I'm playing with phishing infrastructure OPSEC topic, hunting gophish on shodan... and found this:
GoPhish servers hosted in Moscow, configurated with same, self-signed "PZU" certificate.
IPs are not resolving for any domain rn, but it might be backend. #gophish#phishing 1/x 2/x Another interesting thing is that for 2nd IP, the gophish management service is open for the world. emailAddress indicates that someone who deployed this gophish at least know popular Polish services. But take a look on the 'O' and 'OU', 'OOH'. Does this look familiar?