Russia-linked IP 138.124.123.3 (Aeza AS210644) Presented US gov SSL certificates from January 15 - March 5, 2025
A Flourish data visualization by FD
CIVHUB
crt.sh | treasury 68e11f5c117a0f4b99a664a9c3485471c27f5982f849f667db11320d371bb7d4
Free CT Log Certificate Search Tool from Sectigo (formerly Comodo CA)
SurgeSend no login file email sharing
Surge Send has been designed to simplify file transfer for you. It enables guaranteed, secure and quick file transfer even at varying internet speeds.
PRIVATE ISH COMMS
Trusted IP Data Provider, from IPv6 to IPv4
Get accurate IP address information with IPinfo. Trusted by 400,000+ users, we handle more than 40 billion API requests monthly. Sign up for free account today.
History: 131.225.251.10 fnal.gov nuclear vpn login
Search Engine for the Internet of Things
AS44477 STARK INDUSTRIES SOLUTIONS LTD - bgp.he.net shares uk address with Aeza
AS44477 STARK INDUSTRIES SOLUTIONS LTD Network Information
Entity Details :: OpenCorporates arseniy penzev aeza group
Free and open company data on United Kingdom company AEZA GROUP LIMITED (company number 15065828), 71-75 Shelton Street
Covent Garden, London, WC2H 9JQ
8.219.147.118 new china ali baba with 400yaahc.gov cert
Ports open: 443
Russia AEZA IP first seen with first gov cert on 1/15/2025 crt.sh | bc76377be0fc9de4ab3aca57aa1031b6508a0cbe410e062302b234b95831df0b
Free CT Log Certificate Search Tool from Sectigo (formerly Comodo CA)
2/21 Russian Aeza IP seen with 3rd US Gov cert crt.sh | 95e04bc4a9ab640d5e85a21f000053375246aad4619493de092c98af09f56f9c
Free CT Log Certificate Search Tool from Sectigo (formerly Comodo CA)
2/15 Russia AEZA IP seen with second US Gov cert crt.sh | f46563af55e2248530d1d7d621e1140c4274b5d25c34d03f71ed019f7728fc3a
Free CT Log Certificate Search Tool from Sectigo (formerly Comodo CA)
1/15/2025- Russian AEZA IP 138.124.123.3 seen first time with usa.gov certificate crt.sh | bc76377be0fc9de4ab3aca57aa1031b6508a0cbe410e062302b234b95831df0b
Free CT Log Certificate Search Tool from Sectigo (formerly Comodo CA)
crt.sh | 16738559834 400yaahc.gov cert
Free CT Log Certificate Search Tool from Sectigo (formerly Comodo CA)
crt.sh | 17047754043 china bearing this cert 8.219
Free CT Log Certificate Search Tool from Sectigo (formerly Comodo CA)
Shodan Search ssl.cert.subject.cn:.mil port:3389 country:"US"
77 results found for search query: ssl.cert.subject.cn:.mil port:3389 country:"US"
Shodan Search USPTO patent office cert, actually showed 3/10 before the us ips showed it 3/20...can't find any hosts on censys
8 results found for search query: ssl.cert.serial:0b:3e:17:ba:c4:bf:a5:d1:91:5e:30:08:42:04:13:65 country:"CN"
151.207.250.132 patent office voip 5090
Ports open: 5060
164.95.10.134 WWW-Authenticate: Basic realm="https://azdo.fiservbfs.us/" azure devops server for treasury
Ports open: 443
WWW-Authenticate: Basic realm="https://azdo.fiservbfs.us/"
164.95.89.25 bad cert used by treasury pki homepage itself!!!
Ports open: 80, 443
History: 164.95.10.134 treasury azure devops server, first seen 1/21. found from chinese tls cert search
Search Engine for the Internet of Things
Shodan Search ssl.cert.subject.cn:400yaahc.gov
4 results found for search query: ssl.cert.subject.cn:400yaahc.gov
crt.sh | treas.gov
Free CT Log Certificate Search Tool from Sectigo (formerly Comodo CA)
152.67.204.133 linked to china treas by same cert fingerprint around 3/20 or so host.dns.forward_dns.value.name www.yszfa.cn
Ports open: 22
152.67.204.133
8.219.87.97 china treasury
Ports open: 22
Oracle denies breach after hacker claims theft of 6 million data records
Oracle denies it was breached after a threat actor claimed to be selling 6 million data records allegedly stolen from the company's Oracle Cloud federated SSO login servers
The threat actor told BleepingComputer they gained access to Oracle Cloud servers around 40 days ago and claimed to email the company after exfiltrating data from the US2 and EM2 cloud regions.
s further proof that they had access to Oracle Cloud servers, the threat actor shared this URL with BleepingComputer, showing an Internet Archive URL that indicates they uploaded a .txt file containing their ProtonMail email address to the login.us2.oraclecloud.com server.
When asked how they breached the servers, the threat actor said that all of the Oracle Cloud servers use a vulnerable version with a public CVE (flaw) that does not currently have a public PoC or exploit. BleepingComputer could not independently verify if this is the case.
Jan - March 2025 investigative leads, evidence of privacy risks violationsAS216246 Aeza Group Ltd. - bgp.he.net aeza russia linked to aeza international ltd
AS216246 Aeza Group Ltd. Network Information
196084, St. Petersburg, Moskovsky prospect, 97 letter A room 27-N
from AS-AEZA accept ANY
to AS-AEZA announce AS216246
Aeza Group LLC
311 Shoreham Street, Sheffield, S2 4FA, United Kingdom
Aeza International LTD
RU
RU-AEZA-AS
AS216246
Shodan Search usdodeast ms sql
Search query: cloud.region:usdodeast product:MS-SQL
77.221.156.0/23 - bgp.tools aeza tor
Shodan Search cloud.region:usgovtexas product:"PostgreSQL"
3 results found for search query: cloud.region:usgovtexas product:"PostgreSQL"
Shodan Search hash:2140516424
231 results found for search query: hash:2140516424