Interesting the two IPs mentioned 54.77.139[.]23 & 3.248.33[.]252 both have Burp

🚨Possible DDoS Alert🚨 The official website of Shodan (shodan.io), a well-known search engine for internet-connected devices, is currently showing a 503 Service Temporarily Unavailable error. No group has claimed responsibility for the takedown I am not sure how

Shodan hasn't worked all day - down for circa 8hrs

🚨 Keepass Campaign 🔥Domain: kee-password[.]com (0/94 VT) 🔥Redirects to: keepass-download[.]com (0/94 VT) 🔥Links to malicious Github repo: hxxps://github[.]com/keeppasss/keepass/raw/refs/heads/main/KeePass-2.56-Setup[.]exe 🔥Drops:

🕵️‍♂️ Spotted something interesting in the Talos report: 🔍 IP 192.210.239[.]172 looks like a Cobalt Strike redirector. Got curious... are there more redirectors on the same ASN? Let's hunt. 👇 🛰️ Query: asn:"AS36352" HTTP/1.1 302 Moved Temporarily Server: Server Location:

🇮🇳🐍Potential Sidewinder Cobalt Strike Redirectors in Action 🐍185.159.128.117 0/94 in VT 🔥Suspect Domain: islamabadpolice[.]net 0/94 in VT - hosted on Cloudflare Spoofing legit domain: fir.islamabadpolice[.]gov[.]pk 🐍31.15.17.230 0/94 in VT 🔥Suspect Domain:

🤔Another Interesting Potential Cobalt Redirector 82.118.22.60 0/94 in VT Suspect Domain: oicm[.]org 0/94 in VT - hosted on Cloudflare Redirects to legit domain: oic-cert[.]org The website oic-cert[.]org is the official platform of the OIC-CERT, a cybersecurity initiative under

Arcserve, a data protection leader, is potentially being spoofed using Cobalt Strike redirectors! IP : 45[.]67[.]228[.]243 Domain: downloads[.]arcservecdn[.]com Provider: STARK INDUSTRIES SOLUTIONS LTD (Netherlands) SSL: CloudFlare Redirect to

Interesting find reference Cobalt Redirectors spoofing Adidas 🤔 104.168.134[.]112 1/94 in VirusTotal adldas[.]top 1/94 in VirusTotal 23.254.202[.]110 0/94 in VirusTotal 104.168.253[.]136 1/94 in VirusTotal addes[.]top 0/94 in VirusTotal

Interesting DNS Finds and Pivots DNS Analysis: ns1.internettoday[.]nl sophos-telemetry[.]com 0/94 in VT 64.225.72.116 DIGITALOCEAN 0/94 in VT api.cloud-oracle[.]net 0/94 in VT 161.35.83.216 DIGITALOCEAN 0/94 in VT gchq-github[.]com 0/94 in VT 152.42.142.116 DIGITALOCEAN 1/94

Nice report from Proofpoint on TA4557! I noticed that you can hunt for Resume Profiles dropping More_Eggs backdoor: http.title:"Resume" HTTP/1.1 200 OK Date: GMT Server: Apache/2.4.58 (Ubuntu) Vary: Accept-Encoding Content-Length: Content-Type: text/html; charset=UTF-8 Happy

Amatera Stealer Panel Found 91.84.109.91 located in Amsterdam, Netherlands and belongs to VDSINA SERVERS TECH FZCO, AE.

⏰Interesting Post and you can hunt C2 Dev Tunnels in shodan: HTTP/1.1 404 Not Found Date: GMT Content-Type: text/html Content-Length: 548 Connection: keep-alive X-Served-By: Strict-Transport-Security: max-age=31536000; includeSubDomains