Lawrence S.
@lawrencesec.bsky.social
🇬🇧 Threat Research @ Recorded Future.
I Like Tracking ASNs and ISPs for some reason...
I Like Tracking ASNs and ISPs for some reason...
3/ As long as the same LIRs and the same bad actors are able to maintain control of their RIPE resources, the problem will never stop.
November 26, 2025 at 2:12 PM
3/ As long as the same LIRs and the same bad actors are able to maintain control of their RIPE resources, the problem will never stop.
2/ The case of fraud relating to metaspinner GmbH really does spell out the severity of the problem...
November 26, 2025 at 2:11 PM
2/ The case of fraud relating to metaspinner GmbH really does spell out the severity of the problem...
2/ Sanctions include Aeza's entities used to evade recent OFAC and UK sanctions, including Hypercore LTD and SMART DIGITAL IDEAS DOO. Myself and @whoisnt.bsky.social
break down these entities in our recent report: www.recordedfuture.com/research/mal...
break down these entities in our recent report: www.recordedfuture.com/research/mal...
Malicious Infrastructure Finds Stability with aurologic GmbH
This investigative report reveals how German hosting provider aurologic GmbH has become a central enabler of malicious internet infrastructure, linking numerous threat activity networks while operatin...
www.recordedfuture.com
November 19, 2025 at 5:19 PM
2/ Sanctions include Aeza's entities used to evade recent OFAC and UK sanctions, including Hypercore LTD and SMART DIGITAL IDEAS DOO. Myself and @whoisnt.bsky.social
break down these entities in our recent report: www.recordedfuture.com/research/mal...
break down these entities in our recent report: www.recordedfuture.com/research/mal...
This is highly likely CrazyRDP :)
November 16, 2025 at 7:58 PM
This is highly likely CrazyRDP :)
2/ ASNs believed to be utilised by CrazyRDP were reportedly downstream of aurologic….. lowendspirit.com/discussion/c...
Operation Endgame 3.0 took down 1025 servers including CrazyRDP
Europol and Shadowserver have announced today they have completed "third phase" of Endgame operation targeting infostealer Rhadamanthys, Remote Access Trojan VenomRAT, and the botnet Elysium...
lowendspirit.com
November 15, 2025 at 12:08 PM
2/ ASNs believed to be utilised by CrazyRDP were reportedly downstream of aurologic….. lowendspirit.com/discussion/c...
3/ metaspinner net GmbH (Hamburg, Germany) has no affiliation with #AS209800, Virtualine Technologies, or any related malicious activity associated with that network.
November 12, 2025 at 9:52 PM
3/ metaspinner net GmbH (Hamburg, Germany) has no affiliation with #AS209800, Virtualine Technologies, or any related malicious activity associated with that network.
2/ A falsified RIPE end-user agreement provided to Insikt Group highlights how a basic verification check against publicly accessible company registration documents could have prevented the fraudulent registration.
November 12, 2025 at 9:52 PM
2/ A falsified RIPE end-user agreement provided to Insikt Group highlights how a basic verification check against publicly accessible company registration documents could have prevented the fraudulent registration.
/10 Dive into the full report “Malicious Infrastructure Finds Stability with Aurologic GmbH” for the data, analysis, and context behind this ecosystem: www.recordedfuture.com/research/mal...
Malicious Infrastructure Finds Stability with aurologic GmbH
This investigative report reveals how German hosting provider aurologic GmbH has become a central enabler of malicious internet infrastructure, linking numerous threat activity networks while operatin...
www.recordedfuture.com
November 6, 2025 at 11:34 AM
/10 Dive into the full report “Malicious Infrastructure Finds Stability with Aurologic GmbH” for the data, analysis, and context behind this ecosystem: www.recordedfuture.com/research/mal...
9/Aeza Group continues to rely on aurologic for a large share of its connectivity, announcing roughly half of its IP space, despite recent sanctions by the US and the UK.
November 6, 2025 at 11:33 AM
9/Aeza Group continues to rely on aurologic for a large share of its connectivity, announcing roughly half of its IP space, despite recent sanctions by the US and the UK.