Lawrence S.
@lawrencesec.bsky.social
🇬🇧 Threat Research @ Recorded Future.
I Like Tracking ASNs and ISPs for some reason...
I Like Tracking ASNs and ISPs for some reason...
This is highly likely CrazyRDP :)
November 16, 2025 at 7:58 PM
This is highly likely CrazyRDP :)
2/ ASNs believed to be utilised by CrazyRDP were reportedly downstream of aurologic….. lowendspirit.com/discussion/c...
Operation Endgame 3.0 took down 1025 servers including CrazyRDP
Europol and Shadowserver have announced today they have completed "third phase" of Endgame operation targeting infostealer Rhadamanthys, Remote Access Trojan VenomRAT, and the botnet Elysium...
lowendspirit.com
November 15, 2025 at 12:08 PM
2/ ASNs believed to be utilised by CrazyRDP were reportedly downstream of aurologic….. lowendspirit.com/discussion/c...
3/ metaspinner net GmbH (Hamburg, Germany) has no affiliation with #AS209800, Virtualine Technologies, or any related malicious activity associated with that network.
November 12, 2025 at 9:52 PM
3/ metaspinner net GmbH (Hamburg, Germany) has no affiliation with #AS209800, Virtualine Technologies, or any related malicious activity associated with that network.
2/ A falsified RIPE end-user agreement provided to Insikt Group highlights how a basic verification check against publicly accessible company registration documents could have prevented the fraudulent registration.
November 12, 2025 at 9:52 PM
2/ A falsified RIPE end-user agreement provided to Insikt Group highlights how a basic verification check against publicly accessible company registration documents could have prevented the fraudulent registration.
/10 Dive into the full report “Malicious Infrastructure Finds Stability with Aurologic GmbH” for the data, analysis, and context behind this ecosystem: www.recordedfuture.com/research/mal...
Malicious Infrastructure Finds Stability with aurologic GmbH
This investigative report reveals how German hosting provider aurologic GmbH has become a central enabler of malicious internet infrastructure, linking numerous threat activity networks while operatin...
www.recordedfuture.com
November 6, 2025 at 11:34 AM
/10 Dive into the full report “Malicious Infrastructure Finds Stability with Aurologic GmbH” for the data, analysis, and context behind this ecosystem: www.recordedfuture.com/research/mal...
9/Aeza Group continues to rely on aurologic for a large share of its connectivity, announcing roughly half of its IP space, despite recent sanctions by the US and the UK.
November 6, 2025 at 11:33 AM
9/Aeza Group continues to rely on aurologic for a large share of its connectivity, announcing roughly half of its IP space, despite recent sanctions by the US and the UK.
8/ Femo IT Solutions was allocated a /24 prefix from a /17 network registered to the Iranian Research Organization for Science and Technology (IROST), the same origin seen in allocations to other TAEs such as Global Connectivity Solutions and Aeza Group.
November 6, 2025 at 11:33 AM
8/ Femo IT Solutions was allocated a /24 prefix from a /17 network registered to the Iranian Research Organization for Science and Technology (IROST), the same origin seen in allocations to other TAEs such as Global Connectivity Solutions and Aeza Group.
7/ Femo IT Solutions Ltd #AS214351 is a UK-registered network with close operational ties to self-proclaimed bulletproof hoster “Defhost”, who offer “Germany-only” abuse-resilient services on underground forums.
November 6, 2025 at 11:32 AM
7/ Femo IT Solutions Ltd #AS214351 is a UK-registered network with close operational ties to self-proclaimed bulletproof hoster “Defhost”, who offer “Germany-only” abuse-resilient services on underground forums.
6/ Virtualine Technologies is a Russia-linked TAE with operational ties to multiple organizations used to register and control IP space, masking ownership and maintaining operational control through networks like Railnet.
November 6, 2025 at 11:32 AM
6/ Virtualine Technologies is a Russia-linked TAE with operational ties to multiple organizations used to register and control IP space, masking ownership and maintaining operational control through networks like Railnet.
5/ Railnet’s elevated abuse levels followed the transfer of Metaspinner Net IP space to Lanedonet, networks assessed with high probability to have impersonated legitimate companies, under the control of actors tied to Virtualine Technologies.
November 6, 2025 at 11:31 AM
5/ Railnet’s elevated abuse levels followed the transfer of Metaspinner Net IP space to Lanedonet, networks assessed with high probability to have impersonated legitimate companies, under the control of actors tied to Virtualine Technologies.
4/ Railnet LLC #AS214943 is one of the largest sources of malicious infrastructure observed by Insikt Group, with over 80 validated C2 servers currently active on the network.
November 6, 2025 at 11:31 AM
4/ Railnet LLC #AS214943 is one of the largest sources of malicious infrastructure observed by Insikt Group, with over 80 validated C2 servers currently active on the network.
2/ RecordedFuture network intelligence identified persistent malicious infrastructure across more than 20 networks receiving upstream transit from aurologic, several of which are assessed with high probability to operate as Threat Activity Enablers (TAEs).
November 6, 2025 at 11:30 AM
2/ RecordedFuture network intelligence identified persistent malicious infrastructure across more than 20 networks receiving upstream transit from aurologic, several of which are assessed with high probability to operate as Threat Activity Enablers (TAEs).