Security researchers from Hunt.io have identified an unauthenticated open directory while examining indicators of compromise published in an earlier CyberXTron report on the TheGentlemen ransomware group. The directory, hosted at IP address 176.120.22.127 on port 80, resides on infrastructure belonging to Proton66 OOO (AS198953), a Russian provider previously linked to other malicious campaigns. The server had been active for at least 24 days prior to discovery. The directory contained 126 fil
