Gizmo
@TeamDreier
Followers
1K
Following
1K
Media
1K
Statuses
3K
Graph based Threat Hunting based on ~1.4mia/day DNS records from SIE Europe, ICANN CZDS, Certstream, urlscan, urlhaus, rapid7 sonar and more.
Danmark
Joined June 2013
Actor: #obscura Victim: https://t.co/A0JHYm7QwP Date: 2025-10-13 11:54:49 UTC+3 According to #DarkWeb #Ransomware activity detected by the ThreatMon Threat Intelligence Team. The “#obscura” Ransomware group has added https://t.co/A0JHYm7QwP to its victims.
0
2
0
#phishing DK - Sundhed (Buildfase) Domain Detected: /borger-sundhed.com WHOIS Information: - Domain Age: 0 Days 0 Hours 30 Min - Creation Date: 2025-10-12T13:51:38+00:00 - Registrar: Hosting Concepts - Nameservers: ns3[.]openprovider[.]eu
0
0
0
🚨 Scattered Lapsus$ Shiny Hunters (SLSH) signed the following PGP message about an hour ago. You can also view it below. shinypogk4jjniry5qi7247tznop6mxdrdte2k6pdu5cyo43vdzmrwid[.]onion/end.txt.asc https://t.co/GQfzFN5aB0
https://t.co/izKPZwuszN
8
50
235
Google Dorks: intext:"2494 Kucs, Radisai utca 13, Ungarn" MX: /protonmail.ch +Cloudflare
1
0
1
Ældre modtagergruppe med mail signatur "sundhedsstyrrelsen" og tilsvarende tillidsskabende falske afsender...
1
0
0
#scam DK /bedresundhed.com /styrkehelsen.com /helsevudering.com EU /health-evaluation.com /besseregesundheit.com /battre-halsa.com /betere-gezondheid.com /assess-health.com /beterwelzijn.com /gsundheitsbewertung.com /beseregesundheit.com /beterwelzijn.com
2
0
2
#phishing DK - Sundhed (Registed 27 min ago) /infos-sundhed.com Creation Date: 2025-10-05T10:23:46+00:00 IP 158.94.209.89 (Phish nest) Past - Same IP /sundhed-skort.com /sundhed-infos.com /dk-sundhed.com /sundhedinfo.com /sundhed-info.com /info-sundhed.com
1
0
1
The LLM is "thinking" about the detected phishing domain and how to hunt for more on the same "cluster". Because everything is in knowledge graphs the LLM is guided to hunt
0
0
0
The pDNS graph system also detected this one - Looks like a new phishkit. Same IP
1
0
2
MCP Server is doing graph analytics with SIE Europe pDNS dnsdb api v2 and knowledge graph live transforms and more
1
0
0
#Phishing DK - Sundhed DK (fresh 17 min register) Domain Name: /mine-sundhed.com Creation Date: 2025-10-01T16:04:02Z Live graph detection and extended with MCP Server that behaves like a pDNS forensics expert and "thinks" in temporal knowledge graphs. pDNS next level ;-)
1
0
1
Works with LM Studio, vLLM, Ollama local LLM's and with RAG the graph insights is x100
0
0
1
Because of the temporal compact knowledge graph format the LLM understands and "sees" the data with semantics understanding in "graphs". Why is this smart: Ask the LLM: Analyse all mail domains of company X Do a full mail security review (Dane, spf, dmarc, dnssec, dkim...)
1
0
1
#PassiveDNS #analytics Few understands the power of pDNS analytics. Soo i build a MCP Server with expert level pdns knowledge and 100% compliant dnsdb api v2 schema SIE Europe pdns access. To help the LLM all MCP output is in compact temporal knowledge graph format.
2
0
4
#phishing DK - Borger MitID /borgerdanmark.com IP 91.212.166{.]171 (PhishNest) Domain Created: 2025-09-24 13:11:24 UTC Cert - 2025-09-24 16:59:08 UTC
0
0
3
URLScan Pro Search pattern filename:"/dl/home.js" 104 validated domains https://t.co/U8kpnGtvj7
0
0
1
/businesspdf.com /fastonestartpdf.com /ltdpdf.com /pdf-kiosk.com /pdfscraper.com https://t.co/xjFSmAt1nW
0
1
4
Have only analysed the domains with "pdf" https://t.co/pUIT3V5MbI
expel.com
We're investigating ManualFinder, a trojan malware we're seeing in new activity, likely coming from potentially unwanted programs (PUPs).
2
3
5