http://solarleaks.net/

Last Checked: Jan 13, 2021, 17:46 EST

IP Address: 185.193.126.236
ASN #: AS39287 ABSTRACT, FI
Location: Malmö, Skåne, SE
URL Reputation:
  • Unknown This URL is not identified as malicious in the PhishTank Database.
  • Unknown PhishCheck thinks this URL is likely not a phish.
  • Unknown OpenPhish: URL not in feed.

Other submissions on 185.193.126.236:

Other submissions on solarleaks.net:

Previous checks:

                               Domain Name: SOLARLEAKS.NET
Registry Domain ID: 2584153959_DOMAIN_NET-VRSN
Registrar WHOIS Server: whois.tucows.com
Registrar URL: http://tucowsdomains.com
Updated Date: 2021-01-11T20:46:08
Creation Date: 2021-01-11T20:44:26
Registrar Registration Expiration Date: 2022-01-11T20:44:26
Registrar: TUCOWS, INC.
Registrar IANA ID: 69
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Registry Registrant ID: 
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization: REDACTED FOR PRIVACY
Registrant Street: REDACTED FOR PRIVACY 
Registrant City: REDACTED FOR PRIVACY
Registrant State/Province: Charlestown
Registrant Postal Code: REDACTED FOR PRIVACY
Registrant Country: KN
Registrant Phone: REDACTED FOR PRIVACY
Registrant Phone Ext: 
Registrant Fax: REDACTED FOR PRIVACY
Registrant Fax Ext: 
Registrant Email: https://tieredaccess.com/contact/0d57fc2b-e285-45b7-aa8c-38e399d1ef99
Registry Admin ID: 
Admin Name: REDACTED FOR PRIVACY
Admin Organization: REDACTED FOR PRIVACY
Admin Street: REDACTED FOR PRIVACY 
Admin City: REDACTED FOR PRIVACY
Admin State/Province: REDACTED FOR PRIVACY
Admin Postal Code: REDACTED FOR PRIVACY
Admin Country: REDACTED FOR PRIVACY
Admin Phone: REDACTED FOR PRIVACY
Admin Phone Ext: 
Admin Fax: REDACTED FOR PRIVACY
Admin Fax Ext: 
Admin Email: REDACTED FOR PRIVACY
Registry Tech ID: 
Tech Name: REDACTED FOR PRIVACY
Tech Organization: REDACTED FOR PRIVACY
Tech Street: REDACTED FOR PRIVACY 
Tech City: REDACTED FOR PRIVACY
Tech State/Province: REDACTED FOR PRIVACY
Tech Postal Code: REDACTED FOR PRIVACY
Tech Country: REDACTED FOR PRIVACY
Tech Phone: REDACTED FOR PRIVACY
Tech Phone Ext: 
Tech Fax: REDACTED FOR PRIVACY
Tech Fax Ext: 
Tech Email: REDACTED FOR PRIVACY
Name Server: 1-you.njalla.no
Name Server: 2-can.njalla.in
Name Server: 3-get.njalla.fo
DNSSEC: unsigned
Registrar Abuse Contact Email: domainabuse@tucows.com
Registrar Abuse Contact Phone: +1.4165350123
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2021-01-13T22:46:27Z <<<

"For more information on Whois status codes, please visit https://icann.org/epp"

The Data in the Tucows Registrar WHOIS database is provided to you by Tucows
for information purposes only, and may be used to assist you in obtaining
information about or related to a domain name's registration record.

Tucows makes this information available "as is," and does not guarantee its
accuracy.

By submitting a WHOIS query, you agree that you will use this data only for
lawful purposes and that, under no circumstances will you use this data to:
a) allow, enable, or otherwise support the transmission by e-mail,
telephone, or facsimile of mass, unsolicited, commercial advertising or
solicitations to entities other than the data recipient's own existing
customers; or (b) enable high volume, automated, electronic processes that
send queries or data to the systems of any Registry Operator or
ICANN-Accredited registrar, except as reasonably necessary to register
domain names or modify existing registrations.

The compilation, repackaging, dissemination or other use of this Data is
expressly prohibited without the prior written consent of Tucows.

Tucows reserves the right to terminate your access to the Tucows WHOIS
database in its sole discretion, including without limitation, for excessive
querying of the WHOIS database or for failure to otherwise abide by this
policy.

Tucows reserves the right to modify these terms at any time.

By submitting this query, you agree to abide by these terms.

NOTE: THE WHOIS DATABASE IS A CONTACT DATABASE ONLY.  LACK OF A DOMAIN
RECORD DOES NOT SIGNIFY DOMAIN AVAILABILITY.


