Relevant hosting IPs: 91.132.139[.]155 184.164.139[.]238 94.158.245[.]28 185.174.174[.]34 Also mail server mail.kvatral95[.]com is hosted on a probable dedicated server at 45.89.175[.]235. (2/6)pic.twitter.com/2FTcavbhxh
U tweetove putem weba ili aplikacija drugih proizvođača možete dodati podatke o lokaciji, kao što su grad ili točna lokacija. Povijest lokacija tweetova uvijek možete izbrisati. Saznajte više
Relevant hosting IPs: 91.132.139[.]155 184.164.139[.]238 94.158.245[.]28 185.174.174[.]34 Also mail server mail.kvatral95[.]com is hosted on a probable dedicated server at 45.89.175[.]235. (2/6)pic.twitter.com/2FTcavbhxh
Identified registrants: tgamelin@barid[.]com isobelmoss@barid[.]com fvjdjf3@barid[.]com (3/6)
Important to note that at this time I don't know the extent to which, if any, this infrastructure has been used maliciously. (4/6)
There are some non-unique registration and certificate consistencies amongst the domains, like use of Barid emails to register some of them. In another instance, per @urlscanio, one domain redirected to a URL containing a similar string compared to one of the other domains. (5/6)pic.twitter.com/WkLX8ByRdQ
That said, at this time I can't definitively say that the all domains and infrastructure mentioned above are related to the same actor. (6/6)
First two domains look like being #TA505 naming scheme, right?
Beyond the somewhat similar names, I don't think these domains are consistent with previous TA505 registrations.
Note that cubenergy-my-sharepoint[.]com was initially resolved to IP address in US for one day (Dec 4), then was moved to current IP address in Austria.pic.twitter.com/Y5iPFf38HB
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.