Quick PSA.
#1
If you're getting suspicious PMs please report them to staff at your earliest convenience so that we can take immediate action against anyone trying to take advantage of our less knowledgeable users.

I got this PM, lol.

[Image: YKAa4lS.png]

https://www.virustotal.com/gui/url/f1965.../detection

Spoiler: He didn't practice OPSEC. Ran some quick scans and his IP 193.36.255.154 is either a jump box, or a router. We'll find out once i run RouterSploit.

For now i'll just leave it at that. Malicious Actors will be treated in kind.
Reply
#2
Not a malicious link. Just an 'anonymous' publishing site. Basically pastebin but for markdown. Hint: Telegram uses it for publishing. Was likely blocked because Telegram is only skids and drug dealers nowadays, no one who actually cares about their security uses it.
It's funny though because the link's images look like njRat or some poor attempt to copy it/make it run on Win10.
Reply
#3
(10-06-2020, 07:06 PM)poppopret Wrote: Not a malicious link. Just an 'anonymous' publishing site. Basically pastebin but for markdown. Hint: Telegram uses it for publishing. Was likely blocked because Telegram is only skids and drug dealers nowadays, no one who actually cares about their security uses it.
It's funny though because the link's images look like njRat or some poor attempt to copy it/make it run on Win10.

If you say so. Can't be bothered following up if you're going to link to stuff through suspicious looking means and the URL comes up as malicious over at VT. Instead one should use Github, Gitlab, Bitbucket, or Cryptpad like a normal person.

He's free to appeal his ban, but if you're not using proper OPSEC and all you're here to do is ask me to be your personal army or code monkey, then nothing of value was lost as far as i am concerned.
Reply