Tuesday, February 21, 2023

Exposing Iran's Hacking Scene and Hacking Ecosystem Major Web Site Repositiories - An OSINT Analysis - Part Two

Dear blog readers,

I've decided to share with everyone the results of a recent Technical Collection campaign which aims to collect tools of the trade including personally identifiable information on Iran based lone hacker groups including hacking groups.

Related:

Exposing Iran-based Hackers and Web Site Defacement Group's Personal Web Sites Portfolio - Direct Technical Collection Download! Grab a Copy Today!

Exposing Iran-based Hackers and Web Site Defacement Group's Personal Web Sites Portfolio - Direct Technical Collection Download! Grab a Copy Today! - Part Two

Exposing Iran's Hacking Scene and Hacking Ecosystem Major Web Site Repositiories - An OSINT Analysis

 - Assessing The Computer Network Operation (CNO) Capabilities of the Islamic Republic of Iran [RAR]

A Qualitative and Technical Collection OSINT-Enriched Analysis of the Iranian Hacking Scene Through the Prism of the Infamous Ashiyane Digital Security Team [RAR]

Sample web sites known to belong to lone Iran based hacker groups including hacker groups include:

http://a-3is.persiangig.com/

http://a-dehghanfar.persiangig.com/

http://a1b2a3j4m5.persiangig.com/

http://a74462.persiangig.com/

http://aali361.persiangig.com/

http://abbas-virus.persiangig.com/

http://abdrezaha.persiangig.com/

http://acid-zx.persiangig.com/

http://adamforush.persiangig.com/

http://adibii.persiangig.com/

http://afee1.persiangig.com/

http://afgar753.persiangig.com/

http://aflatoon-irani.persiangig.com/

http://afr-computer.persiangig.com/

http://afsaran-agrab.persiangig.com/

http://afshin111.persiangig.com/

http://agh45.persiangig.com/

http://ahura-id.persiangig.com/

http://ahwazdownload.persiangig.com/

http://ajaxteam.persiangig.com/

http://akams.persiangig.com/

http://al0n3-m4n.persiangig.com/

http://albert.persiangig.com/

http://ali-danger.persiangig.com/

http://ali0123.persiangig.com/

http://ali486.persiangig.com/

http://aliasp.persiangig.com/

http://aliclop.persiangig.com/

http://alierror1.persiangig.com/

http://alijojo.persiangig.com/

http://alipc1.persiangig.com/

http://alireza2008.persiangig.com/

http://alireza5800.persiangig.com/

http://alireza70707.persiangig.com/

http://alirezabiya1.persiangig.com/

http://alirezashiri.persiangig.com/

http://alirezaxxl.persiangig.com/

http://alisoft.persiangig.com/

http://alvlin.persiangig.com/

http://am-tools.persiangig.com/

http://amarok.persiangig.com/

http://amin77.persiangig.com/

http://aminkoas.persiangig.com/

http://aminsheikha.persiangig.com/

http://aminsm.persiangig.com/

http://amir-666.persiangig.com/

http://amir-pw.persiangig.com/

http://amir23.persiangig.com/

http://amir7hossein7.persiangig.com/

http://amirhossein021.persiangig.com/

http://amirjustfriend.persiangig.com/

http://amirmansoury.persiangig.com/

http://amirsalartavakoli.persiangig.com/

http://amirtakpar1.persiangig.com/

http://amolhackers.persiangig.com/

http://anatema.persiangig.com/

http://anax2x.persiangig.com/

http://androidpoor.persiangig.com/

http://anjomanearabi.persiangig.com/

http://anobisprograms5.persiangig.com/

http://anonyr3z4.persiangig.com/

http://anti-h.persiangig.com/

http://anti-network.net/

http://anti-network.persiangig.com/

http://antichat.persiangig.com/

http://any-thing.persiangig.com/

http://anzalichi.persiangig.com/

http://apexpredator.persiangig.com/

http://applexxe.persiangig.com/

http://aragh.persiangig.com/

http://arak2005.persiangig.com/

http://arashaa.persiangig.com/

http://arazdownloadpg.persiangig.com/

http://arefmaramazi.persiangig.com/

http://aria-security.persiangig.com/

http://arianismmm.persiangig.com/

http://ario-barzan.persiangig.com/

http://arman98.persiangig.com/

http://armaninvisible.persiangig.com/

http://armingame.persiangig.com/

http://armintanha.persiangig.com/

http://artacyber.persiangig.com/

http://artenis.persiangig.com/

http://arvineasthackers.persiangig.com/

http://ashitor.persiangig.com/

http://ashkanan3.persiangig.com/

http://asm952.persiangig.com/

http://atrix.persiangig.com/

http://attack.persiangig.com/

http://avadakedavra.persiangig.com/

http://aware.persiangig.com/

http://ayad-heydari.persiangig.com/

http://azazel.persiangig.com/

http://azg198.persiangig.com/

http://azizpoorian.persiangig.com/

http://b-i-o-s.persiangig.com/

http://b3ylux3.persiangig.com/

http://ba-onvan.persiangig.com/

http://babak-esmaeilpour.persiangig.com/

http://bachebahal.persiangig.com/

http://badjen3.persiangig.com/

http://bahman666.persiangig.com/

http://bamiran.persiangig.com/

http://baran-h4ck.persiangig.com/

http://bardiajoon.persiangig.com/

http://barfobaran.persiangig.com/

http://barfsong.persiangig.com/

http://barnamehnevesy.persiangig.com/

http://barzan.persiangig.com/

http://bazarche.persiangig.com/

http://beat20.persiangig.com/

http://befor.persiangig.com/

http://behfaraz.persiangig.com/

http://behzadmesri.persiangig.com/

http://best-bax.persiangig.com/

http://best-gold.persiangig.com/

http://bestbset.persiangig.com/

http://bestv.persiangig.com/

http://bia2bestfile.persiangig.com/

http://bia2music2.persiangig.com/

http://bia2saadi.persiangig.com/

http://bia2takmusic.persiangig.com/

http://big-killer.persiangig.com/

http://bigb4ng.persiangig.com/

http://bijism.persiangig.com/

http://bimbim.persiangig.com/

http://biologystudentshirazu.persiangig.com/

http://black-shadow.persiangig.com/

http://blackcap.persiangig.com/

http://blackdata.persiangig.com/

http://blackfox.persiangig.com/

http://blackh4t.persiangig.com/

http://blackice.persiangig.com/

http://blacklast.persiangig.com/

http://blackportal.persiangig.com/

http://blackwizardmagician.persiangig.com/

http://blogskin.persiangig.com/

http://blueman.persiangig.com/

http://bm98511.persiangig.com/

http://bo0o0o0ote.persiangig.com/

http://boomba.persiangig.com/

http://boromir.persiangig.com/

http://boxochi.persiangig.com/

http://brainb0y.persiangig.com/

http://bro2music.persiangig.com/

http://bsto0.persiangig.com/

http://bulurp.persiangig.com/

http://c0der1.persiangig.com/

http://catc0nfig.persiangig.com/

http://cdn.persiangig.com/

http://ceh2010.persiangig.com/

http://cenator-vb.persiangig.com/

http://chater.persiangig.com/

http://chichi1370.persiangig.com/

http://cho0bin77.persiangig.com/

http://ciph3r.persiangig.com/

http://citydesign.persiangig.com/

http://civilz.persiangig.com/

http://cld.persiangig.com/

http://clearncenter.persiangig.com/

http://clickcon.persiangig.com/

http://codez.persiangig.com/

http://coldfire.persiangig.com/

http://coldn.persiangig.com/

http://com-engineer.persiangig.com/

http://comonism.persiangig.com/

http://compnet91.persiangig.com/

http://computer-lab2.persiangig.com/

http://coolthings.persiangig.com/

http://countalireza.persiangig.com/

http://cover-weblog.persiangig.com/

http://cr4ck3r.persiangig.com/

http://cr4zylov3r.persiangig.com/

http://craft.persiangig.com/

http://crim3r.persiangig.com/

http://csundragon.persiangig.com/

http://cyberboys.persiangig.com/

http://cyberdevilz.persiangig.com/

http://cybersaboteur.persiangig.com/

http://d3f4c3r.persiangig.com/

http://d3struct1v3.persiangig.com/

http://d4rvi5hi.persiangig.com/

http://d4wood.persiangig.com/

http://dad4mahan.persiangig.com/

http://daimon74.persiangig.com/

http://dajok.persiangig.com/

http://dangerman.persiangig.com/

http://dangerous-hacker.persiangig.com/

http://danial-secret.persiangig.com/

http://danitfk.persiangig.com/

http://darkcoder.persiangig.com/

http://darkhacker.persiangig.com/

http://darkhastdotnet.persiangig.com/

http://darkhastdotnet2.persiangig.com/

http://darknemesis.persiangig.com/

http://darknessxxl.persiangig.com/

http://darkunder.persiangig.com/

http://darkwitch.persiangig.com/

http://datacoders.persiangig.com/

http://datairan.persiangig.com/

http://datawar.persiangig.com/

http://davarpour2.persiangig.com/

http://deadangel.persiangig.com/

http://deface.persiangig.com/

http://defaced.persiangig.com/

http://defcon.persiangig.com/

http://delbar67.persiangig.com/

http://delsa.persiangig.com/

http://delta-hacker.persiangig.com/

http://deltahacking.persiangig.com/

http://deltahackingmember.persiangig.com/

http://deragon.persiangig.com/

http://destroyerh3ll.persiangig.com/

http://devilx.persiangig.com/

http://devilzc0der.persiangig.com/

http://diagramm.persiangig.com/

http://dialup-download.persiangig.com/

http://diazpame10.persiangig.com/

http://diedloves.persiangig.com/

