Silent Push Observes Significant Spike in Newly Registered Domains Referencing 'CrowdStrike' After BSOD Incident.
A high volume of domains that reference ‘CrowdStrike’ have been registered since the BSOD incident weeks ago.
Here are the top 3 ASNs where the new domains are hosted:
And the registration pattern by date:
Many of these domains are likely benign, but whether their purpose is phishing, funny jokes or something else entirely, corporate defenders should consider blocking these domains to prevent unexpected incidents in the future.
See the full list of domains below:
crowdstrike-office365[.]com
crowdstrikemedaddy[.]com
crowdstrike[.]fail
crowdstrikefail[.]com
crowdstrikeoopsie[.]com
crowdstrikeday[.]com
crowdstrikefixes[.]com
crowdstrikebsod[.]com
crowdstrikedown[.]site
crowdstrikereport[.]com
crowdstrikewatch[.]com
crowdstrikeclaim[.]com
fix-crowdstrike[.]com
howtofixcrowdstrikeissue[.]com
iscrowdstrikefixed[.]com
crowdstrike-out[.]com
crowdstrike[.]ee
crowdstrikebluescreen[.]com
crowdstrikeclaims[.]com
crowdstrikecure[.]com
crowdstrikehelp[.]com
crowdstrikehelp[.]info
crowdstrikeold[.]com
crowdstrikeout[.]com
rowdstrikeplatform[.]com
crowdstrikeplatform[.]info
crowdstrikerecovery[.]com
crowdstrikesuporte[.]com
crowdstrikingit[.]com
iscrowdstrikestilldown[.]com
crowdstrikesupport[.]info
crowdstrike-solutions[.]nl
areyouaffectedbycrowdstrike[.]info
crowdstrikebug[.]info
crowdstrikefix[.]blog
crowdstrikefix[.]info
crowdstrikerecovery[.]info
crowdstrikerecovery[.]live
crowdstrike[.]bot
crowdstrike[.]cam
crowdstrike[.]ws
crowdstriked[.]net
crowdstrikeoops[.]com
crowdstrikeoopsies[.]com
crowdstrikeoutage[.]com
fixcrowdstrike[.]com
crowdstrike-fix[.]zip
crowdstrikedown[.]com
crowdstrikefix[.]com
crowdstrikeyou[.]xyz
fuckcrowdstrike[.]com
crowdstrikezeroday[.]com
crowdstrikerecovery[.]lol
crowdstrikerecovery[.]pro
crowdstrike-giftcard[.]com
crowdstrikegiftcard[.]com
fix-crowdstrike-apocalypse[.]com
iscrowdstrikedown[.]com
crowdstrikeoutage[.]info
crowdstrikedoomsday[.]com
crowdstrike[.]blue
crowdstrike[.]es
crowdstrikepatch[.]com
crowdstrikesettlement[.]com
crowdstrike0day[.]com
crowdstrikefix[.]zip
crowdstrike-helpdesk[.]com
crowdstrikeubereats[.]com
crowdstrike-bsod[.]com
fix-crowdstrike-bsod[.]com
crowdstriketoken[.]com
fixmycrowdstrike[.]com
crowdstrikeclassaction[.]com
crowdstrikeglitch[.]com
crowdstrikekernelcar[.]com
crowdstrikeupdate[.]com
crowdstrikkernelcare[.]com
crowdstrikelawsuit[.]com
crowdstrikebsod[.]co
crowdstrikeclassactionlawsuit[.]com
crowdstrikefix[.]co
crowdstrike-bsod[.]co
crowdstrikebug[.]com
isitcrowdstrike[.]com
crowdstrikefix[.]in
Register for Silent Push Community Edition
You can access all the Brand Impersonation features and threat hunting tools used to discover this infrastructure using Silent Push Community Edition – a free threat hunting and cyber defense platform used by security teams, researchers and threat hunters across the globe, in a variety of sectors.
Community Edition also features access to Silent Push Web Scanner and Live Scan, along with a variety of powerful DNS lookups, and offensive/defensive tooling.
Sign-up free here.
