to upgrade to version 2.
4.60, which fixes this issue.

CVE-2022-22721 if limitxmlrequestbody is set to a [Link] 443 Version : A Critical

llow request bodies larger than pache HTT
350mb (defaults to 1m) on 32 bit P Server
systems an integer overflow hap
pens which later causes out of b
ounds writes. this issue affects a
pache http server 2.4.52 and ear
lier.

CVE-2024-38477 null pointer dereference in mod_ [Link] 443 Version : A High

proxy in apache http server 2.4. pache HTT
59 and earlier allows an attacker P Server
to crash the server via a malicio
us request. users are recommen
ded to upgrade to version 2.4.6
0, which fixes this issue.

CVE-2024-42516 http response splitting in the cor [Link] 443 Version : A High
e of apache http server allows a pache HTT
n attacker who can manipulate t P Server
he content-type response heade
rs of applications hosted or pro
xied by the server can split the h
ttp response. this vulnerability w
as described as cve-2023-38709
but the patch included in apache
http server 2.4.59 did not addre
ss the issue. users are recomme
nded to upgrade to version 2.4.6
4, which fixes this issue.

CVE-2022-29404 in apache http server 2.4.53 and [Link] 443 Version : A High
earlier, a malicious request to a l pache HTT
ua script that calls r:parsebody P Server
(0) may cause a denial of service

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 50
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Name/Type Description Affected Host Port Verified By Severity

due to no default limit on possib

le input size.

CVE-2024-43204 ssrf in apache http server with [Link] 443 Version : A High
mod_proxy loaded allows an atta pache HTT
cker to send outbound proxy re P Server
quests to a url controlled by the
attacker. requires an unlikely co
nfiguration where mod_headers i
s configured to modify the conte
nt-type request or response hea
der with a value provided in the
http request. users are recomme
nded to upgrade to version 2.4.6
4 which fixes this issue.

CVE-2024-43394 server-side request forgery (ssr [Link] 443 Version : A High

f) in apache http server on wind pache HTT
ows allows to potentially leak ntl P Server
m hashes to a malicious server v
ia mod_rewrite or apache expre
ssions that pass unvalidated req
uest input. this issue affects apa
che http server: from 2.4.0 thro
ugh 2.4.63. note: the apache htt
p server project will be setting a
higher bar for accepting vulnera
bility reports regarding ssrf via u
nc paths. the server offers limite
d protection against administrat
ors directing the server to open
unc paths. windows servers sho
uld limit the hosts they will conn
ect over via smb based on the na
ture of ntlm authentication.

CVE-2006-20001 a carefully crafted if: request hea [Link] 443 Version : A High
der can cause a memory read, or pache HTT
write of a single zero byte, in a p P Server
ool (heap) memory location beyo
nd the header value sent. this co
uld cause the process to crash. t
his issue affects apache http ser
ver 2.4.54 and earlier.

CVE-2022-30556 apache http server 2.4.53 and ea [Link] 443 Version : A High
rlier may return lengths to applic pache HTT
ations calling r:wsread() that poi P Server
nt past the end of the storage all
ocated for the buffer.

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 51
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Name/Type Description Affected Host Port Verified By Severity

CVE-2024-39573 potential ssrf in mod_rewrite in [Link] 443 Version : A High

apache http server 2.4.59 and ea pache HTT
rlier allows an attacker to cause P Server
unsafe rewriterules to unexpect
edly setup url's to be handled by
mod_proxy. users are recomme
nded to upgrade to version 2.4.6
0, which fixes this issue.

CVE-2022-22719 a carefully crafted request body [Link] 443 Version : A High

can cause a read to a random m pache HTT
emory area which could cause t P Server
he process to crash. this issue a
ffects apache http server 2.4.52
and earlier.

CVE-2023-27522 http response smuggling vulnera [Link] 443 Version : A High

bility in apache http server via m pache HTT
od_proxy_uwsgi. this issue affect P Server
s apache http server: from 2.4.3
0 through 2.4.55. special charac
ters in the origin response head
er can truncate/split the respon
se forwarded to the client.

CVE-2025-49812 in some mod_ssl configurations [Link] 443 Version : A High

on apache http server versions t pache HTT
hrough to 2.4.63, an http desync P Server
hronisation attack allows a man-
in-the-middle attacker to hijack a
n http session via a tls upgrade.
only configurations using "sslen
gine optional" to enable tls upgra
des are affected. users are reco
mmended to upgrade to version
2.4.64, which removes support f
or tls upgrade.

CVE-2024-47252 insufficient escaping of user-sup [Link] 443 Version : A High

plied data in mod_ssl in apache pache HTT
http server 2.4.63 and earlier all P Server
ows an untrusted ssl/tls client t
o insert escape characters into l
og files in some configurations. i
n a logging configuration where
customlog is used with "%{varna
me}x" or "%{varname}c" to log var
iables provided by mod_ssl such
as ssl_tls_sni, no escaping is per
formed by either mod_log_config
or mod_ssl and unsanitized data

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 52
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Name/Type Description Affected Host Port Verified By Severity

provided by the client may appe

ar in log files.

CVE-2023-38709 faulty input validation in the cor [Link] 443 Version : A High
e of apache allows malicious or pache HTT
exploitable backend/content gen P Server
erators to split http responses. t
his issue affects apache http ser
ver: through 2.4.58.

CVE-2024-27316 http/2 incoming headers exceedi [Link] 443 Version : A High

ng the limit are temporarily buffe pache HTT
red in nghttp2 in order to genera P Server
te an informative http 413 respo
nse. if a client does not stop sen
ding headers, this leads to mem
ory exhaustion.

CVE-2023-51767 openssh through 10.0, when co [Link] 22 Version : High

mmon types of dram are used, OpenSSH
might allow row hammer attacks
(for authentication bypass) beca
use the integer value of authenti
cated in mm_answer_authpassw
ord does not resist flips of a sin
gle bit. note: this is applicable to
a certain threat model of attacke
r-victim co-location in which the
attacker has user privileges. not
e: this is disputed by the supplie
r, who states "we do not conside
r it to be the application's respo
nsibility to defend against platfo
rm architectural weaknesses."

CVE-2024-38472 ssrf in apache http server on wi [Link] 443 Version : A High

ndows allows to potentially leak pache HTT
ntlm hashes to a malicious serve P Server
r via ssrf and malicious requests
or content users are recommen
ded to upgrade to version 2.4.60
which fixes this issue. note: exis
ting configurations that access u
nc paths will have to configure n
ew directive "unclist" to allow ac
cess during request processing.

CVE-2025-53020 late release of memory after effe [Link] 443 Version : A High
ctive lifetime vulnerability in apa pache HTT
che http server. this issue affects P Server
apache http server: from 2.4.17
up to 2.4.63. users are recomme

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 53
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Name/Type Description Affected Host Port Verified By Severity

nded to upgrade to version 2.4.6

4, which fixes the issue.

CVE-2024-38473 encoding problem in mod_proxy [Link] 443 Version : A High

in apache http server 2.4.59 and pache HTT
earlier allows request urls with i P Server
ncorrect encoding to be sent to
backend services, potentially by
passing authentication via crafte
d requests. users are recommen
ded to upgrade to version 2.4.6
0, which fixes this issue.

CVE-2025-49630 in certain proxy configurations, [Link] 443 Version : A High

a denial of service attack agains pache HTT
t apache http server versions 2. P Server
4.26 through to 2.4.63 can be tri
ggered by untrusted clients caus
ing an assertion in mod_proxy_h
ttp2. configurations affected are
a reverse proxy is configured for
an http/2 backend, with proxypr
eservehost set to "on".

CVE-2024-40898 ssrf in apache http server on wi [Link] 443 Version : A High

ndows with mod_rewrite in serv pache HTT
er/vhost context, allows to pote P Server
ntially leak ntml hashes to a mali
cious server via ssrf and malicio
us requests. users are recomme
nded to upgrade to version 2.4.6
2 which fixes this issue.

CVE-2022-26377 inconsistent interpretation of htt [Link] 443 Version : A High

CVE-2022-28614 the ap_rwrite() function in apach [Link] 443 Version : A Medium

e http server 2.4.53 and earlier pache HTT
may read unintended memory if P Server
an attacker can cause the server
to reflect very large input using a
p_rwrite() or ap_rputs(), such as
with mod_luas r:puts() function.
modules compiled and distribut

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 54
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Name/Type Description Affected Host Port Verified By Severity

ed separately from apache http s

erver that use the 'ap_rputs' func
tion and may pass it a very large
(int_max or larger) string must b
e compiled against current head
ers to resolve the issue.

CVE-2022-37436 prior to apache http server 2.4.5 [Link] 443 Version : A Medium
5, a malicious backend can caus pache HTT
e the response headers to be tru P Server
ncated early, resulting in some h
eaders being incorporated into t
he response body. if the later he
aders have any security purpos
e, they will not be interpreted by
the client.

CVE-2023-45802 when a http/2 stream was reset [Link] 443 Version : A Medium
(rst frame) by a client, there was pache HTT
a time window were the reques P Server
t's memory resources were not r
eclaimed immediately. instead, d
e-allocation was deferred to con
nection close. a client could sen
d new requests and resets, keepi
ng the connection busy and ope
n and causing the memory footp
rint to keep on growing. on conn
ection close, all resources were
reclaimed, but the process might
run out of memory before that. t
his was found by the reporter d
uring testing of cve-2023-44487
(http/2 rapid reset exploit) with t
heir own test client. during "nor
mal" http/2 use, the probability t
o hit this bug is very low. the kep
t memory would not become not
iceable before the connection cl
oses or times out. users are rec
ommended to upgrade to versio
n 2.4.58, which fixes the issue.

CVE-2022-28330 apache http server 2.4.53 and ea [Link] 443 Version : A Medium
rlier on windows may read beyo pache HTT
nd bounds when configured to p P Server
rocess requests with the mod_is
api module.

CVE-2025-32728 in sshd in openssh before 10.0, [Link] 22 Version : Medium

the disableforwarding directive OpenSSH
does not adhere to the documen

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 55
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Name/Type Description Affected Host Port Verified By Severity

tation stating that it disables x11

and agent forwarding.

CVE-2024-24795 http response splitting in multipl [Link] 443 Version : A Medium

e modules in apache http server pache HTT
allows an attacker that can inject P Server
malicious response headers into
backend applications to cause a
n http desynchronization attack.
users are recommended to upgr
ade to version 2.4.59, which fixe
s this issue.

CVE-2007-2768 openssh, when using opie (one-t [Link] 22 Version : Medium

ime passwords in everything) for OpenSSH
pam, allows remote attackers to
determine the existence of certai
n user accounts, which displays
a different response if the user a
ccount exists and is configured t
o use one-time passwords (otp),
a similar issue to cve-2007-224
3.

CNVDs

Description Unpatched services with known CNVDs pose CyberMindr's approach Fingerprints software versions during scans and maps them against the
significant exploit risks. latest CNVDs databases.

Name/Type Description Affected Host Port Severity

No data available

Web Applications Vulnerabilities

Description Web applications may have exploitable flaws like XSS, CyberMindr's approach Executes automated active testing to detect OWASP Top 10
SQLi,or insecure headers. vulnerabilities across web applications.

Extracted
Name/Type Description Affected Host Port Url Severity
Data

External Service Inte External Service interactio [Link] 443 [Link] Informational
raction n via Host Header Injectio 92.25:443
n.

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 56
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Extracted
Name/Type Description Affected Host Port Url Severity
Data

SMTP Commands En Attempts to use EHLO and [Link] 25 ENHANC [Link] Informational
umeration HELP to gather the Extend EDSTATU 0.178.231:25
ed commands supported SCODES
by an SMTP server.

External Service Inte External Service interactio [Link] 443 [Link] Informational
raction n via Host Header Injectio 7.162.99:443
n.

OpenSSH Service OpenSSH service was dete [Link] 22 SSH-2.0- [Link] Informational
cted. OpenSSH 0.10:22
_9.9

External Service Inte External Service interactio [Link] 443 [Link] Informational
raction n via Host Header Injectio 5.68.223:443
n.

External Service Inte External Service interactio [Link] 443 [Link] Informational
raction n via Host Header Injectio 4.151.180:44
n. 3

External Service Inte External Service interactio [Link] 443 [Link] Informational
raction n via Host Header Injectio 20.178.231:4
n. 43

SSH Password-base SSH password authenticat [Link] 22 [Link] Informational

d Authentication ion was enabled, increasin 0.10:22
g brute-force risk.

External Service Inte External Service interactio [Link] 443 [Link] Informational
raction n via Host Header Injectio 3.85.146:443
n.

External Service Inte External Service interactio [Link] 80 [Link] Informational

raction n via Host Header Injectio 85.146:80
n.

Header Based Generi The remote server fetched [Link] 80 [Link] Informational
c OOB Interaction a spoofed URL from the re 0.218:80
quest headers.

External Service Inte External Service interactio [Link] 443 [Link] Informational
raction n via Host Header Injectio 01.36:443
n.

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 57
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Extracted
Name/Type Description Affected Host Port Url Severity
Data

External Service Inte External Service interactio [Link] 443 [Link] Informational
raction n via Host Header Injectio 7.213.40:443
n.

External Service Inte External Service interactio [Link] 443 [Link] Informational
raction n via Host Header Injectio 7.246.40:443
n.

External Service Inte External Service interactio [Link] 80 [Link] Informational

raction n via Host Header Injectio 91.161:80
n.

External Service Inte External Service interactio [Link] 443 [Link] Informational
raction n via Host Header Injectio 115.123:443
n.

External Service Inte External Service interactio [Link] 443 [Link] Informational
raction n via Host Header Injectio 8.169.23:443
n.

Header Based Generi The remote server fetched [Link] 80 [Link] Informational
c OOB Interaction a spoofed URL from the re 38.102:80
quest headers.

SSH Server Software SSH server version was di [Link] 22 SSH-2.0- [Link] Informational
Enumeration sclosed, allowing attackers OpenSSH 0.10:22
to identify vulnerabilities. _9.9

External Service Inte External Service interactio [Link] 443 [Link] Informational
raction n via Host Header Injectio 173.6:443
n.

Header Based Generi The remote server fetched [Link] 443 [Link] Informational
c OOB Interaction a spoofed URL from the re 57.63:443
quest headers.

Header Based Generi The remote server fetched [Link] 443 [Link] Informational
c OOB Interaction a spoofed URL from the re 67.144:443
quest headers.

Header Based Generi The remote server fetched [Link] 443 [Link] Informational
c OOB Interaction a spoofed URL from the re 7.162.99:443
quest headers.

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 58
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Extracted
Name/Type Description Affected Host Port Url Severity
Data

External Service Inte External Service interactio [Link] 80 [Link] Informational

raction n via Host Header Injectio 7.63:80
n.

External Service Inte External Service interactio [Link] 443 [Link] Informational
raction n via Host Header Injectio 8.223.62:443
n.

External Service Inte External Service interactio [Link] 443 [Link] Informational
raction n via Host Header Injectio 57.63:443
n.

External Service Inte External Service interactio [Link] 443 [Link] Informational
raction n via Host Header Injectio 42.3:443
n.

External Service Inte External Service interactio [Link] 443 [Link] Informational
raction n via Host Header Injectio 6.38.102:443
n.

Header Based Generi The remote server fetched [Link] 80 [Link] Informational
c OOB Interaction a spoofed URL from the re 141.190:80
quest headers.

Allowed Options Met The web server responded [Link] 80 OPTION [Link] Informational
hod with HTTP OPTIONS, pote S, TRAC 91.161:80
ntially exposing allowed m E, GET, H
ethods. EAD, POS
T

External Service Inte External Service interactio [Link] 443 [Link] Informational
raction n via Host Header Injectio 92.142.22:44
n. 3

External Service Inte External Service interactio [Link] 80 [Link] Informational

raction n via Host Header Injectio 91.47:80
n.

External Service Inte External Service interactio [Link] 443 [Link] Informational
raction n via Host Header Injectio 4.165.173:44
n. 3

External Service Inte External Service interactio [Link] 80 [Link] Informational

raction n via Host Header Injectio 0.10:80
n.

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 59
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Extracted
Name/Type Description Affected Host Port Url Severity
Data

Allowed Options Met The web server responded [Link] 80 OPTION [Link] Informational
hod with HTTP OPTIONS, pote S, TRAC 91.47:80
ntially exposing allowed m E, GET, H
ethods. EAD, POS
T

Header Based Generi The remote server fetched [Link] 443 [Link] Informational
c OOB Interaction a spoofed URL from the re 3.85.146:443
quest headers.

External Service Inte External Service interactio [Link] 443 [Link] Informational
raction n via Host Header Injectio 41.88:443
n.

Header Based Generi The remote server fetched [Link] 443 [Link] Informational
c OOB Interaction a spoofed URL from the re 01.36:443
quest headers.

External Service Inte External Service interactio [Link] 443 [Link] Informational
raction n via Host Header Injectio 92.142.23:44
n. 3

External Service Inte External Service interactio [Link] 443 [Link] Informational
raction n via Host Header Injectio 8.192.72:443
n.

External Service Inte External Service interactio [Link] 443 [Link] Informational
raction n via Host Header Injectio 75.135:443
n.

External Service Inte External Service interactio [Link] 443 [Link] Informational
raction n via Host Header Injectio 218.119:443
n.

External Service Inte External Service interactio [Link] 80 [Link] Informational

raction n via Host Header Injectio 0.218:80
n.

External Service Inte External Service interactio [Link] 443 [Link] Informational
raction n via Host Header Injectio 1.135.27:443
n.

External Service Inte External Service interactio [Link] 443 [Link] Informational
raction n via Host Header Injectio 131.95:443
n.

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 60
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Extracted
Name/Type Description Affected Host Port Url Severity
Data

External Service Inte External Service interactio [Link] 80 [Link] Informational

raction n via Host Header Injectio 1.36:80
n.

External Service Inte External Service interactio [Link] 443 [Link] Informational
raction n via Host Header Injectio 50.218:443
n.

External Service Inte External Service interactio [Link] 80 [Link] Informational

raction n via Host Header Injectio 187.190:80
n.

Header Based Generi The remote server fetched [Link] 80 [Link] Informational
c OOB Interaction a spoofed URL from the re 7.63:80
quest headers.

Header Based Generi The remote server fetched [Link] 443 [Link] Informational
c OOB Interaction a spoofed URL from the re 5.68.223:443
quest headers.

External Service Inte External Service interactio [Link] 443 [Link] Informational
raction n via Host Header Injectio 41.185:443
n.

External Service Inte External Service interactio [Link] 443 [Link] Informational
raction n via Host Header Injectio 1.53.75:443
n.

External Service Inte External Service interactio [Link] 443 [Link] Informational
raction n via Host Header Injectio 1.134.26:443
n.

Header Based Generi The remote server fetched [Link] 80 [Link] Informational
c OOB Interaction a spoofed URL from the re 7.144:80
quest headers.

External Service Inte External Service interactio [Link] 80 [Link] Informational

raction n via Host Header Injectio 246.40:80
n.

External Service Inte External Service interactio [Link] 443 [Link] Informational
raction n via Host Header Injectio 92.142.21:44
n. 3

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 61
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Extracted
Name/Type Description Affected Host Port Url Severity
Data

External Service Inte External Service interactio [Link] 443 [Link] Informational
raction n via Host Header Injectio 165.195:443
n.

External Service Inte External Service interactio [Link] 443 [Link] Informational
raction n via Host Header Injectio 9.141.190:44
n. 3

Header Based Generi The remote server fetched [Link] 80 [Link] Informational
c OOB Interaction a spoofed URL from the re 1.36:80
quest headers.

External Service Inte External Service interactio [Link] 443 [Link] Informational
raction n via Host Header Injectio 227.242:443
n.

External Service Inte External Service interactio [Link] 80 [Link] Informational

raction n via Host Header Injectio 68.223:80
n.

SSH Auth Methodsio SSH (Secure Shell) authent [Link] 22 ["publicke [Link] Informational
n ication modes are method y","gssapi 0.10:22
s used to verify the identit -with-mi
y of users and ensure sec c","passw
ure access to remote syste ord"]
ms. Common SSH authenti
cation modes include pass
word-based authenticatio
n, which relies on a secret
passphrase, and public ke
y authentication, which us
es cryptographic keys for
a more secure and conven
ient login process. Additio
nally, multi-factor authenti
cation (MFA) can be emplo
yed to enhance security by
requiring users to provide
multiple forms of authenti
cation, such as a passwor
d and a one-time code.

Header Based Generi The remote server fetched [Link] 443 [Link] Informational
c OOB Interaction a spoofed URL from the re 9.141.190:44
quest headers. 3

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 62
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Extracted
Name/Type Description Affected Host Port Url Severity
Data

External Service Inte External Service interactio [Link] 80 [Link] Informational

raction n via Host Header Injectio 213.40:80
n.

External Service Inte External Service interactio [Link] 443 [Link] Informational
raction n via Host Header Injectio 21.247:443
n.

Header Based Generi The remote server fetched [Link] 80 [Link] Informational
c OOB Interaction a spoofed URL from the re 68.223:80
quest headers.

External Service Inte External Service interactio [Link] 10020 [Link] Informational
raction n via Host Header Injectio 20.178.231:1
n. 0020

External Service Inte External Service interactio [Link] 443 [Link] Informational
raction n via Host Header Injectio 1.116.158:44
n. 3

Header Based Generi The remote server fetched [Link] 80 [Link] Informational
c OOB Interaction a spoofed URL from the re 85.146:80
quest headers.

External Service Inte External Service interactio [Link] 80 [Link] Informational

raction n via Host Header Injectio 116.158:80
n.

External Service Inte External Service interactio [Link] 80 [Link] Informational

raction n via Host Header Injectio 151.180:80
n.

Allowed Options Met The web server responded [Link] 443 OPTION [Link] Informational
hod with HTTP OPTIONS, pote S,HEAD, 0.44.31:443
ntially exposing allowed m GET,POS
ethods. T

External Service Inte External Service interactio [Link] 443 [Link] Informational
raction n via Host Header Injectio 67.144:443
n.

Allowed Options Met The web server responded [Link] 10020 GET,POS [Link] Informational
hod with HTTP OPTIONS, pote T,OPTION 20.178.231:1
ntially exposing allowed m S,HEAD 0020
ethods.

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 63
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Extracted
Name/Type Description Affected Host Port Url Severity
Data

External Service Inte External Service interactio [Link] 443 [Link] Informational
raction n via Host Header Injectio 229.61:443
n.

External Service Inte External Service interactio [Link] 443 [Link] Informational
raction n via Host Header Injectio 1.112.171:44
n. 3

Header Based Generi The remote server fetched [Link] 443 [Link] Informational
c OOB Interaction a spoofed URL from the re 6.38.102:443
quest headers.

Allowed Options Met The web server responded [Link] 443 OPTION [Link] Informational
hod with HTTP OPTIONS, pote S, TRAC 1.134.26:443
ntially exposing allowed m E, GET, H
ethods. EAD, POS
T

Header Based Generi The remote server fetched [Link] 443 [Link] Informational
c OOB Interaction a spoofed URL from the re 50.218:443
quest headers.

Header Based Generi The remote server fetched [Link] 80 [Link] Informational
c OOB Interaction a spoofed URL from the re 162.99:80
quest headers.

External Service Inte External Service interactio [Link] 80 [Link] Informational

raction n via Host Header Injectio 162.99:80
n.

External Service Inte External Service interactio [Link] 80 [Link] Informational

raction n via Host Header Injectio 38.102:80
n.

External Service Inte External Service interactio [Link] 10001 [Link] Informational
raction n via Host Header Injectio 20.178.231:1
n. 0001

External Service Inte External Service interactio [Link] 443 [Link] Informational
raction n via Host Header Injectio 0.141.71:443
n.

External Service Inte External Service interactio [Link] 443 [Link] Informational
raction n via Host Header Injectio 140.143:443
n.

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 64
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Extracted
Name/Type Description Affected Host Port Url Severity
Data

External Service Inte External Service interactio [Link] 443 [Link] Informational
raction n via Host Header Injectio 0.44.31:443
n.

External Service Inte External Service interactio [Link] 80 [Link] Informational

raction n via Host Header Injectio 133.146:80
n.

External Service Inte External Service interactio [Link] 443 [Link] Informational
raction n via Host Header Injectio 6.222.251:44
n. 3

External Service Inte External Service interactio [Link] 80 [Link] Informational

raction n via Host Header Injectio 91.48:80
n.

External Service Inte External Service interactio [Link] 443 [Link] Informational
raction n via Host Header Injectio 9.177.228:44
n. 3

Header Based Generi The remote server fetched [Link] 443 [Link] Informational
c OOB Interaction a spoofed URL from the re 227.242:443
quest headers.

External Service Inte External Service interactio [Link] 443 [Link] Informational
raction n via Host Header Injectio 1.58.31:443
n.

External Service Inte External Service interactio [Link] 80 [Link] Informational

raction n via Host Header Injectio 141.190:80
n.

External Service Inte External Service interactio [Link] 10000 [Link] Informational
raction n via Host Header Injectio 20.178.231:1
n. 0000

Allowed Options Met The web server responded [Link] 80 OPTION [Link] Informational
hod with HTTP OPTIONS, pote S, TRAC 91.48:80
ntially exposing allowed m E, GET, H
ethods. EAD, POS
T

External Service Inte External Service interactio [Link] 443 [Link] Informational
raction n via Host Header Injectio 2.143.207:44
n. 3

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 65
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Extracted
Name/Type Description Affected Host Port Url Severity
Data

External Service Inte External Service interactio [Link] 443 [Link] Informational
raction n via Host Header Injectio 9.159.125:44
n. 3

External Service Inte External Service interactio [Link] 80 [Link] Informational

raction n via Host Header Injectio 58.31:80
n.

External Service Inte External Service interactio [Link] 443 [Link] Informational
raction n via Host Header Injectio 6.0.10:443
n.

External Service Inte External Service interactio [Link] 443 [Link] Informational
raction n via Host Header Injectio 9.243.70:443
n.

External Service Inte External Service interactio [Link] 80 [Link] Informational

raction n via Host Header Injectio 7.144:80
n.

Allowed Options Met The web server responded [Link] 443 OPTION [Link] Informational
hod with HTTP OPTIONS, pote S, TRAC 1.135.27:443
ntially exposing allowed m E, GET, H
ethods. EAD, POS
T

Misconfigurations

DescriptionInsecure system or cloud configurations can expose sensitive data CyberMindr's approach Detects open buckets, exposed admin portals, weak SSL
or enable privilege escalation. setups, and misconfigured services.

Affected
Name/Type Description Port Extracted Data Url Severity
Host

Missing C Content Security Policy 18.210.4 443 [Link] Informational

ontent-Se (CSP) is an added layer 4.31 43
curity-Poli of security that helps to
cy Header detect and mitigate cert
ain types of attacks, inc
luding Cross-Site Script
ing (XSS) and data injec
tion attacks.

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 66
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Affected
Name/Type Description Port Extracted Data Url Severity
Host

Cookies w Checks whether cookie 54.215.6 80 AWSALBCORS,AWSALB [Link] Informational

ithout Htt s in the HTTP response 8.223 0
pOnly attr contain the HttpOnly at
ibute tribute. If the HttpOnly f
lag is set, it means that
the cookie is HTTP-only

Missing C Identified cookies that l 52.8.167. 80 AWSALB=6laoWDVaV7 [Link] Informational

ookie Sam acked the samesite=stri 144 5yvyQVxhVTTybIrV5l3
eSite Stric ct attribute, which prev EK9QJrTjHi9vW75shr6
t ented enforcement of r 6SEDR3sTSKh6rB4VS4
estrictions on cross-do zUsOqzGW2PxbxRnro
main cookie transmissi dl7uAcikJUXBGvqKE8l
on. fULRmyD1XmZPUehQ
mpDIVI; Expires=Fri, 10
Oct 2025 [Link] GM
T; Path=/ AWSALBCOR
S=6laoWDVaV75yvyQV
xhVTTybIrV5l3EK9QJr
TjHi9vW75shr66SEDR3
sTSKh6rB4VS4zUsOqz
GW2PxbxRnrodl7uAcik
JUXBGvqKE8lfULRmyD
1XmZPUehQmpDIVI; Ex
pires=Fri, 10 Oct 2025
[Link] GMT; Path=/;
SameSite=None

Missing C Identified cookies that l 52.9.101. 443 AWSALB=37J6DczME5 [Link] Informational

ookie Sam acked the samesite=stri 36 uqTaxdWEY0KbkFGrac 3
eSite Stric ct attribute, which prev yuvMtIyq14e3EFCwjjV
t ented enforcement of r YZeIe6Q+CR0XYoiXKw
estrictions on cross-do JUHwUC7w9AADHHw
main cookie transmissi UAAcTP7zXeScT6pazd
on. ncVZOabuPDB9fG8yIp
5X4IHN9C; Expires=Fri,
10 Oct 2025 [Link]
GMT; Path=/ AWSALBC
ORS=37J6DczME5uqT
axdWEY0KbkFGracyuv
MtIyq14e3EFCwjjVYZeI
e6Q+CR0XYoiXKwJUH
wUC7w9AADHHwUAAc
TP7zXeScT6pazdncVZ
OabuPDB9fG8yIp5X4IH
N9C; Expires=Fri, 10 O
ct 2025 [Link] GMT;
Path=/; SameSite=Non
e; Secure

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 67
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Affected
Name/Type Description Port Extracted Data Url Severity
Host

Missing C Identified cookies that l 52.8.167. 443 AWSALB=VbJbEDozM [Link] Informational

ookie Sam acked the samesite=stri 144 MoJ+MnXIOjSM1VmBt 43
eSite Stric ct attribute, which prev phU4oSbkiuCYzUFHcS
t ented enforcement of r gCrMUd714ua8i1REi5Z
estrictions on cross-do mEU/XoHYTcfJb2BVSu
main cookie transmissi cguFzfUFza/6FTJUGe3
on. jS3WDBg6dzteFu9RhM
hWaaKT; Expires=Fri, 1
0 Oct 2025 [Link] G
MT; Path=/ AWSALBCO
RS=VbJbEDozMMoJ+
MnXIOjSM1VmBtphU4
oSbkiuCYzUFHcSgCrM
Ud714ua8i1REi5ZmEU/
XoHYTcfJb2BVSucguF
zfUFza/6FTJUGe3jS3
WDBg6dzteFu9RhMhW
aaKT; Expires=Fri, 10 O
ct 2025 [Link] GMT;
Path=/; SameSite=Non
e; Secure

Cookies w Checks whether cookie 52.8.167. 80 AWSALBCORS,AWSALB [Link] Informational

ithout Htt s in the HTTP response 144
pOnly attr contain the HttpOnly at
ibute tribute. If the HttpOnly f
lag is set, it means that
the cookie is HTTP-only

Cookies w Checks whether cookie 54.193.8 80 AWSALB,AWSALBCORS [Link] Informational

ithout Htt s in the HTTP response 5.146 0
pOnly attr contain the HttpOnly at
ibute tribute. If the HttpOnly f
lag is set, it means that
the cookie is HTTP-only

Missing C Identified cookies that l 54.215.6 80 AWSALB=AEkkgaXkGlQ [Link] Informational

ookie Sam acked the samesite=stri 8.223 yNkj/RzDBSl/W22hkmr 0
eSite Stric ct attribute, which prev O3XbZT2gq7DUvmwpZ
t ented enforcement of r W+h1NN15NnFhTrsagv
estrictions on cross-do IS88j4qhhXTR696TJBD
main cookie transmissi yV8TBvvrO5t+FOWel8
on. EevvF4bwOePkJLiobw
s4wo; Expires=Fri, 10
Oct 2025 [Link] GM
T; Path=/ AWSALBCOR
S=AEkkgaXkGlQyNkj/R
zDBSl/W22hkmrO3XbZ
T2gq7DUvmwpZW+h1
NN15NnFhTrsagvIS88j
4qhhXTR696TJBDyV8
TBvvrO5t+FOWel8Eevv

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 68
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Affected
Name/Type Description Port Extracted Data Url Severity
Host

F4bwOePkJLiobws4w
o; Expires=Fri, 10 Oct 2
025 [Link] GMT; Pat
h=/; SameSite=None

Cookies w Checks whether cookie 54.177.1 443 AWSALB [Link] Informational

ithout Sec s in the HTTP response 62.99 43
ure attrib contain the Secure attri
ute bute. If the Secure flag i
s set, it means that the
cookie can only be tran
smitted over HTTPS

Missing C Identified cookies that l 54.193.8 80 AWSALB=FaG5laiY4kL5 [Link] Informational

ookie Sam acked the samesite=stri 5.146 8DOxs7e/m2kXoHVhB 0
eSite Stric ct attribute, which prev RmJS9Nc5gb1JN/P9W
t ented enforcement of r Jq+0rYHYk/u6um/goH
estrictions on cross-do CKSIX/e5HSEflWLQe1
main cookie transmissi MigKB78kez+sdCzAPu
on. 5MqxiO3hw36rKi8D4
Wlf9NK7; Expires=Fri,
10 Oct 2025 [Link]
GMT; Path=/ AWSALBC
ORS=FaG5laiY4kL58DO
xs7e/m2kXoHVhBRmJ
S9Nc5gb1JN/P9WJq+0
rYHYk/u6um/goHCKSI
X/e5HSEflWLQe1MigKB
78kez+sdCzAPu5Mqxi
O3hw36rKi8D4Wlf9NK
7; Expires=Fri, 10 Oct 2
025 [Link] GMT; Pat
h=/; SameSite=None

Missing C Identified cookies that l 54.177.1 443 AWSALB=hPKnht1Oiw [Link] Informational

ookie Sam acked the samesite=stri 62.99 uhEvxLMU/9ixQu73chiI 443
eSite Stric ct attribute, which prev BUF4BmckboKcKOFHN
t ented enforcement of r MB/0CPerP6rhmhoiGG
estrictions on cross-do X2RNf0MRtoTu+tyyd4S
main cookie transmissi WtFNGgDxAeLxBT3hhv
on. R0zJZBDSt1Gwgvdrii9
Hpc; Expires=Fri, 10 Oc
t 2025 [Link] GMT; P
ath=/ AWSALBCORS=h
PKnht1OiwuhEvxLMU/
9ixQu73chiIBUF4Bmck
boKcKOFHNMB/0CPer
P6rhmhoiGGX2RNf0M
RtoTu+tyyd4SWtFNGg
DxAeLxBT3hhvR0zJZB
DSt1Gwgvdrii9Hpc; Ex
pires=Fri, 10 Oct 2025

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 69
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Affected
Name/Type Description Port Extracted Data Url Severity
Host

[Link] GMT; Path=/;

SameSite=None; Secure

Cookies w Checks whether cookie 50.18.22 443 AWSALBCORS,AWSALB [Link] Informational

ithout Htt s in the HTTP response 7.242 43
pOnly attr contain the HttpOnly at
ibute tribute. If the HttpOnly f
lag is set, it means that
the cookie is HTTP-only

Missing X The Anti-MIME-Sniffing 34.194.1 443 [Link] Informational

-Content- header X-Content-Type 65.173 3:443
Type-Opti -Options was not set to
ons Head 'nosniff'.
er

Cookies w Checks whether cookie 66.231.9 80 xt_0d95e [Link] Informational

ithout Sec s in the HTTP response 1.161 0
ure attrib contain the Secure attri
ute bute. If the Secure flag i
s set, it means that the
cookie can only be tran
smitted over HTTPS

Missing C Content Security Policy 54.159.1 443 [Link] Informational

ontent-Se (CSP) is an added layer 77.228 8:443
curity-Poli of security that helps to
cy Header detect and mitigate cert
ain types of attacks, inc
luding Cross-Site Script
ing (XSS) and data injec
tion attacks.