http://digital-security.persiangig.com/

http://dl-qeshmdownload-tk.persiangig.com/

http://dl1-security-network.persiangig.com/

http://dl4-downloadfa.persiangig.com/

http://dlipdate.persiangig.com/

http://dorsaazari.persiangig.com/

http://dostetdarammaa.persiangig.com/

http://dotaallstars.persiangig.com/

http://downloadestan5.persiangig.com/

http://dr-h4ck3r.persiangig.com/

http://dr-root.persiangig.com/

http://drduger.persiangig.com/

http://drkknight.persiangig.com/

http://drmaster.persiangig.com/

http://drmrostami.persiangig.com/

http://drskull.persiangig.com/

http://drtrojan.persiangig.com/

http://drwxrwxrwx.persiangig.com/

http://dvd4persian.persiangig.com/

http://dwast.persiangig.com/

http://e3mail.persiangig.com/

http://eblicen.persiangig.com/

http://ebooksabalantech.persiangig.com/

http://ehr4m.persiangig.com/

http://ehsan-empire.persiangig.com/

http://ehsan6206.persiangig.com/

http://ehsankh.persiangig.com/

http://ehsanmae.persiangig.com/

http://ekrami01.persiangig.com/

http://ekrami1.persiangig.com/

http://ekrami10.persiangig.com/

http://ekrami3.persiangig.com/

http://eliem.persiangig.com/

http://elvator.persiangig.com/

http://elyarz.persiangig.com/

http://enc0d3r.persiangig.com/

http://encoder.persiangig.com/

http://engineer-sniper.persiangig.com/

http://erfan21.persiangig.com/

http://erfan3s3.persiangig.com/

http://erfanx2x.persiangig.com/

http://erfxn.persiangig.com/

http://eror-include.persiangig.com/

http://error-back-x9.persiangig.com/

http://esfahan-security.persiangig.com/

http://eshak.persiangig.com/

http://eshraq.persiangig.com/

http://esmaeilpoor.persiangig.com/

http://esmailapps.persiangig.com/

http://esmiley.persiangig.com/

http://esoft.persiangig.com/

http://essaji.persiangig.com/

http://esshop.persiangig.com/

http://ettefaghi.persiangig.com/

http://evil-max.persiangig.com/

http://evilshadow.persiangig.com/

http://eximor.persiangig.com/

http://expl0iters.persiangig.com/

http://explorerboy.persiangig.com/

http://ezami.persiangig.com/

http://far30tools.persiangig.com/

http://faraz4u.persiangig.com/

http://farbodezrael.persiangig.com/

http://farbodmahini.persiangig.com/

http://farbodmahini2.persiangig.com/

http://farhad242.persiangig.com/

http://faridmafia.persiangig.com/

http://farsclip.persiangig.com/

http://farzad62.persiangig.com/

http://fatalking.persiangig.com/

http://fazel-fbi.persiangig.com/

http://fazilamiry.persiangig.com/

http://fbbiyght76.persiangig.com/

http://fcbwin.persiangig.com/

http://fdownloadir.persiangig.com/

http://fedora.persiangig.com/

http://feng1.persiangig.com/

http://fghjjh.persiangig.com/

http://files.persiangig.com/

http://firebaxe.persiangig.com/

http://fixxer.persiangig.com/

http://foxworld.persiangig.com/

http://freelogo.persiangig.com/

http://frees.persiangig.com/

http://freescriptdl.persiangig.com/

http://freezer.persiangig.com/

http://fulltarh.persiangig.com/

http://fun4ir.persiangig.com/

http://g0ld-soft.persiangig.com/

http://g3n3rall-blackhat.persiangig.com/

http://galar2.persiangig.com/

http://galebsaz.persiangig.com/

http://game22009.persiangig.com/

http://garenatools.persiangig.com/

http://geneticz.persiangig.com/

http://gha3dak.persiangig.com/

http://ghalebkade.persiangig.com/

http://ghased2006.persiangig.com/

http://ghayegh-khali.persiangig.com/

http://ghcmmm.persiangig.com/

http://gigmohsen.persiangig.com/

http://gikgik.persiangig.com/

http://godlike.persiangig.com/

http://gold-s0ft.persiangig.com/

http://gold33.persiangig.com/

http://goldhos.persiangig.com/

http://golpaboyz.persiangig.com/

http://goodboy3113.persiangig.com/

http://goord.persiangig.com/

http://gorosneh.persiangig.com/

http://gropmilad.persiangig.com/

http://groupsyahoo.persiangig.com/

http://gta5edit.persiangig.com/

http://gtaimages.persiangig.com/

http://h-team.persiangig.com/

http://h0c3yn.persiangig.com/

http://h3kt0rz.persiangig.com/

http://h3x73l.persiangig.com/

http://h3xb0yz.persiangig.com/

http://h4ck-tools.persiangig.com/

http://h4ckerr.persiangig.com/

http://h4ckkeer.persiangig.com/

http://h4med.persiangig.com/

http://hacker-prog.persiangig.com/

http://hacker.persiangig.com/

http://hackeran99.persiangig.com/

http://hackerashiyane.blogfa.com/

http://hackreza.persiangig.com/

http://hadihadi.persiangig.com/

http://haftevigar1.persiangig.com/

http://hakaki.persiangig.com/

http://hakha.persiangig.com/

http://hali3eyyedh.persiangig.com/

http://ham3chi.persiangig.com/

http://haman313.persiangig.com/

http://hamed-qcc.persiangig.com/

http://hamedanno.persiangig.com/

http://hamedhaker.persiangig.com/

http://hamedweb.persiangig.com/

http://hamid-xsky.persiangig.com/

http://hamidsari.persiangig.com/

http://hamidsos3.persiangig.com/

http://hamidvirusi.persiangig.com/

http://hamidzip.persiangig.com/

http://hamix2x.persiangig.com/

http://hares.persiangig.com/

http://hashor.persiangig.com/

http://hashorblackhat.persiangig.com/

http://hassan-kaka.persiangig.com/

http://hatefkhaledi2.persiangig.com/

http://hck-tools.persiangig.com/

http://hcthemep.persiangig.com/

http://hdnsoft.persiangig.com/

http://heavenly-boys.persiangig.com/

http://hebou.persiangig.com/

http://helal92.persiangig.com/

http://hellgate1.persiangig.com/

http://hesam1955.persiangig.com/

http://hesam4u.persiangig.com/

http://hfarchive.persiangig.com/

http://hiacker.persiangig.com/

http://hiv0000.persiangig.com/

http://hiv01.persiangig.com/

http://hivateam.persiangig.com/

http://hkhmerikhi.persiangig.com/

http://hkingsoftware.persiangig.com/

http://hogwartsschool.persiangig.com/

http://homanmh95.persiangig.com/

http://honey24.persiangig.com/

http://hoodshmand.persiangig.com/

http://hoseein0.persiangig.com/

http://hosinn.persiangig.com/

http://hosseingig.persiangig.com/

http://hotmusichost.persiangig.com/

http://hotweb24.persiangig.com/

http://http5.persiangig.com/

http://humankhan.persiangig.com/

http://hunterprogs.persiangig.com/

http://hurricane8.persiangig.com/

http://hushy.persiangig.com/

http://i3lue.persiangig.com/

http://i3ooter.persiangig.com/

http://ibhteam.persiangig.com/

http://ice-boy.persiangig.com/

http://iman2sh.persiangig.com/

http://imanbenoit.persiangig.com/

http://immortal-boy.persiangig.com/

http://imperial2008.persiangig.com/

http://impossibles.persiangig.com/

http://impostor-76171.persiangig.com/

http://impostor.persiangig.com/

http://incremental.persiangig.com/

http://index.persiangig.com/

http://inf3cted.persiangig.com/

http://infoelek.persiangig.com/

http://infohooman.persiangig.com/

http://infology2.persiangig.com/

http://infology5.persiangig.com/

http://infoweb.persiangig.com/

http://injenious.persiangig.com/

http://inthehalk.persiangig.com/

http://invisible.persiangig.com/

http://iq-iq-you.persiangig.com/

http://iqbala.persiangig.com/

http://ir2hak.persiangig.com/

http://iran-hacker.persiangig.com/

http://iran-pc.persiangig.com/

http://iran-pix.persiangig.com/

http://iran-soft.persiangig.com/

http://iran30download.persiangig.com/

http://iranexe.persiangig.com/

http://iraniancyber.persiangig.com/

http://iranmoon.persiangig.com/

http://irantnt1.persiangig.com/

http://iranwow.persiangig.com/

http://ircloob.persiangig.com/

http://irmessanger.persiangig.com/

http://irsdl.persiangig.com/

http://irsec.persiangig.com/

http://iscst.persiangig.com/

http://iseeu7.persiangig.com/

http://it-eng.persiangig.com/

http://it-tab.persiangig.com/

http://itrooydar.persiangig.com/

http://iut-team.persiangig.com/

http://j00mj00me.persiangig.com/

http://jaber.persiangig.com/

http://jackall.persiangig.com/

http://jahanseir.persiangig.com/

http://jasoo30.persiangig.com/

http://jatropat.persiangig.com/

http://java-mesh.persiangig.com/

http://javananclub.persiangig.com/

http://jbvss.persiangig.com/

http://jenik2.persiangig.com/

http://jetvpn.persiangig.com/

http://jimunix.persiangig.com/

http://jiroft-java.persiangig.com/

http://joker12.persiangig.com/

http://jooonooobia.persiangig.com/

http://jshacker.persiangig.com/

http://jsut2dl.persiangig.com/

http://juventus2020.persiangig.com/

http://k0242.persiangig.com/

http://k1ng-c0nn3ct0r.persiangig.com/

http://k4zem.persiangig.com/

http://kaave.persiangig.com/

http://kabooos.persiangig.com/

http://kamran-h.persiangig.com/

http://kapakha3.persiangig.com/

http://karaji21.persiangig.com/

http://karetbist.persiangig.com/

http://karim-psp.persiangig.com/

http://karim-sbs.persiangig.com/

http://karim2000.persiangig.com/

http://karshenasi2.persiangig.com/

http://katriana.persiangig.com/

