Suspicious domain windowsupdatesystem[.]org was registered through MonoVM on 9/18/24 using wincentwolf@proton[.]me and is now using Cloudflare. H/t DomainTools for catching the SOA

Our team has discovered two fake websites posing as a new Kamala Harris campaign website, which in reality appears to be a Russian disinformation campaign: newwayforward[.]us newwayforward[.]vote gnidaproject.substack.com/p/fake-harris-…

This IO account posing as the Harris campaign has amassed 6k+ followers in the last week or so. It mixes in false campaign positions (e.g. below) with pro-Harris tweets and retweets.

Announcing (most of) this year's CYBERWARCON speaker lineup! We've got some fantastic talks this year, and more will be announced soon. Don't miss your chance to register now! Thank you everyone who submitted to the CFP. The selection was a truly grueling process!

Set of suspicious domains co-registered through Namecheap on 10/4/24 and hosted, in part, on likely dedicated servers: wmiadap[.]cfd (195.14.123[.]20) wmiadap[.]sbs (45.15.158[.]97) wmiadap[.]xyz (non-dedicated)

A few thoughts on election threats as we enter the final stretch. There is a pretty established history of last-minute activity from some of the foreign malign actors possibly in play and they are very aware of the unique criticality and opportunity in this short time frame. 1/x

It's good, but really at this point the suspension is just an attempt to try and save face after months of unchecked disinformation distribution in the run up to the election.

Infrastructure registered within the last month and highly likely administered using the same Cloudflare account as America PAC: doge2026[.]com (11/13) dogeamerica[.]org (11/13) doge2025[.]com (10/14) Not currently hosting any content.

Earlier today both Elon Musk and Donald Trump Jr. shared a post and video claiming USAID sponsored expensive celebrity visits to Ukraine. This has every indication of being a Russian fabricated video planted and spread using familiar methods. 1/5

Domain dogestatus[.]org was registered on 2/14/25 and is likely administered using IMGE's Cloudflare account—the same one used for the fake Harris campaign site progress2028[.]com. opensecrets.org/news/2024/10/p… Not currently resolving.

The Children's Health Defense staging site associated with realcdc[.]org indicates they are setting it up to pose as a legitmate CDC site questioning vaccine safety, complete with parent testimonials. Currently no overt indication the site is run by CHD.