Cookies w Checks whether cookie 52.9.150. 80 AWSALB,AWSALBCORS [Link] Informational

ithout Htt s in the HTTP response 218
pOnly attr contain the HttpOnly at
ibute tribute. If the HttpOnly f
lag is set, it means that
the cookie is HTTP-only

Missing X The Anti-MIME-Sniffing 54.159.1 443 [Link] Informational

-Content- header X-Content-Type 77.228 8:443
Type-Opti -Options was not set to
ons Head 'nosniff'.
er

Missing X The Anti-MIME-Sniffing 18.210.4 443 [Link] Informational

-Content- header X-Content-Type 4.31 43
Type-Opti

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 70
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Affected
Name/Type Description Port Extracted Data Url Severity
Host

ons Head -Options was not set to

er 'nosniff'.

Missing H HTTP Strict Transport S 54.159.1 443 [Link] Informational

TTP Strict ecurity (HSTS) tells a br 77.228 8:443
Transport owser that a website is
Security H only accessible using H
eader TTPS. It was detected t
hat your web applicatio
n doesn't implement HT
TP Strict Transport Sec
urity (HSTS) as the Stric
t Transport Security he
ader is missing from th
e response.

Cookies w Checks whether cookie 50.18.22 443 AWSALB [Link] Informational

ithout Sec s in the HTTP response 7.242 43
ure attrib contain the Secure attri
ute bute. If the Secure flag i
s set, it means that the
cookie can only be tran
smitted over HTTPS

Missing C Identified cookies that l 66.231.9 80 strict [Link] Informational

ookie Sam acked the samesite=stri 1.47
eSite Stric ct attribute, which prev
t ented enforcement of r
estrictions on cross-do
main cookie transmissi
on.

Missing C Identified cookies that l 13.56.57. 443 AWSALB=7i+zGij9pEFf [Link] Informational

ookie Sam acked the samesite=stri 63 J8ED4A3I9r8Kzd9wUR 3
eSite Stric ct attribute, which prev IoJnUWfTgCgrucThIfF
t ented enforcement of r ONzkGdNyVfdBuc72N
estrictions on cross-do MfNAwuieppn/4uhU0y
main cookie transmissi ZgS92Dmkm2eOAaTDP
on. rocWuuwKChTn/p7EW
MlhTI0; Expires=Fri, 10
Oct 2025 [Link] GM
T; Path=/ AWSALBCOR
S=7i+zGij9pEFfJ8ED4
A3I9r8Kzd9wURIoJnU
WfTgCgrucThIfFONzkG
dNyVfdBuc72NMfNAwu
ieppn/4uhU0yZgS92D
mkm2eOAaTDProcWuu
wKChTn/p7EWMlhTI0;
Expires=Fri, 10 Oct 20
25 [Link] GMT; Path

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 71
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Affected
Name/Type Description Port Extracted Data Url Severity
Host

=/; SameSite=None; Sec

ure

Cookies w Checks whether cookie 54.219.1 80 AWSALB,AWSALBCORS [Link] Informational

ithout Htt s in the HTTP response 41.190 80
pOnly attr contain the HttpOnly at
ibute tribute. If the HttpOnly f
lag is set, it means that
the cookie is HTTP-only

Cookies w Checks whether cookie 52.9.101. 80 AWSALB,AWSALBCORS [Link] Informational

ithout Sec s in the HTTP response 36
ure attrib contain the Secure attri
ute bute. If the Secure flag i
s set, it means that the
cookie can only be tran
smitted over HTTPS

Cookies w Checks whether cookie 52.9.101. 443 AWSALB [Link] Informational

ithout Sec s in the HTTP response 36
ure attrib contain the Secure attri
ute bute. If the Secure flag i
s set, it means that the
cookie can only be tran
smitted over HTTPS

Cookies w Checks whether cookie 52.9.101. 443 AWSALB,AWSALBCORS [Link] Informational

ithout Htt s in the HTTP response 36
pOnly attr contain the HttpOnly at
ibute tribute. If the HttpOnly f
lag is set, it means that
the cookie is HTTP-only

Cookies w Checks whether cookie 54.176.3 443 AWSALB,AWSALBCORS [Link] Informational

ithout Htt s in the HTTP response 8.102 43
pOnly attr contain the HttpOnly at
ibute tribute. If the HttpOnly f
lag is set, it means that
the cookie is HTTP-only

Cookies w Checks whether cookie 54.193.8 443 AWSALB,AWSALBCORS [Link] Informational

ithout Htt s in the HTTP response 5.146 43
pOnly attr contain the HttpOnly at
ibute tribute. If the HttpOnly f
lag is set, it means that
the cookie is HTTP-only

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 72
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Affected
Name/Type Description Port Extracted Data Url Severity
Host

Missing X The X-Frame-Options H 18.210.4 443 [Link] Informational

-Frame-O TTP header field indicat 4.31 43
ptions He es a policy that specifie
ader s whether the browser
should render the trans
mitted resource within
a frame or an iframe. Se
rvers can declare this p
olicy in the header of th
eir HTTP responses to
prevent clickjacking att
acks, which ensures th
at their content is not e
mbedded into other pa
ges or frames.

Cookies w Checks whether cookie 54.219.1 443 AWSALB,AWSALBCORS [Link] Informational

ithout Htt s in the HTTP response 41.190 443
pOnly attr contain the HttpOnly at
ibute tribute. If the HttpOnly f
lag is set, it means that
the cookie is HTTP-only

Missing C Identified cookies that l 13.56.57. 80 AWSALB=GgDFxnXRB9 [Link] Informational

ookie Sam acked the samesite=stri 63 eeod3+XicVTgnOQP5O
eSite Stric ct attribute, which prev CCPcCJo+G3uw5Wagr
t ented enforcement of r cZ5rei4hwAcRWaOVHs
estrictions on cross-do ohiVhH+XbjVQ2wXCdc
main cookie transmissi 63Rb4L9OKOqmfc8z41
on. 36IqAvgkb9v/h96N37h
+1zWSj; Expires=Fri, 1
0 Oct 2025 [Link] G
MT; Path=/ AWSALBCO
RS=GgDFxnXRB9eeod3
+XicVTgnOQP5OCCPc
CJo+G3uw5WagrcZ5re
i4hwAcRWaOVHsohiVh
H+XbjVQ2wXCdc63Rb
4L9OKOqmfc8z4136Iq
Avgkb9v/h96N37h+1z
WSj; Expires=Fri, 10 Oc
t 2025 [Link] GMT; P
ath=/; SameSite=None

Missing C Identified cookies that l 54.215.6 443 AWSALB=EGUacKpUrh [Link] Informational

ookie Sam acked the samesite=stri 8.223 HGYs0hQekPYbbqnyh+ 443
eSite Stric ct attribute, which prev LzOeC8KYC/huSQ0/fM
t ented enforcement of r t4jAgviw/3AWSUGj7eij
estrictions on cross-do OJONf8bEoqn7g0Cr3+
main cookie transmissi TW72R+y//9PS/Eh3ZBl
on. TfAW/SAS+nyPtCHA6
b/za; Expires=Fri, 10 O

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 73
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Affected
Name/Type Description Port Extracted Data Url Severity
Host

Missing C Content Security Policy 34.194.1 443 [Link] Informational

ontent-Se (CSP) is an added layer 65.173 3:443
curity-Poli of security that helps to
cy Header detect and mitigate cert
ain types of attacks, inc
luding Cross-Site Script
ing (XSS) and data injec
tion attacks.

Cookies w Checks whether cookie 52.8.167. 443 AWSALB [Link] Informational

ithout Sec s in the HTTP response 144 3
ure attrib contain the Secure attri
ute bute. If the Secure flag i
s set, it means that the
cookie can only be tran
smitted over HTTPS

Cookies w Checks whether cookie 52.9.150. 443 AWSALB [Link] Informational

ithout Sec s in the HTTP response 218 3
ure attrib contain the Secure attri
ute bute. If the Secure flag i
s set, it means that the
cookie can only be tran
smitted over HTTPS

Cookies w Checks whether cookie 54.177.1 443 AWSALB,AWSALBCORS [Link] Informational

ithout Htt s in the HTTP response 62.99 43
pOnly attr contain the HttpOnly at
ibute tribute. If the HttpOnly f
lag is set, it means that
the cookie is HTTP-only

Missing H HTTP Strict Transport S 34.194.1 443 [Link] Informational

TTP Strict ecurity (HSTS) tells a br 65.173 3:443
Transport owser that a website is
Security H only accessible using H
eader TTPS. It was detected t
hat your web applicatio

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 74
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Affected
Name/Type Description Port Extracted Data Url Severity
Host

n doesn't implement HT
TP Strict Transport Sec
urity (HSTS) as the Stric
t Transport Security he
ader is missing from th
e response.

Missing H HTTP Strict Transport S 18.210.4 443 [Link] Informational

TTP Strict ecurity (HSTS) tells a br 4.31 43
Transport owser that a website is
Security H only accessible using H
eader TTPS. It was detected t
hat your web applicatio
n doesn't implement HT
TP Strict Transport Sec
urity (HSTS) as the Stric
t Transport Security he
ader is missing from th
e response.

Cookies w Checks whether cookie 54.219.1 443 AWSALB [Link] Informational

ithout Sec s in the HTTP response 41.190 443
ure attrib contain the Secure attri
ute bute. If the Secure flag i
s set, it means that the
cookie can only be tran
smitted over HTTPS

Cookies w Checks whether cookie 13.56.57. 443 AWSALB,AWSALBCORS [Link] Informational

ithout Htt s in the HTTP response 63
pOnly attr contain the HttpOnly at
ibute tribute. If the HttpOnly f
lag is set, it means that
the cookie is HTTP-only

Cookies w Checks whether cookie 52.8.167. 443 AWSALB,AWSALBCORS [Link] Informational

ithout Htt s in the HTTP response 144 3
pOnly attr contain the HttpOnly at
ibute tribute. If the HttpOnly f
lag is set, it means that
the cookie is HTTP-only

Missing C Identified cookies that l 50.18.22 443 AWSALB=zfw7MjRkjuV [Link] Informational

ookie Sam acked the samesite=stri 7.242 ZsLPa3NYrH9zQkfttX+ 443
eSite Stric ct attribute, which prev QOsWU9iIVDn5oE4XG
t ented enforcement of r 9AoIH3Xugr+OC12O8I
estrictions on cross-do 4d0r75MU5krkFKXdjve
main cookie transmissi pKUX3/uCD60XSBwW
on. Sw44tWdlbdDxEHStLW
rlN1Ab; Expires=Fri, 10
Oct 2025 [Link] GM

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 75
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Affected
Name/Type Description Port Extracted Data Url Severity
Host

T; Path=/ AWSALBCOR
S=zfw7MjRkjuVZsLPa3
NYrH9zQkfttX+QOsWU
9iIVDn5oE4XG9AoIH3
Xugr+OC12O8I4d0r75
MU5krkFKXdjvepKUX
3/uCD60XSBwWSw44t
WdlbdDxEHStLWrlN1A
b; Expires=Fri, 10 Oct 2
025 [Link] GMT; Pat
h=/; SameSite=None; S
ecure

Missing C Identified cookies that l 66.231.9 80 xt_0d95e=!NMa26AB1t [Link] Informational

ookie Sam acked the samesite=stri 1.161 moTyhakyLeHwqL7nwo 0
eSite Stric ct attribute, which prev 9XylAf+n1RInm1M7wq
t ented enforcement of r mYeIskYrvoT85cam4Faf
estrictions on cross-do GOHEri/OTuGU8c=; pat
main cookie transmissi h=/; Httponly
on.

Cookies w Checks whether cookie 52.9.150. 80 AWSALB,AWSALBCORS [Link] Informational

ithout Sec s in the HTTP response 218
ure attrib contain the Secure attri
ute bute. If the Secure flag i
s set, it means that the
cookie can only be tran
smitted over HTTPS

Missing C Identified cookies that l 205.220. 10000 ppsquerystring=;path [Link] Informational

ookie Sam acked the samesite=stri 178.231 =/; domain=.205.220.1 1:10000/admin
eSite Stric ct attribute, which prev 78.231;Secure;SameSit
t ented enforcement of r e=None;HttpOnly;expir
estrictions on cross-do es=Sat, 01-Jan-2000 0
main cookie transmissi [Link] GMT pps_magi
on. c=VgvsFWBVJPURG%2
0tOwzIeMtKcD6FtFLbr
Hr7va7wc1l8;path=/; d
omain=.[Link]
31;Secure;SameSite=N
one sid=ADM586d868
6b28220653a8028c0a
c935998758a28b76c0
54f3be8ff7f965d8e85e
8;path=/; domain=.205.
220.178.231;Secure;Sa
meSite=None;HttpOnly

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 76
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Affected
Name/Type Description Port Extracted Data Url Severity
Host

Missing C Identified cookies that l 66.231.9 80 strict [Link] Informational

ookie Sam acked the samesite=stri 1.48
eSite Stric ct attribute, which prev
t ented enforcement of r
estrictions on cross-do
main cookie transmissi
on.

Missing C Identified cookies that l 205.220. 10001 pps_magic=nw1YiKmdz [Link] Informational

ookie Sam acked the samesite=stri 178.231 W680E2r%20OPXqvQ 1:10001/admin
eSite Stric ct attribute, which prev t%20v8wk9OkMEF7FIR
t ented enforcement of r n2lY;path=/;Secure;Sa
estrictions on cross-do meSite=None sid_saml=
main cookie transmissi ADM7826fbacc406ca7
on. 68d81f1866fa3033ab3
72ec73ca0dd0fd8ea0fe
43407e29e2;path=/;Se
cure;SameSite=None;Ht
tpOnly ppsquerystring
=;path=/;Secure;SameS
ite=None;HttpOnly;expi
res=Sat, 01-Jan-2000 0
[Link] GMT

Missing C Identified cookies that l 54.176.3 80 AWSALB=d09QZ+j6vqy [Link] Informational

ookie Sam acked the samesite=stri 8.102 toidKgf9Q+FoiXoN6zz 0
eSite Stric ct attribute, which prev JSV6VIgy8g8nUf5cERw
t ented enforcement of r 3FEky18/Ol8Nr5Qzhes
estrictions on cross-do b4jhXjffjFzzAgpAu4Q9
main cookie transmissi QaWWXOWgIhBjQGNd
on. wXGH8p/DVFA2PLZHB
aLb; Expires=Fri, 10 Oc
t 2025 [Link] GMT; P
ath=/ AWSALBCORS=d
09QZ+j6vqytoidKgf9Q
+FoiXoN6zzJSV6VIgy8
g8nUf5cERw3FEky18/
Ol8Nr5Qzhesb4jhXjffjF
zzAgpAu4Q9QaWWXO
WgIhBjQGNdwXGH8p/
DVFA2PLZHBaLb; Expir
es=Fri, 10 Oct 2025 02:
00:24 GMT; Path=/; Sa
meSite=None

Cookies w Checks whether cookie 54.177.1 80 AWSALBCORS,AWSALB [Link] Informational

ithout Htt s in the HTTP response 62.99 0
pOnly attr contain the HttpOnly at
ibute tribute. If the HttpOnly f
lag is set, it means that
the cookie is HTTP-only

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 77
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Affected
Name/Type Description Port Extracted Data Url Severity
Host

Missing X The X-Frame-Options H 54.159.1 443 [Link] Informational

-Frame-O TTP header field indicat 77.228 8:443
ptions He es a policy that specifie
ader s whether the browser
should render the trans
mitted resource within
a frame or an iframe. Se
rvers can declare this p
olicy in the header of th
eir HTTP responses to
prevent clickjacking att
acks, which ensures th
at their content is not e
mbedded into other pa
ges or frames.

Cookies w Checks whether cookie 54.215.6 443 AWSALB [Link] Informational

ithout Sec s in the HTTP response 8.223 43
ure attrib contain the Secure attri
ute bute. If the Secure flag i
s set, it means that the
cookie can only be tran
smitted over HTTPS

Cookies w Checks whether cookie 54.176.3 80 AWSALB,AWSALBCORS [Link] Informational

ithout Htt s in the HTTP response 8.102 0
pOnly attr contain the HttpOnly at
ibute tribute. If the HttpOnly f
lag is set, it means that
the cookie is HTTP-only

Missing X The X-Frame-Options H 34.194.1 443 [Link] Informational

-Frame-O TTP header field indicat 65.173 3:443
ptions He es a policy that specifie
ader s whether the browser
should render the trans
mitted resource within
a frame or an iframe. Se
rvers can declare this p
olicy in the header of th
eir HTTP responses to
prevent clickjacking att
acks, which ensures th
at their content is not e
mbedded into other pa
ges or frames.

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 78
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Affected
Name/Type Description Port Extracted Data Url Severity
Host

Missing C Identified cookies that l 52.9.150. 443 AWSALB=ZrdL1VjT9R3 [Link] Informational

ookie Sam acked the samesite=stri 218 9kD7AYDKjBDJBsPGW 43
eSite Stric ct attribute, which prev Efi2Zj2zFAjBN2hKmCTj
t ented enforcement of r UDk0gBTHRG+Fph2w
estrictions on cross-do w/Bu6ZuMnS4JvLlkm7
main cookie transmissi 4qVChyhg5uq00Tpfp3
on. Pz7qoQxrR8mwqkBkP1
+rfNQT; Expires=Fri, 10
Oct 2025 [Link] GM
T; Path=/ AWSALBCOR
S=ZrdL1VjT9R39kD7AY
DKjBDJBsPGWEfi2Zj2z
FAjBN2hKmCTjUDk0gB
THRG+Fph2ww/Bu6Zu
MnS4JvLlkm74qVChyh
g5uq00Tpfp3Pz7qoQxr
R8mwqkBkP1+rfNQT; E
xpires=Fri, 10 Oct 202
5 [Link] GMT; Path
=/; SameSite=None; Sec
ure

Cookies w Checks whether cookie 54.176.3 443 AWSALB [Link] Informational

ithout Sec s in the HTTP response 8.102 43
ure attrib contain the Secure attri
ute bute. If the Secure flag i
s set, it means that the
cookie can only be tran
smitted over HTTPS

Cookies w Checks whether cookie 13.56.57. 443 AWSALB [Link] Informational

ithout Sec s in the HTTP response 63
ure attrib contain the Secure attri
ute bute. If the Secure flag i
s set, it means that the
cookie can only be tran
smitted over HTTPS

Cookies w Checks whether cookie 13.56.57. 80 AWSALBCORS,AWSALB [Link] Informational

ithout Sec s in the HTTP response 63
ure attrib contain the Secure attri
ute bute. If the Secure flag i
s set, it means that the
cookie can only be tran
smitted over HTTPS

Missing C Identified cookies that l 54.176.3 443 AWSALB=J6cFXHylUky [Link] Informational

ookie Sam acked the samesite=stri 8.102 DcT7QSz8S4SamoBgU 443
eSite Stric ct attribute, which prev +q2Xnmsaae3wYz855R
t ented enforcement of r i9e+guVb6lQQJ52Fnp
estrictions on cross-do O258m6IdxbfjmYAhFW

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 79
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Affected
Name/Type Description Port Extracted Data Url Severity
Host

main cookie transmissi N2YgSn144j8QZo07So

on. 6Qpf5sRdzc5V2ekEYD
6S5B0g; Expires=Fri, 1
0 Oct 2025 [Link] G
MT; Path=/ AWSALBCO
RS=J6cFXHylUkyDcT7
QSz8S4SamoBgU+q2X
nmsaae3wYz855Ri9e+g
uVb6lQQJ52FnpO258
m6IdxbfjmYAhFWN2Yg
Sn144j8QZo07So6Qpf
5sRdzc5V2ekEYD6S5B
0g; Expires=Fri, 10 Oct
2025 [Link] GMT; Pa
th=/; SameSite=None; S
ecure

Cookies w Checks whether cookie 52.9.101. 80 AWSALB,AWSALBCORS [Link] Informational

ithout Htt s in the HTTP response 36
pOnly attr contain the HttpOnly at
ibute tribute. If the HttpOnly f
lag is set, it means that
the cookie is HTTP-only

Cookies w Checks whether cookie 52.9.150. 443 AWSALB,AWSALBCORS [Link] Informational

ithout Htt s in the HTTP response 218 3
pOnly attr contain the HttpOnly at
ibute tribute. If the HttpOnly f
lag is set, it means that
the cookie is HTTP-only

Cookies w Checks whether cookie 54.176.3 80 AWSALB,AWSALBCORS [Link] Informational

ithout Sec s in the HTTP response 8.102 0
ure attrib contain the Secure attri
ute bute. If the Secure flag i
s set, it means that the
cookie can only be tran
smitted over HTTPS

Missing C Identified cookies that l 13.111.1 443 strict [Link] Informational

ookie Sam acked the samesite=stri 34.26 443
eSite Stric ct attribute, which prev
t ented enforcement of r
estrictions on cross-do
main cookie transmissi
on.

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 80
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Affected
Name/Type Description Port Extracted Data Url Severity
Host

Cookies w Checks whether cookie 54.193.8 80 AWSALB,AWSALBCORS [Link] Informational

ithout Sec s in the HTTP response 5.146 0
ure attrib contain the Secure attri
ute bute. If the Secure flag i
s set, it means that the
cookie can only be tran
smitted over HTTPS

Cookies w Checks whether cookie 54.177.1 80 AWSALB,AWSALBCORS [Link] Informational

ithout Sec s in the HTTP response 62.99 0
ure attrib contain the Secure attri
ute bute. If the Secure flag i
s set, it means that the
cookie can only be tran
smitted over HTTPS

Cookies w Checks whether cookie 54.193.8 443 AWSALB [Link] Informational

ithout Sec s in the HTTP response 5.146 43
ure attrib contain the Secure attri
ute bute. If the Secure flag i
s set, it means that the
cookie can only be tran
smitted over HTTPS

Missing C Identified cookies that l 13.111.1 443 strict [Link] Informational

ookie Sam acked the samesite=stri 35.27 443
eSite Stric ct attribute, which prev
t ented enforcement of r
estrictions on cross-do
main cookie transmissi
on.

Missing C Identified cookies that l 54.177.1 80 AWSALB=ZxDiHcLCz2p [Link] Informational

ookie Sam acked the samesite=stri 62.99 tQpvF/JguhAJn69Sdw 0
eSite Stric ct attribute, which prev YM4fXhEuaeCbF9WuZ
t ented enforcement of r UVPeZzL4bBxykGBLy+jj
estrictions on cross-do 6NiDeCfjzqDvC7ltcmdX
main cookie transmissi Ln/6gIDMpkLx5B9AnsY
on. pg3toUf8m9kVjVu2ypT;
Expires=Fri, 10 Oct 20
25 [Link] GMT; Path
=/ AWSALBCORS=ZxDi
HcLCz2ptQpvF/JguhAJ
n69SdwYM4fXhEuaeC
bF9WuZUVPeZzL4bBxy
kGBLy+jj6NiDeCfjzqDv
C7ltcmdXLn/6gIDMpkL
x5B9AnsYpg3toUf8m9k
VjVu2ypT; Expires=Fri,
10 Oct 2025 [Link]

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 81
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Affected
Name/Type Description Port Extracted Data Url Severity
Host

GMT; Path=/; SameSite

=None

Cookies w Checks whether cookie 52.8.167. 80 AWSALBCORS,AWSALB [Link] Informational

ithout Sec s in the HTTP response 144
ure attrib contain the Secure attri
ute bute. If the Secure flag i
s set, it means that the
cookie can only be tran
smitted over HTTPS

Cookies w Checks whether cookie 54.215.6 80 AWSALB,AWSALBCORS [Link] Informational

ithout Sec s in the HTTP response 8.223 0
ure attrib contain the Secure attri
ute bute. If the Secure flag i
s set, it means that the
cookie can only be tran
smitted over HTTPS

Cookies w Checks whether cookie 13.56.57. 80 AWSALB,AWSALBCORS [Link] Informational

ithout Htt s in the HTTP response 63
pOnly attr contain the HttpOnly at
ibute tribute. If the HttpOnly f
lag is set, it means that
the cookie is HTTP-only

Cookies w Checks whether cookie 54.215.6 443 AWSALB,AWSALBCORS [Link] Informational

ithout Htt s in the HTTP response 8.223 43
pOnly attr contain the HttpOnly at
ibute tribute. If the HttpOnly f
lag is set, it means that
the cookie is HTTP-only

Cookies w Checks whether cookie 54.219.1 80 AWSALB,AWSALBCORS [Link] Informational

ithout Sec s in the HTTP response 41.190 80
ure attrib contain the Secure attri
ute bute. If the Secure flag i
s set, it means that the
cookie can only be tran
smitted over HTTPS

SSL Vulnerabilities

DescriptionScans external facing services to identify weak SSL/TLS configurations, CyberMindr's approach Weak or misconfigured SSL settings can make
outdated protocols, missing security headers, and misconfigured certificates that encrypted traffic vulnerable to interception or tampering, reducing the
could expose encrypted communication to risk. effectiveness of secure communication channels.

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 82
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Affected
Name/Type Description Port Extracted Data Url Severity
Host

Kubernet Kubernetes Fake Ingres 47.101.1 443 Issuer: Kubernetes Ingr [Link] Low
es Fake In s Certificate is a feature 87.190 ess Controller Fake Cer 443
gress Cert in Kubernetes that allo tificate
ificate ws users to create and
use fake or self-signed
SSL/TLS certificates for
testing purposes witho
ut having to obtain a re
al SSL/TLS certificate fr
om a trusted Certificate
Authority (CA).

Kubernet Kubernetes Fake Ingres 47.101.5 443 Issuer: Kubernetes Ingr [Link] Low
es Fake In s Certificate is a feature 8.31 ess Controller Fake Cer 3
gress Cert in Kubernetes that allo tificate
ificate ws users to create and
use fake or self-signed
SSL/TLS certificates for
testing purposes witho
ut having to obtain a re
al SSL/TLS certificate fr
om a trusted Certificate
Authority (CA).

Default Login

Description SSL certificates on domains/subdomains have expired, leading to CyberMindr's approach OWASP Top 10 and other critical vulnerabilities such as
potential service disruption, trust issues, or MITM vulnerabilities. XSS, SQLi, or IDOR were detected in publicly accessible web applications

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 83
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Name/Type Description Affected Host Port Username & Password Url Severity

No data available

Subdomain Takeover

Description Orphaned subdomains pointing to unclaimed resources can CyberMindr's approach Detects dangling DNS records and checks for takeover potential
be hijacked for malicious use. across major cloud and hosting services.

Name/Type Description Affected Host Risk

Microsoft Az A subdomain takeover is a highly damaging security exploit. It happens when a subdom cmgmmcqa. Confirmed
ure Takeover ain, initially linked to a service (like a web hosting platform or cloud service), is left unatt [Link]
ended or removed without updating the subdomain's reference. Attackers exploit this si
tuation by setting up an account on the service and claiming the orphaned subdomain.

CNAME Dan CNAME Dangling is a method of identifying subdomains that have a CNAME record poin mmccns3pr Potential
gling ting to a non-existent or expired domain. This is also known as a 'dangling CNAME' or 'o [Link]
rphaned CNAME' and can be a security risk as it can lead to a subdomain takeover vulne m
rability.

CNAME Dan CNAME Dangling is a method of identifying subdomains that have a CNAME record poin test-news-i Potential
gling ting to a non-existent or expired domain. This is also known as a 'dangling CNAME' or 'o nvestors.m
rphaned CNAME' and can be a security risk as it can lead to a subdomain takeover vulne [Link]
rability.

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 84
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

DARK WEB
This section highlights threats linked to the dark web, including leaked credentials, botnet infections, and mentions by ransomware groups.
These indicators reflect the organization's potential exposure in underground forums and malicious actor ecosystems.

A+
A
B Dark web exhibited an downward trend,
signalling potential attack surface
C expansion.
D F F F F
F
Jan Feb Mar Apr May Jun Jul AugSep Oct NovDec

Leaked Credentials 29.30K Botnet Infections 336 Ransomware Group Leaks -

Leaked in last 90 days - Leaked in last 60 days - Leaked in last 30 days -

Leaked Credentials

DescriptionUsernames and passwords exposed in breaches or dumps CyberMindr's approach Aggregates dark web and breach sources to detect
increase the likelihood of credential stuffing attacks. matching leaked credentials for the target organization.

Leak Name Leak Date Leak Description Category Affected Users

StealerLo January 1 In January 2025, stealer logs with 71M email addresses were ad Email addresses,Passw 1289
gsJan202 5, 2025 ded to HIBP. Consisting of email address, password and the web ords
5 site the credentials were entered against, this breach marks the l
aunch of a new HIBP feature enabling the retrieval of the specific
websites the logs were collected against. The incident also result
ed in 106M more passwords being added to the Pwned Passwor
ds service.

AlienSteal February In February 2025, 23 billion rows of stealer logs were obtained fr Email addresses,Passw 2375
erLogs 15, 2025 om a Telegram channel known as ALIEN TXTBASE. The data cont ords
ained 284M unique email addresses alongside the websites they
were entered into and the passwords used. This data is now sear
chable in HIBP by both email domain and the domain of the target
website.

LinkedInS April 08, During the first half of 2021, LinkedIn was targeted by attackers Education levels,Email a 1055
crape 2021 who scraped data from hundreds of millions of public profiles an ddresses,Genders,Geo
d later sold them online. Whilst the scraping did not constitute a graphic locations,Job ti
data breach nor did it access any personal data not intended to b

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 85
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Leak Name Leak Date Leak Description Category Affected Users

e publicly accessible, the data was still monetised and later broad tles,Names,Social media
ly circulated in hacking circles. The scraped data contains approx profiles
imately 400M records with 125M unique email addresses, as well
as names, geographic locations, genders and job titles. LinkedIn s
pecifically addresses the incident in their post on An update on r
eport of scraped data.

Telegram May 28, 2 In May 2024, 2B rows of data with 361M unique email addresses Email addresses,Passw 1798
Combolis 024 were collated from malicious Telegram channels. The data contai ords,Usernames
ts ned 122GB across 1.7k files with email addresses, usernames, pa
sswords and in many cases, the website they were entered into.
The data appears to have been sourced from a combination of ex
isting combolists and info stealer malware.

ShareThis July 09, 2 In July 2018, the social bookmarking and sharing service ShareT Dates of birth,Email add 87
018 his suffered a data breach. The incident exposed 41 million uniqu resses,Names,Passwor
e email addresses alongside names and in some cases, dates of b ds
irth and password hashes. In 2019, the data appeared listed for s
ale on a dark web marketplace (along with several other large bre
aches) and subsequently began circulating more broadly. The dat
a was provided to HIBP by [Link].

DemandS February In early 2024, a large corpus of data from DemandScience (a com Email addresses,Emplo 3350
cience 28, 2024 pany owned by Pure Incubation), appeared for sale on a popular yers,Job titles,Names,P
hacking forum. Later attributed to a leak from a decommissioned hone numbers,Physical
legacy system, the breach contained extensive data that was larg addresses,Social media
ely business contact information aggregated from public source profiles
s. Specifically, the data included 122M unique corporate email ad
dresses, physical addresses, phone numbers, employers and job
titles. It also included names and for many individuals, a link to th
eir LinkedIn profile.

Verificatio February In February 2019, the email address validation service verificatio Dates of birth,Email add 3173
nsIO 25, 2019 [Link] suffered a data breach. Discovered by Bob Diachenko and V resses,Employers,Gend
inny Troia, the breach was due to the data being stored in a Mong ers,Geographic location
oDB instance left publicly facing without a password and resulte s,IP addresses,Job title
d in 763 million unique email addresses being exposed. Many rec s,Names,Phone number
ords within the data also included additional personal attributes s,Physical addresses
such as names, phone numbers, IP addresses, dates of birth and
genders. No passwords were included in the data. The Verificatio
[Link] website went offline during the disclosure process, althoug
h an archived copy remains viewable.

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 86
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Leak Name Leak Date Leak Description Category Affected Users

PDL October 1 In October 2019, security researchers Vinny Troia and Bob Diach Email addresses,Emplo 2795
6, 2019 enko identified an unprotected Elasticsearch server holding 1.2 b yers,Geographic locatio
illion records of personal data. The exposed data included an ind ns,Job titles,Names,Ph
ex indicating it was sourced from data enrichment company Peo one numbers,Social me
ple Data Labs (PDL) and contained 622 million unique email addre dia profiles
sses. The server was not owned by PDL and it's believed a custo
mer failed to properly secure the database. Exposed information
included email addresses, phone numbers, social media profiles
and job history data.

Apollo July 23, 2 In July 2018, the sales engagement startup Apollo left a database Email addresses,Emplo 3719
018 containing billions of data points publicly exposed without a pas yers,Geographic locatio
sword. The data was discovered by security researcher Vinny Tr ns,Job titles,Names,Ph
oia who subsequently sent a subset of the data containing 126 m one numbers,Salutation
illion unique email addresses to Have I Been Pwned. The data left s,Social media profiles
exposed by Apollo was used in their "revenue acceleration
platform" and included personal information such as name
s and email addresses as well as professional information includi
ng places of employment, the roles people hold and where they'r
e located. Apollo stressed that the exposed data did not include s
ensitive information such as passwords, social security numbers
or financial data. The Apollo website has a contact form for those
looking to get in touch with the organisation.

B2BUSAB July 18, 2 In mid-2017, a spam list of over 105 million individuals in corpor Email addresses,Emplo 507
usinesses 017 ate America was discovered online. Referred to as "B2B US yers,Job titles,Names,P
A Businesses", the list categorised email addresses by empl hone numbers,Physical
oyer, providing information on individuals' job titles plus their wo addresses
rk phone numbers and physical addresses. Read more about spa
m lists in HIBP.

NetProsp Septembe In 2016, a list of over 33 million individuals in corporate America Email addresses,Emplo 801
ex r 01, 201 sourced from Dun & Bradstreet's NetProspex service was leaked yers,Job titles,Names,P
6 online. D&B believe the targeted marketing data was lost by a cus hone numbers,Physical
tomer who purchased it from them. It contained extensive perso addresses
nal and corporate information including names, email addresses,
job titles and general information about the employer.

DataAndL Novembe In November 2018, security researcher Bob Diachenko identified Email addresses,Emplo 834
eads r 14, 201 an unprotected database believed to be hosted by a data aggrega yers,IP addresses,Job ti
8 tor. Upon further investigation, the data was linked to marketing tles,Names,Phone num
company Data & Leads. The exposed Elasticsearch instance bers,Physical addresse
contained over 44M unique email addresses along with names, IP s
and physical addresses, phone numbers and employment inform
ation. No response was received from Data & Leads when co
ntacted by Bob and their site subsequently went offline.

Adapt Novembe In November 2018, security researcher Bob Diachenko identified Email addresses,Emplo 1123
r 05, 201 an unprotected database hosted by data aggregator "Adapt yers,Job titles,Names,P
8 ". A provider of "Fresh Quality Contacts", the s hone numbers,Physical
ervice exposed over 9.3M unique records of individuals and emp

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 87
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Leak Name Leak Date Leak Description Category Affected Users

loyer information including their names, employers, job titles, co addresses,Social media
ntact information and data relating to the employer including org profiles
anisation description, size and revenue. No response was receive
d from Adapt when contacted.

TrikSpam June 12, In June 2018, the command and control server of a malicious bo Email addresses 81
Botnet 2018 tnet known as the "Trik Spam Botnet" was misconfigu
red such that it exposed the email addresses of more than 43 mil
lion people. The researchers who discovered the exposed Russia
n server believe the list of addresses was used to distribute vario
us malware strains via malspam campaigns (emails designed to d
eliver malware).

Operation May 30, 2 In May 2024, a coalition of international law enforcement agencie Email addresses,Passw 338
Endgame 024 s took down a series of botnets in a campaign they coined " ords
Operation Endgame". Data seized in the operation included
impacted email addresses and passwords which were provided t
o HIBP to help victims learn of their exposure.

YouveBee October 0 In October and November 2018, security researcher Bob Diache Email addresses,Emplo 750
nScraped 5, 2018 nko identified several unprotected MongoDB instances believed t yers,Geographic locatio
o be hosted by a data aggregator. Containing a total of over 66M ns,Job titles,Names,Soc
records, the owner of the data couldn't be identified but it is belie ial media profiles
ved to have been scraped from LinkedIn hence the title "Yo
u've Been Scraped". The exposed records included names,
both work and personal email addresses, job titles and links to th
e individuals' LinkedIn profiles.

Exactis June 01, In June 2018, the marketing firm Exactis inadvertently publicly le Credit status informatio 1223
2018 aked 340 million records of personal data. Security researcher Vi n,Dates of birth,Educati
nny Troia of Night Lion Security discovered the leak contained m on levels,Email address
ultiple terabytes of personal information spread across hundred es,Ethnicities,Family str
s of separate fields including addresses, phone numbers, family s ucture,Financial invest
tructures and extensive profiling data. The data was collected as ments,Genders,Home o
part of Exactis' service as a "compiler and aggregator of pre wnership statuses,Inco
mium business & consumer data" which they then sell me levels,IP addresses,
for profiling and marketing purposes. A small subset of the expo Marital statuses,Names,
sed fields were provided to Have I Been Pwned and contained 13 Net worths,Occupation
2 million unique email addresses. s,Personal interests,Ph
one numbers,Physical a
ddresses,Religions,Spo
ken languages

db8151d February In February 2020, a massive trove of personal information referr Email addresses,Job titl 46
d 20, 2020 ed to as "db8151dd" was provided to HIBP after bein es,Names,Phone numbe
g found left exposed on a publicly facing Elasticsearch server. Lat rs,Physical addresses,S
er identified as originating from the Covve contacts app, the expo ocial media profiles
sed data included extensive personal information and interaction
s between Covve users and their contacts. The data was provide
d to HIBP by [Link].

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 88
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Leak Name Leak Date Leak Description Category Affected Users

NazApi Septembe In September 2023, over 100GB of stealer logs and credential st Email addresses,Passw 618
r 20, 202 uffing lists titled "[Link]" was posted to a popular ha ords
3 cking forum. The incident contained a combination of email addr
ess and plain text password pairs alongside the service they wer
e entered into, and standalone credential pairs obtained from un
named sources. In total, the corpus of data included 71M unique
email addresses and 100M unique passwords.

AntiPubli December In December 2016, a huge list of email address and password pai Email addresses,Passw 85
c 16, 2016 rs appeared in a "combo list" referred to as "An ords
ti Public". The list contained 458 million unique email addre
sses, many with multiple different passwords hacked from variou
s online systems. The list was broadly circulated and used for &q
uot;credential stuffing", that is attackers employ it in an atte
mpt to identify other online systems where the account owner ha
d reused their password. For detailed background on this incide
nt, read Password reuse, credential stuffing and another billion r
ecords in Have I Been Pwned.

LinkedIn May 05, 2 In May 2016, LinkedIn had 164 million email addresses and pass Email addresses,Passw 324
012 words exposed. Originally hacked in 2012, the data remained out ords
of sight until being offered for sale on a dark market site 4 years l
ater. The passwords in the breach were stored as SHA1 hashes
without salt, the vast majority of which were quickly cracked in t
he days following the release of the data.

DataTroll June 20, In June 2025, headlines erupted over a "16 billion password" bre Email addresses,Passw 469
StealerLo 2025 ach. In reality, the dataset was a compilation of publicly accessibl ords
gs e stealer logs, mostly repurposed from older leaks, with only a s
mall portion of genuinely new material. HIBP received 2.7B rows
containing 109M unique email addresses, which was subsequent
ly added to the service under the name "Data Troll". The websites
the stealer logs were captured against are searchable via the HIB
P dashboard.

LinkedInS Novembe In November 2023, a post to a popular hacking forum alleged tha Email addresses,Gende 106
crape202 r 04, 202 t millions of LinkedIn records had been scraped and leaked. On i rs,Geographic location
3 3 nvestigation, the data turned out to be a combination of legitimat s,Job titles,Names,Prof
e data scraped from LinkedIn and email addresses constructed fr essional skills,Social me
om impacted individuals' names. dia profiles

Elasticsea October 2 In October 2018, security researcher Bob Diachenko identified m Email addresses,Emplo 496
rchSalesL 9, 2018 ultiple exposed databases with hundreds of millions of records. yers,Names,Physical ad
eads One of those datasets was an Elasticsearch instance on AWS con dresses
taining sales lead data and 5.8M unique email addresses. The dat
a contained information relating to individuals and the companie
s they worked for including their names, email addresses and co
mpany name and contact information. Despite best efforts, it was
not possible to identify the owner of the data hence this breach a
s been titled "Elasticsearch Sales Leads".

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 89
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Leak Name Leak Date Leak Description Category Affected Users

Cit0day Novembe In November 2020, a collection of more than 23,000 allegedly br Email addresses,Passw 36
r 04, 202 eached websites known as Cit0day were made available for down ords
0 load on several hacking forums. The data consisted of 226M uni
que email address alongside password pairs, often represented a
s both password hashes and the cracked, plain text versions. Ind
ependent verification of the data established it contains many legi
timate, previously undisclosed breaches. The data was provided
to HIBP by [Link].

MySpace July 01, 2 In approximately 2008, MySpace suffered a data breach that exp Email addresses,Passw 31
008 osed almost 360 million accounts. In May 2016 the data was offe ords,Usernames
red up for sale on the "Real Deal" dark market websit
e and included email addresses, usernames and SHA1 hashes of
the first 10 characters of the password converted to lowercase a
nd stored without a salt. The exact breach date is unknown, but a
nalysis of the data suggests it was 8 years before being made pu
blic.

Evite August 1 In April 2019, the social planning website for managing online inv Dates of birth,Email add 268
1, 2013 itations Evite identified a data breach of their systems. Upon inve resses,Genders,Names,
stigation, they found unauthorised access to a database archive Passwords,Phone num
dating back to 2013. The exposed data included a total of 101 mil bers,Physical addresse
lion unique email addresses, most belonging to recipients of invit s
ations. Members of the service also had names, phone numbers,
physical addresses, dates of birth, genders and passwords store
d in plain text exposed. The data was provided to HIBP by a sourc
e who requested it be attributed to "[Link]@proton
[Link]".

MGM202 July 25, 2 In July 2019, MGM Resorts discovered a data breach of one of th Dates of birth,Email add 21
2Update 019 eir cloud services. The breach included 10.6M guest records wit resses,Names,Phone nu
h 3.1M unique email addresses stemming back to 2017. In May 2 mbers,Physical address
022, a superset of the data totalling almost 25M unique email ad es
dresses across 142M rows was extensively shared on Telegram.
On analysis, it's highly likely the data stems from the same incide
nt with 142M records having been discovered for sale on a dark
web marketplace in mid-2020. The exposed data included email a
nd physical addresses, names, phone numbers and dates of birt
h.

Telegram July 18, 2 In July 2024, info stealer logs with 26M unique email addresses Email addresses,Passw 273
StealerLo 024 were collated from malicious Telegram channels. The data contai ords
gs ned 22GB of logs consisting of email addresses, passwords and t
he websites they were used on, all obtained by malware running
on infected machines.

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 90
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Leak Name Leak Date Leak Description Category Affected Users

Nitro Septembe In September 2020, the Nitro PDF service suffered a massive dat Email addresses,Name 92
r 28, 202 a breach which exposed over 70 million unique email addresses. s,Passwords
0 The breach also exposed names, bcrypt password hashes and th
e titles of converted documents. The data was provided to HIBP b
y [Link].

Drizly July 02, 2 In approximately July 2020, the US-based online alcohol delivery Dates of birth,Device inf 2
020 service Drizly suffered a data breach. The data was sold online be ormation,Email address
fore being extensively redistributed and contained 2.5 million uni es,IP addresses,Names,
que email addresses alongside names, physical and IP addresses, Passwords,Phone num
phone numbers, dates of birth and passwords stored as bcrypt bers,Physical addresse
hashes. The data was provided to HIBP by [Link]. s

Collection January 0 In January 2019, a large collection of credential stuffing lists (co Email addresses,Passw 44
1 7, 2019 mbinations of email addresses and passwords used to hijack acc ords
ounts on other services) was discovered being distributed on a p
opular hacking forum. The data contained almost 2.7 billion reco
rds including 773 million unique email addresses alongside pass
words those addresses had used on other breached services. Fu
ll details on the incident and how to search the breached passwo
rds are provided in the blog post The 773 Million Record "Collect
ion #1" Data Breach.

Canva May 24, 2 In May 2019, the graphic design tool website Canva suffered a da Email addresses,Geogr 13
019 ta breach that impacted 137 million subscribers. The exposed da aphic locations,Names,
ta included email addresses, usernames, names, cities of residen Passwords,Usernames
ce and passwords stored as bcrypt hashes for users not using s
ocial logins. The data was provided to HIBP by a source who requ
ested it be attributed to "[Link]@[Link]".

RiverCity January 0 In January 2017, a massive trove of data from River City Media w Email addresses,IP addr 98
Media 1, 2017 as found exposed online. The data was found to contain almost esses,Names,Physical a
1.4 billion records including email and IP addresses, names and ddresses
physical addresses, all of which was used as part of an enormou
s spam operation. Once de-duplicated, there were 393 million un
ique email addresses within the exposed data.

NeimanM April 14, In May 2024, the American luxury retailer Neiman Marcus suffere Dates of birth,Email add 28
arcus 2024 d a data breach which was later posted to a popular hacking foru resses,IP addresses,Na
m. The data included 31M unique email addresses, names, phone mes,Partial credit card
numbers, dates of birth, physical addresses and partial credit car data,Phone numbers,Ph
d data (note: this is insufficient to make purchases). The breach w ysical addresses,Purch
as traced back to a series of attacks against the Snowflake cloud ases
service which impacted 165 organisations worldwide.

ReadNove May 01, 2 In May 2019, the Chinese literature website Read Novel allegedly Email addresses,Gende 2
l 019 suffered a data breach that exposed 22M unique email addresse rs,Passwords,Phone nu
s. Data also included usernames, genders, phone numbers and p mbers,Usernames
asswords stored as salted MD5 hashes. The data was provided t
o HIBP by a source who requested it be attributed to "white

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 91
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Leak Name Leak Date Leak Description Category Affected Users

_peacock@[Link]". Read more about Chinese data brea

ches in Have I Been Pwned.

MrExcel December In December 2016, the forum for the Microsoft Excel tips and sol Dates of birth,Email add 1
05, 2016 utions site Mr Excel suffered a data breach. The hack of the vBull resses,IP addresses,Pas
etin forum led to the exposure of over 366k accounts along with swords,Social connecti
email and IP addresses, dates of birth and salted passwords has ons,Usernames,Website
hed with MD5. The owner of the MrExcel forum subsequently sel activity
f-submitted the data to HIBP.

Luxottica March 16, In March 2021, the world's largest eyewear company Luxoticca s Dates of birth,Email add 52
2021 uffered a data breach via one of their partners that exposed the p resses,Genders,Names,
ersonal information of more than 70M people. The data was sub Phone numbers,Physic
sequently sold via a popular hacking forum in late 2022 and inclu al addresses
ded email and physical addresses, names, genders, dates of birth
and phone numbers. In a statement from Luxottica, they advised
they were aware of the incident and are currently "consider
ing other notification obligations".

NetEase October 1 In October 2015, the Chinese site known as NetEase (located at 1 Email addresses,Passw 8
9, 2015 [Link]) was reported as having suffered a data breach that impa ords
cted hundreds of millions of subscribers. Whilst there is evidenc
e that the data itself is legitimate (multiple HIBP subscribers confi
rmed a password they use is in the data), due to the difficulty of e
mphatically verifying the Chinese breach it has been flagged as &
quot;unverified". The data in the breach contains email add
resses and plain text passwords. Read more about Chinese data
breaches in Have I Been Pwned.

AllegedAT August 2 In March 2024, tens of millions of records allegedly breached fro Dates of birth,Email add 6
T 0, 2021 m AT&T were posted to a popular hacking forum. Dating back to resses,Government iss
August 2021, the data was originally posted for sale before later ued IDs,Names,Phone n
being freely released. At the time, AT&T maintained that there had umbers,Physical addres
not been a breach of their systems and that the data originated fr ses
om elsewhere. 12 days later, AT&T acknowledged that data fields
specific to them were in the breach and that it was not yet known
whether the breach occurred at their end or that of a vendor. AT
&T also proceeded to reset customer account passcodes, an indi
cator that there was sufficient belief passcodes had been compro
mised. The incident exposed names, email and physical addresse
s, dates of birth, phone numbers and US social security number
s.

Dailymoti October 2 In October 2016, the video sharing platform Dailymotion suffere Email addresses,Passw 1
on 0, 2016 d a data breach. The attack led to the exposure of more than 85 ords,Usernames
million user accounts and included email addresses, usernames
and bcrypt hashes of passwords.

ExploitIn October 1 In late 2016, a huge list of email address and password pairs app Email addresses,Passw 69
3, 2016 eared in a "combo list" referred to as "[Link] ords
". The list contained 593 million unique email addresses, m

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 92
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Leak Name Leak Date Leak Description Category Affected Users

any with multiple different passwords hacked from various onlin

e systems. The list was broadly circulated and used for "cr
edential stuffing", that is attackers employ it in an attempt t
o identify other online systems where the account owner had reu
sed their password. For detailed background on this incident, re
ad Password reuse, credential stuffing and another billion record
s in Have I Been Pwned.

HauteLoo August 0 In mid-2018, the fashion shopping site HauteLook was among a r Dates of birth,Email add 11
k 7, 2018 aft of sites that were breached and their data then sold in early-2 resses,Genders,Geogra
019. The data included over 28 million unique email addresses al phic locations,Names,P
ongside names, genders, dates of birth and passwords stored as asswords
bcrypt hashes. The data was provided to HIBP by [Link].

RailYatri December In December 2022, India’s government-approved online travel ag Email addresses,Gende 1
26, 2022 ency RailYatri suffered a data breach. The incident impacted over rs,Names,Phone numbe
31M customers and exposed 23M unique email addresses. Also i rs,Purchases
mpacted were names, genders, phone numbers and tickets purc
hased, including travel information and fares.

Gravatar October 0 In October 2020, a security researcher published a technique for Email addresses,Name 4
3, 2020 scraping large volumes of data from Gravatar, the service for pro s,Usernames
viding globally unique avatars . 167 million names, usernames an
d MD5 hashes of email addresses used to reference users' avatar
s were subsequently scraped and distributed within the hacking
community. 114 million of the MD5 hashes were cracked and dis
tributed alongside the source hash, thus disclosing the original e
mail address and accompanying data. Following the impacted em
ail addresses being searchable in HIBP, Gravatar release an FAQ
detailing the incident.

OnlinerSp August 2 In August 2017, a spambot by the name of Onliner Spambot was Email addresses,Passw 103
ambot 8, 2017 identified by security researcher Benkow moʞuƎq. The malicious ords
software contained a server-based component located on an IP a
ddress in the Netherlands which exposed a large number of files
containing personal information. In total, there were 711 million
unique email addresses, many of which were also accompanied b
y corresponding passwords. A full write-up on what data was fo
und is in the blog post titled Inside the Massive 711 Million Recor
d Onliner Spambot Dump.

Manipulat July 16, 2 In July 2023, Perception Point reported on a phishing operation Email addresses 32
edCaiman 023 dubbed "Manipulated Caiman". Targeting primarily th
e citizens of Mexico, the campaign attempted to gain access to vi
ctims' bank accounts via spear phishing attacks using malicious a
ttachments. Researchers obtained almost 40M email addresses t
argeted in the campaign and provided the data to HIBP to alert po
tential victims.

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 93
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Leak Name Leak Date Leak Description Category Affected Users

AdvanceA June 05, In June 2024, Advance Auto Parts confirmed they had suffered a Email addresses,Name 7
utoParts 2024 data breach which was posted for sale to a popular hacking foru s,Phone numbers,Physi
m. Linked to unauthorised access to Snowflake cloud services, th cal addresses
e breach exposed a large number of records related to both cust
omers and employees. In total, 79M unique email addresses were
included in the breach, alongside names, phone numbers, addres
ses and further data attributes related to company employees.

Adobe October 0 In October 2013, 153 million Adobe accounts were breached wit Email addresses,Passw 78
4, 2013 h each containing an internal ID, username, email, encrypted pas ord hints,Passwords,Us
sword and a password hint in plain text. The password cryptogra ernames
phy was poorly done and many were quickly resolved back to pla
in text. The unencrypted hints also disclosed much about the pas
swords adding further to the risk that hundreds of millions of Ad
obe customers already faced.

Zacks202 June 22, In June 2024, the investment research company Zacks was alleg Email addresses,IP addr 10
4 2024 edly breached, and data was later published to a popular hacking esses,Names,Password
forum. This comes after a separate Zacks data breach confirmed s,Phone numbers,Physi
by the organisation in 2023 with the subsequent breach disclosi cal addresses,Usernam
ng millions of additional records representing a superset of data es
from the first incident. The 2024 breach included 12M unique em
ail addresses along with IP and physical addresses, names, usern
ames, phone numbers and unsalted SHA-256 password hashes.
Zacks did not respond to multiple attempts to contact them abou
t the incident.

InternetA Septembe In September 2024, the digital library of internet sites Internet Ar Email addresses,Passw 1
rchive r 28, 202 chive suffered a data breach that exposed 31M records. The brea ords,Usernames
4 ch exposed user records including email addresses, screen name
s and bcrypt password hashes.

iMenu360 August 1 In approximately late 2022, 3.4M customer records from iMenu3 Email addresses,Name 10
1, 2022 60 ("The world's #1 most trusted online ordering platform s,Phone numbers,Physi
") were exposed. The data appeared to be from ordering sy cal addresses
stems using the platform and contained email and physical addre
sses, latitudes and longitudes, names and phone numbers. Nume
rous attempts were made to contact iMenu360 about the inciden
t between April and August 2023, but no response was received.

Houzz May 23, 2 In mid-2018, the housing design website Houzz suffered a data b Email addresses,Geogr 23
018 reach. The company learned of the incident later that year then di aphic locations,IP addre
sclosed it to impacted members in February 2019. Almost 49 mil sses,Names,Passwords,
lion unique email addresses were in the breach alongside names, Social media profiles,Us
IP addresses, geographic locations and either salted hashes of pa ernames
sswords or links to social media profiles used to authenticate to t
he service. The data was provided to HIBP by [Link].

Zynga Septembe In September 2019, game developer Zynga (the creator of Words Email addresses,Passw 17
r 01, 201 with Friends) suffered a data breach. The incident exposed 173M ords,Phone numbers,U

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 94
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Leak Name Leak Date Leak Description Category Affected Users

9 unique email addresses alongside usernames and passwords sto sernames

red as salted SHA-1 hashes. The data was provided to HIBP by de
[Link].

Rankwatc Novembe In approximately November 2016, the search engine optimisation Email addresses,Emplo 8
h r 19, 201 management company RankWatch exposed a Mongo DB with no yers,Job titles,Names,P
6 password publicly whereupon their data was exfiltrated and post hone numbers
ed to an online forum. The data contained 7.4 million unique ema
il addresses along with names, employers, phone numbers and j
ob titles in a table called "us_emails". When contacted
and advised of the incident, RankWatch would not reveal the pur
pose of the data, where it had been acquired from and whether t
he data owners had consented to its collection. The forum which
originally posted the data explained it as being "in the same
vein as the modbsolutions leak", a large list of corporate da
ta allegedly used for spam purposes.

MyHeritag October 2 In October 2017, the genealogy website MyHeritage suffered a da Email addresses,Passw 9
e 6, 2017 ta breach. The incident was reported 7 months later after a secur ords
ity researcher discovered the data and contacted MyHeritage. In t
otal, more than 92M customer records were exposed and includ
ed email addresses and salted SHA-1 password hashes. In 2019,
the data appeared listed for sale on a dark web marketplace (alon
g with several other large breaches) and subsequently began circ
ulating more broadly. The data was provided to HIBP by a source
who requested it be attributed to "BenjaminBlue@exploit.i
m".

NationalP April 09, In April 2024, a large trove of data made headlines as having exp Dates of birth,Email add 25
ublicData 2024 osed "3 billion people" due to a breach of the Nationa resses,Genders,Govern
l Public Data background check service. The initial corpus of data ment issued IDs,Names,
released in the breach contained billions of rows of personal info Phone numbers,Physic
rmation, including US social security numbers. Further partial da al addresses
ta sets were later released including extensive personal informati
on and 134M unique email addresses, although the origin and ac
curacy of the data remains in question. This breach has been flag
ged as "unverified" and a full description of the incide
nt is in the link above.

NotSOCR August 0 In August 2024, over 332M rows of email addresses were posted Email addresses 62
adar 3, 2024 to a popular hacking forum. The post alleged the addresses were
scraped from cybersecurity firm SOCRadar, however an investiga
tion on their behalf concluded that "the actor merely utilise
d functionalities inherent in the platform's standard offerings, de
signed to gather information from publicly available sources&qu
ot;. There is no suggestion the incident compromised SOCRada
r's security or posed any risk to their customers. In total, the dat
a set contained 282M unique addresses of valid email address fo
rmat.

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 95
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Leak Name Leak Date Leak Description Category Affected Users

PolishCre May 29, 2 In May 2023, a credential stuffing list of 6.3M Polish email addres Email addresses,Passw 4
dentials 023 s and password pairs appeared on a local forum. Likely obtained ords
by malware running on victims' machines, each record included a
n email address and plain text password alongside the website th
e credentials were used on. The data included 1.2M unique email
addresses.

Ticketfly May 31, 2 In May 2018, the website for the ticket distribution service Ticket Email addresses,Name 12
018 fly was defaced by an attacker and was subsequently taken offlin s,Phone numbers,Physi
e. The attacker allegedly requested a ransom to share details of t cal addresses
he vulnerability with Ticketfly but did not receive a reply and sub
sequently posted the breached data online to a publicly accessibl
e location. The data included over 26 million unique email addres
ses along with names, physical addresses and phone numbers.
Whilst there were no passwords in the publicly leaked data, Ticke
tfly later issued an incident update and stated that "It is pos
sible, however, that hashed values of password credentials could
have been accessed".

Dropbox July 01, 2 In mid-2012, Dropbox suffered a data breach which exposed the Email addresses,Passw 29
012 stored credentials of tens of millions of their customers. In Augu ords
st 2016, they forced password resets for customers they believe
d may be at risk. A large volume of data totalling over 68 million r
ecords was subsequently traded online and included email addre
sses and salted hashes of passwords (half of them SHA1, half of
them bcrypt).

Twitter20 January 0 In early 2023, over 200M records scraped from Twitter appeared Email addresses,Name 9
0M 1, 2021 on a popular hacking forum. The data was obtained sometime in s,Social media profiles,
2021 by abusing an API that enabled email addresses to be resol Usernames
ved to Twitter profiles. The subsequent results were then compo
sed into a corpus of data containing email addresses alongside p
ublic Twitter profile information including names, usernames and
follower counts.

