Olivia
Online
Daniel Cid
@danielcid
Founder of CleanBrowsing, Trunc, Sucuri, and OSSEC. Former VP, GoDaddy. Builder & breaker by heart.
/ / Temecula,Big Bear
Canada
Joined February 2009
287 Following
4.6K Followers
2.7K Posts
Pinned Tweet
My 7yo: "When I grow up, I want to be just like my daddy. He doesn't work and just spends his day at the computer doing nothing."
🏂 Após bronze nos EUA, Priscila Cid é top 8 na Suíça e se despede de temporada no Snowboard Halfpipe com dois dos melhores resultados da carreira
🔗 Acesse o Brasil Zero Grau!
https://t.co/UegI3Rq6Un
Pretty much every site on our network has been scanned and attempted to be exploited so far.
If you didn't patch over the weekend, it might be safe to consider it compromised.
First attempt I see on the logs was on:
2025-12-03 21:00:24 18.182.x.z 403 "POST /_next/static/chunks/react-flight HTTP/1.1" "-" "Mozilla/5.0 (CVE-2025-55182 PoC)"
Before most people were even aware of it.
One of the best explanations for CVE-2025-55182 / React2Shell. Recommended reading.
One of the best explanations for CVE-2025-55182 / React2Shell. Recommended reading.
https://t.co/b8rKtYZlB3
Who to follow
The Shadowserver Foundation
@Shadowserver
Our mission is to make the Internet more secure by bringing to light vulnerabilities, malicious activity and emerging threats. Join our Alliance!
Sucuri Security
@sucurisecurity
• Web Application Firewall
• DDoS Protection / Intrusion Prevention
• Malware Removal
• Website Monitoring
• Website Backups
• Status Updates: https://t.co/R1ZLeTcMhX
Xavier Mertens @[email protected] 🇧🇪
@xme
Freelance | Blogger | SANS ISC Handler | FOR610/FOR710 Instructor | BruCON co-organizer | BlueTeam | DFIR | MTB | PGP: 0xEB583912514B3E1F | Tweets are mine!
@leomarciano Your email seems to be bouncing. Do you have a different one?
@leomarciano Oh, what's going on? DM me here so I can investigate.
@riper81 Pretty cool project. Adding to my list of sites to use.
@0x6rss Pretty cool tool. Would be interesting to integrate with https://t.co/ORWSSYAgzo as well (if you want, can give you full access there).
@riper81 Yeah, same here... The interesting part was 4 days before the public disclosure.
Interesting.. First scan for CVE-2025-53771 (latest Sharepoint vuln) on our logs was on July 16th, a few days before public disclosure.
172.174.82.132 16/Jul/2025:07:31:10 +0000 "GET /_layouts/15/ToolPane.aspx HTTP/1.1" "http://localhost" "Mozilla/5.0"
From a Microsoft IP address...
@riper81 @hotjar @namesilo @AceDataCenters Other domains in the same server:
https://t.co/GVyhdsCL60
hotjar-cdn[.]com
statswp[.]org
spadeanalytica[.]com
Need to check if they are malicious too...
Pretty big issue:
Google and Microsoft Trusted Them. 2.3 Million Users Installed Them. They Were Malware.
https://t.co/53Ch9ZPS28
Extensions that get hijacked/bought are a common source of malware these days.
Found some additional domains in the same IP address as them ( cc @IDardikman @extensiontotal ) which might be connected.
https://t.co/ug81Wqnfxb
Expanded DNSArchive to also add web headers, CMS versions, links , css files, etc.
You can now search for it here (in beta):
https://t.co/rCGTnOGpHD
Ex:
All sites using PHP/5.2:
https://t.co/Zcv3HUNdBa
And you can still do DNS specific search here:
https://t.co/moYeBHcQWI
Feedback welcome!
Have you noticed this "?slince_golden=test" requests on your logs?
It is for a WordPress Backdoor. We wrote a small summary about it here:
https://t.co/amKL6NL0is
Seeing it on your logs too?
🚀 @logwithtrunc just got a fresh redesign.
🧑💻 Built for developers who care about clean, fast, secure log management.
🔍 Check it out: https://t.co/IOoRh4ogk9
#SIEM #LogManagement #CyberSecurity #DevTools #SecOps #Infosec #CloudSecurity
We put up a list with the top domains (most visited) via our DNS intelligence:
https://t.co/fna8FaULsk
top 100
top 1,000
top 10,000
Have you looked at our DNS database?
DNS Archive has over 200m domains, IP addresses and historical DNS data:
https://t.co/dzEEjvS3qb
First thing I do on any of my new ubuntu servers:
apt install net-tools
Just so I can have my old ifconfig back.
Nothing more useful than searching through over 1TB of logs in less than a sec with the Trunc terminal for some threat hunting...
Both via the terminal and web. It makes finding issues so quick.
Last Seen Users on Sotwe
İFŞA MAKİNESİ
Seen from Turkey
con đĩ của anhh
Seen from Vietnam
kiryuma
Seen from Vietnam
มม. v.2
Seen from Ecuador
video colmek indo
Seen from Indonesia
BLACK DADDY
Seen from Latvia
ควยครองเมือง
Seen from Thailand
tuanombre🍫🍓
Seen from Indonesia
hypnscen
Seen from United States
⚠️𝐂𝐇𝐔𝐑𝐋𝐄𝐃⚠️
Seen from United States
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers