Osint Report.zip «ULTIMATE — 2024»

---

### 5.2 Notable Indicators of Compromise / Risks | Indicator | Description | Evidence | Risk Level | |-----------|-------------|----------|------------| | **Hard‑coded API key** | `X-API-KEY: abc123…` found in public repo `config.js` | `https://github.com/example/example‑app/blob/main/config.js` | High | | **Exposed Admin Panel** | `https://admin.example.com` reachable without auth | Screenshot (see Appendix A) | Medium | | **Credential Leak** | Email‑password pairs from `data_leak_2024.txt` on Pastebin | `https://pastebin.com/abcd1234` | High | | **Phishing Campaign** | Same domain used in recent phishing emails targeting customers | Header analysis – `Received: from mail.example.com` | Medium | | **Geo‑Tagged Photos** | Instagram posts reveal office interior layout | EXIF GPS coordinates `40.7128, -74.0060` | Low‑Medium | OSINT Report.zip

---

## 9. Appendices ### Appendix A – Screenshots | # | Description | File | |---|-------------|------| | 1 | Unauthenticated admin panel login page | `admin_panel.png` | | 2 | Exposed `.env` file (redacted) | `env_file.png` | | 3 | EXIF GPS coordinates from Instagram photo | `photo_exif.png` | --- ### 5

---