MyFitnes February In February 2018, the diet and exercise service MyFitnessPal suff Email addresses,IP addr 56
sPal 01, 2018 ered a data breach. The incident exposed 144 million unique ema esses,Passwords,Usern
il addresses alongside usernames, IP addresses and passwords s ames
tored as SHA-1 and bcrypt hashes (the former for earlier account
s, the latter for newer accounts). In 2019, the data appeared liste
d for sale on a dark web marketplace (along with several other lar
ge breaches) and subsequently began circulating more broadly. T
he data was provided to HIBP by a source who requested it to be
attributed to "BenjaminBlue@[Link]".

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 96
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Leak Name Leak Date Leak Description Category Affected Users

ParkMobil March 21, In March 2021, the mobile parking app service ParkMobile suffer Email addresses,Licenc 24
e 2021 ed a data breach which exposed 21 million customers' personal e plates,Names,Passwo
data. The impacted data included email addresses, names, phone rds,Phone numbers
numbers, vehicle licence plates and passwords stored as bcrypt
hashes. The following month, the data appeared on a public hack
ing forum where it was extensively redistributed.

Zomato May 17, 2 In May 2017, the restaurant guide website Zomato was hacked re Email addresses,Passw 4
017 sulting in the exposure of almost 17 million accounts. The data w ords,Usernames
as consequently redistributed online and contains email address
es, usernames and salted MD5 hashes of passwords (the passwo
rd hash was not present on all accounts). This data was provided
to HIBP by whitehat security researcher and data analyst Adam D
avies.

ThePostM May 02, 2 In May 2024, the conservative news website The Post Millennial s Email addresses,Gende 19
illennial 024 uffered a data breach. The breach resulted in the defacement of t rs,IP addresses,Names,
he website and links posted to 3 different corpuses of data inclu Passwords,Phone num
ding hundreds of writers and editors (IP, physical address and e bers,Physical addresse
mail exposed), tens of thousands of subscribers to the site (nam s,Usernames
e, email, username, phone and plain text password exposed), and
tens of millions of email addresses from thousands of mailing list
s alleged to have been used by The Post Millennial (this has not b
een independently verified). The mailing lists appear to be source
d from various campaigns not necessarily run by The Post Millen
nial and contain a variety of different personal attributes includin
g name, phone and physical address (depending on the campaig
n). The data was subsequently posted to a popular hacking foru
m and extensively torrented.

ApexSMS April 15, In May 2019, news broke of a massive SMS spam operation kno Email addresses,Gende 1
2019 wn as "ApexSMS" which was discovered after a Mong rs,Geographic location
oDB instance of the same name was found exposed without a pa s,IP addresses,Names,P
ssword. The incident leaked over 80M records with 23M unique hone numbers,Telecom
email addresses alongside names, phone numbers and carriers, munications carrier
geographic locations (state and country), genders and IP address
es.

BloomsTo Novembe In April 2024, 15M records from the online florist Blooms Today Email addresses,Name 2
day r 11, 202 were listed for sale on a popular hacking forum. The most recent s,Partial credit card dat
3 data in the breach corpus was from November 2023 and appeare a,Phone numbers,Physi
d alongside 3.2M unique email addresses, names, phone number cal addresses
s physical addresses and partial credit card data (card type, 4 dig
its of the number and expiry date). The breach did not expose suf
ficient card data to make purchases. Blooms Today did not respo
nd when contacted about the incident.

SevenRoo December In December 2022, over 400GB of data belonging to restaurant c Email addresses,Name 8
ms 11, 2022 ustomer management platform SevenRooms was posted for sale s,Purchases
to a popular hacking forum. The data included 1.2M unique email
addresses alongside names and purchases. SevenRooms advised

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 97
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Leak Name Leak Date Leak Description Category Affected Users

that the breach was due to unauthorised access of "a file tr

ansfer interface of a third-party vendor".

XSplit Novembe In November 2013, the makers of gaming live streaming and reco Email addresses,Name 1
r 07, 201 rding software XSplit was compromised in an online attack. The s,Passwords,Username
3 data breach leaked almost 3M names, email addresses, username s
s and hashed passwords.

Animoto July 10, 2 In July 2018, the cloud-based video making service Animoto suff Dates of birth,Email add 4
018 ered a data breach. The breach exposed 22 million unique email resses,Geographic loca
addresses alongside names, dates of birth, country of origin and tions,Names,Passwords
salted password hashes. The data was provided to HIBP by a sou
rce who requested it be attributed to "[Link]@proto
[Link]".

Evony June 01, In June 2016, the online multiplayer game Evony was hacked and Email addresses,IP addr 2
2016 over 29 million unique accounts were exposed. The attack led to esses,Passwords,Usern
the exposure of usernames, email and IP addresses and MD5 has ames
hes of passwords (without salt).

IIMJobs December In December 2018, the Indian job portal IIMJobs suffered a data Dates of birth,Email add 4
31, 2018 breach that exposed 4.1 million unique email addresses. The dat resses,Geographic loca
a also included names, phone numbers, geographic locations, da tions,IP addresses,Job
tes of birth, job titles, job applications and cover letters plus pas applications,Job titles,
swords stored as unsalted MD5 hashes. The data was provided t Names,Passwords,Pho
o HIBP by [Link]. ne numbers

Wattpad June 29, In June 2020, the user-generated stories website Wattpad suffer Bios,Dates of birth,Emai 6
2020 ed a huge data breach that exposed almost 270 million records. l addresses,Genders,Ge
The data was initially sold then published on a public hacking for ographic locations,IP ad
um where it was broadly shared. The incident exposed extensive dresses,Names,Passwo
personal information including names and usernames, email and rds,Social media profile
IP addresses, genders, birth dates and passwords stored as bcry s,User website URLs,Us
pt hashes. ernames

Whitepag June 27, In mid-2016, the telephone and address directory service Whitep Email addresses,Name 5
es 2016 ages was among a raft of sites that were breached and their data s,Passwords
then sold in early-2019. The data included over 11 million unique
email addresses alongside names and passwords stored as eithe
r a SHA-1 or bcrypt hash. The data was provided to HIBP by a so
urce who requested it to be attributed to "BenjaminBlue@e
[Link]".

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 98
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Leak Name Leak Date Leak Description Category Affected Users

Thermom January 3 In January 2025, the Rezeptwelt (German for "recipe world Bios,Dates of birth,Emai 1
ix 0, 2025 ") forum for Thermomix owners suffered a data breach. Th l addresses,Names,Pho
e incident exposed 3.1M registered users' details including name ne numbers,Physical ad
s, email and physical addresses, phone numbers, dates of birth a dresses,Usernames
nd bios (usually cooking related). The data was provided to HIBP
by a source who requested it be attributed to "ayame@xmp
[Link]".

Question May 21, 2 In May 2022, the survey website QuestionPro was the target of a Browser user agent det 10
Pro 022 n extortion attempt relating to an alleged data breach. Over 100G ails,Email addresses,IP
B of data containing 22M unique email addresses (some of which addresses,Survey resul
appear to be generated by the platform), are alleged to have been ts
extracted from the service along with IP addresses, browser user
agents and results relating to surveys. QuestionPro would not co
nfirm whether a breach had occurred (although they did confirm
they were the target of an extortion attempt), so the data was initi
ally flagged as "unverified". Subsequent verification b
y impacted HIBP subscribers later led to the removal of the unver
ified flag.

HeroesOf December In December 2012, the multiplayer online battle arena game kno Email addresses,Passw 2
Newerth 17, 2012 wn as Heroes of Newerth was hacked and over 8 million account ords,Usernames
s extracted from the system. The compromised data included us
ernames, email addresses and passwords.

Dubsmas December In December 2018, the video messaging service Dubsmash suffer Email addresses,Geogr 1
h 01, 2018 ed a data breach. The incident exposed 162 million unique email aphic locations,Names,
addresses alongside usernames and PBKDF2 password hashes. I Passwords,Phone num
n 2019, the data appeared listed for sale on a dark web marketpl bers,Spoken languages,
ace (along with several other large breaches) and subsequently b Usernames
egan circulating more broadly. The data was provided to HIBP by
a source who requested it to be attributed to "BenjaminBlu
e@[Link]".

DominosI March 24, In April 2021, 13TB of compromised Domino's India appeared fo Email addresses,Name 1
ndia 2021 r sale on a hacking forum after which the company acknowledge s,Phone numbers,Physi
d a major data breach they dated back to March. The compromis cal addresses,Purchase
ed data included 22.5 million unique email addresses, names, ph s
one numbers, order histories and physical addresses.

SlideTeam April 06, In April 2021, the "world’s largest collection of pre-designe Email addresses,Name 2
2021 d presentation slides" SlideTeam had 1.4M records breach s,Passwords
ed and later published to a popular hacking forum the following y
ear. Allegedly sourced from a compromised Magento instance, th
e data included names, email addresses and passwords stored a
s salted hashes.

CoinTrack December In December 2022, the Crypto & NFT taxes service CoinTracker r Email addresses,Partial 1
er 01, 2022 eported a data breach that impacted over 1.5M of their customer phone numbers
s. The company later attributed the breach to a compromise Sen

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 99
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Leak Name Leak Date Leak Description Category Affected Users

dGrid in an attack that targeted multiple customers of the email p

rovider. The breach exposed email addresses and partially redact
ed phone numbers, with CoinTracker advising that the later did n
ot originate from their service.

Tumblr February In early 2013, tumblr suffered a data breach which resulted in th Email addresses,Passw 2
28, 2013 e exposure of over 65 million accounts. The data was later put u ords
p for sale on a dark market website and included email addresses
and passwords stored as salted SHA1 hashes.

Leet Septembe In August 2016, the service for creating and running Pocket Mine Email addresses,IP addr 3
r 10, 201 craft edition servers known as Leet was reported as having suffer esses,Passwords,Usern
6 ed a data breach that impacted 6 million subscribers. The inciden ames,Website activity
t reported by Softpedia had allegedly taken place earlier in the ye
ar, although the data set sent to HIBP was dated as recently as ea
rly September but contained only 2 million subscribers. The data
included usernames, email and IP addresses and SHA512 hashe
s. A further 3 million accounts were obtained and added to HIBP
several days after the initial data was loaded bringing the total to
over 5 million.

NotAcxio June 21, In 2020, a corpus of data containing almost a quarter of a billion Email addresses,IP addr 15
m 2020 records spanning over 400 different fields was misattributed to d esses,Names,Phone nu
atabase marketing company Acxiom and subsequently circulated mbers,Physical address
within the hacking community. On review, Acxiom concluded tha es
t "the claims are indeed false and that the data, which has b
een readily available across multiple environments, does not com
e from Acxiom and is in no way the subject of an Acxiom breach
". The data contained almost 52M unique email addresses.

BVD August 1 In approximately August 2021, hundreds of gigabytes of busines Dates of birth,Email add 26
9, 2021 s data collated from public sources was obtained and later publis resses,Job titles,Name
hed to a popular hacking forum. Sourced from a customer of Bur s,Phone numbers,Physi
eau van Dijk's (BvD) "Orbis" product, the corpus of da cal addresses
ta released contained hundreds of millions of lines about corpor
ations and individuals, including personal information such as na
mes and dates of birth. The data also included 28M unique email
addresses along with physical addresses (presumedly corporate
locations), phone numbers and job titles. There was no unauthor
ised access to BvD's systems, nor did the incident expose any of
their or parent company's Moody's clients.

Bitly May 08, 2 In May 2014, the link management company Bitly announced the Email addresses,Passw 4
014 y'd suffered a data breach. The breach contained over 9.3 million ords,Usernames
unique email addresses, usernames and hashed passwords, mos
t using SHA1 with a small number using bcrypt.

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 100
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Leak Name Leak Date Leak Description Category Affected Users

Kickstarte February In February 2014, the crowdfunding platform Kickstarter annou Email addresses,Passw 1
r 16, 2014 nced they'd suffered a data breach. The breach contained almost ords
5.2 million unique email addresses, usernames and salted SHA1
hashes of passwords.

SHEIN June 01, In June 2018, online fashion retailer SHEIN suffered a data breac Email addresses,Passw 3
2018 h. The company discovered the breach 2 months later in August ords
then disclosed the incident another month after that. A total of 3
9 million unique email addresses were found in the breach along
side MD5 password hashes. The data was provided to HIBP by a
source who requested it be attributed to "[Link]@pr
[Link]".

TGBUS Septembe In approximately 2017, it's alleged that the Chinese gaming site k Email addresses,Passw 1
r 01, 201 nown as TGBUS suffered a data breach that impacted over 10 mil ords,Usernames
7 lion unique subscribers. Whilst there is evidence that the data is l
egitimate, due to the difficulty of emphatically verifying the Chine
se breach it has been flagged as "unverified". The dat
a in the breach contains usernames, email addresses and salted
MD5 password hashes and was provided with support from deh
[Link]. Read more about Chinese data breaches in Have I Be
en Pwned.

Intelimost March 10, In March 2019, a spam operation known as "Intelimost&qu Email addresses,Passw 4
2019 ot; sent millions of emails appearing to come from people the rec ords
ipients knew. Security researcher Bob Diachenko found over 3 m
illion unique email addresses in an exposed Elasticsearch databa
se, alongside plain text passwords used to access the victim's ma
ilbox and customise the spam.

Hopamedi August 3 In 2024, data relating to an unknown service referred to as &quo Email addresses,Geogr 1
a 0, 2020 t;Hopamedia" and dating back to 2020 appeared in a public aphic locations,Names,
ly exposed database. The data included almost 24M records of e Phone numbers,Teleco
mail address, name, phone number, the country of the individual mmunications carrier
and their telecommunications carrier.

Bonobos August 1 In August 2020, the clothing store Bonobos suffered a data breac Email addresses,Histori 3
4, 2020 h that exposed almost 70GB of data containing 2.8 million uniqu cal passwords,IP addre
e email addresses. The breach also exposed names, physical and sses,Names,Partial cred
IP addresses, phone numbers, order histories and passwords st it card data,Passwords,
ored as salted SHA-512 hashes, including historical passwords. Phone numbers,Physic
The breach also exposed partial credit card data including card t al addresses,Purchases
ype, the name on the card, expiry date and the last 4 digits of the
card. The data was provided to HIBP by [Link].

2844Brea February In February 2018, a massive collection of almost 3,000 alleged d Email addresses,Passw 11
ches 19, 2018 ata breaches was found online. Whilst some of the data had previ ords
ously been seen in Have I Been Pwned, 2,844 of the files consisti
ng of more than 80 million unique email addresses had not previ
ously been seen. Each file contained both an email address and p

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 101
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Leak Name Leak Date Leak Description Category Affected Users

lain text password and were consequently loaded as a single &qu

ot;unverified" data breach.

Avvo December In approximately December 2019, an alleged data breach of the la Email addresses,Passw 2
17, 2019 wyer directory service Avvo was published to an online hacking f ords
orum and used in an extortion scam (it's possible the exposure d
ates back earlier than that). The data contained 4.1M unique emai
l addresses alongside SHA-1 hashes, most likely representing us
er passwords. Multiple attempts at contacting Avvo over the cour
se of a week were unsuccessful and the authenticity of the data
was eventually verified with common Avvo and HIBP subscribers.

RentoMoj April 15, In April 2023, the Indian rental service RentoMojo suffered a data Dates of birth,Email add 1
o 2023 breach. The breach exposed over 2M unique email addresses alo resses,Genders,Govern
ng with names, phone, passport and Aadhaar numbers, genders, ment issued IDs,Names,
dates of birth, purchases and bcrypt password hashes. Passport numbers,Pass
words,Phone numbers,
Purchases,Social media
profiles

Chegg April 28, In April 2018, the textbook rental service Chegg suffered a data b Email addresses,Name 3
2018 reach that impacted 40 million subscribers. The exposed data inc s,Passwords,Phone nu
luded email addresses, usernames, names and passwords stored mbers,Physical address
as unsalted MD5 hashes. A small number of records also contain es,Usernames
ed physical address or phone number. The data was provided to
HIBP by a source who requested it be attributed to "[Link]
@[Link]".

Dymocks June 20, In September 2023, the Australian book retailer Dymocks annou Dates of birth,Email add 1
2023 nced a data breach. The data dated back to June 2023 and contai resses,Genders,Names,
ned 1.2M records with 836k unique email addresses. The breach Phone numbers,Physic
also exposed names, dates of birth, genders, phone numbers an al addresses
d physical addresses.

CouponM February In 2014, a file allegedly containing data hacked from Coupon Mo Email addresses,Passw 2
omAndAr 08, 2014 m was created and included 11 million email addresses and plain ords
morGame text passwords. On further investigation, the file was also found t
s o contain data indicating it had been sourced from Armor Game
s. Subsequent verification with HIBP subscribers confirmed the p
asswords had previously been used and many subscribers had u
sed either Coupon Mom or Armor Games in the past. On disclos
ure to both organisations, each found that the data did not repre
sent their entire customer base and possibly includes records fr
om other sources with common subscribers. The breach has su
bsequently been flagged as "unverified" as the source
cannot be emphatically proven. In July 2020, the data was also f
ound to contain BeerAdvocate accounts sourced from a previou
sly unknown breach.

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 102
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Leak Name Leak Date Leak Description Category Affected Users

Speedio December In December 2024, data alleged to have been taken from the Braz Company names,Email 3
24, 2024 ilian lead generation platform Speedio was posted for sale to a p addresses,Phone numb
opular hacking forum. The data was allegedly obtained from an u ers,Physical addresses
nsecured Elasticsearch instance and contained over 62M record
s of largely public business information including company name
s, phone numbers and physical addresses, along with 27M uniqu
e email addresses, predominantly from public services such as G
mail and Outlook. Speedio did not respond to multiple attempts t
o disclose the incident, and the origin of the data could not be in
dependently verified. The data was provided to HIBP by a source
who requested it be attributed to "ayame@[Link]".

Edmodo May 11, 2 In May 2017, the education platform Edmodo was hacked resulti Email addresses,Passw 2
017 ng in the exposure of 77 million records comprised of over 43 mi ords,Usernames
llion unique customer email addresses. The data was consequent
ly published to a popular hacking forum and made freely availabl
e. The records in the breach included usernames, email addresse
s and bcrypt hashes of passwords.

ModernB October 0 In October 2016, a large Mongo DB file containing tens of million Dates of birth,Email add 9
usinessS 8, 2016 s of accounts was shared publicly on Twitter (the file has since be resses,Genders,IP addr
olutions en removed). The database contained over 58M unique email add esses,Job titles,Names,
resses along with IP addresses, names, home addresses, gender Phone numbers,Physic
s, job titles, dates of birth and phone numbers. The data was sub al addresses
sequently attributed to "Modern Business Solutions",
a company that provides data storage and database hosting solut
ions. They've yet to acknowledge the incident or explain how they
came to be in possession of the data.

Teespring April 01, In April 2020, the custom printed apparel website Teespring suff Email addresses,Geogr 1
2020 ered a data breach that exposed 8.2 million customer records. T aphic locations,Names,
he data included email addresses, names, geographic locations a Social media profiles
nd social media IDs.

Disqus July 01, 2 In October 2017, the blog commenting service Disqus announce Email addresses,Passw 1
012 d they'd suffered a data breach. The breach dated back to July 20 ords,Usernames
12 but wasn't identified until years later when the data finally surf
aced. The breach contained over 17.5 million unique email addre
sses and usernames. Users who created logins on Disqus had sal
ted SHA1 hashes of passwords whilst users who logged in via so
cial providers only had references to those accounts.

KayoMoe Septembe In September 2018, a collection of almost 42 million email addre Email addresses,Passw 2
r 11, 201 ss and plain text password pairs was uploaded to the anonymou ords
8 s file sharing service [Link]. The operator of the service conta
cted HIBP to report the data which, upon further investigation, tu
rned out to be a large credential stuffing list. For more informatio
n, read about The 42M Record [Link] Credential Stuffing Data.

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 103
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Leak Name Leak Date Leak Description Category Affected Users

Bulgarian July 15, 2 In July 2019, a massive data breach of the Bulgarian National Rev Email addresses,Name 1
NationalR 019 enue Agency began circulating with data on 5 million people. Alle s,Phone numbers,Physi
evenueAg gedly obtained in June, the data was broadly shared online and i cal addresses,Taxation
ency ncluded taxation information alongside names, phone numbers, records
physical addresses and 471 thousand unique email addresses. T
he breach is said to have affected "nearly all adults in Bulga
ria".

Poshmark May 16, 2 In mid-2018, social commerce marketplace Poshmark suffered a Email addresses,Gende 2
018 data breach that exposed 36M user accounts. The compromised rs,Geographic location
data included email addresses, names, usernames, genders, locat s,Names,Passwords,Us
ions and passwords stored as bcrypt hashes. The data was provi ernames
ded to HIBP by a source who requested it be attributed to "JimSc
[Link]@[Link]".

Locally October 0 In October 2022, "The Industry's Leading Online-to-Offline Email addresses,Partial 1
1, 2022 Shopping Solution" Locally suffered a data breach. Whilst L credit card data,Passwo
ocally acknowledged the breach privately, it's unknown whether i rds,Phone numbers,Ph
mpacted customers were subsequently notified of the incident w ysical addresses,Purch
hich exposed over 362k names, phone numbers, email and physi ases
cal addresses, purchases, credit card type and last four digits an
d bcrypt password hashes.

Gemplex February In February 2021, the Indian streaming platform Gemplex suffere Device information,Ema 1
18, 2021 d a data breach that exposed 4.6M user accounts. The impacted il addresses,Names,Pas
data included device information, names, phone numbers, email swords,Phone numbers
addresses and bcrypt password hashes.

SCDailyP April 14, In early 2015, a spam list known as SC Daily Phone emerged cont Dates of birth,Email add 6
honeSpa 2015 aining almost 33M identities. The data includes personal attribut resses,Genders,IP addr
mList es such as names, physical and IP addresses, genders, birth date esses,Names,Physical a
s and phone numbers. Read more about spam lists in HIBP. ddresses

Vakinha June 22, In June 2020, the Brazilian fund raising service Vakinha suffered Dates of birth,Email add 1
2020 a data breach which impacted almost 4.8 million members. The e resses,IP addresses,Na
xposed data included email addresses, names, phone numbers, g mes,Passwords,Phone
eographic locations and passwords stored as bcrypt hashes, all numbers
of which was subsequently shared extensively throughout online
hacking communities. The data was provided to HIBP by dehashe
[Link].

Lazada July 30, 2 In October 2020, news broke of Lazada RedMart data breach con Email addresses,Name 1
020 taining records as recent as July 2020 and being sold via an onli s,Partial credit card dat
ne marketplace. In all, the data contained 1.1 million customer e a,Passwords,Phone nu
mail addresses alongside names, phone numbers, physical addre mbers,Physical address
sses, partial credit card numbers and passwords stored as SHA- es
1 hashes.

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 104
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Leak Name Leak Date Leak Description Category Affected Users

Hurb March 14, In approximately March 2019, the online Brazilian travel agency Dates of birth,Email add 5
2019 Hurb (formerly Hotel Urbano) suffered a data breach. The data su resses,IP addresses,Na
bsequently appeared online for download the following year and mes,Passwords,Phone
included over 20 million customer records with email and IP add numbers,Social media p
resses, names, dates of birth, phone numbers and passwords st rofiles
ored as unsalted MD5 hashes. The data was provided to HIBP by
[Link].

Eye4Frau January 2 In February 2023, data alleged to have been taken from the fraud Email addresses,IP addr 3
d 5, 2023 protection service Eye4Fraud was listed for sale on a popular ha esses,Names,Partial cre
cking forum. Spanning tens of millions of rows with 16M unique dit card data,Password
email addresses, the data was spread across 147 tables totalling s,Phone numbers,Physi
65GB and included both direct users of the service and what app cal addresses
ears to be individuals who'd placed orders on other services that
implemented Eye4Fraud to protect their sales. The data included
names and bcrypt password hashes for users, and names, phon
e numbers, physical addresses and partial credit card data (card
type and last 4 digits) for orders placed using the service. Eye4Fr
aud did not respond to multiple attempts to report the incident.

Twitter January 0 In January 2022, a vulnerability in Twitter's platform allowed an a Bios,Email addresses,G 1
1, 2022 ttacker to build a database of the email addresses and phone nu eographic locations,Na
mbers of millions of users of the social platform. In a disclosure mes,Phone numbers,Pr
notice later shared in August 2022, Twitter advised that the vulne ofile photos,Usernames
rability was related to a bug introduced in June 2021 and that th
ey are directly notifying impacted customers. The impacted data i
ncluded either email address or phone number alongside other p
ublic information including the username, display name, bio, loca
tion and profile photo. The data included 6.7M unique email addr
esses across both active and suspended accounts, the latter app
earing in a separate list of 1.4M addresses.

Trello January 1 In January 2024, data was scraped from Trello and posted for sa Email addresses,Name 1
6, 2024 le on a popular hacking forum. Containing over 15M email addre s,Usernames
sses, names and usernames, the data was obtained by enumerati
ng a publicly accessible resource using email addresses from pre
vious breach corpuses. Trello advised that no unauthorised acce
ss had occurred.

Zacks May 10, 2 In December 2022, the investment research company Zacks ann Email addresses,Name 7
020 ounced a data breach. The following month, reports emerged of t s,Passwords,Phone nu
he incident impacting 820k customers. However, in June 2023, a mbers,Physical address
corpus of data with almost 9M Zacks customers appeared before es,Usernames
being broadly circulated on a popular hacking forum. The most r
ecent data was dated May 2020 and included names, usernames,
email and physical addresses, phone numbers and passwords st
ored as unsalted SHA-256 hashes. On disclosure of the larger br
each, Zacks advised that in addition to their original report &quo
t;the unauthorised third parties also gained access to encrypted
[sic] passwords of [Link] customers, but only in the encrypt
ed [sic] format".

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 105
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Leak Name Leak Date Leak Description Category Affected Users

LeadHunt March 04, In March 2020, a massive trove of personal information referred Email addresses,Gende 9
er 2020 to as "Lead Hunter" was provided to HIBP after being rs,IP addresses,Names,
found left exposed on a publicly facing Elasticsearch server. The Phone numbers,Physic
data contained 69 million unique email addresses across 110 mil al addresses
lion rows of data accompanied by additional personal informatio
n including names, phone numbers, genders and physical addres
ses. At the time of publishing, the breach could not be attributed
to those responsible for obtaining and exposing it. The data was
provided to HIBP by [Link].

Romwe June 01, In mid-2018, the Hong Kong-based retailer Romwe suffered a dat Geographic locations,IP 1
2018 a breach which exposed almost 20 million customers. The data w addresses,Names,Pass
as subsequently sold online and includes names, phone number words,Phone numbers,
s, email and IP addresses, customer geographic locations and pa Physical addresses
sswords stored as salted SHA-1 hashes. The data was provided t
o HIBP by [Link].

Finsure October 1 In October 2024, almost 300k unique email addresses from Aust Email addresses,Name 1
5, 2024 ralian mortgage broking group Finsure were obtained from the A s,Phone numbers,Physi
ctivePipe real estate marketing platform. The impacted data also i cal addresses
ncluded names, phone numbers and physical addresses. The inci
dent did not directly affect any of Finsure's systems or expose an
y passwords or financial data.

TruthFind April 12, In 2019, the public records search service TruthFinder suffered a Email addresses,Name 2
er 2019 data breach that later came to light in early 2023. The data includ s,Passwords,Phone nu
ed over 8M unique customer email addresses, names, phone nu mbers
mbers and passwords stored as scrypt hashes.

ClearVoic August 2 In April 2021, the market research surveys company ClearVoice Dates of birth,Email add 1
eSurveys 3, 2015 Surveys had a publicly facing database backup from 2015 taken resses,Genders,IP addr
and redistributed on a popular hacking forum. The data included esses,Names,Password
15M unique email addresses across more than 17M rows of data s,Phone numbers,Physi
that also included names, physical and IP addresses, genders, da cal addresses
tes of birth and plain text passwords. ClearVoice Surveys advise
d they were aware of the breach and confirmed its authenticity.

Forbes February In February 2014, the Forbes website succumbed to an attack th Email addresses,Passw 1
15, 2014 at leaked over 1 million user accounts. The attack was attributed ords,User website URL
to the Syrian Electronic Army, allegedly as retribution for a perce s,Usernames
ived "Hate of Syria". The attack not only leaked user credentials, b
ut also resulted in the posting of fake news stories to [Link]
m.

Netlog Novembe In July 2018, the Belgian social networking site Netlog identified a Email addresses,Passw 1
r 01, 201 data breach of their systems dating back to November 2012 (PD ords
2 F). Although the service was discontinued in 2015, the data brea
ch still impacted 49 million subscribers for whom email addresse
s and plain text passwords were exposed. The data was provided

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 106
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Leak Name Leak Date Leak Description Category Affected Users

to HIBP by a source who requested it be attributed to "Jim

[Link]@[Link]".

Paytm August 3 In August 2020, the Indian payment provider Paytm was reporte Dates of birth,Email add 1
0, 2020 d as having suffered a data breach and subsequent ransom dema resses,Genders,Geogra
nd, after which the data was circulated publicly. Further investiga phic locations,Income l
tion into the data concluded that the breach was fabricated and d evels,Names,Phone nu
id not originate from Paytm. The impacted data covered 3.4M uni mbers,Purchases
que email addresses along with names, phone numbers, genders,
dates of birth, income levels and previous purchases.

LiveJourn January 0 In mid-2019, news broke of an alleged LiveJournal data breach. T Email addresses,Passw 1
al 1, 2017 his followed multiple reports of credential abuse against Dreamw ords,Usernames
idth beginning in 2018, a fork of LiveJournal with a significant cr
ossover in user base. The breach allegedly dates back to 2017 an
d contains 26M unique usernames and email addresses (both of
which have been confirmed to exist on LiveJournal) alongside pla
in text passwords. An archive of the data was subsequently shar
ed on a popular hacking forum in May 2020 and redistributed br
oadly. The data was provided to HIBP by a source who requested
it be attributed to "nano@[Link]".

SpecialKS October 0 In mid to late 2015, a spam list known as the Special K Data Feed Dates of birth,Email add 1
pamList 7, 2015 was discovered containing almost 31M identities. The data includ resses,Genders,IP addr
es personal attributes such as names, physical and IP addresses, esses,Names,Physical a
genders, birth dates and phone numbers. Read more about spam ddresses
lists in HIBP.

123RF March 22, In March 2020, the stock photo site 123RF suffered a data breac Email addresses,IP addr 1
2020 h which impacted over 8 million subscribers and was subsequen esses,Names,Password
tly sold online. The breach included email, IP and physical addres s,Phone numbers,Physi
ses, names, phone numbers and passwords stored as MD5 hash cal addresses,Usernam
es. The data was provided to HIBP by [Link]. es

Wishbone January 2 In January 2020, the mobile app to "compare anything&qu Auth tokens,Dates of bi 1
2020 7, 2020 ot; Wishbone suffered another data breach which followed their rth,Email addresses,Ge
breach from 2016. An extensive amount of personal information nders,Geographic locati
including almost 10M unique email addresses alongside names, ons,IP addresses,Name
phone numbers geographic locations and other personal attribut s,Passwords,Phone nu
es were leaked online and extensively redistributed. Passwords s mbers,Profile photos,S
tored as unsalted MD5 hashes were also included in the breach. ocial media profiles,Use
The data was provided to HIBP by a source who requested it be a rnames
ttributed to "All3in".

Acuity June 18, In mid-2020, a 437GB corpus of data attributed to an entity nam Dates of birth,Email add 1
2020 ed "Acuity" was created and later extensively distribu resses,Genders,IP addr
ted. However, the source could not be confidently verified as any esses,Names,Phone nu
known companies named Acuity. The data totalled over 14M uni mbers,Physical address
que email addresses with each row containing extensive persona es,Salutations
l information across more than 400 columns of data including na

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 107
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Leak Name Leak Date Leak Description Category Affected Users

mes, phone numbers, physical addresses, genders and dates of

birth.

