Anyone has fresh zenledger database ? Have exploit that can drain entire user balance with the use of XUMM , requests originate from ZenLedger and drains user out ( USDC tested, also wrapped btc ) @half
Please open Telegram to view this post
VIEW IN TELEGRAM
Basically you SE the ZenLedger victim into declaring their XRP
You go on the program , insert the victim address and you'll get a custom payload to send him
You send them the link -) cahsed :)
You go on the program , insert the victim address and you'll get a custom payload to send him
You send them the link -) cahsed :)
Selling exploit on a big financial site (800M revenue ) , various exploits :
- Mass denial-of-banking — victims can't deposit, withdraw, or auto-invest. Deposits in flight may bounce. Purely
destructive.
- Attacker can reroute a victim's recurring transfers (e.g., redirect a scheduled payment's source/destination) to
accounts they control.
- Straight loan-proceeds theft. A victim's approved personal loan pays out to an attacker's linked account.
- Hijack automated cash movement — redirect sweeps, drain idle cash into attacker accounts, or disable protective
sweeps before other attacks.
- full KYC bypass
and more
price : 2M$
@half MM accepted as always :)
- Mass denial-of-banking — victims can't deposit, withdraw, or auto-invest. Deposits in flight may bounce. Purely
destructive.
- Attacker can reroute a victim's recurring transfers (e.g., redirect a scheduled payment's source/destination) to
accounts they control.
- Straight loan-proceeds theft. A victim's approved personal loan pays out to an attacker's linked account.
- Hijack automated cash movement — redirect sweeps, drain idle cash into attacker accounts, or disable protective
sweeps before other attacks.
- full KYC bypass
and more
price : 2M$
@half MM accepted as always :)
On vacation till sunday , will be less online 😴
Please open Telegram to view this post
VIEW IN TELEGRAM
anyone has expirence with ransoms ? @half ( not ransomware, company ransoms )
@half lounge
Project nearly ready 😎
Should I continue autodoxxer development? would you be intrested?
Anonymous Poll
71%
Yes
33%
not intrested
selling big betting platform ( non crypto , european ) admin access , 80M yearly revenue, good offers in PM @half
@half lounge
Should I continue autodoxxer development? would you be intrested?
Perfect will work on it soon, will also work on a good audit program that will be sold with limited copies , more info soon :)
Media is too big
VIEW IN TELEGRAM
🚀 ENV-FUCKER: Fast exposure recon for "authorized" infrastructure.
What it is
One binary: TUI wizard, CLI batch, streaming crawler, or timed auto loop. Same scanner, same artifacts everywhere.
Core scanning
- ~1.7k effective paths per host with encoding tricks.
- Three transports: HTTP, HTTPS, DNS-smart HTTPS for correct virtual hosts.
- Strong validator: size/content-type gates, binary/HTML-noise handling, dedupe, caps, resumable checkpoints, optional diff vs. previous run.
- Worker presets: 256 up to ~2k goroutines.
Discovery
- Sources: File/stdin lists, CT roots, CIDR expansion, or crawler mode (multi-source BFS + TLS-name feedback).
- Shodan: Free InternetDB mixed in; paid membership seeding requires a key/credit budget.
CVE layer
- 75 built-in fingerprints, 122 mapped CVE IDs.
- KEV + live FIRST EPSS, version-aware applicability, junk-aware saves.
Outputs & Ops
- Logs: Stable run/finding IDs, critical mirror, secrets table, AI aggregate, per-vendor key extracts.
- Extras: Live verification, webhooks, HTML/CSV reports, Nuclei-style URL feed, Prometheus metrics, cross-host dedupe, run bundle with manifest.
- Networking: Rotating proxy pool, preflight checks, error visibility, output profiles, legacy mode.
@half to reserve a spot.
What it is
One binary: TUI wizard, CLI batch, streaming crawler, or timed auto loop. Same scanner, same artifacts everywhere.
Core scanning
- ~1.7k effective paths per host with encoding tricks.
- Three transports: HTTP, HTTPS, DNS-smart HTTPS for correct virtual hosts.
- Strong validator: size/content-type gates, binary/HTML-noise handling, dedupe, caps, resumable checkpoints, optional diff vs. previous run.
- Worker presets: 256 up to ~2k goroutines.
Discovery
- Sources: File/stdin lists, CT roots, CIDR expansion, or crawler mode (multi-source BFS + TLS-name feedback).
- Shodan: Free InternetDB mixed in; paid membership seeding requires a key/credit budget.
CVE layer
- 75 built-in fingerprints, 122 mapped CVE IDs.
- KEV + live FIRST EPSS, version-aware applicability, junk-aware saves.
Outputs & Ops
- Logs: Stable run/finding IDs, critical mirror, secrets table, AI aggregate, per-vendor key extracts.
- Extras: Live verification, webhooks, HTML/CSV reports, Nuclei-style URL feed, Prometheus metrics, cross-host dedupe, run bundle with manifest.
- Networking: Rotating proxy pool, preflight checks, error visibility, output profiles, legacy mode.
@half to reserve a spot.
Big fintech IT company db just dumped
dump info :
Personal Information
* Name
* Surname
* Sex
* Birth date
* Birthplace
* Birth city
* Fiscal code
Contact Information
* Email
* Phone number
* Postal code (CAP)
Employment Information
* Employed (Yes/No)
* Employment type (Full time, Part time, etc.)
* Employment duration
Family Information
* Relationship status (Married / Civil partner)
* Children (Yes/No, with details if applicable)
Property and Financial Information
* Houses owned
* Mortgage (Yes/No)
* Remaining mortgage amount
Digital Identification
* Digital signature
dump info :
Personal Information
* Name
* Surname
* Sex
* Birth date
* Birthplace
* Birth city
* Fiscal code
Contact Information
* Phone number
* Postal code (CAP)
Employment Information
* Employed (Yes/No)
* Employment type (Full time, Part time, etc.)
* Employment duration
Family Information
* Relationship status (Married / Civil partner)
* Children (Yes/No, with details if applicable)
Property and Financial Information
* Houses owned
* Mortgage (Yes/No)
* Remaining mortgage amount
Digital Identification
* Digital signature