http://kaveh0817.persiangig.com/

http://kazemfdisk.persiangig.com/

http://kaziiak.persiangig.com/

http://keent.persiangig.com/

http://keylogger.persiangig.com/

http://kghch.persiangig.com/

http://kh-co.persiangig.com/

http://khafanpatogh.persiangig.com/

http://khajavi0622.persiangig.com/

http://khan2.persiangig.com/

http://khashi.persiangig.com/

http://khl32.persiangig.com/

http://khosin.persiangig.com/

http://kiandew.persiangig.com/

http://kianescence.persiangig.com/

http://kiarashmm.persiangig.com/

http://kifabi.persiangig.com/

http://killler.persiangig.com/

http://king-magic3.persiangig.com/

http://kinga.persiangig.com/

http://kingback.persiangig.com/

http://kingdeface.persiangig.com/

http://kingp301.persiangig.com/

http://kingq8.persiangig.com/

http://kish110.persiangig.com/

http://kitten2.persiangig.com/

http://kohsalar.persiangig.com/

http://kolahsefid.persiangig.com/

http://kolx132.persiangig.com/

http://komil88.persiangig.com/

http://kookhneshinan.persiangig.com/

http://koorosh06.persiangig.com/

http://koreanmovie.persiangig.com/

http://korosh-05.persiangig.com/

http://kovalak.persiangig.com/

http://krylack.ultimate.keylogger.pro/

http://l0rd0fh3ll.persiangig.com/

http://l2odon.persiangig.com/

http://l4tr0d3ctism.persiangig.com/

http://l888l.persiangig.com/

http://lahij.persiangig.com/

http://lalecarbon.persiangig.com/

http://lamon.persiangig.com/

http://lanjearsz2012.persiangig.com/

http://lawless.persiangig.com/

http://lbclive.persiangig.com/

http://learning-pcpersia.persiangig.com/

http://li-tex11.persiangig.com/

http://li-tex5.persiangig.com/

http://lifechat.persiangig.com/

http://lightwolf.persiangig.com/

http://liplipok.persiangig.com/

http://litoe.persiangig.com/

http://livesos.persiangig.com/

http://lnbmitnick.persiangig.com/

http://logosaz2007.persiangig.com/

http://lord-pc.persiangig.com/

http://lordbooter.persiangig.com/

http://lordcrazy.persiangig.com/

http://lordhackers.persiangig.com/

http://lordnitro.persiangig.com/

http://lourenzo.persiangig.com/

http://loveemperor.persiangig.com/

http://loving.persiangig.com/

http://lvl3hr.persiangig.com/

http://lvlurderer.persiangig.com/

http://m-nasr.persiangig.com/

http://m1998.persiangig.com/

http://m1l4d.persiangig.com/

http://m3hd1.persiangig.com/

http://m3hl2ad.persiangig.com/

http://m4hd1.persiangig.com/

http://m9macl.persiangig.com/

http://maarek.persiangig.com/

http://maghalatelme.persiangig.com/

http://mahabad1.persiangig.com/

http://mahabaddeltahacking.persiangig.com/

http://mahallatnews.persiangig.com/

http://mahallatonlinefiles.persiangig.com/

http://mahdi10.persiangig.com/

http://mahdi1575.persiangig.com/

http://mahdi45.persiangig.com/

http://mahdi7487.persiangig.com/

http://mahdiheidari.persiangig.com/

http://mahdiizadi.persiangig.com/

http://mahdimohamadi110.persiangig.com/

http://mahdiniknam.persiangig.com/

http://majid-138.persiangig.com/

http://majid0919.persiangig.com/

http://majidisaloo.persiangig.com/

http://majidshirazy.persiangig.com/

http://makan.persiangig.com/

http://mamadnopm.persiangig.com/

http://mamalinternet.persiangig.com/

http://mamd00.persiangig.com/

http://mammadcpu.persiangig.com/

http://manimaxi.persiangig.com/

http://marshal-doc.persiangig.com/

http://marvdasht.persiangig.com/

http://maryamsadeghi1372.persiangig.com/

http://masih0111.persiangig.com/

http://masoud-70.persiangig.com/

http://masterdll.persiangig.com/

http://masterjoint.persiangig.com/

http://masterss.persiangig.com/

http://masuod-shift.persiangig.com/

http://matin-teror.persiangig.com/

http://matin021.persiangig.com/

http://matrixm55.persiangig.com/

http://maxpayne.persiangig.com/

http://mayanet.persiangig.com/

http://mazaghine.persiangig.com/

http://maziar2005.persiangig.com/

http://md-r00t.persiangig.com/

http://medl01.persiangig.com/

http://medrik1.persiangig.com/

http://mefile.persiangig.com/

http://mehd1.persiangig.com/

http://mehdi456.persiangig.com/

http://mehdibahadori.persiangig.com/

http://mehdicomputer.persiangig.com/

http://mehdioffflone.persiangig.com/

http://mehdy007.persiangig.com/

http://mehrad.persiangig.com/

http://mehran4u.persiangig.com/

http://mehrdad-120.persiangig.com/

http://mellat.persiangig.com/

http://meno-gig.persiangig.com/

http://meta1.persiangig.com/

http://mherdoost.persiangig.com/

http://mhm5000.persiangig.com/

http://mihanp30.persiangig.com/

http://mihansystem.persiangig.com/

http://milad-gh.persiangig.com/

http://milad69.persiangig.com/

http://miladesfanji.persiangig.com/

http://millad.persiangig.com/

http://milytexas.persiangig.com/

http://minasiyan.persiangig.com/

http://mintegaro.persiangig.com/

http://mionel.persiangig.com/

http://mitdeh.persiangig.com/

http://mj2008.persiangig.com/

http://mjbarbod.persiangig.com/

http://moghi.persiangig.com/

http://mohamadizadeh.persiangig.com/

http://mohamm3d.persiangig.com/

http://mohammad-ice.persiangig.com/

http://mohammad-safari696.persiangig.com/

http://mohammad912.persiangig.com/

http://mohammadamin682000.persiangig.com/

http://mohammadbonvari.persiangig.com/

http://mohammadvaker.persiangig.com/

http://mohsen3800.persiangig.com/

http://moji-051.persiangig.com/

http://mojinet.persiangig.com/

http://mojt3b3.persiangig.com/

http://mojtaba136.persiangig.com/

http://molex.persiangig.com/

http://monsterlover.persiangig.com/

http://moresecurity.persiangig.com/

http://mortalkombat.persiangig.com/

http://mortezahabibi.persiangig.com/

http://mosilink.persiangig.com/

http://mostafarado.persiangig.com/

http://motakhases.ir/

http://motakhases.persiangig.com/

http://movaffag.persiangig.com/

http://mp4all.persiangig.com/

http://mpk2119.persiangig.com/

http://mqtstbh.persiangig.com/

http://mr-4nonymous.persiangig.com/

http://mr-bami.persiangig.com/

http://mr-parsi.persiangig.com/

http://mr-pass.persiangig.com/

http://mr-shayan2.persiangig.com/

http://mraria.persiangig.com/

http://mrdecoder.persiangig.com/

http://mrjack.persiangig.com/

http://mrnavid.persiangig.com/

http://mrowcp.persiangig.com/

http://mrpayne.persiangig.com/

http://mrzero.persiangig.com/

http://msn-smith.persiangig.com/

http://mssql.persiangig.com/

http://msu-amozesh.persiangig.com/

http://msu360.persiangig.com/

http://mutemove.persiangig.com/

http://mx7xx.persiangig.com/

http://myshells.persiangig.com/

http://mystery.persiangig.com/

http://myways.persiangig.com/

http://n-e-o.persiangig.com/

http://n4bil.persiangig.com/

http://naik0n.persiangig.com/

http://nakhoda1download.persiangig.com/

http://nanorayane.persiangig.com/

http://narmafzar28.persiangig.com/

http://naserjan.persiangig.com/

http://natars.persiangig.com/

http://navid-b-2012.persiangig.com/

http://nazanin.persiangig.com/

http://nefratbooter.persiangig.com/

http://nemesis-0131.persiangig.com/

http://neo-the-funny.persiangig.com/

http://net-w0lf.persiangig.com/

http://networktools.persiangig.com/

http://new-fart.persiangig.com/

http://newblack.persiangig.com/

http://nima3.persiangig.com/

http://nimakarimi.persiangig.com/

http://nimetal.persiangig.com/

http://ninja-armin.persiangig.com/

http://nixon.persiangig.com/

http://nob0dy.persiangig.com/

http://nofacenoname.persiangig.com/

http://noktehaa.persiangig.com/

http://nol1m1t.persiangig.com/

http://noofoz.persiangig.com/

http://nooob.persiangig.com/

http://noter.persiangig.com/

http://nova-team.persiangig.com/

http://ojobeh.persiangig.com/

http://omid-niazi.persiangig.com/

http://omid-pich.persiangig.com/

http://omid-shakh.persiangig.com/

http://omid3r.persiangig.com/

http://omid69.persiangig.com/

http://onlineteach.persiangig.com/

http://only-amniat.persiangig.com/

http://onlykdk.persiangig.com/

http://optishock.persiangig.com/

http://orum-0441.persiangig.com/

http://oshamid.persiangig.com/

http://p-h-s-t.persiangig.com/

http://p-rayan.persiangig.com/

http://p30cloob.persiangig.com/

http://p30man2008.persiangig.com/

http://p30p30p30.persiangig.com/

http://p30shopcenter.persiangig.com/

http://p35download.persiangig.com/

http://p40-10.persiangig.com/

http://pack-blogfa-com.persiangig.com/

http://padad.persiangig.com/

http://paeez2012.persiangig.com/

http://pakota1000.persiangig.com/

http://paksa1.persiangig.com/

http://panjsaher5.persiangig.com/

http://pantagon.persiangig.com/

http://papercollection.persiangig.com/

http://papet.persiangig.com/

http://par30site.persiangig.com/

http://parande21.persiangig.com/

http://parandrayaneh.persiangig.com/

http://parazitw0rm.persiangig.com/

http://paripaykar.persiangig.com/

http://parsi.persiangig.com/

http://pasgroup.persiangig.com/

http://pashekosh.persiangig.com/

http://patoghma.persiangig.com/

http://payamjv.persiangig.com/

http://pc-ali-pc.persiangig.com/

http://pdfbooks.persiangig.com/

http://pedram-pouyan.persiangig.com/

http://pejv4k.persiangig.com/

http://persian-defacer.persiangig.com/

http://persianbackyard.persiangig.com/

http://persianfurom.persiangig.com/

http://persianhw.persiangig.com/

http://persiantnt.persiangig.com/

http://peymanjahanbakhsh.persiangig.com/

http://peymanmst.persiangig.com/

http://pi-pc.persiangig.com/

http://picbox.persiangig.com/

http://pichpichak-speed.persiangig.com/

http://pick-sub-ir.persiangig.com/

http://pimaster.persiangig.com/

http://pishiman.persiangig.com/

http://pkmax.persiangig.com/

http://planetworld.persiangig.com/

http://pliskin.persiangig.com/

http://plusbe.persiangig.com/

http://pmf0918.persiangig.com/

http://pnrbayati.persiangig.com/

http://poochool.persiangig.com/

http://pooyanse2.persiangig.com/

http://port80.persiangig.com/

http://poshtejavaheri.persiangig.com/

http://pouya2006.persiangig.com/

http://powerdeactiver.persiangig.com/

http://pr0grammers.persiangig.com/

http://prime.persiangig.com/

http://princ3.persiangig.com/

http://prognet.persiangig.com/

http://programmers-9893.persiangig.com/

http://programs.persiangig.com/

http://projectir.persiangig.com/

http://punisherr.persiangig.com/

http://pythonr00t.persiangig.com/

http://pzr23.persiangig.com/

http://quarenix.persiangig.com/

http://queen-iran.persiangig.com/

http://qwertyuiopasdfghjkl.persiangig.com/

http://r0zi33h.persiangig.com/

http://r3d-error.persiangig.com/

http://r3za-al0n3.persiangig.com/

http://ra-ha.persiangig.com/

http://rad1c4l.persiangig.com/

http://ramin-rock.persiangig.com/

http://ramin.persiangig.com/

http://ramin0.persiangig.com/

http://raminmj18.persiangig.com/

http://raperha1.persiangig.com/

http://rashid-mojo.persiangig.com/

http://rashterror.persiangig.com/

http://ratoh0st.persiangig.com/

http://ravager.persiangig.com/

http://ravanbakhsh.persiangig.com/

http://rayanmehr.persiangig.com/

http://raykagorgani.persiangig.com/

http://rebell.persiangig.com/

http://redoc.persiangig.com/

http://rexona-dl.persiangig.com/

http://reza-eblicen.persiangig.com/

http://rezaballack13.persiangig.com/

http://rezabs.persiangig.com/

http://rezadogar.persiangig.com/

http://rezmo.persiangig.com/

http://rgb4you.persiangig.com/

http://rking.persiangig.com/

http://rohullahalawi.persiangig.com/

http://rommy.persiangig.com/

http://root3r-h3ll.persiangig.com/

http://rz04a.persiangig.com/

http://s-w-a-t.persiangig.com/

http://s2z2m.persiangig.com/

http://s3curity.persiangig.com/

http://s3v3n.persiangig.com/

http://saber-net.persiangig.com/

http://saber4.persiangig.com/

http://saber74.persiangig.com/

http://saeed-00x.persiangig.com/

http://saeed-trojan.persiangig.com/

http://saeedgraph.persiangig.com/

http://saeedkalantari.persiangig.com/

http://saeid70.persiangig.com/

http://safarimd.persiangig.com/

http://sajjad13and11.persiangig.com/

http://sajjadkhafan.persiangig.com/

http://sakhi.persiangig.com/

http://samadzade.persiangig.com/

http://saman034.persiangig.com/

http://samiragol.persiangig.com/

http://samirdotnet.persiangig.com/

http://samiruk.persiangig.com/

http://sar4tan.persiangig.com/

http://saraaras.persiangig.com/

http://sarani0718.persiangig.com/

http://sarbaz-faz.persiangig.com/

http://sasukeakastuki.persiangig.com/

http://satan1.persiangig.com/

http://satanic.persiangig.com/

http://satanicboot.persiangig.com/

http://satanicstar.persiangig.com/

http://sbms87.persiangig.com/

http://scooter585.persiangig.com/

http://scorpion2.persiangig.com/

http://scriptplazza.persiangig.com/

http://secret63.persiangig.com/

http://security-team.persiangig.com/

http://sepehrgroup1.persiangig.com/

http://sepidehdam.persiangig.com/

http://seyyedrasoul.persiangig.com/

http://sezar.persiangig.com/

http://sh3karchi.persiangig.com/

http://sh4dows-king.persiangig.com/

http://shabdel.persiangig.com/

http://shahinfalcon.persiangig.com/

http://shahram1159.persiangig.com/

http://shahrnet.persiangig.com/

http://shamal.persiangig.com/

http://shaterpouri.persiangig.com/

http://shbaki.persiangig.com/

http://sheidaian.persianblog.ht/

http://sheikhoo.persiangig.com/

http://shentiaspirit.persiangig.com/

http://shervin-hacker.persiangig.com/

http://shirazhaker.persiangig.com/

http://siamak17.persiangig.com/

http://sian0r.persiangig.com/

http://sidel32.persiangig.com/

http://signyahoo.persiangig.com/

http://sinacmd.persiangig.com/

http://sinaf12.persiangig.com/

http://sir4r4sh3rr0r.persiangig.com/

http://sit11.persiangig.com/

http://sk0nter.persiangig.com/

http://slate.persiangig.com/

http://soa-team.persiangig.com/

http://softme.persiangig.com/

http://soltanhoseyn.persiangig.com/

http://soltany.persiangig.com/

http://someone.persiangig.com/

http://sonyeric.persiangig.com/

http://sootak.persiangig.com/

http://source-planet.persiangig.com/

http://soyuz.persiangig.com/

http://spackt0re.persiangig.com/

http://sphinx.persiangig.com/

http://sporttube.persiangig.com/

http://spthapali.persiangig.com/

http://spy--ftp.persiangig.com/

http://spyftp.persiangig.com/

http://spyn3t.persiangig.com/

http://srm-kabir.persiangig.com/

http://star1212ss.persiangig.com/

http://subzero752.persiangig.com/

http://sun2rise.persiangig.com/

http://sunboy871.persiangig.com/

http://susacity.persiangig.com/

http://syndr0me.persiangig.com/

http://sysbooter.persiangig.com/

http://sysn3t.persiangig.com/

http://system2009.persiangig.com/

http://systemcomputer.persiangig.com/

http://t-danlod.persiangig.com/

http://tabriz118.persiangig.com/

http://takfanar.persiangig.com/

http://takp30them4.persiangig.com/

http://tanhadarshab2.persiangig.com/

http://tanhaeshgh71.persiangig.com/

http://tanhastrife.persiangig.com/

http://tareky.persiangig.com/

http://tarfandcitydotir.persiangig.com/

http://tarfandrooz.persiangig.com/

http://tbasoft.persiangig.com/

http://tcktc.persiangig.com/

http://tehran-net.persiangig.com/

http://temp-designer.persiangig.com/

http://terminator1.persiangig.com/

http://the-rock.persiangig.com/

http://themist.persiangig.com/

http://thesofterside.persiangig.com/

http://thr3at.persiangig.com/

http://timer.persiangig.com/

http://tink3r.persiangig.com/

http://tir3x-r00t.persiangig.com/

http://titaksecteam.persiangig.com/

http://titaniom1370.persiangig.com/

http://tk222.persiangig.com/

http://torbat-h.persiangig.com/

http://torbatiha.persiangig.com/

http://tornado20.persiangig.com/

http://tr0yt34m.persiangig.com/

http://tracker.persiangig.com/

http://tsunamihell.persiangig.com/

http://ttran.persiangig.com/

http://turkhackers.persiangig.com/

http://uh12uh12.persiangig.com/

http://under-world.persiangig.com/

http://uneskm.persiangig.com/

http://unicorn88.persiangig.com/

http://unkn0wn72.persiangig.com/

http://upload-ekrami.persiangig.com/

http://upload2020.persiangig.com/

http://upload4u.persiangig.com/

http://uploadh.persiangig.com/

http://uploadr.persiangig.com/

http://uplode-east.persiangig.com/

http://urmiatheme.persiangig.com/

http://utab19.persiangig.com/

http://v4hid.persiangig.com/

http://vahid-master.persiangig.com/

http://vahid4251.persiangig.com/

http://vahidsistem.persiangig.com/

http://vampire-diaries.persiangig.com/

http://vampires.persiangig.com/

http://vbmahdi2009.persiangig.com/

http://veron.persiangig.com/

http://vhdmsm.persiangig.com/

http://vibox.persiangig.com/

http://virang4r.persiangig.com/

http://virtualuniversityofshiraz.persiangig.com/

http://virus45.persiangig.com/

http://vu2aut.persiangig.com/

http://vvanted.persiangig.com/

http://vvolf.persiangig.com/

http://w00rm.persiangig.com/

http://w3bbaz.persiangig.com/

http://wanted1.persiangig.com/

http://wantedst.persiangig.com/

http://web-pc-training.persiangig.com/

http://webzzz.persiangig.com/

http://wolf1208.persiangig.com/

http://www.antifilterby4ull-hacker.ht/

http://www.homepage.ht/

http://www.virus45defacepage.ht/

http://x-emperor-x.persiangig.com/

http://xpxpsi.persiangig.com/

http://xsky.persiangig.com/

http://yaban3.persiangig.com/

http://yahoo-mailer.persiangig.com/

http://yahoooaction.persiangig.com/

http://yasmlh.persiangig.com/

http://yazdanx7.persiangig.com/

http://yhadi.persiangig.com/

http://yousefli.persiangig.com/

http://ysrttu.persiangig.com/

http://z-team.persiangig.com/

http://zab0n.persiangig.com/

http://zeron.persiangig.com/

Stay tuned!

Tuesday, February 14, 2023

A Portfolio of Recently Published WhoisXML API White Papers Courtesy of Me

Dear blog readers,

I've decided to share with everyone a recently released portfolio of white papers courtesy of me for WhoisXML API where I'm currently acting as a DNS Threat Researcher. 

Sample white papers include:

Exposing a Currently Active Domains Portfolio of Known 419 Scammers and International Fraudsters - An OSINT Analysis

Exposing a Currently Active Domains Portfolio of Known 419 Scammers and International Fraudsters - An OSINT Analysis - Part Two

Exposing a Currently Active Domains Portfolio of Known 419 Scammers and International Fraudsters - An OSINT Analysis - Part Three

Exposing a Currently Active Domains Portfolio of Known to Have Been Used by Cyber Jihadists Internationally - An OSINT Analysis

Exposing a Currently Active Domains Portfolio of Known Cybercrime Gangs and Cybercriminals Internationally - An OSINT Analysis

Exposing a Currently Active Domains Portfolio of Cybercrime-Friendly Forum Communities and Associated E-Shops for Stolen and Compromised Credit Card Details - An OSINT Analysis

Exposing a Currently Active Domains Portfolio of Known to Have Been Used by Ransomware Network Affiliate Based Participants Including Ransomware Gang Affiliates - An OSINT Analysis

Exposing a Currently Active Domains Portfolio of Known to Have Been Used by Ransomware Network Affiliate Based Participants Including Ransomware Gang Affiliates - An OSINT Analysis - Part Two

Exposing a Currently Active Domains Portfolio of Known to Have Been Used by Ransomware Network Affiliate Based Participants Including Ransomware Gang Affiliates - An OSINT Analysis - Part Three

Sample photos include:










Stay tuned!

Monday, February 13, 2023

New Permanent and Daily Updated Official Dark Web Onion

Dear blog readers,

I've decided to share with everyone my new and permanent Dark Web Onion URL (http://3hqc6vio6qqmbzuev5xanurcuhgwnnpgk3so6y25bjgzmgqcxumkzpad.onion) where I intend to issue daily updates where I urge you to bookmark it and visit it on a daily basis in order to grab the latest content.

Stay tuned!

Who is Dancho Danchev? - Part Two

Hello everyone,

This is Dancho and I would like to welcome you to my official "I'm now officially back" blog post detailing some of my current future and upcoming projects including a brief introduction to who I am to those unfamiliar with my research activities throughout the years where you can freely grab a E-Book copy of my blog in a full offline fashion from here.

My name is Dancho Danchev I'm a 38 years old security blogger OSINT analyst and threat intelligence analyst from Bulgaria. I'm currently running one of the security industry's most popular security publications which is my personal blog - Dancho Danchev's Blog - Mind Streams of Information Security Knowlwedge. I've been running my publication since December, 2005 and throughout the years I had an overage of 7,000 RSS feed subscribers including 5.6M page views throughout the years making my blog an extremely important switchboard to the world of security blogging OSINT research and analysis threat intelligence analysis and most importantly cybercrime fighting research and analysis.

I'm also acting as a DNS Threat Reseaarcher at WhoisXML API.

It's been a while since I've last posted a quality video on YouTube and I've decided that this is going to be a pretty long and decent introduction into what I've been up to online since the 90's up to present day where I'm an internationally recognized cybercrime researcher security blogger and threat intelligence analyst. In this rather long video I'll walk you through my experience as a hacker enthusiast during the 90's up to present day and I'll also discuss in-depth a variety of personal projects including to offer a general discussion and overview on a variety of key topics that are currently active within the security industry including my personal career such as for instance.

Among my key accomplishments include my "lawful surveillance" and "lawful interceprtion" experience as teenage hacker the production of the popular Astalavista Security Newsletter circa 2003-2006 including the "take-down" of the Koobface botnet [MP3] including a participation in Top Secret GCHQ program called "Lovely Horse" including regular appearance in major news publications for interview and expert opinion including Techmeme, ZDNet, CNN, PCWorld, SCMagazine, TheRegister, NYTimes, CNET, ComputerWorld, H+Magazine and regular security and research presentation appearance at major security events at GCHQ, Interpol, InfoSec Europe, RSA Europe and CyberCamp.

I'm an internationally recognized expert in the field of cybercrime fighting and threat intelligence gathering having actively pioneered my own methodlogy for processing threat intelligence which leads me to a successful set of hundreas of high-quality anaysis and research articles published at the industry's leading threat intelligence blog - ZDNet's Zero Day, Dancho Danchev's Mind Streams of Information Security Knowledge and Webroot's Threat Blog with his research featured in Techmeme, ZDNet, CNN, PCWorld, SCMagazine, TheRegister, NYTimes, CNET, ComputerWorld, H+Magazine currently producing threat intelligence at the industry's leading threat intelligence blog - Dancho Danchev's - Mind Streams of Information Security Knowledge.

With my research featured at RSA Europe, CyberCamp, InfoSec, GCHQ and Interpol I continue to actively produce threat intelligence at the industry's leading threat intelligence blog - Dancho Danchev's - Mind Streams of Information Security Knowledge publishing a diverse set of hundreds of high-quality research analysis detailing the malicious and fraudulent activities at nation-state and malicious actors across the globe.

In the past I've been a member of:

    * A Member to WarIndustries (http://warindustries.com)
    * List Moderator at BlackCode Ravers (http://blackcode.com)
    * Contributor Black Sun Research Facility (http://blacksun.box.sk) (BSRF)
    * List Moderator Software Contributor (TDS-2 Trojan Information Database) (https://packetstormsecurity.com/files/25533/tlibrary.zip.html) DiamondCS Trojan Defense (http://tds.diamondcs.com.au)
    * Contributor to LockDownCorp (http://lockdowncorp.com)
    * Contributor to HelpNetSecurity (http://forbidden.net-security.org)
    * A Security Consultant for Frame4 Security Systems (http://frame4.com)
    * Contributor to TechGenix’s WindowSecurity.com (http://www.windowsecurity.com/authors/dancho-danchev/)
    * Technical Collector - LockDownCorp - (https://lockdowncorp.com)
    * Managing Director - Astalavista Security Group - (https://astalavista.com)
    * Security Consultant - Wandera - (https://wandera.com)
    * Threat Intelligence Analyst - GroupSense - (https://groupsense.io)
    * Security Consultant - KCS Group Europe - (https://kcsgroup.com)
    * OSINT Analyst - Treadstone71 - (https://treadstone71.com)
    * Security Blogger - Armadillo Phone - (https://armadillophone.com)
    * Security Blogger for ZDNet (http://www.zdnet.com/blog/security/)
    * Threat Intelligence Analyst for Webroot (https://www.webroot.com/blog/)

I would like to thank the following people for contributing to the Scene throughout the 90's up to present day and for keeping up the good work part of Astalavista.com's Security Newsletter which I produced circa 2003-2006.

    * Proge — http://www.progenic.com/
    * Jason Scott — http://www.textfiles.com/
    * Kevin Townsend — http://www.Itsecurity.com/
    * Richard Menta — http://www.bankinfosecurity.com
    * MrYowler — http://www.cyberarmy.net/
    * Prozac — http://www.astalavista.com/
    * Candid Wuest — http://www.trojan.ch/
    * Anthony Aykut — http://www.frame4.com/
    * Dave Wreski — http://www.linuxsecurity.com/
    * Mitchell Rowtow — http://www.securitydocs.com/
    * Eric (SnakeByte) — http://www.snake-basket.de/
    * Björn Andreasson — http://www.warindustries.com/
    * Bruce — http://www.dallascon.com/
    * Nikolay Nedyalkov — http://www.iseca.org/
    * Roman Polesek — http://www.hakin9.org/en/
    * John Young — http://www.cryptome.org/
    * Eric Goldman — http://www.ericgoldman.org/
    * Robert — http://www.cgisecurity.com/
    * Johannes B. Ullrich — http://isc.sans.org/
    * Daniel Brandt — http://google-watch.org/
    * David Endler — http://www.tippingpoint.com/
    * Vladimir, 3APA3A — http://security.nnov.ru

In this upcoming series of blog posts I'll discuss in-depth a variety of personal projects and current and ongoing both real-time current and historical research and analysis activities in the following categories such as for instance:

 - My Dark Web Onion 
 - My Uncle George Law Enforcement and OSINT Enrichment Operation
 - My Cybercrime Forum Data Set
 - My Unit-123.org E-Shop for Intelligence Deliverables Project
 - My Offensive Warfare 2.0 Threat Intelligence Clearing House Project
 - My Disruptive Individual's Threat Intelligence Feed
 - My Current work as a DNS Threat Researcher with WhoisXML API
 - How I ended up in Snowden's Archive?a
 - How I ended up on Wikileaks?
 - How I made it into several comparative academic studies on the quality of sharing threat intelligence and cybercrime research information?
 - How come I'm the only one listed as a competitor in Jeffrey Carr's Taia Global Competitors Slide?
 - What's it's like to run the infamous Astalavista.com portal back in 2003-2006 where I was acting as a Managing Director?
 - What it's like to get the privilege to work as a security blogger at ZDNet's Zero Day blog for four years?
 - What's it's like to work as a security blogger with Webroot for two years?
 - How I ended up and spend the last couple of years doing OSINT on the bad guys?
 - How I ended up having a project on the infamous Astalavista.box.sk?
 - A brief introduction into some of the latest developments and research that I posted on my personal blog - Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
 - How I ended up having a mobile application?
 - How I ended up having a personal memoir?
 - How I got busted?
 - What it's like to visit the GCHQ?
 - What it's like to meet the security industry?
 - What it's like to visit RSA Europe 2012?
 - What it's like to visit InfoSec 2012?
 - What it's like to visit CyberCamp 2016?
 - What it's like to get an invitation to visit Canada's Security Service?
 - My DIA Needpedia Investment Proposal
 - How I ended up discovering a SolarWinds victim?
 - How I ended up with a real-time OSINT and cyber attack attribution campaign on the Conti Ransomware Gang?
 - How I ended up almost retiring and offering OSINT and threat intelligence training?

Before I continue and actually present the topics which I'll cover exclusively in this video in-depth I would like to thank the following individuals with the idea to say big thanks for offering interest and support for some of my projects where I'm currently doing my best both personally and professionally to return them the favor:

- Jamie Riden
- Steve Santorelli
- Michal Salat
- John Young
- Paul de Souza
- Harrison Cook
- Ian Cook
- Jeffrey Bardin
- Liran Sorani
- Joe Steward
I also wanted to take the time and effort to dedicate this video introduction to my ex-girfriend circa the 90’s Yordanka Ilieva with whom I worked on the infamous https://astalavista.com where I had the privilege to work on the infamous Astalavista Security Group Security Newsletter and received the necessary support and guidance in the context of making this high-quality security publication happen including everyone in the U.S that I know and have worked with in the context of fighting cybercrime where I wanted to say big thanks to everyone who ever approached me and said “keep up the good work” and “keep it coming” in the context of motivating me to continue doing my research and continue to publish high-quality research articles and proper cyber threat actor attribution research and analysis including the following people:

- Ivan Schmid - for being the coolest boss ever in the world and for welcoming me on board at one of the Web’s most popular Web site for hackers circa 2003-2006 where I had the privilege to work as a Managing Director of the portal with my ex-girlfriend circa the 90’s - Yordanka Ilieva while I was studying in the Netherlands.

- Pascal Mittner - for being the second coolest boss ever in the world who I never really had the chance to meet personally but was properly doing my work and where I was actually getting paid to do my work

- Gary Scott - with whom I had the privilege to exchange data and information during the 90’s on my way to
produce a high-quality newsletter and actually threat intelligence type of brief for ScanSafe at the time which later on got acquired by Cisco

- Paul Ferguson - for keeping it cool and for keeping in touch an for actually inspiring me to do my research
into the field of cybercrime research through his daily publications at his personal blog

- Alex Eckelberry - for keeping it cool and corporate and for actually inspiriting me to do my research in the
field of cybercrime research and for running and maitaining Sunbelt Software which greatly inspired me to do my research in the field of cybercrime research

- James McQuaid - for being among the few individuals to actually raise awareness on the existence of the Russian Business Network and for continuing to supply high-profile and high-value threat intelligence information on a variety of mailing lists

- Jeffrey Bardin - for inviting me to join Treadstone71 as an OSINT Analyst and to actually allow me to work with him on a several projects where I actually earned the necessary amount to pay some of my bills and properly invest in several projects including to lauch one of the first commercial E-Shops for intelligence deliverables

- Jeffrey Carr - for keeping it cool and for expressing his personal gratitude and commenting on my research in the context of “keeping it coming”.

- Ken Dunham - for keeping it cool and for running a high-profile and popular mailing list for security trends and actual technical information on current and ongoing cyber attack trends

- Jart Armit - for keeping it cool and for approaching me several times to say “hi” and “keep up the good work”

- Robert McMillan - for being a true professional and a good friend with whom I had the privilege and speak and communicate on a numerous occassions

- Rob Lemos - for being a good proffessional and someone that I know and have worked with and whose work I’ve followed in the past

- Gregg Keizer - for being a true professional and for actually bothering to quote me and reference me in several articles on numerous occassions

- Gary Warner - for being a true professional and for being always on the front lines of fighting the bad guys and cybercrime internationally

- Jorge Mieres - for being a true threat intelligence and cybercrime research professional and for keeping it cool in terms of new research and for offering a unique and in-depth overview and perspective on new and novel cyber attack trends and threats

- Marcus Sachs - for keeping it cool and for being a true professional whose work I’ve followed in the past

- Gunter Ollman - for being a true professional and a good friend with whom I actually got the chance to meet at RSA Europe 2012

The World is small and infinite and we can definitely make it a better place by doing our work following the basic methodology that an “OSINT conducted today is a tax payer’s buck saved somewhere”.

I owe everyone a big one and I'm doing my best both personally and professionally to return the favour. Bare with me.

Stay tuned!

The time has come for me to introduce myself professionally through the prism of the opinion of my fellow colleagues and friends from the industry.

Here are some sample recommendations which I've received from friends colleagues and partners throughout the years with the idea to illustrate my experience and expertise in the field such as for instance:

“I have been working in the security space for many years and for a very large part of that have been following the excellent research work that Dancho has been doing in identifying cyber criminals and doing complex analysis of highly advanced modern day malware attacks. Dancho is extremely well known in the security industry for the work he has done and continues to do. When we had the opportunity of collaborating with Dancho at Webroot, we didn’t hesitate. Dancho has proven to deliver on a continuous basis for us and his work is simply phenomenal. I look forward to working with Dancho for many years to come.”
— Jacques Erasmus, was Dancho’s client

“Dancho is an expert researcher who I’ve had the pleasure of working with on several hacker investigations for Taia Global clients. I consider Dancho one of the best and most insightful researchers working in InfoSec today.”
— Jeffrey Carr, CEO, Taia Global, Inc., managed Dancho indirectly at Non-disclosure agreement

“Dancho Danchev has his pulse on the cyber criminal community. I can think of few people who have his experience, skills and understanding when it comes to cyber intelligence and understanding the cyber threat. I cannot recommend Dancho enough.”
— Lance Spitzner, President, The Honeynet Project, worked with Dancho at Non-disclosure agreement

“Dancho is one of those exceedingly rare security professionals with not only an eye for uncovering the root cause of an attack and the ability to examine it from multiple angles, but also explain his findings in a way that has a meaningful and direct impact on those tasked with defending against such attacks. I admire the depth of his analysis and his dogged determination to track back who the criminal operators are despite the dangers he could be exposed to. Dancho gets two-thumbs-up from me and I’d hire him in a heart-beat if he ever makes it to the USA. In the meantime I’ll keep on following his research, reading his blogs and looking forward to collaborating with him on future cyber crime investigations.”
— Gunter Ollmann, Vice President of Research, Damballa, Inc., was with another company when working with Dancho at Non-disclosure agreement

“Dancho is an exceptional information security professional; he continually goes the extra mile for clients and the security community. His knowledge and analysis in core areas as threat intelligence analysis, cybercrime counter Intelligence and competitive intelligence research is outstanding. He also manages the most difficult task with ease, that of communicating this in an understandable and meaningful form for the community. Working with Dancho over several years has been highly productive, and beneficial.”
— Jart Armin, Editor, HostExploit, was with another company when working with Dancho at Non-disclosure agreement

“I first knew Dancho when he was fresh out of college but already with a prodigious understanding of information security matters. He became one of the experts in the Security Clinic on ITsecurity.com, a site I founded and was publishing at the time; and he willingly gave free security help and advice to visitors to the site. Since those days I have watched both his career and knowledge grow in leaps and bounds until he is now, without any doubt, one of the world’s leading experts on the shady world of cybercrime.”
— Kevin Townsend, Founder/Editor, ITsecurity.com, worked directly with Dancho at ITsecurity.com

“Dancho is a veritable mine of information, particularly on subjects like the ones he blogs about, such as spam and malware campaigns and the actors behind them. I am an avid reader of his, and also have met Dancho at a few conferences that we’ve both attended. I’ve found him to be extremely friendly, and always ready to explain anything he’s been working on. Were I organising a conference, I would definitely send him an invite.”
— Jamie Riden, Senior Consultant, NGS Secure, was with another company when working with Dancho at Non-disclosure agreement

“While rebuilding the site security and fraud team at a leading online web site, threats and rapid evolution in the online security space necessitated I get up to speed quickly, and with more than a modicum of depth and breadth of understanding of current trends and risks in the cyber security realm. After spending considerable time building an information network of the most germane, relevant, and useful sources, a common thread emerged from the chatter of activity and updates – “Dancho Danchev”. As I poured over security publications, cyber-security journals, blogs, and security vendor sites, I continued to see Dancho cited and acknowledged as the security researcher and expert who “broke the story” or “tipped off users to the nvulnerabilities” or “alerted the community to threat vectors” for major events. Dancho has voluntarily shared critical information on what the crooks are up to and has been an invaluable and much appreciated resource. Dancho’s passion for his work is reflected in his genuine desire to quash the “bad guys” activities and share as much actionable information as he possibly can. I highly recommend Dancho to any organization seeking an top-notch expert and passionate evangelist of online security practices.”
— Chris Duncan, Director - Customer Operations, CareerBuilder.com, was with another company when working with Dancho at ZDNet

Here's a brief interview with me which I gave to the original and upcoming re-launch of the infamous Astalavista.box.sk project:

Dear Dancho – can you please introduce yourself and the latest Box.sk project? Can you please elaborate more on your experience in fighting cybercrime including your contributions to the threat intelligence gathering community and the U.S Security Industry?