Glofox March 27, In March 2020, the Irish gym management software company Glo Dates of birth,Email add 1
2020 fox suffered a data breach which exposed 2.3M membership rec resses,Genders,Names,
ords. The data included email addresses, names, phone number Passwords,Phone num
s, genders, dates of birth and passwords stored as unsalted MD5 bers
hashes.

LinuxFor May 01, 2 In May 2018, the Linux Forums website suffered a data breach w Email addresses,IP addr 1
ums 018 hich resulted in the disclosure of 276k unique email addresses. R esses,Passwords,Usern
unning on an old version of vBulletin, the breach also disclosed u ames
sernames, IP addresses and salted MD5 password hashes. Linux
Forums did not respond to multiple attempts to contact them ab
out the breach.

TheFlyOn December In December 2017, the stock market news website The Fly on the Age groups,Credit card 1
TheWall 31, 2017 Wall suffered a data breach. The data in the breach included 84k s,Email addresses,Gend
unique email addresses as well as purchase histories and credit ers,Names,Passwords,P
card data. Numerous attempts were made to contact The Fly on t hone numbers,Physical
he Wall about the incident, however no responses were received. addresses,Purchases,U
sernames

Stratfor December In December 2011, "Anonymous" attacked the global Credit cards,Email addr 2
24, 2011 intelligence company known as "Stratfor" and conseq esses,Names,Password
uently disclosed a veritable treasure trove of data including hund s,Phone numbers,Physi
reds of gigabytes of email and tens of thousands of credit card d cal addresses,Usernam
etails which were promptly used by the attackers to make charita es
ble donations (among other uses). The breach also included 860,
000 user accounts complete with email address, time zone, some
internal system data and MD5 hashed passwords with no salt.

ToonDoo August 2 In August 2019, the comic strip creation website ToonDoo suffer Email addresses,Gende 1
1, 2019 ed a data breach. The data was subsequently redistributed on a p rs,Geographic location
opular hacking forum in November where the personal informati s,IP addresses,Passwor
on of over 6M subscribers was shared. Impacted data included e ds,Usernames
mail and IP addresses, usernames, genders, the location of the in
dividual and salted password hashes.

DDO April 02, In April 2013, the interactive video game Dungeons & Drago Dates of birth,Email add 1
2013 ns Online suffered a data breach that exposed almost 1.6M playe resses,IP addresses,Pas
rs' accounts. The data was being actively traded on underground swords,Usernames,We
forums and included email addresses, birth dates and password bsite activity
hashes.

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 108
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Leak Name Leak Date Leak Description Category Affected Users

JobAndT February In approximately February 2018, the employment website Joban Email addresses,IP addr 2
alent 01, 2018 dtalent suffered a data breach which then appeared for sale alon esses,Names,Password
gside other breaches a year later. The incident impacted 11 millio s
n subscribers and exposed their names, email and IP addresses a
nd passwords stored as salted SHA-1 hashes.

IndiaMAR May 23, 2 In August 2021, 38 million records from Indian e-commerce com Email addresses,Name 1
T 021 pany IndiaMART were found being traded on a popular hacking f s,Phone numbers,Physi
orum. Dated several months earlier, the data included over 20 mil cal addresses
lion unique email addresses alongside names, phone numbers an
d physical addresses. It's unclear whether IndiaMART intentionall
y exposed the data attributes as part of the intended design of th
e platform or whether the data was obtained by exploiting a vuln
erability in the service.

AllianzLif July 16, 2 In July 2025, Allianz Life was the victim of a cyber attack which r Dates of birth,Email add 1
e 025 esulted in millions of records later being leaked online. Allianz att resses,Genders,Names,
ributed the attack to "a social engineering technique" which targe Phone numbers,Physic
ted data on Salesforce and resulted in the exposure of 1.1M uniq al addresses
ue email addresses, names, genders, dates of birth, phone numb
ers and physical addresses.

Terravisio February In February 2023, the European airport transfers service Terravi Dates of birth,Email add 1
n 01, 2023 sion suffered a data breach. The breach exposed over 2M record resses,Geographic loca
s of customer data including names, phone numbers, email addr tions,Names,Password
esses, salted password hashes and in some cases, date of birth a s,Phone numbers
nd country of origin. Terravision did not respond to multiple atte
mpts by individuals period over a period of months to report the
incident.

LiveAucti June 19, In June 2020, the online antiques marketplace LiveAuctioneers s Email addresses,IP addr 2
oneers 2020 uffered a data breach which was subsequently sold online then e esses,Names,Password
xtensively redistributed in the hacking community. The data cont s,Phone numbers,Physi
ained 3.4 million records including names, email and IP addresse cal addresses,Usernam
s, physical addresses, phones numbers and passwords stored a es
s unsalted MD5 hashes. The data was provided to HIBP by breac
[Link].

Audi August 1 In August 2019, Audi USA suffered a data breach after a vendor l Dates of birth,Driver's li 2
4, 2019 eft data unsecured and exposed on the internet. The data contain censes,Email addresse
ed 2.7M unique email addresses along with names, phone numbe s,Names,Phone number
rs, physical addresses and vehicle information including VIN. In a s,Physical addresses,So
disclosure statement from Audi, they also advised some custome cial security numbers,V
rs had driver's licenses, dates of birth, social security numbers a ehicle details
nd other personal information exposed.

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 109
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Leak Name Leak Date Leak Description Category Affected Users

LuminPD April 01, In April 2019, the PDF management service Lumin PDF suffered a Auth tokens,Email addr 1
F 2019 data breach. The breach wasn't publicly disclosed until Septembe esses,Genders,Names,P
r when 15.5M records of user data appeared for download on a asswords,Spoken langu
popular hacking forum. The data had been left publicly exposed i ages,Usernames
n a MongoDB instance after which Lumin PDF was allegedly been
"contacted multiple times, but ignored all the queries&quo
t;. The exposed data included names, email addresses, genders, s
poken language and either a bcrypt password hash or Google aut
h token. The data was provided to HIBP by a source who request
ed it be attributed to "[Link]@[Link]&quo
t;.

DataEnric December In December 2016, more than 200 million "data enrichment Buying preferences,Cha 1
hment 23, 2016 profiles" were found for sale on the darknet. The seller clai ritable donations,Credit
med the data was sourced from Experian and whilst that claim w status information,Date
as rejected by the company, the data itself was found to be legiti s of birth,Email address
mate suggesting it may have been sourced from other legitimate l es,Family structure,Fina
ocations. In total, there were more than 8 million unique email ad ncial investments,Home
dresses in the data which also contained a raft of other personal ownership statuses,Inc
attributes including credit ratings, home ownership status, family ome levels,Job titles,Ma
structure and other fields described in the story linked to above. rital statuses,Names,Ne
The email addresses alone were provided to HIBP. t worths,Phone number
s,Physical addresses,Po
litical donations

TAPAirPo August 2 In August 2022, the Portuguese airline TAP Air Portugal was the t Dates of birth,Email add 2
rtugal 5, 2022 arget of a ransomware attack perpetrated by the Ragnar Locker g resses,Genders,Names,
ang who later leaked the compromised data via a public dark web Nationalities,Phone nu
site. Over 5M unique email addresses were exposed alongside ot mbers,Physical address
her personal data including names, genders, DoBs, phone numbe es,Salutations,Spoken l
rs and physical addresses. anguages

Deezer April 22, In late 2022, the music streaming service Deezer disclosed a data Dates of birth,Email add 1
2019 breach that impacted over 240M customers. The breach dated b resses,Genders,Geogra
ack to a mid-2019 backup exposed by a 3rd party partner which phic locations,IP addres
was subsequently sold and then broadly redistributed on a popu ses,Names,Spoken lang
lar hacking forum. Impacted data included 229M unique email ad uages,Usernames
dresses, IP addresses, names, usernames, genders, DoBs and the
geographic location of the customer.

Ulmon January 2 In January 2020, the travel app creator Ulmon suffered a data br Bios,Email addresses,N 1
6, 2020 each. The service had almost 1.3M records with 777k unique em ames,Passwords,Phone
ail addresses, names, passwords stored as bcrypt hashes and in numbers,Social media p
some cases, social media profile IDs, telephone numbers and bio rofiles
s. The data was subsequently posted to a popular hacking forum.

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 110
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Leak Name Leak Date Leak Description Category Affected Users

iMesh Septembe In September 2013, the media and file sharing client known as iM Email addresses,IP addr 3
r 22, 201 esh was hacked and approximately 50M accounts were exposed. esses,Passwords,Usern
3 The data was later put up for sale on a dark market website in mi ames
d-2016 and included email and IP addresses, usernames and salt
ed MD5 hashes.

HotTopic October 1 In October 2024, retailer Hot Topic suffered a data breach that ex Dates of birth,Email add 1
9, 2024 posed 57 million unique email addresses. The impacted data also resses,Genders,Names,
included physical addresses, phone numbers, purchases, gender Partial credit card data,
s, dates of birth and partial credit data containing card type, expi Phone numbers,Physic
ry and last 4 digits. al addresses,Purchase
s,Salutations

PetFlow December In December 2017, the pet care delivery service PetFlow suffered Email addresses,Passw 1
09, 2017 a data breach which consequently appeared for sale on a dark w ords
eb marketplace. Almost 1M accounts were impacted and expose
d email addresses and passwords stored as unsalted MD5 hashe
s. The data was provided to HIBP by a source who requested it b
e attributed to "nano@[Link]".

HomeChe February In early 2020, the food delivery service Home Chef suffered a dat Email addresses,Geogr 1
f 10, 2020 a breach which was subsequently sold online. The breach expos aphic locations,IP addre
ed the personal information of almost 9 million customers includ sses,Names,Partial cred
ing names, IP addresses, post codes, the last 4 digits of credit car it card data,Passwords,
d numbers and passwords stored as bcrypt hashes. The data wa Phone numbers
s provided to HIBP by [Link].

VK January 0 In approximately 2012, the Russian social media site known as V Email addresses,Name 1
1, 2012 K was hacked and almost 100 million accounts were exposed. Th s,Passwords,Phone nu
e data emerged in June 2016 where it was being sold via a dark mbers
market website and included names, phone numbers email addre
sses and plain text passwords.

Minted May 06, 2 In May 2020, the online marketplace for independent artists Mint Email addresses,Name 1
020 ed suffered a data breach that exposed 4.4M unique customer re s,Passwords,Phone nu
cords subsequently sold on a dark web marketplace. Exposed da mbers,Physical address
ta also included names, physical addresses, phone numbers and es
passwords stored as bcrypt hashes. The data was provided to HI
BP by [Link].

Lastfm March 22, In March 2012, the music website [Link] was hacked and 43 mil Email addresses,Passw 2
2012 lion user accounts were exposed. Whilst [Link] knew of an incid ords,Usernames,Websit
ent back in 2012, the scale of the hack was not known until the d e activity
ata was released publicly in September 2016. The breach include
d 37 million unique email addresses, usernames and passwords
stored as unsalted MD5 hashes.

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 111
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Leak Name Leak Date Leak Description Category Affected Users

MailRu Septembe In September 2014, several large dumps of user accounts appear Email addresses,Passw 1
r 10, 201 ed on the Russian Bitcoin Security Forum including one with nea ords
4 rly 5M email addresses and passwords, predominantly on the ma
[Link] domain. Whilst unlikely to be the result of a direct attack agai
nst [Link], the credentials were confirmed by many as legitimate
for other services they had subscribed to. Further data allegedly
valid for [Link] and containing email addresses and plain text pa
sswords was added in January 2018 bringing to total to more th
an 16M records. The incident was also then flagged as "unv
erified", a concept that was introduced after the initial data
load in 2014.

Foodora April 22, In April 2016, the online food delivery service Foodora suffered a Email addresses,Name 1
2016 data breach which was then extensively redistributed online. The s,Passwords,Phone nu
breach included the personal information of hundreds of thousa mbers,Physical address
nds of customers from multiple countries including their names, es
delivery addresses, phone numbers and passwords stored as eit
her a salted MD5 or a bcrypt hash.

Pemiblan April 02, In April 2018, a credential stuffing list containing 111 million ema Email addresses,Passw 1
c 2018 il addresses and passwords known as Pemiblanc was discovered ords
on a French server. The list contained email addresses and pass
words collated from different data breaches and used to mount a
ccount takeover attacks against other services. Read more about
the incident.

iDressup July 15, 2 In June 2016, the teen social site known as i-Dressup was hacke Email addresses,Passw 1
016 d and over 2 million user accounts were exposed. At the time the ords
hack was reported, the i-Dressup operators were not contactable
and the underlying SQL injection flaw remained open, allegedly e
xposing a total of 5.5 million accounts. The breach included emai
l addresses and passwords stored in plain text.

FlexBook December In December 2021, the online booking service FlexBooker suffere Email addresses,Name 1
er 23, 2021 d a data breach that exposed 3.7 million accounts. The data inclu s,Partial credit card dat
ded email addresses, names, phone numbers and for a small nu a,Passwords,Phone nu
mber of accounts, password hashes and partial credit card data. mbers
FlexBooker has identified the breach as originating from a compr
omised account within their AWS infrastructure. The data was fo
und being actively traded on a popular hacking forum and was pr
ovided to HIBP by a source who requested it be attributed to &qu
ot;white_peacock@[Link]".

Nihonom December In late 2015, the anime community known as Nihonomaru had th Email addresses,IP addr 1
aru 01, 2015 eir vBulletin forum hacked and 1.7 million accounts exposed. The esses,Passwords,Usern
compromised data included email and IP addresses, usernames a ames
nd salted hashes of passwords.

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 112
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Leak Name Leak Date Leak Description Category Affected Users

Operation May 23, 2 In May 2025, a coalition of law enforcement agencies took down Email addresses,Passw 1
Endgame 025 the criminal infrastructure behind the malware used to launch ra ords
2 nsomware attacks in a new phase of "Operation Endgame&
quot;. This followed the first Operation Endgame exercise a year
earlier, with the latest action resulting in 15.3M victim email addr
esses being provided to HIBP by law enforcement. A further 43.8
M victim passwords were also provided for HIBP's Pwned Passw
ords service.

Bell2017 May 15, 2 In May 2017, the Bell telecommunications company in Canada su Email addresses,Geogr 1
017 ffered a data breach resulting in the exposure of millions of custo aphic locations,IP addre
mer records. The data was consequently leaked online with a me sses,Job titles,Names,P
ssage from the attacker stating that they were "releasing a s asswords,Phone numb
ignificant portion of [Link]'s data due to the fact that they have fa ers,Spoken languages,S
iled to cooperate with us" and included a threat to leak mor urvey results,Username
e. The impacted data included over 2 million unique email addres s
ses and 153k survey results dating back to 2011 and 2012. Ther
e were also 162 Bell employee records with more comprehensive
personal data including names, phone numbers and plain text &q
uot;passcodes". Bell suffered another breach in 2014 whic
h exposed 40k records.

Dodonew December In late 2011, data was allegedly obtained from the Chinese websit Email addresses,Userna 1
01, 2011 e known as [Link] and contained 8.7M accounts. Whilst t mes
here is evidence that the data is legitimate, due to the difficulty of
emphatically verifying the Chinese breach it has been flagged as
"unverified". The data in the breach contains email ad
dresses and user names. Read more about Chinese data breache
s in Have I Been Pwned.

KnownCir April 12, In approximately April 2016, the "marketing automation for Email addresses,Email 1
cle 2016 agents and professional service providers" company Know messages,Genders,Nam
nCircle had a large volume of data obtained by an external party. es,Passwords,Phone nu
The data belonging to the now defunct service appeared in JSON mbers,Physical address
format and contained gigabytes of data related to the real estate es
and insurance sectors. The personal data in the breach appears t
o have primarily been used for marketing purposes, including log
s of emails sent and tracking of gift cards. A small number of pas
swords for KnownCircle staff were also present and were stored
as bcrypt hashes.

MGM July 25, 2 In July 2019, MGM Resorts discovered a data breach of one of th Dates of birth,Email add 1
019 eir cloud services. The breach included 10.6M guest records wit resses,Names,Phone nu
h 3.1M unique email addresses stemming back to 2017. The exp mbers,Physical address
osed data included email and physical addresses, names, phone es
numbers and dates of birth and was subsequently shared on a p
opular hacking forum in February 2020 where it was extensively
redistributed. The data was provided to HIBP by Under The Breac
h.

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 113
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Leak Name Leak Date Leak Description Category Affected Users

MMGFusi December In December 2020, the dental practice management service MMG Appointments,Dates of 1
on 20, 2020 Fusion was the victim of a data breach which exposed 2.6M uniq birth,Email addresses,G
ue email addresses. The data also included patient appointments, enders,Marital statuses,
names, phone numbers, dates of birth, genders and physical add Names,Passwords,Pho
resses. A small number of records also included passwords stor ne numbers,Physical ad
ed as bcrypt hashes. dresses

CafePress February In February 2019, the custom merchandise retailer CafePress su Email addresses,Name 1
20, 2019 ffered a data breach. The exposed data included 23 million uniqu s,Passwords,Phone nu
e email addresses with some records also containing names, phy mbers,Physical address
sical addresses, phone numbers and passwords stored as SHA-1 es
hashes. The data was provided to HIBP by a source who requeste
d it be attributed to "[Link]@[Link]".

CDEK March 09, In early 2022, a collective known as IT Army whose stated goal is Email addresses,Name 1
2022 to "completely de-anonymise most Russian users by leakin s,Phone numbers
g hundreds of gigabytes of databases" published over 30G
B of data allegedly sourced from Russian courier service CDEK. T
he data contained over 19M unique email addresses along with n
ames and phone numbers. The authenticity of the breach could n
ot be independently established and has been flagged as "u
nverfieid".

StreetEas June 28, In approximately June 2016, the real estate website StreetEasy s Email addresses,Name 1
y 2016 uffered a data breach. In total, 988k unique email addresses were s,Passwords,Username
included in the breach alongside names, usernames and SHA-1 h s
ashes of passwords, all of which appeared for sale on a dark web
marketplace in February 2019. The data was provided to HIBP by
a source who requested it be attributed to "[Link]@
[Link]".

PayAsUG December In December 2016, an attacker breached PayAsUGym's website e Browser user agent det 1
ym 15, 2016 xposing over 400k customers' personal data. The data was conse ails,Email addresses,IP
quently leaked publicly and broadly distributed via Twitter. The le addresses,Names,Partia
aked data contained personal information including email addres l credit card data,Passw
ses and passwords hashed using MD5 without a salt. ords,Phone numbers,W
ebsite activity

Wanelo December In approximately December 2018, the digital mall Wanelo suffere Email addresses,IP addr 1
13, 2018 d a data breach. The data was later placed up for sale on a dark w esses,Names,Password
eb marketplace along with a collection of other data breaches in s,Physical addresses
April 2019. A total of 23 million unique email addresses were incl
uded in the breach alongside passwords stored as either MD5 or
bcrypt hashes. After the initial HIBP load, further data containing
names, shipping addresses and IP addresses were also provided
to HIBP, albeit without direct association to the email addresses a
nd passwords. The data was provided to HIBP by a source who r
equested it be attributed to "[Link]@[Link]
m".

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 114
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Botnet Infections

Description Devices or credentials caught in botnet command and CyberMindr's approach Integrates threat feeds from botnet trackers and correlates
control logs indicate prior compromise. organization assets against known botnet data.

Malware
Name IP Address System Name URL Username Password
Location

CH9C2D7D0 [Link] - C:\Users\Lee [Link] WConklin@m EiBptszuGqR

2694E87BFB 3 ann\Desktop [Link] vKmc
99209DACA4 \bLVFrDriR3.
59362_2023_ exe
02_05T09_36
_31_773488.r
ar/Password
[Link]

NL8AFC57A1 185.220.100. - C:\Users\Meli [Link] CEngelking@ r0I0goo0xnJ

93B80DBA61 241 ssa\Office\tb [Link] Yuy
FEFFB8B0FE [Link]
7A80_2023_0
2_05T01_34_
57_729989.r
ar/Password
[Link]

[IN]205.254.1 205.254.175. ROHIT-DEMO C:\Users\Roh [Link] rohitksingh0 766572

[Link]/Al 169 N it\AppData\L [Link]/en-US/MMC/login 098@gmail.c
l Passwords.t ocal\Temp\c7 om
xt c12e17-d192
-4f3e-95c5-4
6d4279e007
9_Release.zip.
079\Release
\New Upd v1.
[Link]

[Botlogs 2023 [Link] - C:\Users\Virg [Link] [Link] TwkvhPV0F

0506.002 US 6 ie\Desktop\7 ewicz@mmc.
_BA3~1.252]. [Link] com
rar/Password
[Link]

NLDF126F1A 185.220.101. - C:\Users\Cle [Link] ModugnoMer zu4yHHO3Bi

2820C482DA 63 mentine\Offic ilee@[Link] WStV
C503903DE5 e\zN2zBvZkE m
C55F_2023_0 [Link]
2_05T18_38_
21_073607.r
ar/Password
[Link]

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 115
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Malware
Name IP Address System Name URL Username Password
Location

NL493433FE 185.220.100. - C:\Users\Joa [Link] CRodgerson 7Q0TjkYT

D8320A2921 243 n\Desktop\cL @[Link]
B7C3C3BB45 XG4gA6wA4.
7FE9_2023_0 exe
2_05T06_13_
02_192327.r
ar/Password
[Link]

UNKNOWN[D [Link] - C:\Users\Sid [Link] RaqueAvril@ fpHQr7XV7IH

6473533463 2 oney\Downlo [Link]
AB9DA784B5 ads\X9jiit0ub
448AFE19A9 [Link]
F] [2023-02-0
5T18_03_56.
8891848].ra
r/Passwords.
txt

NL50E8BB14 [Link] - C:\Users\Dar [Link] SSherbondy xYcrKsCSnAo

7813BC42DF 11 sey\Downloa @[Link] uI0x
59D2745B6D ds\PPU4T8xr
4D0B_2023_0 [Link]
2_06T02_03_
04_813547.r
ar/Password
[Link]

NLAB336FD9 185.220.101. - C:\Users\Kes [Link] [Link] zqwTJpOasx

3D78442B56 53 siah\Desktop om/home l@[Link]
905976E3CB \L4iJr1ZD5Z.
D3E3_2023_0 exe
2_05T15_26_
29_967428.r
ar/Password
[Link]

NLFD88FE6C 185.220.100. - C:\Users\Sop [Link] [Link] sHace9qAOV

2746942794 250 hi\Document @[Link] edn7Y
0C4C24B200 s\SjDBeHfgu.
C76D_2023_ exe
02_05T16_21
_07_281208.r
ar/Password
[Link]

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 116
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Malware
Name IP Address System Name URL Username Password
Location

GBFBB5E128 [Link] - C:\Users\Syd [Link] KBrozyna@m HpEtChnyOj2

516A3BD701 2 ney\Downloa [Link] S
5121891000 ds\h5Z1mAH
FCC3_2023_ [Link]
02_05T05_44
_41_703435.r
ar/Password
[Link]

NLFE09979F 185.220.100. - C:\Users\Kall [Link] SanchiousCin o2xEgnOmp

578DEBD55C 250 y\Documents n dee@[Link]
D290F54BBF \VVBeyoy7.e m
AD66_2023_ xe
02_06T00_32
_02_636931.r
ar/Password
[Link]

DK41EBFAE4 [Link] - C:\Users\Wil [Link] SakNatalee@ 7YT6KhNyv7

30983B42AF 3 ona\Office\U on [Link] dIvD
873CC45E83 [Link]
45F9_2023_0
2_05T09_08_
09_579058.r
ar/Password
[Link]

NL530BFDD2 185.220.101. - C:\Users\TEir [Link] SalliesKara@ LWt7KADdYm

5D8885C2F4 53 tza\Desktop [Link]
FF2239CCDE \O6P4dt3xNB
A901_2023_0 [Link]
2_05T17_44_
00_352235.r
ar/Password
[Link]

NLF4381854 185.246.188. - C:\Users\Mar [Link] [Link] 7XLDTDRFPT

4A136D0C2B 74 go\Desktop\6 @[Link]
E0544FFAA2 [Link]
629A_2023_0 e
2_05T09_36_
31_851650.r
ar/Password
[Link]

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 117
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Malware
Name IP Address System Name URL Username Password
Location

NLD0358523 185.220.100. - C:\Users\Pop [Link] LawerySaba@ ZLsKkKguWC

FEDB76F4D5 246 py\Document [Link]
2F09E61EE3 s\fD6XMq9J
2939_2023_0 [Link]
2_06T02_03_ e
22_079206.r
ar/Password
[Link]

NL7E2C2592 185.220.101. - C:\Users\Idali [Link] PenquiteTilda 0BtbxmbeIrB

02955EF13A 183 ne\Download @[Link] q
FE8392F761 s\YVETB6YoL
1BB8_2023_0 [Link]
2_05T23_40_
43_379265.r
ar/Password
[Link]

[PH][MetaMas [Link] DESKTOP-OA C:\Windows [Link] [Link] YQXvesUH9Is

k][Link] ODBS2 \SysWOW64 [Link]/register eragasam@fo vnJ%@
7[DEXTER].ra \SearchIndex [Link]
r/[PH][MetaM [Link]
ask]120.29.7
9.57[DEXTE
R]/Edge/Defa
ult/Password
[Link]

US[F80FE798 [Link] - C:\Users\Ard [Link] PAncell@mm j8DaeG70

597229BFF0 82 ith\Document [Link]
A565497B93 s\zZIlq34G3L
AC58] [2023- [Link]
05-29T05_06
_28.071219
7].rar/Passw
[Link]

US[E6E835A 204.152.216. - C:\Users\Len [Link] LujanoValma 7thaNAzzF9

AAD4548054 109 ora\Documen @[Link]
14CF1A679B ts\uAhGSzKB
602E9] [2023 [Link]
-05-30T06_3
3_27.657419
2].rar/Passw
[Link]

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 118
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Malware
Name IP Address System Name URL Username Password
Location

NL118E1147 185.220.100. - C:\Users\Stel [Link] [Link] OdXmbNXt4

73D2335539 254 la\Downloads nhardt@mm 7p1KP
115EDBE61F \dcc9hFDO9 [Link]
9856_2023_0 [Link]
2_05T08_10_
52_038262.r
ar/Password
[Link]

PL[C887C2C [Link] - C:\Users\Azi [Link] moatasem12 Ty_alah12

376F1DB0AC 46 z\Documents ction/iam/accessmanagement/l ayman
16807E4C6B \Y_bV2o8_5U [Link]
0EB15] [2021 D5LVAksd3bf
-09-08T15_3 [Link]
4_05.344723
6].rar/Passw
[Link]

Botlogs 2023 - - - [Link] QuanteKacie nGyN3WnZp

0504.007 (1). @[Link] KQ
0162154].ra
r/Passwords.
txt

US[95993616 [Link] - C:\Users\Kirs [Link] [Link] iqCznrMQ7

AF54836981 82 ten\Downloa @[Link]
A8B9B064C3 ds\B0OP2dX
5A25] [2023- [Link]
05-30T02_22
_13.221470
0].rar/Passw
[Link]

NL530BFDD2 185.220.101. - C:\Users\TEir [Link] CTrotty@mm iFRS5wXS

5D8885C2F4 53 tza\Desktop [Link]
FF2239CCDE \O6P4dt3xNB
A901_2023_0 [Link]
2_05T17_44_
00_352235.r
ar/Password
[Link]

[IN]205.254.1 205.254.175. ROHIT-DEMO C:\Users\Roh android://pfyFTnD_RQeb4Fot2 rohit.kumar2 Ajit@1973

[Link]/Al 169 N it\AppData\L vaShzDT2CD0B9T6OWf2Xq5El @[Link]
l Passwords.t ocal\Temp\c7 ZCtgmrxg4YpdqjRk-kRIuov1pG
xt c12e17-d192 q4DkUgANRu1kkB4j7ow==@co
-4f3e-95c5-4 [Link]/
6d4279e007
9_Release.zip.
079\Release

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 119
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Malware
Name IP Address System Name URL Username Password
Location

\New Upd v1.

