Last active
July 17, 2023 20:03
-
-
Save ACK-J/7a2da401c732cbe58479d03acc4e4b43 to your computer and use it in GitHub Desktop.
Find all the domains ThreatMetrix is using to exfil user tracking data
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from shodan import Shodan | |
| api = Shodan('API-KEY') | |
| results = api.search('isp:"ThreatMetrix Inc." port:443 Bad Request') | |
| for banner in results['matches']: | |
| # Only care about services that use SSL | |
| if 'ssl' in banner: | |
| print(banner['ssl']['cert']['subject']['CN']) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This script only uses 3 pieces of information (org, port, HTML text) to find a majority of the Threat Metrix backend infrastructure, imagine how well they can fingerprint your browsing habbits across the web with the 416 pieces of information they gather about your network / browser 🤔