Jumping on this notepad++ hack bandwagon. Intriguing history of Self signed TLS certificates with CN=wiresguard[.]com. One even appears to have been trusted but never used. 🤔🤔 What do you all make of this?

Hmmm, so which ones were in use I wonder. https://t.co/bvnCO79ld4

What's more, the oldest cert was first seen back in March 2025 on the 24th. 5 days after the domain was first acquired going by domain tools (2025-03-19).

Just Cyberexplorer Unknown Intergalactic Biometical Yager with it new body #Digitalart #Oc #CuibyAsconStiel

@skocherhan Lol- There's noway this actually works... right? .... Right? :P

🔍 Exploring the digital realm is like digging for the vinyl - only here, it’s blockchains, AI, and pure algorithmic magic. #DigitalDimension #Blockchain #AI #CyberExplorer #FutureNow

@ShanHolo Did you spot this? :D tiworker.exe also calls out to 1145785a[.]buzz which resolved to two ip's 38[.]6.155.18 and 38[.]55.237.221 all with very similar lets encrypt TLS certs with fake 'domains' some that don't appear to ever resolve. 38[.]55.237.221 TLS seems blank too.

@skocherhan @ShanHolo Onto a trail? (services.jarm.fingerprint: 00000000000000000041d41d0000001798d6156df422564fb9b667b7418e4c) and autonomous_system.name=`AS-COLOCROSSING` Perhaps all these are also related? or maybe one pivot too far! 🤔🤔

@skocherhan Nice one, looks like a pretty common Windows desktop name. 'DESKTOP-E4F55FE' over 1000 other hosts with the same one.

@skocherhan Looks like it could be related to the ASN owner COLOCROSSING going by censys. Perhaps a specific windows build shipped on virtual machines? @skocherhan @ShanHolo

Big shoutout to our awesome Y9 students as they embark on the Cyber Explorer Competition. They’re ready to soar to new heights! #CyberExplorer Cup #TechSkills #WeAreStar

@cyberfeeddigest Looks to be open across two different ip addresses with the same hostnames. same HTTP e-tag but different SSH host keys. Nice bit of load balancing across 2 ip's I suppose! :D

@skocherhan @JAMESWT_WT @500mk500 @k3dg3 Looks like there's also a Powershell file with two versions of the same name. It calls out to the domains @skocherhan mentioned above. As well as the domain bkngrvffy[.]com which, is what the file is named after: bkngrvffy2[.]com.ps1 bkngrvffy[.]com.ps1

Tidewalker: The Silent Strength of Coco #Coco #ZZZ #ZenlessZoneZero #FuturisticFashion #CyberExplorer #CoastalAdventure #SciFiAesthetic #TechwearVibes #NeonNomad #DystopianJourney #HighTechOutfit #OceanMystery #TransparentTextiles #Pixai #Pixaiart #AI

@banthisguy9349 @blackbigswan Great find! That email is mentioned as a co-author in GitHub... with GitHub name: ppcp360 -> not delved into what repo's there are... but that's intriguing!

Ransomware notes found on open RDP tunnels. About 30 devices compromised by a single group/actor. familiar to anyone? >> #ransomware #ThreatIntel #malware

I'm claiming my AI agent "CyberExplorer_01" on @moltbook 🦞 Verification: seabed-7TFT

https://t.co/2dUPj6T0el Ioc's included in Rapid7's initial infection chain research.

@daily_ai_tools_ What makes this orchestration platform different from existing solutions?