[Link]

ZAGYI8H835 [Link] DIDO C:\Users\illid [Link] bradodopha [Link]!U6Z

KNLSSQH4B 40 \AppData\Lo [Link]/en-US/MMC/login we@[Link] bVQEj
VDMVO23O0 cal\Temp\10 m
DTUZA_2024- 00066001\st
11-05 26-65- ealc_default2.
[Link]/passw exe
[Link]

NL26D12339 185.220.100. - C:\Users\Dar [Link] [Link] Vxq670QCb

CC0AA51775 245 a\Documents ni@[Link] Q
D66A3527CA \M3LDr8u6I
B6C5_2023_0 [Link]
2_05T23_52_
08_696643.r
ar/Password
[Link]

PL[C887C2C [Link] - C:\Users\Azi [Link] motassemazi Ty_alah12

376F1DB0AC 46 z\Documents [Link]/en-US/MMC/job/Warsa z@[Link]
16807E4C6B \dhejhspwcF w---Jerozolimskie/Marketing-C
0EB15] [2021 02iInTgumNH oordinator_R_052601-1/apply
-09-08T15_3 [Link]
4_17.427147
0].rar/Passw
[Link]

IN_106.213.8 - DESKTOP-5S C:\Users\Dip [Link] mdipakp786 Dipak@1994

1.178_2024_ M3EL0 ak\AppData\L [Link]/en-US/MMC/job/Gurga @[Link]
09_24_06_39 ocal\Temp\2 on---ALF-Grand-Canyon/Metric
_58.rar/pass 44644\Cause s---Analytics-and-Reporting-An
[Link] [Link] alyst_R_085984/apply

NL34E42961 185.220.100. - C:\Users\Reb [Link] AntmanNicoli rQfmLBemm

024AB8D26B 254 ecka\Office\J ne@[Link]
F62B3B8FE1 o3t7NssIgop m
94E6_2023_0 [Link]
2_05T02_24_
01_223429.r
ar/Password
[Link]

US[84EDD24 - - - [Link] [Link]@ ECeCxhmNG

B043E09D02 [Link] 33
E0C6E295E1
F41F0] [2023
-02-09T02_4
3_56.992228

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 120
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Malware
Name IP Address System Name URL Username Password
Location

5].rar/Passw
[Link]

US[144A512 - - - [Link] MCalcara@m 2d1HwUxn

E43B6A02E2 [Link]
FFB944175A
88563] [2023
-02-02T05_4
8_49.984130
5].rar/Passw
[Link]

NLE50864D6 185.220.100. - C:\Users\Cha [Link] NBraverman TPFfpBdNn

FB377546AD 248 rlotta\Deskto @[Link]
12772AED83 p\l9Sdoi1d3F
FB07_2023_0 [Link]
2_05T02_30_
59_535930.r
ar/Password
[Link]

NLB80D19F2 185.220.100. - C:\Users\Lou [Link] [Link]@ 14GaDHH7N

35E68AD919 243 ise\Documen [Link] C
A9462696E1 ts\t5WEu1pB
E09D_2023_0 [Link]
2_05T06_44_
18_688152.r
ar/Password
[Link]

US91E1192A [Link] - C:\Users\Sar [Link] LipinskyBillye ziPlIkrdp0EG

AAC5821416 9 ette\Downloa @[Link] w
0D092E4577 ds\kKsEWUiz
03EC_2023_0 [Link]
2_05T00_38_
53_864070.r
ar/Password
[Link]

NL5B983B38 185.220.100. - C:\Users\Bob [Link] [Link] NsdOuFjTzIt

5DC9973A25 247 by\Download me yne@[Link]
86DA97C70B s\ApFsrDRM m
B30D_2023_0 [Link]
2_05T18_43_
20_832362.r
ar/Password
[Link]

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 121
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Malware
Name IP Address System Name URL Username Password
Location

[IN]205.254.1 205.254.175. ROHIT-DEMO C:\Users\Roh [Link] rohitksingh0 Kanak@2332

[Link]/Al 169 N it\AppData\L [Link]/en-US/MMC/userHome 098@gmail.c
l Passwords.t ocal\Temp\c7 om
xt c12e17-d192
-4f3e-95c5-4
6d4279e007
9_Release.zip.
079\Release
\New Upd v1.
[Link]

[IN]205.254.1 205.254.175. ROHIT-DEMO C:\Users\Roh [Link] 1253345 Rohit@123

[Link]/Al 169 N it\AppData\L
l Passwords.t ocal\Temp\c7
xt c12e17-d192
-4f3e-95c5-4
6d4279e007
9_Release.zip.
079\Release
\New Upd v1.
[Link]

CN[F3108C4 - - - [Link] DHunsicker@ QokeclGtmo

EDA913CE48 [Link] VUuq
5283FBF725
BAAF2] [2023
-02-09T02_1
8_39.563948
7].rar/Passw
[Link]

US[91BF5A1 [Link] - C:\Users\The [Link] FraserHeddie SbWOFBE6o

E541D5AC9B 87 o\Office\FlSb @[Link] pu1mKk
719DA0F7F7 [Link]
CACB7] [202
3-05-29T04_
33_33.22260
32].rar/Pass
[Link]

PL[C887C2C [Link] - C:\Users\Azi [Link] moatasem12 Ty_alah12

376F1DB0AC 46 z\Documents ction/iam/accessmanagement/l ayman
16807E4C6B \dhejhspwcF [Link]
0EB15] [2021 02iInTgumNH
-09-08T15_3 [Link]
4_17.427147
0].rar/Passw
[Link]

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 122
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Malware
Name IP Address System Name URL Username Password
Location

ID[D5DE8B3F - - - [Link] AAppl@mmc. jK7fth2vX

70EF39FFB8 com
470405FF8F
3B13] [2023-
02-09T23_51
_44.938047
3].rar/Passw
[Link]

NL41F1F764 185.220.101. - C:\Users\Dor [Link] [Link] RVPQufZ5Xr

003EE3889E 187 ry\Document rd@[Link] 8ir
6265C3BF41 s\Lu4xKeZY.e
6D9A_2023_ xe
02_05T22_42
_04_969215.r
ar/Password
[Link]

NL39F103A3 185.220.100. - C:\Users\Bab [Link] NAllvin@mm Cytki71iQN5

9C1BCD26FF 249 s\Downloads [Link]
C9F27B0374 \BGn4hBpQ.e
F605_2023_0 xe
2_05T09_57_
48_493791.r
ar/Password
[Link]

NL366366C8 185.220.100. - C:\Users\Ibbi [Link] DinnocenzoM uFdHEmgBT2

112C7C2DC 254 e\Documents arieann@mm lLhMh
A130A74B0F \DXFC78Wyz [Link]
59FC4_2023_ [Link]
02_05T08_10
_44_647660.r
ar/Password
[Link]

VN_3234f407 - - - [Link] linhdm@pti.c Xu.sama1904

2fc60f0481d [Link]/register [Link] 1994!
185293b577
[Link]/All Pa
[Link]

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 123
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Malware
Name IP Address System Name URL Username Password
Location

KR[27985F0 - - - [Link] QuanteKacie nGyN3WnZp

A07C601172 @[Link] KQ
D4FC5BF029
57AB7] [2023
-02-09T23_5
0_28.016215
4].rar/Passw
[Link]

US[CAD74FF 129.157.112. - C:\Users\Leo [Link] [Link] lzypfLfcx

7161592169 103 dora\Desktop @[Link]
DE0C834638 \7snEBr2yBj
53B01] [2023 [Link]
-02-05T18_0
1_54.415566
8].rar/Passw
[Link]

NL1E5BDFB2 185.220.100. - C:\Users\Ros [Link] MinkowitzKyl 0YiWAmSA

BFFE1A2BD9 248 lyn\Office\5F ynn@[Link]
17EC2703E9 vOwjdDm9e.e m
6259_2023_0 xe
2_05T06_11_
12_222851.r
ar/Password
[Link]

DKDDACF81 [Link] - C:\Users\Emi [Link] GBottrell@m 0gnyHeRdgiE

ACDC2CD5C 3 lie\Document [Link] xzap
5B3C63F0E2 s\rTGJnyi2.e
D1D14F_202 xe
3_02_05T23_
36_15_10960
[Link]/Passwo
[Link]

US[37E532FE [Link] - C:\Users\Lizz [Link] PollockLiza@ ZEQcOCqpM

2DEE5CE508 7 y\Office\QAm [Link] zuRX4S
F8EABE4AEF glMJeKjjHYe
9766] [2023- [Link]
02-05T17_59
_13.373272
0].rar/Passw
[Link]

US[D2F57E1 [Link] - C:\Users\Sau [Link] ACuddihee@ UCfxhfhi3Uq

EBD401E563 ndra\Docume [Link]
1BD2546EE0 nts\nRexkEv
24B5D] [2023 [Link]
-02-05T17_3

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 124
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Malware
Name IP Address System Name URL Username Password
Location

4_25.666240
0].rar/Passw
[Link]

CN[139699D - - - [Link] [Link] z2iPkzLbpAE

8EFCB6EA51 @[Link] M
5A4D025969
54436] [2023
-02-09T00_1
7_22.396456
1].rar/Passw
[Link]

NLDC6974A6 185.220.101. - C:\Users\Lav [Link] LampronCari 8fWOBxeqxA

FAB9EFDF33 150 erna\Downlo e@[Link]
25B360402B ads\LUrldQe
8E1B_2023_0 [Link]
2_05T01_03_
06_965414.r
ar/Password
[Link]

IN_45 (3).118. [Link] SD C:\Users\su [Link] 1214158 sumit

rar/password 00 mit\AppData
[Link] \Roaming\RE
M0ve4qbJ\gj
[Link]

TW[C41E7FD [Link] - C:\Users\Mal [Link] LohreyAlia@ EPfAeIF45syf

B15CA5D0A4 vina\Downloa [Link] Xs
CFD7D9EB77 ds\IzCOV7K
ECF03] [2023 [Link]
-02-05T17_0
6_08.044966
6].rar/Passw
[Link]

US[FA64920E [Link] - C:\Users\Do [Link] [Link] bmORBO1Ot

01DB6A0D38 82 meniga\Deskt ne@[Link] 2456
BAACF168A8 op\fNUGG2J m
8E22] [2023- [Link]
05-29T00_54
_10.475018
5].rar/Passw
[Link]

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 125
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Malware
Name IP Address System Name URL Username Password
Location

US[B5CB0EE [Link] - C:\Users\Ton [Link] BeiswangerLa RUlf7g5mB

86ED236A79 98 ia\Document uralee@mmc.
A19FA4AFD3 s\QhlzconWz com
C8C42] [2023 [Link]
-05-29T11_0
7_45.188518
1].rar/Passw
[Link]

US[A728E19 [Link] - C:\Users\Mir [Link] GNasti@mm GBdvX6q9H

D6D42CC172 0 an\Office\6vC [Link]
0B6BCBD249 hj3711c8RA
E7531] [2023 [Link]
-05-30T03_0
2_07.323165
1].rar/Passw
[Link]

NL49034666 185.220.100. - C:\Users\Tarr [Link] [Link] u5nz9R4M

D657FD9E88 243 a\Desktop\At @[Link]
6D5E3618AB UKddwYWJn
9EAC_2023_ [Link]
02_05T02_00
_26_482577.r
ar/Password
[Link]

NL5AF2E9DF 185.220.101. - C:\Users\Eth [Link] SMandolfo@ 3xL8gqPpbx8

207CC6EBD8 175 elin\Desktop [Link] 04
1BD8948CD0 \QXQ2ZCm6
F0CD_2023_ [Link]
02_06T02_12
_50_409903.r
ar/Password
[Link]

NL10AD3994 185.220.100. - C:\Users\Cat [Link] KlinckMartina mksfJZ6LOY

7536AA78F8 250 arina\Docum @[Link] VBdtW
EE44D435E0 ents\RKi7Nfv
FDA7_2023_ [Link]
02_05T13_14
_01_026194.r
ar/Password
[Link]

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 126
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Malware
Name IP Address System Name URL Username Password
Location

PL[C887C2C [Link] - C:\Users\Azi [Link] motassemazi Ty_alah12

376F1DB0AC 46 z\Documents [Link]/en-US/MMC/job/Warsa z@[Link]
16807E4C6B \Y_bV2o8_5U w---Jerozolimskie/Marketing-C
0EB15] [2021 D5LVAksd3bf oordinator_R_052601-1/apply
-09-08T15_3 [Link]
4_05.344723
6].rar/Passw
[Link]

NL1646D827 185.220.100. - C:\Users\Sha [Link] WisecupMag SjZgWGY8f3p

F22C7622F4 243 un\Document dalen@mmc.c
D06B77987F s\KdIielFbtSU om
E317_2023_0 [Link]
2_05T06_46_
06_757697.r
ar/Password
[Link]

CN[2C4383B - - - [Link] CWilmoth@m b0ScpgNbrz

01E7B638B8 on [Link]
5C0A3BDBD
C10052] [202
3-02-09T03_
42_19.31443
26].rar/Pass
[Link]

NLE9FB2731 185.220.100. - C:\Users\Mag [Link] TCumens@m wWiDb0ypE6

ED268452AC 241 dalen\Office [Link]
592B5D81D4 \nPUi9GUCa
218F_2023_0 [Link]
2_05T21_59_
37_538036.r
ar/Password
[Link]

NL5EC5B5AB 185.220.101. - C:\Users\Blo [Link] GReine@mm yboE9j5GCc

D1B6A8126A 43 ndell\Downlo [Link]
49274BC4B9 ads\8ibsbf1a
2B45_2023_0 [Link]
2_06T00_03_
17_188367.r
ar/Password
[Link]

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 127
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Malware
Name IP Address System Name URL Username Password
Location

[IN]122.161.4 [Link] DESKTOP-JQ C:\Windows [Link] [Link]@ Mirzapurhaw

[Link]/Chr 5 JB7PE \SysWOW64 [Link]/ [Link] eli@01
ome/Default/ \[Link] m
[Link]
t

[Botlogs 2023 [Link] - C:\Users\Mer [Link] RDwornik@m OxywtWabYz

0506.002 US 4 ilee\Desktop [Link]
_20B~1.619]. \Nxr5xtTJs1
rar/Password [Link]
[Link]

LU1864581B [Link] - C:\Users\Arie [Link] [Link] Xc06ek1OvG

6F2834A1D9 9 lle\Office\NDL ach@[Link]
ABB1BA0F98 [Link] m
BAFA_2023_0
2_05T23_20_
30_551375.r
ar/Password
[Link]

NLACF3658F 185.220.101. - C:\Users\Cait [Link] BastillaMissy bGcDDbrQsU

A53C6CDC3 190 rin\Documen @[Link] vK9Z
B93331A31E ts\brA6PgND
74113_2023_ [Link]
02_05T07_10
_37_242650.r
ar/Password
[Link]

MY4BA2DA9 [Link] - C:\Users\Ade [Link] [Link] Fr0w1yXDzG

24C86BEE8B 7 lheid\Docum r@[Link]
DC2DEC398 ents\cwBlHq
C62FEA_202 [Link]
3_02_05T11_ e
29_41_66834
[Link]/Passwo
[Link]

US[389BBFB1 [Link] - C:\Users\Nik [Link] BrisboneTedr PnB8aVoNh6

EE3A74C7B8 7 e\Desktop\7S on a@[Link] g
969756283F bWy08uqKak
9D8A] [2023- [Link]
02-05T18_24
_41.686081
3].rar/Passw
[Link]

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 128
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Malware
Name IP Address System Name URL Username Password
Location

NLAFEB7D4A 185.220.100. - C:\Users\Dor [Link] EIrey@mmc.c iRWpZSXT8

4B9D3333B7 243 elia\Documen om
46CD4AF3CF ts\iTdabV3h.
6141_2023_0 exe
2_05T10_27_
31_292124.r
ar/Password
[Link]

FR[3E488AD - - - [Link] AScharr@mm URqxH4N7M

0D361740F3 [Link]
8060F5E354
4E948] [2023
-02-09T01_3
6_29.459671
2].rar/Passw
[Link]

NLAC25D311 185.220.100. - C:\Users\Klar [Link] DVyas@mmc. yoV08EPM

0F87E892AF 253 a\Documents com
4CC9E67025 \8av5ipumRC
872F_2023_0 [Link]
2_05T01_58_
01_420132.r
ar/Password
[Link]

NL540C7AB2 185.220.101. - C:\Users\Jan [Link] THollobaugh YnzMJJOEPC

68A4A81663 177 ia\Downloads @[Link] ul
54D40C61A8 \Po2qkF7xYK
DF9C_2023_ [Link]
02_05T22_36
_02_185104.r
ar/Password
[Link]

NLFD88FE6C 185.220.100. - C:\Users\Sop [Link] BCarroll@mm ulQyi095E77

2746942794 250 hi\Document [Link] hwo
0C4C24B200 s\SjDBeHfgu.
C76D_2023_ exe
02_05T16_21
_07_281208.r
ar/Password
[Link]

DKD0CBCB0 [Link] - C:\Users\Etti [Link] GoodhartDar AaPkJlsFhlA

4E097EDCDF 3 e\Downloads sie@[Link] GOqg
7784B715CF \tMd6SFigdI m
1B501_2023_ [Link]
02_06T02_07

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 129
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Malware
Name IP Address System Name URL Username Password
Location

_48_836663.r
ar/Password
[Link]

US70BF657F [Link] - C:\Users\Bra [Link] DMastalski@ toKokDUrBE

680E4C159F ndi\Office\Tf [Link]
C57E2D078C [Link]
6FDE_2023_0
2_05T11_06_
33_757798.r
ar/Password
[Link]

NL044AF9B3 185.220.101. - C:\Users\Aub [Link] ENorkaitis@ cQaX2ZzW

8F7348A23D 189 ry\Document [Link]
9103CFAC5E s\ZHUgctbkit
8FA4_2023_0 [Link]
2_05T23_06_
30_817444.r
ar/Password
[Link]

NL0F840AA3 185.220.100. - C:\Users\Ber [Link] [Link] ufxk3gB1C

88DBD87187 253 nete\Docume s@[Link]
C9908A5F7B nts\OWF3KD
07FC_2023_0 [Link]
2_05T15_24_
02_216882.r
ar/Password
[Link]

IN[7731B475 [Link] DESKTOP-JQ C:\Windows [Link] [Link]@ Mirzapurhaw

39D995D52D 5 JB7PE \SysWOW64 [Link]/ [Link] eli@01
EF464802AB \[Link] m
5DB67731B4
7][01-03-202
5-15_41_33].r
ar/All Passwo
[Link]

[MX]187.188. 187.188.230. ANTONIOV-1 D:\Desktop\A [Link] [Link] Linkin_capital

[Link]/ 118 5CW10 dobe Acrobat [Link] @ingenieria.u 06!"#$
All Password Pro\[Link] [Link]
[Link] e

NLFE297EC0 185.220.101. - C:\Users\Ann [Link] [Link] hjYxLSPDw0D

4884088781 38 aliese\Docum @[Link] LQ
97E1DE0E3B ents\Jmn3TC
675A_2023_0 [Link]
2_05T04_13_

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 130
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Malware
Name IP Address System Name URL Username Password
Location

19_702234.r
ar/Password
[Link]

NLB3B6EF5A 185.220.101. - C:\Users\Em [Link] EPo@[Link] eCHSworD

FB54A4D746 63 eline\Office\w m
F303B9CEE6 [Link]
A703_2023_0 e
2_05T18_38_
38_964194.r
ar/Password
[Link]

[TH]49.228.2 [Link] DESKTOP-GO C:\Windows [Link] mmc074@m 0917125224

[Link]/Al 77 5CBVM \SysWOW64 s/sign_in [Link]
l Passwords.t \[Link]
xt

Botlogs 2023 [Link] - C:\Users\She [Link] SHenricksen gs6Z9wDe

0506.002 (2). 6 ila\Document o/ @[Link]
[Link]/Pass s\ixChLBBRa
[Link] [Link]

ZA[432282D [Link] - C:\Users\Giu [Link] ZunoZandra CKYlR3aHJw

0685F1F3F1 4 stina\Docum @[Link] x
4BAB4D8E74 ents\VjYgsvf
76942] [2023 [Link]
-05-29T19_3
5_41.697170
5].rar/Passw
[Link]

US[E3B21B0 [Link] - C:\Users\Mar [Link] [Link] rrlraDw0

C5AD1C8478 23 ilin\Documen @[Link]
95078BD508 ts\0L4IPQIZr
24523] [2023 [Link]
-05-30T01_3
2_09.189104
3].rar/Passw
[Link]

US[EEECCA9 - - - [Link] McwattersDr ttTup2qM1NL

E90287589A ona@[Link] un
35363D58FE m
7B782] [2023
-02-09T23_4
8_19.078096
1].rar/Passw
[Link]

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 131
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Malware
Name IP Address System Name URL Username Password
Location

US[F4FE0B63 [Link] - C:\Users\Carl [Link] CMcguffin@m lUj7AsV3

9EE3898D46 00 ynn\Docume me [Link]
5620D037AB nts\haiN1Ok
AB53] [2023- [Link]
05-30T02_46
_53.768571
7].rar/Passw
[Link]

LU31C78EFC [Link] - C:\Users\Han [Link] RBrookman@ V5A5RHzMYi

0C50B0F84E 34 nis\Office\iJe [Link] r
89DDBFCB8E [Link]
18A3_2023_0
2_05T20_36_
58_606140.r
ar/Password
[Link]

US[64DC791 - - - [Link] WoltmannCar WOdfn2bq5o

85C37797F1 itta@[Link] G74
953F0FBF07 m
86205] [2023
-02-09T03_4
5_46.365844
7].rar/Passw
[Link]

MY1FAC6B72 [Link] - C:\Users\Ana [Link] BuchtaVenita yGmdwPhBY

4C020EFCF3 7 \Documents @[Link] ODje
F708D1DA9F \VIRyr6PG8Z.
DD14_2023_ exe
02_05T11_32
_53_437509.r
ar/Password
[Link]

DK7F9C7D3 [Link] - C:\Users\Ted [Link] [Link] BcKseCHTv7

CCEB5E47B3 3 di\Document n @[Link] V
32820E6A4A s\hL6LXg75
D9F1D_2023 [Link]
_02_05T23_3
5_47_20342
[Link]/Passwo
[Link]

US87A30AF7 [Link] - C:\Users\Tor [Link] ExlerEmera@ 7owEJwPETC

EB977FC9E4 13 y\Office\viKJI [Link] e
B78DE216F2 [Link]
08D9_2023_0
2_05T02_00_

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 132
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Malware
Name IP Address System Name URL Username Password
Location

31_435707.r
ar/Password
[Link]

FR[8B0B49FC [Link] - C:\Users\Peri [Link] KMguyen@m FIEoKrTxekU

72C27BD44D 3 \Office\GjAVJ [Link] cAO
A7A0A0F58E [Link]
D33F] [2023- e
02-05T18_03
_18.373457
8].rar/Passw
[Link]

NL604D6EEA 185.220.100. - C:\Users\Ade [Link] LafountainMa vJ2JBM82Jp

5D89940916 252 lina\Docume o/login rgarethe@m vR1
2840DA91A8 nts\AgS8u4J [Link]
92EE_2023_0 [Link]
2_05T05_14_
40_671524.r
ar/Password
[Link]

US[BA97FA5 [Link] - C:\Users\Fra [Link] [Link] u0aIKE8BVH

F317C4DE1A yda\Docume r@[Link] B
7B258AF272 nts\kfFT2IyE
49C46] [2023 [Link]
-05-29T09_4
8_43.068629
6].rar/Passw
[Link]

US[BBF09D0 [Link] - C:\Users\Cel [Link] [Link] CU4YSkgj

324D9D44B2 6 estyn\Downl y@[Link]
F460169C23 oads\MKTPa
208DF] [2023 HGfYO16M.e
-05-29T10_5 xe
6_55.426404
4].rar/Passw
[Link]

US[C59FC44 [Link] - C:\Users\Jac [Link] KJandrey@m j4q2dMZ3oV

FB6DA293E7 00 quetta\Deskt [Link]
CE02D98C09 op\KG2h7yNi
6CF99] [2023 [Link]
-05-28T22_0
5_46.493659
6].rar/Passw
[Link]

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 133
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Malware
Name IP Address System Name URL Username Password
Location

US735AC286 [Link] - C:\Users\Lee [Link] KOvershiner fmUx6tf0f

04DF6E6017 2 na\Document @[Link]
C131FCEDE3 s\uhSEaAZM
7598_2023_0 [Link]
2_05T22_11_
34_312472.r
ar/Password
[Link]

NL3CC6ADC 185.220.101. - C:\Users\Ang [Link] SVankleeck@ N8T48XGNp3

42BF0D252B 185 elle\Desktop [Link] g
94BB3E235F \z4zlHw1pD
4FFD3_2023_ [Link]
02_05T05_15
_22_343402.r
ar/Password
[Link]

NL4F50387E 185.246.188. - C:\Users\Tab [Link] [Link] 2kJnJX93x4i

22891D71E6 74 bie\Desktop home okin@mmc.c Kub
AEB4E83613 \uAC9YEAZi0 om
AFE1_2023_0 [Link]
2_05T23_38_
53_941919.r
ar/Password
[Link]

[Botlogs 2023 [Link] - C:\Users\Qui [Link] [Link] UPeJ09Ae8

0506.002 US ntana\Downl ome go@[Link]
_855~1.375]. oads\PkP8Uy m
rar/Password [Link]
[Link]

NL8DEF863C 185.220.100. - C:\Users\Phil [Link] FerrettiTally@ Lq4t2Judxi0

1D5C486642 254 lie\Desktop\Z n [Link]
BFC9063D23 [Link]
B976_2023_0 e
2_05T09_41_
32_398527.r
ar/Password
[Link]

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 134
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Malware
Name IP Address System Name URL Username Password
Location

NLB6AEDB31 185.220.100. - C:\Users\Nev [Link] Gerhardine.E Q9IPlWzU2a

5390BE8B6B 252 sa\Desktop\0 [Link]/home ndler@mmc.c
988661328D LwnieXcDd2Z om
E358_2023_0 [Link]
2_05T15_53_
49_822828.r
ar/Password
[Link]

[IN]205.254.1 205.254.175. ROHIT-DEMO C:\Users\Roh [Link] 1253345 Ajit@2332

[Link]/Al 169 N it\AppData\L
l Passwords.t ocal\Temp\c7
xt c12e17-d192
-4f3e-95c5-4
6d4279e007
9_Release.zip.
079\Release
\New Upd v1.
[Link]

NL57453DEB 185.220.100. - C:\Users\Chl [Link] TGaylord@m GJkc5SajlF

B0DAA5168D 245 oe\Download [Link]
D56824DA12 s\xyWmc2w
C964_2023_0 [Link]
2_05T05_39_
41_625294.r
ar/Password
[Link]

NLACC02A7 185.220.100. - C:\Users\Ara [Link] DatilBonnibell WsymefSbz

D75EE0D2FD 250 bele\Downloa e@[Link]
705BDB6CA4 ds\IqtY5MgjG
48A1D_2023 [Link]
_02_05T13_2
5_00_21290
[Link]/Passwo
[Link]

NLB18B037F [Link] - C:\Users\Apr [Link] [Link] ZwQfTFgH9o

33E89EFD2C 6 il\Documents y@[Link] hi8k5
586E085642 \Ped8bwjMA
1EB5_2023_0 [Link]
2_05T01_04_
46_700970.r
ar/Password
[Link]

4_[DE]109.25 [Link] DESKTOP-8J C:\WINDOWS [Link] [Link] C@rn1fex

0.90.122[GA 22 VHI46 \SysWOW64 gnin @[Link]

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 135
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Malware
Name IP Address System Name URL Username Password
Location

S].rar/All Pas \SearchIndex

[Link] [Link]

ID[E6F097DF [Link] - C:\Users\rma [Link] 1122077 2022@Fin2

20D587697E 3 40\AppData gin/[Link]
A183123A55 \Roaming\co
90E3].rar/Pas nfigurationVal
[Link] ue\[Link]

LUE4E5D670 [Link] - C:\Users\Dar [Link] BrazzellJolee qymEqo7pdD

CD06FD8D43 1 ryl\Office\KM @[Link] zD
E422060ED5 33KbbXNwjg
220D_2023_0 [Link]
2_05T00_34_
35_630220.r
ar/Password
[Link]

US[ADD23DB - - - [Link] AltavillaHollie OK9PblxkfCc

F0FD84E7A3 @[Link] Sx2r
93FF79A5FD
3AA5C] [202
3-02-09T02_
36_15.54710
77].rar/Pass
[Link]

ID[E6F097DF [Link] - C:\Users\rma [Link] 1122077 2022@Fin2

20D587697E 3 40\AppData gin/[Link]
A183123A55 \Roaming\co
90E3] [2024- nfigurationVal
04-27T12_19 ue\[Link]
_03.rar/Pass
[Link]

US[6E400C3 - - - [Link] KGressley@m d42VeeLFB

19EE2A95E0 [Link]
EE754DCBD9
C9429] [2023
-02-09T03_3
4_25.548746
7].rar/Passw
[Link]

NL45CE4D23 185.220.100. - C:\Users\Bea [Link] SwaniganEmil jv0twzfz

E87EFCDAEA 254 trice\Docume ie@[Link]
FF9C372733 nts\QGyIUs4
6833_2023_0 [Link]
2_05T11_25_
01_511356.r

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 136
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Malware
Name IP Address System Name URL Username Password
Location

ar/Password
[Link]

[Botlogs 2023 [Link] - C:\Users\Qui [Link] GarinMauree YefqoimCLnO

0506.002 US ntana\Downl ne@[Link]
_855~1.375]. oads\PkP8Uy m
rar/Password [Link]
[Link]

[TH]49.230.1 [Link] CHAKKAGIE C:\WINDOWS android://Rqv8Fbg3-cr3IuNSdl 3817@mmc.c 123456

[Link]/E 26 \SysWOW64 4yKY_uEsq1OZSeR6Ezj25OE7 om
dge/Default/P \[Link] CUSjeoigZDlTMRPy0YaSk27xl0
[Link] 0l4ZKIhQ8vC8F44Guw==@co
[Link]/

NL5B4ACA4F 185.220.100. - C:\Users\Do [Link] IEriksson@m 870pGF97V

DA488C11FE 250 minga\Office m/logon [Link] wEUDK
DBBBF9F60E \Yc11b7MjZ.e
C236_2023_0 xe
2_05T07_11_
08_851800.r
ar/Password
[Link]

US[EE69D9D [Link] - C:\Users\Aly [Link] [Link] hh5anAR8Rx

1C96CD6593 son\Desktop newehr@mm CiPXE
E6CD644204 \BVGbQRBg.e [Link]
15A49] [2023 xe
-05-30T08_1
3_04.561782
5].rar/Passw
[Link]

NL2BAB04DA 185.220.101. - C:\Users\Ken [Link] MTellier@mm KCev2HizioZ

2B49A97A6D 170 dra\Office\8P [Link]
0E9F2E0427 [Link]
6AF8_2023_0
2_05T20_18_
27_665595.r
ar/Password
[Link]

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 137
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Malware
Name IP Address System Name URL Username Password
Location

NLB1AD40EA 185.220.100. - C:\Users\Kell [Link] CBachelor@ ZYhTAsa5Y

8F8CB5C1EA 248 ia\Document [Link]
2531CAE145 s\hZAq49UC
586F_2023_0 [Link]
2_05T02_31_
47_551488.r
ar/Password
[Link]

US[6CB3605 [Link] - C:\Users\Lor [Link] [Link] EhYz1YZNWi

9A07530BC5 8 elle\Desktop on@[Link] cRSJ
7BE2D3E4AE \A0c1e36UQ m
B3CCC] [202 [Link]
3-02-05T16_
38_07.57750
11].rar/Pass
[Link]

LU0249F4B2 [Link] - C:\Users\Jos [Link] [Link] q6saPEnClBR

2C7E479744 efina\Desktop @[Link] UU5
BA537A72CD \XsPwmRQSv
B41E_2023_0 [Link]
2_05T02_57_
38_008467.r
ar/Password
[Link]

USF059A774 [Link] - C:\Users\Ran [Link] DCarpio@mm Llm7C8ejtPq

BAD8D2111D 13 i\Documents [Link] Wo
D58B105D65 \4u5p1cRbC
220C_2023_0 [Link]
2_05T13_53_
52_060559.r
ar/Password
[Link]

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 138
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Malware
Name IP Address System Name URL Username Password
Location

NL8C322281 185.220.100. - C:\Users\Clar [Link] BDezern@m tFmeINiW63

2013B20605 253 ibel\Downloa gin [Link]
1C59AC10A2 ds\ak3jZ1EN
4A2A_2023_ [Link]
02_05T03_27
_52_925630.r
ar/Password
[Link]

NLB6F70D35 185.220.100. - C:\Users\Cth [Link] GChilton@m 4S8WQFZhXi

0C715F284F 248 rine\Office\T [Link]
8A07BA8E68 [Link]
6087_2023_0
2_05T22_38_
27_780311.r
ar/Password
[Link]

CN[836045E - - - [Link] RVainio@mm 7wNWsdkf

CFF01C5721 [Link]
B2713F010C
02258] [2023
-02-09T23_1
7_59.588988
7].rar/Passw
[Link]

[IN]205.254.1 205.254.175. ROHIT-DEMO C:\Users\Roh android://pfyFTnD_RQeb4Fot2 rohit.kumar2 Rohit@123

LU[308421D1 - - - [Link] HindesBella@ OZVEmp31W

4B21E9A6CD [Link] Y
2A360B56B4
AEA7] [2023-
02-02T07_19
_23.608541
9].rar/Passw
[Link]

JP[96C4A10 [Link] - C:\Users\Kat [Link] DHyndman@ Dzg3n5kS7M

D755B650AC 0 y\Desktop\m me [Link] p5ov
71FAF79017

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 139
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Malware
Name IP Address System Name URL Username Password
Location

276BC] [2023 [Link]

-02-05T16_3 e
8_08.858172
8].rar/Passw
[Link]

US[940E574 104.223.118. - C:\Users\Zoe [Link] SLetman@m mlNgJSSYooa

CF68A2ABE3 59 \Downloads\l [Link] n
B92C468508 bS3PAhKuAu
7C162] [2023 [Link]
-05-29T07_1
2_14.686283
6].rar/Passw
[Link]

NL2D0893F5 185.220.100. - C:\Users\Mor [Link] JYuenger@m hYJFAjfpsIjQ

D419FCBBB3 241 na\Document [Link] M
0A53068B5B s\B9FS3bBSk
127C_2023_0 [Link]
2_05T10_01_
04_149927.r
ar/Password
[Link]

[Botlogs 2023 [Link] - C:\Users\Ca [Link] [Link] dByODyIb9PL

0506.002 US 5 mmi\Docume ise@[Link] 3J3U
_50E~1.753]. nts\TaylexLu. m
rar/Password exe
[Link]

[Botlogs 2023 [Link] - C:\Users\Ode [Link] [Link]@m 2GrHqJtqZM

0506.002 US ssa\Desktop [Link] 4
_403~1.367]. \IvUUUnC8g
rar/Password [Link]
[Link]

[IN]205.254.1 205.254.175. ROHIT-DEMO C:\Users\Roh [Link] rohitksingh0 Kanak@2332

