toot.wales is one of the many independent Mastodon servers you can use to participate in the fediverse.
We are the Open Social network for Wales and the Welsh, at home and abroad! Y rhwydwaith cymdeithasol annibynnol i Gymru, wedi'i bweru gan Mastodon!

Administered by:

Server stats:

668
active users

#furint

0 posts0 participants0 posts today
cR0w :cascadia:<p>It's free threat intel Thursday. Have some recently ( within the last week ) malicious IP lists.</p><p>IPs observed attempting to log in to Palo Alto GlobalProtect portals. Note that they all geolocated to US so it's a pretty small list: <a href="https://cascadiacrow.com/pan_20250703.txt" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cascadiacrow.com/pan_20250703.</span><span class="invisible">txt</span></a></p><p>IPs observed attempting to log in to F5 BIG-IP VPNs. Note that they all geolocated to US so it's also a pretty small list: <a href="https://cascadiacrow.com/f5_20250703.txt" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cascadiacrow.com/f5_20250703.t</span><span class="invisible">xt</span></a></p><p>IPs observed attempting to log in to M365 and are listed as known malicious by Microsoft: <a href="https://cascadiacrow.com/microsoft_20250703.txt" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cascadiacrow.com/microsoft_202</span><span class="invisible">50703.txt</span></a></p><p><a href="https://infosec.exchange/tags/GAYINT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GAYINT</span></a> <a href="https://infosec.exchange/tags/FURINT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FURINT</span></a></p>
cR0w :cascadia:<p>So y'all remember that Treasury OFAC sanction against Aeza Group <del>like a month ago</del> yesterday? If you want to block some IP ranges, I got you. ASNs should be enough but firewall vendors still suck and generally don't allow blocking by ASNs.</p><p>AS216246 - Aeza Group, LLC</p><p>AS210644 - Aeza International Ltd</p><p>IPv4 network list: <a href="https://cascadiacrow.com/aeza4.txt" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">cascadiacrow.com/aeza4.txt</span><span class="invisible"></span></a></p><p>IPv6 network list: <a href="https://cascadiacrow.com/aeza6.txt" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">cascadiacrow.com/aeza6.txt</span><span class="invisible"></span></a></p><p>Of course it's a good idea to verify the addresses instead of trusting a random crow on the Internet. You never know when all of Cloudflare or Google might slip into a block list. Or I completely fat finger things. Again.</p><p><a href="https://infosec.exchange/tags/GAYINT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GAYINT</span></a> <a href="https://infosec.exchange/tags/FURINT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FURINT</span></a> <a href="https://infosec.exchange/tags/threatIntel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatIntel</span></a></p>
cR0w :cascadia:<p>I've got a short list of infostealer IPs you should probably block immediately. They've been proven to be malicious and utilized by a number of threat groups.</p><p><a href="https://cascadiacrow.com/20250611_stealers.txt" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cascadiacrow.com/20250611_stea</span><span class="invisible">lers.txt</span></a></p><p><a href="https://infosec.exchange/tags/GAYINT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GAYINT</span></a> <a href="https://infosec.exchange/tags/FURINT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FURINT</span></a></p>
grey<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@cR0w" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>cR0w</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@reverseics" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>reverseics</span></a></span> <a href="https://infosec.exchange/tags/GAYINT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GAYINT</span></a> and <a href="https://infosec.exchange/tags/FURINT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FURINT</span></a> solidarity</p>