My name is Dancho Danchev. I’ve been an independent contractor doing OSINT cybercrime fighting and threat intelligence gathering for over a decade and I’m currently running one of the security industry’s leading security publications which is my personal blog where I’ve established the foundations for an efficient and relevant OSINT and law enforcement methodology in terms of fighting and disrupting cybercrime internationally which led me to pursue a successful career with several high-profile U.S based companies and organizations throughout the past decade following a successful career as an ex-hacker throughout the 90’s. My daily routine consists of digging deep inside the cyber warfare realm in the context of responding to and tracking down high-profile nation-state sponsored or targeted malware campaigns and cybercrime incidents and keeping track of the bad guys as usual with the idea to contribute to the overall demise of cybercrime internationally and to actually contribute to the U.S Intelligence Community with operational and tactical intelligence including to actively support U.S Law Enforcement on its way to track down and respond to cybercrime events globally.

My primary motivation for re-lauching a project on the original Astalavista.box.sk is to “show them how it’s done” in the context of reaching out to a broader audience in the context of offering practical tactical and operational advice in the World of cyber warfare information warfare operations and to present hardcore and never-published before potentially classified and sensitive material in the world of the U.S Intelligence Community and U.S Law Enforcement and to actually find a constructive and relevant way to say “hi” and “we’re back” to a loyal base of users globally and to actually find a way to “keep the spirit” of the Scene the way we know it. I’ve planned a set of new high-profile projects which I intend to communicate to our audience to a systematic and periodic basis with the idea to offer an insightful and unique peek inside the Scene the way we know it.

What are some of the currently running Box.sk projects and what do you have planned for the future?

We’re currenty running a high-profile and extremely popular WordPress blog including a cyber security and hacking forum community and we’ve recently launched an extremely popular Call for Papers and Call for Innovation part of the WHGDG (World Hacker Global Domination Group) franchise where we’re currently soliciting content in a variery of areas and on a variety of topics including a recently launched IRC server including an extremely popular search engine for hackers and security experts including the upcoming launch of our flagship publicly accessible product called Project Cybertronics VR for Hackers and Security Experts including an upcoming high-profile YouTube broadcast featuring folks and experts from the security industry and the Scene.

We’ve also lined up a variety of high-profile and upcoming community-driven and publicly accessible products and services and we’ll be definitely looking forward to issuing periodic updates on their public and proprietary availability. “If it’s going to be massive it better be good” in the context of re-surrecting and re-launching the Scene’s and the security industry’s most popular Web site for hackers and security experts internationally.

Among the key features of the portal include a flagship search engine for hackers and security experts which can be accesses at – and is currently indexing over 3M web sites for hackers and security experts.

What do you think about U.S National Security in a post-Snowden world?

I’m a firm believer that building communities around leaked and classified data might not be the best way to actually communicate its value and actually reach out to a wider audience potentially blowing the whistle on currently active and sensitive and classified cyber surveillance and cyber intelligence type of programs part of the portfolio of services courtesy of the U.S Intelligence Community. I’m also positive that a new set of copy-cats will eventually emerge trying to potentially steal operational and tactical know-how from the leaked data potentially setting the foundations for their own private and proprietary cyber surveillance and cyber intelligence products.

In terms of U.S National Security in a post-Snowden world I believe that a specific set of international fan-base or actual clusters of supporters cannot really do much harm besides raising awareness on the actual state of cyber surveillance and cyber intelligence programs and their scale and reach internationally and can actually assist in building a more sophisticated internal security systems in place.

The current state of U.S National Security has to do with a specific set of post 9/11 contractor base which are truly making an impact globally by launching new companies actually hiring people to work for them and actually are fully capable of disrupting and undermining today’s modern and sophisticated cybercrime-driven online activity that also includes various cyber jihad sentiments globally. Case in point would be ISIS which the U.S Cyber Command has specifically targeted and could be possibly used as the most relevant and recent example of fraudulent online cyber jihad activity up to present day in the context of a large scale international campaign which basically attracted the U.S attention which resulted in a variety of campaigns targeting pro-ISIS infrastructure and its supporters.

How can you best describe your experience in tracking down and monitoring of the Koobface botnet?

It took me two and a half years of active daily monitoring of the Koobface botnet to actually come up and properly provide the necessary technical research and analysis behind the actual working of the botnet and actually allow me to track down and publicly distribute a variety of personally identifiable information on one of the key members of the group which at some point resulted in having Facebook’s net-space IP block redirected to my personal blog including to actually have a personal message embedded on tens of thousands of infected hosts globally personally greeting me for my research into the Koobface botnet. At some point my research into the group’s whereabouts became the primary information source on the group’s activities internationally which resulted in a series of blog posts on the topic and greatly motivated me to continue my research into the way the botnet worked at the time through the systematic and daily publication of high-profile and never-published before technical analysis and research on the botnet’s la

What’s the current state of the fight against cybercrime globally?

While we’re currently observing a lot of newly popping-up vendors and organizations who are actually good at tracking down and responding to cybercrime incidents and activities it should be clearly noted that high-profile think-tanks including independent researchers organizations and vendors who have been tracking down cybercrime incidents and profiling cybercrime activities for decades should be easily considered a recommended reading in terms of their recently and historical published research in this area.

It should be also clearly noted that wide-spread cooperation campaigns between the academic commercial and private sector are already taking place potentially undermining and contributing to the overall lowering down of cybercrime activity globally.

What should be done in the broader context of fighting cybercrime internationally is a currently ongoing OSINT and Law Enforcement operation similar to my recently launched crowd-sourced OSINT and Law Enforcement operation called “Uncle George” including my most recently published high-profile and available online for free Cybercrime Forum Data Set for 2019 which you can download and process and potentially reach out to me in terms of the actual enrichment and tracking and shutting down process.

How can you best describe the ongoing intersection between law enforcement and the U.S Intelligence Community in the context of launching offensive lawful surveillance campaigns? Case in point is the recent take down and hijacking of the primary domain for Encrochat a proprietary encrypted mobile solution? Do you think Dutch law enforcement basically abused its technological “know-how” and expertise to target a commercial encrypted mobile solutions provider?

This is something that’s extremely important in the context of fighting cybercrime but can definitely raise someone’s eyebrows across the World in the context of preventing and responding to cybercrime and cyber jihad incidents globally in particular the intersection between U.S Law Enforcement and the U.S Intelligence Community. Case in point is the Dutch Intelligence Service which is quite experienced in fighting tracking down and actually responding to cybercrime and cyber jihad incidents globally which is a great example of the intersection between law enforcement and a country’s Intelligence Agencies globally. Case in point is Encrochat which is basically a commercial enterprise which was successfully taken offline thanks to a cooperation between the Dutch Intelligence Service and Law Enforcement internationally which eventually led to the direct compromise of the primary command and control infrastructure of the company and the actual interception of ongoing messages and communication.

Do you think that the launch of U.S Cyber Command is a step in the right direction? Do you think that publicly sharing proprietary malware releases on VirusTotal is an OPSEC violation? How do you think the U.S Cyber Command can better perform in the context of today’s modern offensive cyber warfare arms race?

Successfully positioning a major U.S based and publicly accessible organization for the purpose of fighting to and responding to cybercrime and cyber attack incidents is a step in the right direction. It should be clearly evident that with the U.S Cyber Command looking to expand and extend its industry outreach campaigns and is actually bothering to share proprietary releases which can be clearly found in a huge number of public and private malware repositories thanks to third-party researchers and vendors this is definitely a step in the right direction. In the broader context of fighting cybercrime and responding to cyber jihad and cyber warfare campaigns and incidents globally.

You used to work on Astalavista.com one of Box.sk’s primary competitors throughout 2003-2006? What’s your impression for running and managing the portal? What really took place when it got hacked?

I used to run and manage Astalavista.com which was the primary competitor of the original Astalavista.box.sk throughout 2003-2006 while I was studying in the Netherlands which greatly helped me make impact internationally and actually helped me pay the bills at the time. My primary responsibilities were to manage and issue daily updates to the security directory including the security news section including the production of a highly popular and high-traffic volume Security Newsletter where I was also responsible for interviewing people from the Scene and the Security Industry.

My other responsibilities included the overall look of the portal including the introduction of new sections including to actually manage and run advertising inventory where I was responsible for bringing more advertisers on board.

Is it true that you’re running one of the security industry’s most popular security publications? How did you originally launched the project? What’s the current state of the project?

I’ve been been running my personal Dancho Danchev’s Blog since December, 2005 while I was still working or https://astalavista.com acting as a Managing Director of the portal where I was busy responsible for the daily updates of the Security Directory including the Security News section including the introduction of new

What’s your attitude towards “4th party collection?