[Link]/E 169 N it\AppData\L [Link]/en-US/MMC/login 098@gmail.c
dge/Default/P ocal\Temp\c7 om
[Link] c12e17-d192
-4f3e-95c5-4
6d4279e007
9_Release.zip.
079\Release
\New Upd v1.
[Link]

CN[335CF2A - - - [Link] SMccusker@ kYCLH2oiuZ

7A1E4A6C38 [Link]
A2992F06CD

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 140
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Malware
Name IP Address System Name URL Username Password
Location

03CC0] [2023
-02-09T03_3
3_07.595668
9].rar/Passw
[Link]

US[E78EFC3 [Link] - C:\Users\Carl [Link] LabanBatshev RGhUZBotQ5

B0FC4A4756 87 ota\Documen in a@[Link]
9574474BDF ts\1h5QBzeP
E89E9] [2023 [Link]
-05-29T05_2
0_21.804144
7].rar/Passw
[Link]

[IN]205.254.1 205.254.175. ROHIT-DEMO C:\Users\Roh [Link] 1253345 Sonam@233

[Link]/Al 169 N it\AppData\L 2
l Passwords.t ocal\Temp\c7
xt c12e17-d192
-4f3e-95c5-4
6d4279e007
9_Release.zip.
079\Release
\New Upd v1.
[Link]

NL3F9F40BB 185.220.100. - C:\Users\Cari [Link] CNocks@mm k3ZomPr63o

78B52A6E58 250 \Downloads\l [Link] dY
EB9E4E32F5 5H1DIAAWql
CF29_2023_0 [Link]
2_05T23_15_
50_228377.r
ar/Password
[Link]

[Botlogs 2023 [Link] - C:\Users\Juli [Link] DRusinko@m xzLndTlxaP1I

0506.002 US 4 ta\Document [Link] q
_4AD~1.539]. s\CtmmRWa
rar/Password [Link]
[Link]

4_[DE]109.25 [Link] DESKTOP-8J C:\WINDOWS [Link] 586023 C@rn7fex

0.90.122[GA 22 VHI46 \SysWOW64 ogin/[Link]
S].rar/All Pas \SearchIndex
[Link] [Link]

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 141
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Malware
Name IP Address System Name URL Username Password
Location

[IN]205.254.1 205.254.175. ROHIT-DEMO C:\Users\Roh [Link] rohitksingh0 Rohit@123

[Link]/Al 169 N it\AppData\L [Link]/en-US/MMC/login 098@gmail.c
l Passwords.t ocal\Temp\c7 om
xt c12e17-d192
-4f3e-95c5-4
6d4279e007
9_Release.zip.
079\Release
\New Upd v1.
[Link]

US[C8C4065 [Link] - C:\Users\Kin [Link] StowellWendi L0Xq1f8JjMh

7FCB4D23D3 7 na\Desktop\p @[Link] 8Rxe
7662F3497F Q2UTz8nUzI.
3D10B] [2023 exe
-02-05T17_3
4_14.639926
3].rar/Passw
[Link]

4_[DE]109.25 [Link] DESKTOP-8J C:\WINDOWS [Link] Kinsley C@rn1fex

0.90.122[GA 22 VHI46 \SysWOW64 ormpostdir/securereader
S].rar/All Pas \SearchIndex
[Link] [Link]

[Botlogs 2023 185.220.100. - C:\Users\Yalo [Link] SmockCoraly 3c9mlI0omvs

0506.002 NL_ 253 nda\Office\Jp n@[Link] KDi
E08~1.905].r jyuyecKOBQ
ar/Password [Link]
[Link]

GB52826EF6 [Link] - C:\Users\Brin [Link] GennockAlls A7q42hTLk6

B860C34C83 2 a\Desktop\uY un@[Link] ml
B1FF949D8B ruUP3XZwN.e m
ECB9_2023_0 xe
2_05T13_53_
39_138605.r
ar/Password
[Link]

NL4CA9BDBD 185.220.101. - C:\Users\Joe [Link] SimuelZulem 2aG32fbf

417F7860FC 139 llyn\Office\Wt a@[Link]
00BAA85BFE 9bBoA7vwcq
FFA2_2023_0 [Link]
2_05T18_19_
53_432265.r
ar/Password
[Link]

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 142
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Malware
Name IP Address System Name URL Username Password
Location

NL21C59033 185.220.101. - C:\Users\Mali [Link] WengrenAlta r6wzUTQkI

DC35C4EF53 157 a\Downloads @[Link]
EA3E4B293C \owyfekLxKW
E589_2023_0 [Link]
2_06T02_10_
48_711683.r
ar/Password
[Link]

TW[7F7C5D7 - - - [Link] DemicheleRo 1Afvy3AiQs

023874A7FC me benia@mmc.c
85C78FD21D om
2E00E] [2023
-02-09T23_4
3_26.806758
6].rar/Passw
[Link]

[IN]205.254.1 205.254.175. ROHIT-DEMO C:\Users\Roh [Link] rohitksingh0 Kanak@2332

[Link]/Al 169 N it\AppData\L [Link]/en-US/MMC/login 098@gmail.c
l Passwords.t ocal\Temp\c7 om
xt c12e17-d192
-4f3e-95c5-4
6d4279e007
9_Release.zip.
079\Release
\New Upd v1.
[Link]

IN[7731B475 [Link] DESKTOP-JQ C:\Windows [Link] [Link]@ Mirzapurhaw

39D995D52D 5 JB7PE \SysWOW64 [Link]/ [Link] eli@01
EF464802AB \[Link] m
5DB67731B4
7][01-03-202
5-15_41_33].r
ar/Chrome/D
efault/Passw
[Link]

US79F9D193 [Link] - C:\Users\Ivo [Link] PinnickDonet lfbv7N7JOkt

6F89FEE1EC 8 nne\Office\q ta@[Link] 4zpM
5B632E4980 A148dd494j
5ED6_2023_0 [Link]
2_05T15_23_
38_529367.r
ar/Password
[Link]

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 143
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Malware
Name IP Address System Name URL Username Password
Location

NL120D9CE4 185.220.100. - C:\Users\Ma [Link] [Link] qaqmnlSvF

7DAA6E1C8F 252 dlen\Downlo @[Link]
1FFDFD92A7 ads\TNycews
1707_2023_0 [Link]
2_05T20_46_
59_320496.r
ar/Password
[Link]

NL56070727 185.220.101. - C:\Users\Ann [Link] TLegg@mmc. 17pNDiA1j

A206E67A4C 170 is\Downloads com
8746AE1F97 \gvzf0Al4ga.e
B7E4_2023_0 xe
2_05T09_32_
56_053715.r
ar/Password
[Link]

US556B530B [Link] - C:\Users\And [Link] [Link] 1NMFpgKfnY

79F8C73FF7 6 riana\Office\8 netta@mmc.c
1372009774 PIY6i76YoF.e om
E5F4_2023_0 xe
2_05T21_56_
33_313057.r
ar/Password
[Link]

US[83941E4 - - - [Link] BCrego@mm xajCs9J8A94

C5992FEEFC [Link] CtO
1726088874
464BA] [2023
-02-09T23_1
8_58.818887
2].rar/Passw
[Link]

[Botlogs 2023 [Link] - C:\Users\Kat [Link] DroubayCorr Vzf19ZQRdC

0506.002 US 8 hryn\Downlo ena@[Link] MhbQ
_32C~1.198]. ads\ziuHbD8 m
rar/Password [Link]
[Link]

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 144
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Malware
Name IP Address System Name URL Username Password
Location

NL37602318 185.220.101. - C:\Users\Gre [Link] StrenkeAleth chLIfoNQO

FE7E6E9C5C 45 er\Download ea@[Link]
A8F5CD6AA s\trqWzu14L
A6CDD_2023 [Link]
_02_05T10_0
2_28_58726
[Link]/Passwo
[Link]

[ZA]165.16.1 [Link] DIDO C:\Users\Ad [Link] bradodopha [Link]!U6Z

[Link]/All Pas 40 ministrator\A [Link]/en-US/MMC/login we@[Link] bVQEj
[Link] ppData\Local m
\Temp\Rar$E
Xb4788.3466
4\SatUp!\Set
[Link]

[IN]205.254.1 205.254.175. ROHIT-DEMO C:\Users\Roh android://pfyFTnD_RQeb4Fot2 rohit.kumar2 Ajit@1973

[Link]/C 169 N it\AppData\L vaShzDT2CD0B9T6OWf2Xq5El @[Link]
hrome/Defaul ocal\Temp\c7 ZCtgmrxg4YpdqjRk-kRIuov1pG
t/Passwords. c12e17-d192 q4DkUgANRu1kkB4j7ow==@co
txt -4f3e-95c5-4 [Link]/
6d4279e007
9_Release.zip.
079\Release
\New Upd v1.
[Link]

NLC0F6265A 185.220.100. - C:\Users\Eve [Link] [Link] cJuD0ZTGH5

C895CF9879 254 y\Documents @[Link] JNhob
A844B4EE70 \qmzXclIMvC
A535_2023_0 [Link]
2_05T07_11_
57_915602.r
ar/Password
[Link]

[IN]205.254.1 205.254.175. ROHIT-DEMO C:\Users\Roh [Link] 1253345 Ajit@2332

[Link]/E 169 N it\AppData\L
dge/Default/P ocal\Temp\c7
[Link] c12e17-d192
-4f3e-95c5-4
6d4279e007
9_Release.zip.
079\Release
\New Upd v1.
[Link]

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 145
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Malware
Name IP Address System Name URL Username Password
Location

ID_182.253.5 [Link] ITSHIRO [WO C:\ProgramD [Link] 1122077 lupa1234

[Link]/pass 3 RKGROUP] ata\MPGPH1 gin/[Link]
[Link] 31\MPGPH13
[Link]

NL750C7C52 185.220.100. - C:\Users\Mat [Link] MHoude@m hRc4vVGyofz

16B227A32A 242 tie\Download [Link] h
E21709D026 s\FQHBNAe3
19A5_2023_0 [Link]
2_05T15_24_
37_388780.r
ar/Password
[Link]

Botlogs 2023 169.150.218. - C:\Users\Fay [Link] DCherico@m h7ZjoRXbvzk

0506.002.69 135 dra\Downloa [Link] yL5
[Link]/Passwo ds\xekxfy0ie
[Link] [Link]

[Botlogs 2023 [Link] - C:\Users\Nik [Link] [Link] pPObpc3jYoN

0506.002 US e\Downloads em@[Link] 6I
_F82~1.378]. \hIRrbiHoMtX m
rar/Password [Link]
[Link]

NL0DD59035 185.220.101. - C:\Users\Mar [Link] AbbateClarin u6rDb5GIE1

FB1EF1620D 179 itsa\Desktop da@[Link]
19510EBADB \IeEF6zuRJu m
DC9D_2023_ [Link]
02_05T19_08
_28_372704.r
ar/Password
[Link]

NLD72F7E9C 185.220.100. - C:\Users\The [Link] [Link]@ ZFdnvSGSsx

A3E520648E 241 o\Documents [Link] N2Q
DDEDBB2925 \obVDqyyZZ
67EC_2023_0 [Link]
2_05T16_51_
03_017354.r
ar/Password
[Link]

NL0FAE7B96 185.220.100. - C:\Users\Ode [Link] SKostenko@ NzCdLx6OJa

785B4C2ED5 252 linda\Office\s [Link] E
9114BE0014 omZ3ND7jPT
3E8B_2023_0 [Link]
2_05T10_53_
33_263957.r

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 146
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Malware
Name IP Address System Name URL Username Password
Location

ar/Password
[Link]

NL949C7D22 185.220.100. - C:\Users\Olw [Link] SisnerosIvory lqUE60w92A

3A1E879396 245 en\Office\pm m/home @[Link] 1EVz
515DC20B2B uSXx79Avi5f
96F3_2023_0 [Link]
2_05T17_49_
38_187192.r
ar/Password
[Link]

NL45777151 185.220.101. - C:\Users\Nor [Link] KaplowitzRoc cXqV2549O8

E7999C3F7B 37 ina\Downloa helle@mmc.c foH8A
3B1148DD81 ds\aIBFHy0x om
753F_2023_0 [Link]
2_06T02_08_
40_492908.r
ar/Password
[Link]

[Botlogs 2023 [Link] - C:\Users\Gre [Link] [Link] Zxr6qg2MG1

0506.002 US 07 tta\Office\i3q o@[Link]
_239~1.679]. Cwu8AbP6U
rar/Password [Link]
[Link]

[Botlogs 2023 [Link] - C:\Users\Alic [Link] [Link]@m dYdNovb7O

0506.002 US 04 a\Desktop\4 [Link]
_D4F~1.184]. [Link]
rar/Password e
[Link]

KR[BDFB941 124.138.207. - C:\Users\Kyly [Link] ValentinoSus TcF3lbcSe5k

C98AB51CF4 182 nn\Desktop anna@mmc.c 2A
F0A81EBB70 \QC7BWUGP om
70BBC] [2023 [Link]
-02-05T17_3
2_28.092334
9].rar/Passw
[Link]

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 147
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Malware
Name IP Address System Name URL Username Password
Location

NL57453DEB 185.220.100. - C:\Users\Chl [Link] MAakre@mm v0kqMsbO10

B0DAA5168D 245 oe\Download [Link] jEV
D56824DA12 s\xyWmc2w
C964_2023_0 [Link]
2_05T05_39_
41_625294.r
ar/Password
[Link]

US[C753A1E [Link] - C:\Users\Dal [Link] [Link] AixOqpNMaq

DC39B72908 oris\Downloa er@[Link] msvw
83BFFD173A ds\qYgUovg4
62AA9] [2023 [Link]
-05-29T11_0
1_53.531033
4].rar/Passw
[Link]

[TH]49.230.1 [Link] CHAKKAGIE C:\WINDOWS android://Rqv8Fbg3-cr3IuNSdl 3817@mmc.c 123456

[Link]/Al 26 \SysWOW64 4yKY_uEsq1OZSeR6Ezj25OE7 om
l Passwords.t \[Link] CUSjeoigZDlTMRPy0YaSk27xl0
xt 0l4ZKIhQ8vC8F44Guw==@co
[Link]/

NL3CE4525A 185.220.100. - C:\Users\Aly [Link] HosekCorend iNPJqCn5

B56475E41C 251 sa\Document a@[Link]
75DB28F3A5 s\LqCNUwTg
4F38_2023_0 [Link]
2_05T19_21_
45_284675.r
ar/Password
[Link]

NL33E7C279 185.220.100. - C:\Users\Aily [Link] SLekas@mm vlwPyYCU03x

D9215FCB3E 244 n\Office\KN7 [Link] 4nSV
4794346EC6 [Link]
EB18_2023_0 e
2_05T08_14_
26_944433.r
ar/Password
[Link]

[PH][MetaMas [Link] DESKTOP-OA C:\Windows [Link] info@foyleleg *Foylelegal20

k][Link] ODBS2 \SysWOW64 [Link]/login [Link] 23
7[DEXTER].ra \SearchIndex
r/[PH][MetaM [Link]
ask]120.29.7
9.57[DEXTE
R]/Edge/Defa

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 148
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Malware
Name IP Address System Name URL Username Password
Location

ult/Password
[Link]

[IN]122.161.4 [Link] DESKTOP-JQ C:\Windows [Link] [Link]@ Mirzapurhaw

[Link]/All P 5 JB7PE \SysWOW64 [Link]/ [Link] eli@01
[Link] \[Link] m

4_[DE]109.25 [Link] DESKTOP-8J C:\WINDOWS [Link] 586023 C@rn7fex

0.90.122[GA 22 VHI46 \SysWOW64 ogin/[Link]
S].rar/Chrom \SearchIndex
e/Default/Pas [Link]
[Link]

NLAEF54C7C 185.220.101. - C:\Users\Lon [Link] ObletonMand 7PpgGnI6

5E718C3E50 48 ni\Office\7Sg a@[Link]
45EAB5BE66 5IxaxZDQm.e
E502_2023_0 xe
2_05T17_15_
46_709293.r
ar/Password
[Link]

[Botlogs 2023 [Link] - C:\Users\Pris [Link] SovieLisbeth g07CM1dikG

0506.002 US 8 ca\Desktop\s e @[Link] o8EX
_F78~1.500]. tY19p365ReX
rar/Password [Link]
[Link]

BR[19FDC49 [Link] - C:\Users\Ulla [Link] ALevitas@m 2nCsuVxsl7

2D95360114 41 \Downloads [Link]
072F8F45F5 \bhhiTUjx2ZI.
B0F7A] [2023 exe
-02-05T18_2
5_59.217141
5].rar/Passw
[Link]

NL0DD59035 185.220.101. - C:\Users\Mar [Link] KSturdivant@ rR2IwOTPTC1

FB1EF1620D 179 itsa\Desktop [Link] Ng
19510EBADB \IeEF6zuRJu
DC9D_2023_ [Link]
02_05T19_08
_28_372704.r
ar/Password
[Link]

[PK]103.134. 103.134.238. 12-104-2002 - [Link] muhammad.f Fahim+123

[Link]/ 122 -26R [Link]/register ahim@unique 45678

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 149
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Malware
Name IP Address System Name URL Username Password
Location

All Password insurancebro

[Link] [Link]

US[FCB8D6C [Link] - C:\Users\Lan [Link] [Link] fYdM6njQk

C2D6CBA24 87 ni\Document y@[Link]
C6633FE1B6 s\AI8IaORYH.
7A831E] [202 exe
3-05-30T04_
32_39.87807
44].rar/Pass
[Link]

NLF23CF068 185.220.100. - C:\Users\Tes [Link] PoetteViolett 2wQNe2LAO

5D5479F0EC 251 s\Downloads e@[Link] YldD
A79C8D620E \gTq5ZhdL05
E46D_2023_0 [Link]
2_05T01_05_
52_913362.r
ar/Password
[Link]

NL8FAE3909 185.220.101. - C:\Users\Zel [Link] TaboltFleuret sKll7uKRyXA

B3F2A9C64D 53 da\Document te@[Link] PlxC
304192552A s\Q8MwNIyX
BE7A_2023_0 [Link]
2_05T00_34_
20_364674.r
ar/Password
[Link]

TR_176.33.24 [Link] BEBEK-NOTE C:\Users\hp [Link] hbebek@akfe Trabzon-066

[Link]/pass 8 [WORKGROU \Documents [Link]/register [Link] 1
[Link] P] \GuardFox\h
p9Ltxm0HxO
Ma6b0PrbGN
[Link]

US[A5D254C [Link] - C:\Users\Dos [Link] [Link]@m oJYRu5om09

FF6DE69711 6 i\Desktop\Vr [Link] m6kk
1CD496DAB3 [Link]
07BA5] [2023
-02-05T17_5
7_48.108262
1].rar/Passw
[Link]

Botlogs 2023 - - - [Link] AAppl@mmc. jK7fth2vX

0504.007 (1). com
9380473].ra

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 150
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Malware
Name IP Address System Name URL Username Password
Location

r/Passwords.
txt

4_[DE]109.25 [Link] DESKTOP-8J C:\WINDOWS [Link] [Link] C@rn1fex

0.90.122[GA 22 VHI46 \SysWOW64 gnin @[Link]
S].rar/Chrom \SearchIndex
e/Default/Pas [Link]
[Link]

NL48A11BE9 185.220.100. - C:\Users\Vilh [Link] [Link] nhZN5zbtykp

6915187686 244 elmina\Deskt ha@[Link]
DDD0A635B2 op\UKsf6Ctm m
EDE6_2023_0 [Link]
2_05T16_17_
19_828163.r
ar/Password
[Link]

NLFFBF7D37 185.220.100. - C:\Users\Ber [Link] JMousser@m 3dtrI6NvFlA

5E8C9F490D 241 nita\Desktop [Link]
DC914104C7 \xZPVsw9jVD
6C32_2023_0 [Link]
2_06T00_31_
56_043237.r
ar/Password
[Link]

[IN]205.254.1 205.254.175. ROHIT-DEMO C:\Users\Roh [Link] 1253345 Ajit@2332

[Link]/C 169 N it\AppData\L
hrome/Defaul ocal\Temp\c7
t/Passwords. c12e17-d192
txt -4f3e-95c5-4
6d4279e007
9_Release.zip.
079\Release
\New Upd v1.
[Link]

NL34C876EE [Link] - C:\Users\Mar [Link] JSevedge@m RYHSV81KTg

807EE5C256 11 essa\Downlo [Link]
5B236C9A92 ads\mLLNdo
0CC1_2023_ [Link]
02_05T13_15 e
_59_338501.r
ar/Password
[Link]

NL2AE91EDE 185.220.100. - C:\Users\Lor [Link] RNass@mmc. wPB1Cbl7

6D2F4E448E 241 ry\Desktop\p com
D8E734993F

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 151
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Malware
Name IP Address System Name URL Username Password
Location

5804_2023_0 907AvVr3A.e
2_05T04_08_ xe
08_663300.r
ar/Password
[Link]

KR[AACD219 - - - [Link] SzwedeCelest TGTnL8zxd

05B1A65455 ine@[Link]
4E2F9C4978 m
BD9DD] [202
3-02-09T00_
19_46.57812
59].rar/Pass
[Link]

US[B8EEB0A [Link] - C:\Users\Lau [Link] [Link] aWr6L3xrEtPj

6D68E70C65 19 rena\Office\d @[Link] z
E1800E89C9 [Link]
28E2F] [2023 e
-05-29T06_0
5_13.615248
0].rar/Passw
[Link]

NL945FD11A 185.220.101. - C:\Users\Ver [Link] DarbyshireVi PryyIgf7

4BCCE74E9F 164 ene\Downloa viene@mmc.c
487C8D51E3 ds\nLFR8JlX om
5942_2023_0 [Link]
2_05T07_15_
20_015933.r
ar/Password
[Link]

GB92CB65B4 [Link] - C:\Users\Roc [Link] DRowson@m 6DP92HyHqf

81B3A6427F 2 h\Documents [Link] yi
5DBA1AE88F \9MrSWhyeT
F03C_2023_0 [Link]
2_05T22_18_
11_794417.r
ar/Password
[Link]

CH[196CB8F - - - [Link] [Link] R7zj8Yrn

1FE86C414E n@[Link]
575E4881C2
898E3] [2023
-02-02T06_4
1_53.044626
3].rar/Passw
[Link]

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 152
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Malware
Name IP Address System Name URL Username Password
Location

[IN]205.254.1 205.254.175. ROHIT-DEMO C:\Users\Roh [Link] rohitksingh0 Kanak@2332

[Link]/C 169 N it\AppData\L [Link]/en-US/MMC/login 098@gmail.c
hrome/Defaul ocal\Temp\c7 om
t/Passwords. c12e17-d192
txt -4f3e-95c5-4
6d4279e007
9_Release.zip.
079\Release
\New Upd v1.
[Link]

NL4E90894B [Link] - C:\Users\Kyn [Link] TBierstedt@ OrlepYzV1IEit

B09D8B24DB 8 thia\Office\FS [Link] U
400EF66791 wUXn4kMLB
E1A1_2023_0 [Link]
2_05T16_56_
58_001726.r
ar/Password
[Link]

NLC8E57E72 [Link] - C:\Users\Ma [Link] [Link] LJCtJRza5M

225F8C099F ndi\Documen on@[Link] ScHAS
3A58590EE7 ts\JDBqTYIey m
9B1E_2023_0 [Link]
2_05T13_47_
21_966946.r
ar/Password
[Link]

CN[9FFB15B - - - [Link] CAdolf@mm 36yWRLQlA

5EB827F31C [Link]
FE67684D70
51A6E] [2023
-02-09T23_1
8_32.804773
4].rar/Passw
[Link]

US57C23AB2 [Link] - C:\Users\Elea [Link] LWarfield@m iPHrTllciKj

C0F54FC3CE 0 nore\Desktop [Link]
7644E783A6 \8eWoUli8Xx.
F9D0_2023_0 exe
2_05T05_40_
20_187827.r
ar/Password
[Link]

US[A28E7A4 [Link] - C:\Users\Cay [Link] SugarDi@mm 0laIHicduPNY

B7F1DD65CD 08 la\Desktop\Z [Link] D1
D1673E0F4E

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 153
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Malware
Name IP Address System Name URL Username Password
Location

CA4D6] [202 EKtcQ7wn8ar

3-05-30T03_ [Link]
16_33.57027
31].rar/Pass
[Link]

NL8453E013 185.220.101. - C:\Users\Lyn [Link] ClinebellLynd 0tjL7gZKQ8G

DC3E111033 58 nett\Desktop e@[Link] MS
C2830906E9 \N8S0hbwx6
3C31_2023_0 [Link]
2_05T10_34_
09_575142.r
ar/Password
[Link]

NL2D0893F5 185.220.100. - C:\Users\Mor [Link] SlatteryKathi McfeTFw0IVJ

D419FCBBB3 241 na\Document e@[Link] sH
0A53068B5B s\B9FS3bBSk
127C_2023_0 [Link]
2_05T10_01_
04_149927.r
ar/Password
[Link]

[ZA]165.16.1 [Link] DIDO C:\Users\Ad [Link] bradodopha [Link]!U6Z

[Link]/Chro 40 ministrator\A [Link]/en-US/MMC/login we@[Link] bVQEj
me/Default/P ppData\Local m
[Link] \Temp\Rar$E
Xb4788.3466
4\SatUp!\Set
[Link]

Botlogs 2023 [Link] - C:\Users\Sus [Link] EDevot@mm 82VCthwLxo

0504.012 (44 3 ette\Office\J [Link]
6).rar/Passw [Link]
[Link] e

HK63F1BF15 [Link] - C:\Users\Kar [Link] SeibtSharity klOTL1mDnV

7EF2229F4E rie\Download @[Link] mhhfY
8119933BB1 s\qRzelX9jc8I
4BBD_2023_0 [Link]
2_05T15_30_
09_903624.r
ar/Password
[Link]

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 154
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Malware
Name IP Address System Name URL Username Password
Location

4_[DE]109.25 [Link] DESKTOP-8J C:\WINDOWS [Link] Kinsley C@rn1fex

0.90.122[GA 22 VHI46 \SysWOW64 ormpostdir/securereader
S].rar/Chrom \SearchIndex
e/Default/Pas [Link]
[Link]

NL21E3F9B0 185.220.100. - C:\Users\Gre [Link] [Link] pX6Zn3JMuh

3A19BD471C 250 thel\Office\fai @[Link] luy
7C33C4D4E7 Vdt5u41Sx1
C096_2023_0 [Link]
2_05T18_07_
58_494722.r
ar/Password
[Link]

NLA854CEF4 185.220.100. - C:\Users\Mar [Link] [Link] 6s63GyjssCE

C5AA60E389 246 ie-Jeanne\Do h@[Link] 1
2C2DAD415F cuments\XZ9
82CD_2023_ [Link]
02_05T04_42
_05_901917.r
ar/Password
[Link]

NL7716FA05 185.220.100. - C:\Users\Fay [Link] TEnrique@m 1iTtpKpe785

CB1BE23148 250 e\Downloads [Link] Sooo
1E9205E2B9 \p7scLHbu8P
AB27_2023_0 [Link]
2_05T07_11_
59_618679.r
ar/Password
[Link]

TR_176.33.24 [Link] BEBEK-NOTE C:\Users\hp [Link] hbebek@akfe Ab123456Cd

[Link]/pass 8 [WORKGROU \Documents [Link]/register [Link] 123*?
[Link] P] \GuardFox\h
p9Ltxm0HxO
Ma6b0PrbGN
[Link]

US[F5FF1D7 [Link] - C:\Users\Kar [Link] GCude@mm jW1ay37RI

E81560FCD8 7 y\Downloads [Link]
A86480BAD2 \u9tNOw2Q9
A0CCB] [202 [Link]
3-05-29T01_
40_35.19518
42].rar/Pass
[Link]

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 155
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Malware
Name IP Address System Name URL Username Password
Location

[install][Unite [Link] - - [Link] jcrowell@ft.n Carter100$bl

d States]209. 85 [Link]/register [Link] ahblah
[Link] m
p/Grabber/D
esktop/Txt/P
[Link]

NL2D0893F5 185.220.100. - C:\Users\Mor [Link] [Link]@ deWaVx4mK

D419FCBBB3 241 na\Document [Link] Hlm
0A53068B5B s\B9FS3bBSk
127C_2023_0 [Link]
2_05T10_01_
04_149927.r
ar/Password
[Link]

CH994F1291 [Link] - C:\Users\Myr [Link] [Link] jZb7pv4CkV

129F65A3AD 3 iam\Desktop ratore@mmc. w
C7E82E87D9 \zF2sh9jVL1 com
D9AB_2023_ [Link]
02_05T21_19
_58_213127.r
ar/Password
[Link]

NL1D527A82 185.220.101. - C:\Users\Ann [Link] [Link] hCrW68YsP2

2760A0AC3C 62 nora\Office\U on @[Link] WCtmw
3A29FDD20E [Link]
514A_2023_0 e
2_05T15_52_
58_401077.r
ar/Password
[Link]

US[8DB9CF9 [Link] - C:\Users\Ran [Link] ConradyEliza EwPMax7mt

1CFA3345AE 0 a\Downloads @[Link] M
66A2567180 \bmcKjpSC5
6D064] [2023 [Link]
-05-30T03_0
2_50.559815
8].rar/Passw
[Link]

NLDA899C09 185.220.101. - C:\Users\Aga [Link] CLano@mmc. bPoEalhJLu

54C3DC1532 181 tha\Office\f3z com
7C63C4D881 2jfFB7nc5m
DDED_2023_ [Link]
02_05T17_04
_41_462397.r

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 156
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Malware
Name IP Address System Name URL Username Password
Location

ar/Password
[Link]

US[BD05781 [Link] - C:\Users\Nan [Link] OreskovichJ a6mhV37It3S

CD27FAEE71 cey\Downloa oann@mmc.c
F8AE9F116A ds\pjS4l9u8l om
60C8D] [2023 [Link]
-02-05T16_5
8_51.795834
4].rar/Passw
[Link]

US[8DE2909 [Link] - C:\Users\Emi [Link] RauenFanche ztHLnGkjZ

220743EFAE lie\Desktop\K tte@[Link]
C5BCC59658 45UBtSxY5S9 m
F23C1] [2023 [Link]
-05-29T05_4
4_02.487147
2].rar/Passw
[Link]

US_191.101. 191.101.240. ALVALION - [Link] [Link]@ Jimbronski7

240.120_202 120 [Link]/register [Link].c 7?*
4-10-29 21_4 om
_13_RKI3WW
SRPXH1J4X7
[Link]/Passw
[Link]

[MX]187.188. 187.188.230. ANTONIOV-1 C:\Users\Ad [Link] [Link] Linkin_capital

[Link]/ 118 5CW10 ministrator\A [Link] @ingenieria.u 06!"#$
All Password ppData\Local [Link]
[Link] \Temp\Rar$E
Xb4788.3466
4\SatUp!\Set
[Link]

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 157
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Malware
Name IP Address System Name URL Username Password
Location

GB153BA5B5 [Link] - C:\Users\Xav [Link] [Link] LreahoECV7E

9B57918734 2 iera\Office\A rth@[Link] O
456A212C19 7Qvs93n2wy m
2B6D_2023_0 [Link]
2_05T09_02_
00_657306.r
ar/Password
[Link]

NL1E5BDFB2 185.220.100. - C:\Users\Ros [Link] ButtaKarlotte FT2KpTsHmZ

BFFE1A2BD9 248 lyn\Office\5F @[Link] H
17EC2703E9 vOwjdDm9e.e
6259_2023_0 xe
2_05T06_11_
12_222851.r
ar/Password
[Link]

NLEBEDC0E3 185.220.100. - C:\Users\Aub [Link] HohmannBen knPvBlZJnen

336C2B2FA7 253 rey\Desktop etta@[Link] PIb
F136FC7A57 \aeZ4hdWSd m
1021_2023_0 [Link]
2_05T01_58_
42_404460.r
ar/Password
[Link]

GBCA263B6B [Link] - C:\Users\Nan [Link] TLonghini@m fpKe4oTkP9

EC3FAC1F5E 2 cie\Download [Link] M
63D2829281 s\Wd2NQNpj
D6E2_2023_0 [Link]
2_05T11_02_
33_513985.r
ar/Password
[Link]

IN_106.213.8 - DESKTOP-5S C:\Users\Dip [Link] 1214054 mercer@121

1.178_2024_ M3EL0 ak\AppData\L gin/[Link] 2
09_24_06_39 ocal\Temp\2
_58.rar/pass 44644\Cause
[Link] [Link]

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 158
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Malware
Name IP Address System Name URL Username Password
Location

[PH][MetaMas [Link] DESKTOP-OA C:\Windows [Link] [Link] YQXvesUH9Is

k][Link] ODBS2 \SysWOW64 [Link]/register eragasam@fo vnJ%@
7[DEXTER].ra \SearchIndex [Link]
r/[PH][MetaM [Link]
ask]120.29.7
9.57[DEXTE
R]/All Passwo
[Link]

US[CB75800 - - - [Link] [Link] pAJLbyJ5htt

54974C69BA n@[Link] z
436C15FDA0
84947] [2023
-02-09T03_3
7_32.126902
3].rar/Passw
[Link]

US[92E16905 169.150.203. - C:\Users\Car [Link] [Link] 2KAm8DHYg

FA419DF3F6 39 a\Documents cco@[Link] XjIsRq
9B33AA3CA3 \v4N3bjehuu m
586C] [2023- [Link]
05-29T22_34
_28.172621
2].rar/Passw
[Link]

IN_45 (3).118. [Link] SD C:\Users\su [Link] mercer\sumit Welcome@1

rar/password 00 mit\AppData m/owa/auth/,DanaInfo=apac2 -dhiman
[Link] \Roaming\RE [Link],SSL+[Link]
M0ve4qbJ\gj
[Link]

[IN]205.254.1 205.254.175. ROHIT-DEMO C:\Users\Roh android://pfyFTnD_RQeb4Fot2 rohit.kumar2 Ajit@1973

[Link]/E 169 N it\AppData\L vaShzDT2CD0B9T6OWf2Xq5El @[Link]
dge/Default/P ocal\Temp\c7 ZCtgmrxg4YpdqjRk-kRIuov1pG
[Link] c12e17-d192 q4DkUgANRu1kkB4j7ow==@co
-4f3e-95c5-4 [Link]/
6d4279e007
9_Release.zip.
079\Release
\New Upd v1.
[Link]

DK9CEF6485 [Link] - C:\Users\Eliz [Link] [Link] 1jVNDsflSbA

DDC71F9C4B 3 abet\Docume ell@[Link] 1pR3
5FE08276B9 nts\9pnF6uT
D305_2023_0 [Link]
2_05T23_36_
16_890858.r

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 159
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Malware
Name IP Address System Name URL Username Password
Location

ar/Password
[Link]

VN_3234f407 - - - [Link] linhdm@pti.c Xu.sama1904

2fc60f0481d [Link]/register [Link] 1994!
185293b577
[Link]/Brow
sers/Edge/De
fault/Passwo
[Link]

NL0FE01DB8 185.220.101. - C:\Users\Mar [Link] [Link] dmJ4RODFT

4FDB46C8E9 190 iam\Docume en@[Link] k
BCFC99BA6C nts\5BSxEko m
03E7_2023_0 [Link]
2_05T10_55_
38_576424.r
ar/Password
[Link]

US[8BC2F52 199.116.118. - C:\Users\Fau [Link] CKotey@mm 0G0OBF9M3

52B6EA3088 252 n\Downloads [Link] BGj6
74F708888B \vuFkZ0q9hp
84983] [2023 [Link]
-05-29T10_0
0_13.696962
6].rar/Passw
[Link]

[FR]3744433 [Link] - C:\Windows [Link] 1197201 Bordeaux33!!

5-3734-4631 \System32\si gin/[Link]
-4742-42463 [Link]
7344435_buil
[Link]/Passw
ord/Google.t
xt

UNKNOWN[7 - - - [Link] GMarucci@m uKdcMYMfB

7D989DB422 [Link]
269E87B8B1

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 160
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Malware
Name IP Address System Name URL Username Password
Location

530FE2D63E
4] [2023-02-0
9T01_43_56.
5534009].ra
r/Passwords.
txt

NL7D75D349 185.220.101. - C:\Users\Lin [Link] KaperLesley 7sBWeMpxu

4F46A837A8 38 nea\Downloa @[Link] Gpq
4F20EC8C36 ds\W5fl2Np7
47AC_2023_ [Link]
02_05T00_36
_09_722562.r
ar/Password
[Link]

US[B7BD0DC [Link] - C:\Users\Jay [Link] MJanitz@mm nNzEfBlM

964CDA5B31 00 me\Downloa [Link]
48C9487849 ds\vwf51ua1
C55DA] [202 [Link]
3-05-29T06_
49_05.78150
89].rar/Pass
[Link]

US[62F6C05 - - - [Link] EDouglas@m bTi8tvL0UKb

F437762389 [Link] nO
AD2875E594
04AEF] [2023
-02-09T03_1
4_04.759228
8].rar/Passw
[Link]

[PH][MetaMas [Link] DESKTOP-OA C:\Windows [Link] info@foyleleg *Foylelegal20

k][Link] ODBS2 \SysWOW64 [Link]/login [Link] 23
7[DEXTER].ra \SearchIndex
r/[PH][MetaM [Link]
ask]120.29.7
9.57[DEXTE
R]/All Passwo
[Link]

[Botlogs 2023 [Link] - C:\Users\Vall [Link] ForwardKora MoZUQB2BW

0506.002 US y\Office\OJZ l@[Link] ro
_6D3~1.634]. [Link]
rar/Password
[Link]

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 161
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Malware
Name IP Address System Name URL Username Password
Location

NL78A85C67 185.220.101. - C:\Users\Lou [Link] MMeachen@ av5d8lENt

5AF7262AD4 143 titia\Office\B3 [Link]
605B953A70 KRLnI3BdM.e
DF91_2023_0 xe
2_05T12_27_
18_910815.r
ar/Password
[Link]

NL19768B5D 185.220.100. - C:\Users\She [Link] GVastakis@m lr1nuwegima

03AD60ED76 251 ryl\Office\WE [Link] dEL
5FE64D3587 [Link]
4E33_2023_0
2_05T21_08_
54_850293.r
ar/Password
[Link]

NL05C2D98E 185.220.100. - C:\Users\Ber [Link] DGao@mmc. OtjGdG6uWz

2A9D7DDAE 241 nie\Desktop com dFEdg
6177AA7B90 \npv5b8JfzR
D7F59_2023_ [Link]
02_05T14_26
_51_107139.r
ar/Password
[Link]

US[A4D396E - - - [Link] EaslickRobine lAou86OFCZ

2E5F71D166 tt@[Link] wm
066C6A95E5
2DB68] [2023
-02-09T04_2
8_04.495591
1].rar/Passw
[Link]

NL2E5F1871 185.220.101. - C:\Users\Ros [Link] GouldieJoby eaN31zt4Hkb

D1292428B0 130 e\Downloads na@[Link] 7m
5F3F6E1462 \TSUfx522B8 m
E953_2023_0 [Link]
2_05T21_20_
56_681533.r
ar/Password
[Link]

CH[FDD3D06 - - - [Link] [Link] vptho3zphAF

8F065BCA86 n @[Link] BLb
8AA69686CA
DC230] [2023
-02-02T06_4

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 162
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Malware
Name IP Address System Name URL Username Password
Location

0_17.167229
7].rar/Passw
[Link]

NL8D882877 185.220.100. - C:\Users\Leel [Link] CalcoteFaye@ sNvo9UX3GJ

9C048E4FBE 254 ah\Document [Link] P
802014D3A8 s\qIAti5l01J.
F901_2023_0 exe
2_05T08_40_
48_817991.r
ar/Password
[Link]

US[FF7A664 - - - [Link] jcrowell@ft.n Carter100$bl

DB945A1AA [Link]/register [Link] ahblah
AEC63CFB47 m
848D00] [202
1-03-13T22_
42_28.[Link]/
Passwords
(1).txt

IN_45 (3).118. [Link] SD C:\Users\su [Link] [Link] S971681314

rar/password 00 mit\AppData @[Link] 5
[Link] \Roaming\RE
M0ve4qbJ\gj
[Link]

[MX]187.188. 187.188.230. ANTONIOV-1 D:\Desktop\A [Link] [Link] Linkin_capital

[Link]/ 118 5CW10 dobe Acrobat [Link] @ingenieria.u 06!"#$
Mozilla Firefo Pro\[Link] [Link]
x/[Link] e
fault-release/
[Link]
t

[Botlogs 2023 [Link] - C:\Users\Ani [Link] ARod@mmc.c A5OBZu0Y

0506.002 US a\Documents om
_318~1.235]. \KbvXfhvKui
rar/Password [Link]
[Link]

[FR]3744433 [Link] - C:\Windows [Link] 1197201 Bordeaux33!!

5-3734-4631 \System32\si gin/[Link]
-4742-42463 [Link]
7344435_buil
[Link]/Passw
[Link]

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 163
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Malware
Name IP Address System Name URL Username Password
Location

US[DDE3717 104.223.118. - C:\Users\Lur [Link] GhanttHappy pxcK4EQnW

86421371CE 59 a\Office\khzrj @[Link]
DF0EC68F16 FZgj7wiCTd.e
66BB0] [2023 xe
-05-30T02_4
3_51.370576
4].rar/Passw
[Link]

NL24AE7124 185.220.100. - C:\Users\Que [Link] [Link] wlQgfgQiQu

B74D1E5956 243 rida\Office\S don@[Link]
A96D74CD2 [Link] m
CF161_2023_ e
02_05T06_44
_16_734994.r
ar/Password
[Link]

US[B5CB0EE [Link] - C:\Users\Ton [Link] NatalizioElyss pAohNljLxnt6

86ED236A79 98 ia\Document home a@[Link] OU
A19FA4AFD3 s\QhlzconWz
C8C42] [2023 [Link]
-05-29T11_0
7_45.188518
1].rar/Passw
[Link]

NL493433FE 185.220.100. - C:\Users\Joa [Link] KGestes@mm UsJWYA84

D8320A2921 243 n\Desktop\cL [Link]
B7C3C3BB45 XG4gA6wA4.
7FE9_2023_0 exe
2_05T06_13_
02_192327.r
ar/Password
[Link]

US[8DB9CF9 [Link] - C:\Users\Ran [Link] LGenualdo@ F855o45edL

1CFA3345AE 0 a\Downloads [Link] FyKTc
66A2567180 \bmcKjpSC5
6D064] [2023 [Link]
-05-30T03_0
2_50.559815
8].rar/Passw
[Link]

CH[DA48FE5 [Link] - C:\Users\Cha [Link] KCalumag@m 1zhGnURoQY

E338706832 ntalle\Deskto [Link] J
5B52FF2646 p\e8BgbUKLI
371F6] [2023 [Link]
_03_15T13_3

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 164
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Malware
Name IP Address System Name URL Username Password
Location

8_17].rar/Pas
[Link]

NL9B53EC19 185.220.101. - C:\Users\Ros [Link] VDiliberti@m ODDUPCBy

BE1AC96F0D 38 elle\Desktop [Link]
19A8607C26 \ECC7836r9
C668_2023_0 [Link]
2_05T22_55_
28_015561.r
ar/Password
[Link]

NL5C084978 185.220.101. - C:\Users\Wy [Link] EVontungeln iEHRvykTYQC

12C56BCDFA 134 nn\Desktop n @[Link] XB3
E5CC3969CB \Bb61kP7wT
A593_2023_0 [Link]
2_05T01_04_
46_732216.r
ar/Password
[Link]

IN_45.117.48. [Link] CONSISTENT C:\Windows [Link] 847977 13031976

9_2024_07_3 \SysWOW64 gin/[Link]
1_16_01_25.z \[Link]
ip/password
[Link]

NL4CC30C32 185.220.101. - C:\Users\Mar [Link] [Link] pWaX3RLGoc

7AD4321A36 190 ielle\Docume @[Link] Ovy
0951DC1378 nts\FFol9Ep
33BC_2023_0 [Link]
2_05T10_55_
47_826473.r
ar/Password
[Link]

NL83BECD3F 185.220.100. - C:\Users\Kari [Link] ACritz@mmc. 0sQdXdHPal

52525B357E 246 n\Office\GiG com
BB3158CE01 [Link]
FF02_2023_0 e
2_05T05_09_
49_067636.r
ar/Password
[Link]

LU788D31C7 [Link] - C:\Users\Lizz [Link] [Link] I3qpfYNPpjT

12A95EA093 ie\Downloads t@[Link] QX
51E5AC3517 \zGctkRfmw
C0F7_2023_0 [Link]
2_05T19_12_

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 165
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Malware
Name IP Address System Name URL Username Password
Location

40_097194.r
ar/Password
[Link]

USE4869EEE [Link] - C:\Users\Har [Link] [Link] SgzpkIsJD8h

E443788DCE 0 riet\Documen on@[Link] R
00CE8054C2 ts\YEBFJOF m
BB35_2023_0 [Link]
2_05T07_46_
00_563967.r
ar/Password
[Link]

[Botlogs 2023 [Link] - C:\Users\Hya [Link] [Link] ugAJAeqq0W

0506.002 US 8 cinth\Deskto @[Link] vzwgz
_91B~1.602]. p\q9jDPDhgd
rar/Password [Link]
[Link]

IN_45 (3).118. [Link] SD C:\Users\su [Link] 1214158 sumit

rar/password 00 mit\AppData gin/[Link]
[Link] \Roaming\RE
M0ve4qbJ\gj
[Link]

NL856641BB 185.220.100. - C:\Users\Sas [Link] AdwellMarthe k3ruomfohD

A749E6168A 250 ha\Download @[Link] Jb8cm
408F804645 s\1J9FkaQ2
11BB_2023_0 [Link]
2_05T22_46_
58_971063.r
ar/Password
[Link]

NL9FA0F178 185.220.101. - C:\Users\Mar [Link] [Link] MnIsA7rng2

246EFF9AE9 61 illin\Office\G k@[Link]
2D526D3F7C wBn04Qn9C
13C7_2023_0 [Link]
2_05T18_49_
08_328372.r
ar/Password
[Link]

US[474D71F [Link] - C:\Users\Jer [Link] ReidelZarah@ yvZI3u9MIVh

93CB774EF8 6 rie\Desktop [Link] RO
D81EA9D789 \Ow71ShaP.e
4485F] [2023 xe
-02-05T17_0
0_22.889001

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 166
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Malware
Name IP Address System Name URL Username Password
Location

0].rar/Passw
[Link]

US[8ECD0CE [Link] - C:\Users\Em [Link] [Link]@ RvCC2V6qRU

310D108FA2 elyne\Docum [Link] o
BBB7CB00BB ents\ZrD1yJy
9836E] [2023 [Link]
-05-29T01_2
9_04.819019
3].rar/Passw
[Link]

Botlogs 2023 [Link] - C:\Users\Tis [Link] GHoms@mm 2k2JAW42d

0504.012 (64 h\Documents [Link]
4).rar/Passw \S8iV7y5i7G
[Link] [Link]

ZA_165.16.1 [Link] DIDO C:\Users\illid [Link] bradodopha [Link]!U6Z

60.140_2024 40 \AppData\Lo [Link]/en-US/MMC/login we@[Link] bVQEj
_11_05_02_2 cal\Temp\10 m
7_13.rar/pas 01911001\2
[Link] 89aac186b.e
xe

ES[442F3E4D - - - [Link] [Link] bZ4BvrS34M

DF37047613 arn@[Link] Z2
D9C3ECBB42 m
8E18] [2023-
02-09T03_54
_46.568970
5].rar/Passw
[Link]

NL365B8440 185.220.101. - C:\Users\Will [Link] CWithem@m njuMdnJq

5662EFDA9A 34 a\Documents [Link]
93ACD98596 \Hk9NNnOA
A6C7_2023_ [Link]
02_05T11_13
_08_457267.r
ar/Password
[Link]

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 167
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Malware
Name IP Address System Name URL Username Password
Location

NL06E01E77 185.220.100. - C:\Users\Nan [Link] [Link] F5MXYjZWIb

5CCD97365A 253 cy\Desktop\l mason@mm mdY
7D6D90221D PN1qZ47lVO [Link]
69EF_2023_0 [Link]
2_05T22_19_
48_215766.r
ar/Password
[Link]

[TH]49.230.1 [Link] CHAKKAGIE C:\WINDOWS android://Rqv8Fbg3-cr3IuNSdl 3817@mmc.c 123456

[Link]/C 26 \SysWOW64 4yKY_uEsq1OZSeR6Ezj25OE7 om
hrome/Defaul \[Link] CUSjeoigZDlTMRPy0YaSk27xl0
t/Passwords. 0l4ZKIhQ8vC8F44Guw==@co
txt [Link]/

NLE1918472 185.220.101. - C:\Users\Ma [Link] [Link] 3b94LNqh2jX

D2E8AEA585 32 del\Office\7R @[Link]
8B8AA0CFEC [Link]
6529_2023_0
2_05T12_31_
52_864014.r
ar/Password
[Link]

NLF105C870 [Link] - C:\Users\Cha [Link] GanskeJuline CCrzAQh3S

086715E87F 3 rmane\Office @[Link]
B41DADFA91 \XKRzQ184.e
A80C_2023_ xe
02_05T00_36
_28_847550.r
ar/Password
[Link]

US66A92F05 [Link] - C:\Users\Carl [Link] [Link]@ W7X3vclWsr

2DD4787BD4 06 ita\Download [Link] S
C805B89239 s\SG1vlnHxh
DB63_2023_0 [Link]
2_05T07_43_
14_783216.r
ar/Password
[Link]

ID_182.253.5 [Link] ITSHIRO [WO C:\ProgramD [Link] 1122077 Gareng@727

[Link]/pass 3 RKGROUP] ata\MPGPH1 gin/[Link] 2
[Link] 31\MPGPH13
[Link]

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 168
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Malware
Name IP Address System Name URL Username Password
Location

NL48D241CA 185.220.101. - C:\Users\Nett [Link] [Link] NO6OCodvm

06865CAB5B 35 a\Office\o93Z t@[Link] y
D09FE918E8 [Link]
FAB6_2023_0
2_05T06_06_
21_884574.r
ar/Password
[Link]

[Botlogs 2023 [Link] - C:\Users\Elly [Link] [Link] jIyHhIHiEQ

0506.002 US n\Downloads s@[Link]
_CAC~1.769]. \9QvVlw6qkr.
rar/Password exe
[Link]

CA[ACE79FD - - - [Link] PleseRubia@ PNAPlwxTzG

171FA39700 n [Link] vAIIZ
602DD84BE2
2E730] [2023
-02-09T01_5
9_06.059857
5].rar/Passw
[Link]

NL9D083A22 185.220.100. - C:\Users\Chi [Link] [Link]@ PDIaqVcT6

6023340C8D 241 cky\Desktop gon [Link]
505F7D9062 \Xj4ibTE2nG
A6BF_2023_0 [Link]
2_05T10_27_
09_839009.r
ar/Password
[Link]

JP[E2031AC [Link] - C:\Users\Sas [Link] VConnole@m 9A2Bx0HfxTl

80BFB562F8 8 cha\Desktop [Link]
1DB3170B73 \UGlhX61eV
90509] [2023 [Link]
-02-05T18_2
7_14.092196
6].rar/Passw
[Link]

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 169
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Malware
Name IP Address System Name URL Username Password
Location

US[DDE3717 104.223.118. - C:\Users\Lur [Link] [Link] eLy4MItfgZrv

86421371CE 59 a\Office\khzrj zi@[Link] so
DF0EC68F16 FZgj7wiCTd.e
66BB0] [2023 xe
-05-30T02_4
3_51.370576
4].rar/Passw
[Link]

Botlogs 2023 - - - [Link] SzwedeCelest TGTnL8zxd

0504.007 (1). ine@[Link]
5781259].ra m
r/Passwords.
txt

DK5A441F18 [Link] - C:\Users\Har [Link] RBettcher@m Mx6QHWPbz

E3F9BABE23 2 monia\Docu [Link] ht0g52
1F623345FB ments\nvqu0
1514_2023_0 [Link]
2_06T02_10_
07_711724.r
ar/Password
[Link]

NL8BA41533 [Link] - C:\Users\Jan [Link] [Link] NtQBeOG0eJ

63B985AAB1 6 eczka\Docum @[Link] 78q0
23517EB679 ents\4vPoXs
D72A_2023_ [Link]
02_05T18_07
_18_534799.r
ar/Password
[Link]

US[0C4F50E - - - [Link] [Link] lmGJXSXUM

34F2E2791B m@[Link] oQ
79BBA7DCE6
0532A] [2023
-02-02T07_1
9_23.109509
8].rar/Passw
[Link]

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 170
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.
Attack Path [Link]
Discovery Report September 30, 2025

Malware
Name IP Address System Name URL Username Password
Location

US[B5DD9CC [Link] - C:\Users\Elli [Link] DAndrson@ ARJE5LjDB

46F18968D5 46 \Office\Ot2qr [Link]
B6998CBC01 [Link]
9B2A8] [2023 e
-05-30T07_5
9_50.170063
4].rar/Passw
[Link]

US40C6241D [Link] - C:\Users\Meli [Link] [Link]@m e5noXviOtCX

BB39CCE96E sse\Office\Yl [Link] DZiV
A3ADF70AD WWaln1GepT
0C875_2023_ [Link]
02_05T06_05
_10_499160.r
ar/Password
[Link]

NL812244CD 185.220.100. - C:\Users\Mar [Link] [Link]@ eXcYGixAhO

5B744AE7A6 241 tita\Desktop e [Link]
7F23EC49CE \mr2D7aw3S.
896C_2023_0 exe
2_06T03_04_
31_292986.r
ar/Password
[Link]

Ransomware Group Leaks

DescriptionLeaks from ransomware groups often contain exfiltrated CyberMindr's approach Monitors ransomware leak portals and crossreferences indicators
sensitive business data. with client asset identifiers.

Ransomware Group Name Title Leak Date Description Post URL

No data available

Next Steps Visit [Link]

Locate the vulnerability you have addressed and click Rescan. 171
The platform will refresh the results, update the vulnerability status, and display a revised Risk Score based on the latest findings.

Pentest
No ratings yet
Pentest
26 pages
Cyber Threat Report: Malicious IP 20.217.217.224
No ratings yet
Cyber Threat Report: Malicious IP 20.217.217.224
11 pages
Cybersecurity Scan Summary Report
No ratings yet
Cybersecurity Scan Summary Report
9 pages
9dec Eng Report
No ratings yet
9dec Eng Report
24 pages
PCI Vulnerability Scan Results Summary
No ratings yet
PCI Vulnerability Scan Results Summary
12 pages
Phishing Email Analysis Techniques
No ratings yet
Phishing Email Analysis Techniques
5 pages
Exim Bank Cyber Risk Exposure Report
No ratings yet
Exim Bank Cyber Risk Exposure Report
62 pages
Malwarebytes Threat Intel Report Nov 2022
No ratings yet
Malwarebytes Threat Intel Report Nov 2022
23 pages
Phishing Incident Report: SOC282 Alert
No ratings yet
Phishing Incident Report: SOC282 Alert
18 pages
Experiment 4 Report
No ratings yet
Experiment 4 Report
7 pages
Phishing
No ratings yet
Phishing
12 pages
Malicious IP Address Analysis: 141.94.75.26
No ratings yet
Malicious IP Address Analysis: 141.94.75.26
11 pages
VAPT Test Report Summary
No ratings yet
VAPT Test Report Summary
5 pages
Web Pentest TestPHP - 2023-06-05-01 - 24 - 01
No ratings yet
Web Pentest TestPHP - 2023-06-05-01 - 24 - 01
7 pages
Phishing Email Analysis Tools 2024
No ratings yet
Phishing Email Analysis Tools 2024
3 pages
Critical Vulnerabilities in DVWA Audit
No ratings yet
Critical Vulnerabilities in DVWA Audit
28 pages
Cybersecurity Playbook Creation Guide
No ratings yet
Cybersecurity Playbook Creation Guide
8 pages
Modern Email Phishing Trends Report
No ratings yet
Modern Email Phishing Trends Report
8 pages
Cybersecurity Insights for hdfc.com
No ratings yet
Cybersecurity Insights for hdfc.com
1 page
OSINT Analysis Using Maltego on iManage
No ratings yet
OSINT Analysis Using Maltego on iManage
4 pages
Bank Salaam Cyber Risk Exposure Report
No ratings yet
Bank Salaam Cyber Risk Exposure Report
60 pages
Phishing Email Analysis
No ratings yet
Phishing Email Analysis
14 pages
Microsoft 365 Email Security Risks
No ratings yet
Microsoft 365 Email Security Risks
24 pages
Telmex Colombia Vulnerability Scan Report
No ratings yet
Telmex Colombia Vulnerability Scan Report
10 pages
RidgeBot™ Audit Report: JP EXT Site
No ratings yet
RidgeBot™ Audit Report: JP EXT Site
49 pages
Report 147650
No ratings yet
Report 147650
119 pages
Criminal IP Threat Analysis Report
No ratings yet
Criminal IP Threat Analysis Report
9 pages
Cybersecurity Vulnerability Assessment Report
No ratings yet
Cybersecurity Vulnerability Assessment Report
15 pages
Trend Micro Security Logs Analysis
No ratings yet
Trend Micro Security Logs Analysis
26 pages
2023 Cybersecurity Trends Report
No ratings yet
2023 Cybersecurity Trends Report
21 pages
APT Attack Phases and Techniques
No ratings yet
APT Attack Phases and Techniques
24 pages
.Au 9dec Eng Report
No ratings yet
.Au 9dec Eng Report
37 pages
Assessing Your Network's Vulnerabilities
No ratings yet
Assessing Your Network's Vulnerabilities
10 pages
2022 Phishing Threats Overview Report
No ratings yet
2022 Phishing Threats Overview Report
19 pages
Cyber Threat Report: IP 20.117.117.224
No ratings yet
Cyber Threat Report: IP 20.117.117.224
5 pages
Lab 4 - Security Investigations
No ratings yet
Lab 4 - Security Investigations
9 pages
Ransomware Attack on Shared Drives
No ratings yet
Ransomware Attack on Shared Drives
107 pages
York University Penetration Test Report
No ratings yet
York University Penetration Test Report
15 pages
McAfee Global Threat Intelligence Overview
No ratings yet
McAfee Global Threat Intelligence Overview
43 pages
A Smarter School of Phish - Why Phishing Still Works in 2025
No ratings yet
A Smarter School of Phish - Why Phishing Still Works in 2025
29 pages
Email Risk Assessment Overview
No ratings yet
Email Risk Assessment Overview
11 pages
Business Email Compromise Checklist: Overview
No ratings yet
Business Email Compromise Checklist: Overview
4 pages
Advanced Email Protection Overview
100% (1)
Advanced Email Protection Overview
54 pages
Ethical Penetration Testing Guide
No ratings yet
Ethical Penetration Testing Guide
19 pages
Phishing Email Detection with Splunk
No ratings yet
Phishing Email Detection with Splunk
8 pages
Email Security: Protect Against Phishing
No ratings yet
Email Security: Protect Against Phishing
12 pages
Cybersecurity Incident Report Summary
No ratings yet
Cybersecurity Incident Report Summary
56 pages
Real-Life Cyberattacks Explained
No ratings yet
Real-Life Cyberattacks Explained
4 pages
Corporate Email Hacking Techniques
No ratings yet
Corporate Email Hacking Techniques
61 pages
Understanding Phishing Attacks and Risks
No ratings yet
Understanding Phishing Attacks and Risks
1 page
Phishing Email Investigation Process
No ratings yet
Phishing Email Investigation Process
2 pages
Forensic Malware Investigation Report
No ratings yet
Forensic Malware Investigation Report
7 pages
CyberSec Midterm Assignment
No ratings yet
CyberSec Midterm Assignment
7 pages
Class 12 Computer Science Practical File
No ratings yet
Class 12 Computer Science Practical File
28 pages
ML-Based DDoS Detection System
No ratings yet
ML-Based DDoS Detection System
18 pages
Python Programming Lab Exercises
No ratings yet
Python Programming Lab Exercises
52 pages
ECE Embedded Systems Question Bank 2023-24
No ratings yet
ECE Embedded Systems Question Bank 2023-24
4 pages
O-RAN - wg2.R1 Use Cases and Requirements.v01.00
No ratings yet
O-RAN - wg2.R1 Use Cases and Requirements.v01.00
25 pages
Kubernetes Training: From Basics to Advanced
No ratings yet
Kubernetes Training: From Basics to Advanced
7 pages
Embedded System Final
No ratings yet
Embedded System Final
247 pages
Overview of Internet Protocols and Layers
No ratings yet
Overview of Internet Protocols and Layers
127 pages
Understanding Programming Approaches
No ratings yet
Understanding Programming Approaches
3 pages
Playlist Management with Linked List
No ratings yet
Playlist Management with Linked List
2 pages
Computer Science Solutions 2079
No ratings yet
Computer Science Solutions 2079
8 pages
Introduction to Python Programming
No ratings yet
Introduction to Python Programming
77 pages
BIG-IP Administrator Exam Insights
No ratings yet
BIG-IP Administrator Exam Insights
88 pages
K.Narendra Kumar Mobile: Developer Email
No ratings yet
K.Narendra Kumar Mobile: Developer Email
7 pages
C Programming Basics: Operators & Control Statements
No ratings yet
C Programming Basics: Operators & Control Statements
41 pages
Android Developer Internship Report
No ratings yet
Android Developer Internship Report
29 pages
Managing Operating Systems Essentials
No ratings yet
Managing Operating Systems Essentials
11 pages
Overview of Computer Systems and Types
No ratings yet
Overview of Computer Systems and Types
20 pages
JD Risc-V Product Architect Ok
No ratings yet
JD Risc-V Product Architect Ok
2 pages
ERP and SAP Implementation at MCL
No ratings yet
ERP and SAP Implementation at MCL
13 pages
BCA Sem-II Practical Exam Questions
No ratings yet
BCA Sem-II Practical Exam Questions
2 pages
Hotel Reservation System Project Overview
No ratings yet
Hotel Reservation System Project Overview
7 pages
Computer Science Exam Key Answers 2025
No ratings yet
Computer Science Exam Key Answers 2025
6 pages
Key Application Layer Protocols Explained
No ratings yet
Key Application Layer Protocols Explained
23 pages
Excel What-If Analysis Tools Guide
No ratings yet
Excel What-If Analysis Tools Guide
10 pages
JNTU Vizianagaram B.Tech Revaluation Results
No ratings yet
JNTU Vizianagaram B.Tech Revaluation Results
19 pages
Dynamic Question Generation Platform
No ratings yet
Dynamic Question Generation Platform
24 pages
Configuring VLANs with Macros in Lab
No ratings yet
Configuring VLANs with Macros in Lab
2 pages
Ibm System X Cog 20080228
No ratings yet
Ibm System X Cog 20080228
650 pages
Computer System Fundamentals Overview
No ratings yet
Computer System Fundamentals Overview
36 pages