Kyle Ehmke

@kyleehmke

Threat intel researcher with . Come for the infrastructure hunting, stay for the dad jokes. Views are my own and not my employer's.

Vrijeme pridruživanja: ožujak 2014.

Tweetovi

Blokirali ste korisnika/cu @kyleehmke

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @kyleehmke

  1. prije 7 sati

    Suspicious domain casewithwillingprocess[.]com was registered through Njalla on 1/29 and is hosted on a probable dedicated server at 80.255.3[.]90.

    Poništi
  2. prije 17 sati

    Possible APT34 domain lebanonbuilder[.]com was registered on 2/2 through THCservers using cd.redel@protonmail[.]com and is hosted on a probable dedicated server at 23.106.160[.]127. In :

    Poništi
  3. proslijedio/la je Tweet
    2. velj

    The following recently registered domains also have similar registration & hosting patterns with apt34 infrastructure. Of course, this is just for awareness and does not imply attribution: - wastedsituation[.]com - godoycrus[.]com

    Poništi
  4. 31. sij

    As of late January, domain renodesmart[.]com is now hosted at 88.80.148[.]26. Was previously hosted at 81.17.20[.]6.

    Poništi
  5. proslijedio/la je Tweet
    30. sij

    Suspicious domain hr-westat\.com was registered on 1/25 by george.kayak@yandex\.com. One to watch considering the report on .

    Poništi
  6. 30. sij

    A couple other recent, possible APT34 domains, based on findings in the below report: - westat-hr[.]com (ili.olanas@protonmail[.]com, 142.234.157[.]131) - hr-westat[.]com (george.kayak@yandex[.]com) In :

    Poništi
  7. 30. sij

    Windows-spoofing domain windowsupdateassistant[.]com was registered on 12/20 through Njalla and, as of 1/30, is hosted on a probable dedicated server at 185.193.127[.]81.

    Poništi
  8. 30. sij

    Another possibly related domain, tide30mcsoft[.]com, was registered on 1/28 through THCservers using superanimal_1802@inbox[.]lv. Domain is hosted on a probable dedicated server at 193.29.187[.]82.

    Prikaži ovu nit
    Poništi
  9. 30. sij

    Suspicious domain logisticamazon[.]org was registered through ITitch on 1/28 using melangeur1923@inbox[.]lv and is hosted on a probable dedicated server at 185.82.126[.]180.

    Poništi
  10. 30. sij

    Suspicious domain digitalscube[.]com was registered through Aminserve on 1/29 using rosariodeluca@mail[.]ee and is hosted on a probable dedicated server at M247 IP 185.244.213[.]7.

    Poništi
  11. 29. sij

    Another similar domain, wwwco4testmcsoft[.]com, was registered on 1/28 through Njalla. Domain is also hosted at 185.82.126[.]210.

    Prikaži ovu nit
    Poništi
  12. 28. sij

    Suspicious domains wwwco2testmcsoft[.]org and ubuntuget[.]com (80.255.3[.]98) registered through Aminserve using stancaliv@outlook[.]com. A similar domain, wwco4testmcsoft[.]com (185.82.126[.]210), was created on 1/27 through Njalla. In :

    Prikaži ovu nit
    Poništi
  13. 26. sij

    Another domain, onedrive-live[.]tel (registered on 1/24 through Njalla), is now hosted at 198.211.122[.]103 along with the same subdomains as the previous domains.

    Prikaži ovu nit
    Poništi
  14. proslijedio/la je Tweet

    Here’s another one from our fury friends in apartment 28: atasuitsec[.]com => 88.80.148.38 SOA: you@can-get-no[.]info 🙃

    Poništi
  15. 24. sij

    Two suspicious domains registered through NameCheap at essentially the same time on 1/16/20 and hosted on dedicated servers in M247 IP space: - ms6-upload-serv3[.]com (185.236.202[.]248) - state-awe3-apt[.]com (185.236.203[.]247) In :

    Poništi
  16. 24. sij

    Suspicious domain winsmartdisc[.]com was registered on 1/22 through Njalla and is hosted on a dedicated server at 78.24.219[.]78.

    Poništi
  17. 22. sij

    This infrastructure possibly is related to another set of subdomains that spoofed the Moldovan Army and Parliament:

    Prikaži ovu nit
    Poništi
  18. 22. sij

    Identified subdomains: mail[.]parliament[.]bg[.]flrewall-production[].org mail[.]armf[.]bg[.]flrewall-production[.]org IP also currently hosts userdefendings[.]net.

    Prikaži ovu nit
    Poništi
  19. 22. sij

    Domain flrewall-production[.]org was registered through THCservers on 1/21 using ifannrusan@protonmail[.]com and is hosted at 89.37.226[.]119 along with subdomains spoofing Bulgarian Army and Parliament. In :

    Prikaži ovu nit
    Poništi
  20. 22. sij

    The office365eu1[.]com domain has again switched to another probable dedicated server at 185.245.85[.]182.

    Prikaži ovu nit
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·