                             
  • GET
    200 OK

    https://snippets.cdn.mozilla.net/us-west/bundles-pregen/Firefox/en-us/default.json

  • GET
    200 OK

    https://tracking-protection.cdn.mozilla.net/base-fingerprinting-track-digest256/1608186823

  • GET
    200 OK

    https://tracking-protection.cdn.mozilla.net/base-cryptomining-track-digest256/1604686195

  • GET
    200 OK

    http://solarleaks.net/

  • GET
    200 OK

    https://tracking-protection.cdn.mozilla.net/social-tracking-protection-facebook-digest256/1604686195

  • GET
    200 OK

    http://detectportal.firefox.com/success.txt

  • GET
    200 OK

    http://detectportal.firefox.com/success.txt?ipv4

  • GET
    200 OK

    http://detectportal.firefox.com/success.txt?ipv6

  • GET
    200 OK

    https://tracking-protection.cdn.mozilla.net/social-tracking-protection-linkedin-digest256/1564526481

  • GET
    200 OK

    https://tracking-protection.cdn.mozilla.net/social-tracking-protection-twitter-digest256/1604686195

  • GET
    0 Timed out waiting for a response.

    http://solarleaks.net/favicon.ico

  • GET
    200 OK

    http://detectportal.firefox.com/success.txt

  • GET
    200 OK

    http://detectportal.firefox.com/success.txt?ipv4

  • GET
    200 OK

    http://detectportal.firefox.com/success.txt?ipv6

<html><head><link rel="stylesheet" href="resource://content-accessible/plaintext.css"></head><body><pre>-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Happy new year!
Welcome to solarleaks.net (mirror: 5bpasg2kotxllmzsv6swwydbojnfuvfb7d6363pwe5wrzhjyn2ptvdqd.onion)

We are putting data found during our recent adventure for sale.

[Microsoft Windows (partial) source code and various Microsoft repositories]
price: 600,000 USD
data: msft.tgz.enc (2.6G)
link: https://mega.nz/file/1ehgSSpD#nrtzQwh-qyCaUHBXo2qQ1dNbWiyVHCvg8J0As8VjrX0

[Cisco multiple products source code + internal bugtracker dump]
price: 500,000 USD
data: csco.tgz.enc (1.7G)
link: https://mega.nz/file/sSgQmJLT#NqaaYXsFkASwAc51lcjBnWjP4zrbqiN-XQ7GVZGbL_o

[SolarWinds products source code (all including Orion) + customer portal dump]
price: 250,000 USD
data: swi.tgz.enc (612M)
link: https://mega.nz/file/xawhBQgJ#f3X6lPORF16wh-O9GiNVMVDZ6rxRKX64_XVR5y9KpFM

[FireEye private redteam tools, source code, binaries and documentation]
price: 50,000 USD
data: feye.tgz.enc (39M)
link: https://mega.nz/file/hOBnVYjL#l3qojAvaFWtYtcB3vX4ZABG3tBLGyhJarBBbYaHnM-0

[More to come in the next weeks]

ALL LEAKED DATA FOR 1,000,000 USD (+ bonus)

Data is encrypted with strong key.

- -
Q: Is this really happening? Can you provide proof?
A: Yes and yes.

Q: Why no more details?
A: We aren't fully done yet and we want to preserve the most of our current access. Consider this a first batch.

Q: I'm [vendor] and want my data back?
A: Talk to us.

Q: Why not leak it for free?
A: Nothing comes free in this world.

Q: How to buy?
A: Contact us for more information.
- -

UPDATE: We received too many messages at the moment and can't reply to everyone in a timely fashion.
Also, we are being censored as we speak and must act quickly. Our main and backup email addresses has been shut down.

We understand you want more information but we can't give away data for free. That would be an insult to our trusted buyers.
However we can provide sample data (for all leaks + bonus) as proof of ownership.

As we are considering serious partners only, this is how we will be dealing with inquiries:
Send exactly 100 XMR to the address below, add a payment id with your email address so we can contact you back. You should encode your email address as 32 bytes data in the payment id.

486FSvAbzo9X3PPvoP5xoBb1iVewDqhJ44MCRuUW8BCsJ8TuiSyiaW4ZwLGLJJ1UTgRDUSi6X9cwwJjMF594Dd31P97Sx4o

The payment id part is very important because this is our only way to contact you back (protonmail decided to shut us down). Only a matter of time before this website goes down too.
We will then discuss with another private email address (we will use the same gpg key 24516C2E1CC7890832771178E2C73BC53B9118A0).

This payment will be considered a small down payment, which will be substracted to your final purchase. We won't refund if you're not interested in the data after seeing the archive content.

What will you get? Sample data contains all of the archives metadata (content listing) + SolarWinds customer portal SQL dump as a gift.

NO NEGOTIATION. Don't waste our time. We will be in touch after your first confirmed payment.

Some hints on how we got our data: 
25b23446e6c29a8a1a0aac37fc3b65543fae4a7a385ac88dc3a5a3b1f42e6a9e

People with knowledge will know.
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEJFFsLhzHiQgydxF44sc7xTuRGKAFAl/+6kkACgkQ4sc7xTuR
GKBtBgf/YdTgNcacc+akoNQjW7thmAcjaTWNo5RhAn+7YblwBhiF4mlgjuyilHCH
bhL8S5oL8keoa1WNQ1DSZZHtbYO6iF+iMpEcbfnUWSUeIED7/WN8ffD1hFE/soi8
LZ7gpyvuTD5zz9Maw/JKeHk9sCqo2O9IODV5YZrCzX+eBI5wvW8ub65NhwXdUfX1
nNLz5v23vShovf9bbV/tPcuVf7fIns5Lq9I3ndKiqV68u39qXvChDh1PwNikjdUp
TdkXG293BMry3lJVAzL3YRWQrXzr0YL9nBzf5PTjflu4m4RBeeyDXDcMtMY/VS/n
DQag3iEcETK7RuMrqmSatj/Ti31RDg==
=aIb7
-----END PGP SIGNATURE-----
</pre></body></html>

                             

Screenshot: