path:/etc/passwd
Sometimes there were even shadow passwd files with the hashes exposed on the web. Crazy days.Almost all of them seem like home projects being deployed with ease in mind than security. The common thread seems to be the fact that most of them are phishing website, not sure if thats a business model to target here?
How about you be a good netizen and make it so people can request to be scanned and don't proactively do it, let alone constantly keep hammering them with requests?
And I need to protect against the actual criminals already inside my house looking for something to steal. Scouting out the easy target to setup their ransomwares.
1. Quite a few websites in the search results where just on HTTP
2. The .gov sites do use public certificate authorities like digicert, verisign, amazon & letencrypt so they would have been captured unless they are removed explicitly
And yes the domain registration would not include subdomains