Trustwave SpiderLabs has identified ongoing malicious activities originating from Proton66 ASN, including vulnerability scanning, exploit attempts, and phishing campaigns. The investigation revealed connections between Proton66 and bulletproof hosting services advertised on underground forums. Mass scanning and exploit campaigns targeting multiple sectors were observed, with technology and financial organizations being the most common targets. A specific IP address linked to SuperBlack ransomware operators was found distributing critical exploits. The analysis also uncovered a potential rebranding of underground hosting services and shifts in IP addresses between different ASNs, suggesting relationships between providers. Author: AlienVault
Related Tags:
underground forums
cve-2024-10914
cve-2025-0108
mass scanning
critical vulnerabilities
cve-2025-24472
cve-2024-41713
cve-2024-55591
exploit campaigns
Associated Indicators:
193.143.1.65
45.135.232.171
193.143.1.78
45.134.26.124
193.143.1.33
45.134.26.8
45.134.26.199
193.143.1.64
45.134.26.38