As this has been my primary area of occupation throughout the last couple of years with the results of my research published at my personal blog I believe that 4th party collection is largely driven by a specific set of folks and experts who are actually capable of making an impact and causing widespread damage across the cybercrime ecosystem internationally. Case in point is my most recently launched Law Enforcement and OSINT operation called “Uncle George” where I’ve managed to publicly process approximately 1M web sites from major and leading online cybercrime-friendly forum communities with the idea to assist U.S Law Enforcement and the U.S Intelligence Community on its way to enrich and actually process the data set potentially disrupting the cybercrime-friendly forum communities behind the campaign including to actually track down and prosecute the cybercriminals behind these campaigns.

Do you believe that an over-populated security industry means lower OPSEC for high-profile operations?

I think that as we’re continuing to witness the emergence and the existence of new cybercrime and OSINT researchers and analysts joining the security industry which could actually make the fight against cybercrime ever easier in case these researchers get invited into private mailing lists and private invite-only communities. I don’t necessarily think that an over-populated security industry means lower OPSEC for high-profile operations in case everyone involved in a specific campaign or operation is keeping track of its sources and sources of information.

Who’s running the show in 2020? What can best describe a successful “4th party collection” or virtual SIGINT operation? Who’s running the show in terms of fighting cybercrime online?

I’m currently observing the usual deal of research done by high-profile and well-known cybercrime researchers and security experts that also includes vendors including a great deal of research done by novice researchers entering the cybercrime research ecosystem. In terms of a successful “4th party collection” I can best describe the process as a combination of Technical Collection OSINT analysis and actual enrichment and actual U.S Law Enforcement and U.S Intelligence Community outreach where the ultimate goal would be to track down the prosecute the cybercriminals behind these campaigns.

Is it true that we live in an utopian World where North Korea and Iran-originating cyber attacks are basically launched by anything but nation-state actors namely Generation Y individuals who’re online starting to embrace new technologies meaning that “everything’s in order”?

I can confirm an evident trend where the mainstream news media is over-hyping the use of remote access tools which in reality are good old fashioned trojan horses circa the 90’s in terms of launching targeted or widespread malicious software serving campaigns. Based on my research and analysis it should be clearly evident that both North Korea and Iran are lacking the necessary technical and operational “know-how” to launch or participate in high-profile campaigns making it easier for these parties to outsource their cyber warfare or malicious software research and development needs to a third-party which could be for instance Russia.

Do you believe that corrupt and potentially compromised North Korean online agents are actually doing more harm than good by participation in cyber warfare campaigns using techniques and methodologies that were common in use throughout the 90’s namely trojan horses and various other lawful surveillance tools?

I’m clearly observing an increase in such type of “rogue agent” type of activity where North Korea or Iran-based hackers are actually directly undermining the OPSEC of their country’s offensive or defensive cyber warfare operations in terms of actually signaling trends and various other indicators which could prove crucial in a possible attribution campaign or actual assessment of a specific country’s understanding of offensive and defensive cyber warfare.

Were you surprised that you participated in a Top Secret GCHQ program monitoring hackers on Twitter called “Lovely Horse”? How do you think you made the list?

This was quite a surprise and it was in fact a privilege and an honor to have made the list with my old Twitter account where I was busy contributing with research and various other type of activity announcements on a daily basis while working for my previous empower which is Webroot. I think I made the list based on my research and it would be definitely a privilege and an honor to learn more and actually find out more about related Top Secret or Classified program where I’ve participated with my research.

What’s the current state of your currently ongoing law enforcement and OSINT operation “Uncle George”?

The current state of my currently ongoing Law Enforcement and OSINT operation called “Uncle George” is an active cooperation between several researchers who approached me including a vendor in terms of enriching the actual data set potentially helping me reach out to U.S Law Enforcement on my way to assist U.S Law Enforcement on its way to track down and prosecute the cybercriminals behind these campaigns. Users interested in joining my currently ongoing Law Enforcement and OSINT operation “Uncle George” can do it here.

Stay tuned!

Thursday, February 09, 2023

Exposing TrickBot's Bitzlato Cryptocurrency Exchange - An OSINT Analysis

Just came across this and I've decided to elaborate and offer actionable intelligence on the whereabouts of TrickBot's Bitzlato cryptocurrency exchange.

Company name: Bitzlato Limited
Company owner: Anatoly Legkodymov
Company URLs: hxxp://bitzlato.com - 103.41.71.252; hxxp://bitzlato.net - 103.41.71.252; 104.21.64.203; 104.24.117.5; 172.67.136.54; 104.24.116.5; 154.92.19.56; 107.161.23.204; 192.161.187.200; 209.141.38.71 - hxxp://bitzla.to - hxxp://bitzlato.bz - hxxp://bitzlato.bz - hxxp://changebot.info
Sample company social media account presence: hxxp://t.me/bitzlato; hxxp://www.reddit.com/r/Bitzlato/; hxxp://facebook.com/bitzlato; hxxp://instagram.com/bitzlato; hxxp://t.me/s/bitzlato_ru

Sample personally identifiable email address accounts known to have been involved in the campaign include:
legkodymov.lev@gmail.com
globus290382@yandex.ru
valentinka.ne@mail.ru
valentin.karyagin@gmail.com
v.karyagin@neovox.ru
support@ideascup.me
pleshevskie@gmail.com
dmitriy@ideascup.me
pleshevskiy@gmail.com
ivanalert@mail.ru


Related domains known to have been registered by the same individuals:
hxxp://fineeps.com
hxxp://btcbanker.info - legkodymov.lev@gmail.com
hxxp://btcbanker.org - robert@worldtradedaily.com; telegrambanker@gmail.com
hxxp://changebot.org
hxxp://changebot.info
hxxp://maccounter.com

Sample Maltego graphs related to the company:





Sample responding IPs known to have been involved in the campaign:
172[.]67[.]70[.]135
184[.]168[.]221[.]88
50[.]63[.]202[.]65
184[.]168[.]221[.]90
50[.]63[.]202[.]53
50[.]63[.]202[.]93
160[.]153[.]128[.]46
31[.]31[.]204[.]59
188[.]114[.]97[.]7
50[.]63[.]202[.]69
188[.]114[.]97[.]15
184[.]168[.]221[.]87
188[.]114[.]96[.]0
50[.]63[.]202[.]64
172[.]64[.]167[.]33
188[.]114[.]96[.]7
23[.]217[.]138[.]108
23[.]202[.]231[.]167
104[.]26[.]3[.]83
184[.]168[.]221[.]69
109[.]201[.]135[.]45
78[.]41[.]204[.]37
95[.]183[.]53[.]20
188[.]114[.]97[.]6
192[.]161[.]187[.]200
188[.]114[.]96[.]22
70[.]39[.]125[.]243
31[.]31[.]204[.]61
103[.]41[.]71[.]252
194[.]58[.]56[.]34
194[.]58[.]56[.]32
54[.]161[.]222[.]85
52[.]73[.]179[.]54
194[.]58[.]56[.]35
184[.]168[.]221[.]83
194[.]58[.]56[.]40
3[.]131[.]233[.]90
3[.]130[.]204[.]160
95[.]211[.]75[.]26
109[.]201[.]133[.]71
172[.]67[.]131[.]163
104[.]21[.]4[.]41
172[.]67[.]131[.]156
104[.]21[.]4[.]35
104[.]18[.]62[.]120
104[.]21[.]29[.]112
172[.]67[.]196[.]179
104[.]18[.]63[.]120
104[.]21[.]44[.]68
104[.]31[.]88[.]147
104[.]31[.]89[.]147
172[.]67[.]148[.]132
172[.]67[.]148[.]198
104[.]28[.]14[.]149
104[.]28[.]15[.]149
104[.]31[.]81[.]102
104[.]21[.]91[.]117
172[.]67[.]217[.]133
172[.]64[.]110[.]10
172[.]64[.]111[.]10
172[.]67[.]215[.]55
104[.]21[.]37[.]237
104[.]21[.]30[.]162
172[.]67[.]173[.]59
104[.]21[.]75[.]73
172[.]67[.]216[.]154
172[.]64[.]172[.]31
172[.]64[.]173[.]31
104[.]21[.]62[.]13
172[.]67[.]217[.]172
172[.]67[.]222[.]49
104[.]21[.]54[.]10
104[.]27[.]155[.]104
172[.]64[.]167[.]33
172[.]67[.]200[.]115
104[.]27[.]154[.]104
104[.]18[.]44[.]206
104[.]18[.]45[.]206
172[.]67[.]170[.]204
172[.]64[.]197[.]5
172[.]64[.]196[.]5
172[.]64[.]136[.]22
104[.]27[.]186[.]70
104[.]27[.]187[.]70
172[.]67[.]208[.]166
104[.]24[.]119[.]52
172[.]67[.]211[.]216
104[.]24[.]118[.]52
172[.]67[.]200[.]216
104[.]31[.]80[.]102
104[.]31[.]79[.]154
104[.]31[.]78[.]154
172[.]67[.]186[.]246
104[.]24[.]103[.]249
172[.]67[.]158[.]208
104[.]24[.]102[.]249
172[.]67[.]198[.]173
104[.]24[.]115[.]112
172[.]64[.]108[.]20
172[.]64[.]109[.]20
104[.]24[.]108[.]69
104[.]24[.]109[.]69
172[.]67[.]208[.]8
172[.]64[.]166[.]33
172[.]67[.]156[.]70
104[.]27[.]148[.]220
104[.]27[.]149[.]220
172[.]67[.]167[.]141
172[.]64[.]130[.]14
172[.]64[.]131[.]14
172[.]64[.]202[.]5
172[.]64[.]203[.]5
104[.]18[.]49[.]28
172[.]67[.]138[.]76
172[.]64[.]104[.]4
172[.]64[.]105[.]4
104[.]31[.]66[.]244
172[.]64[.]164[.]20
172[.]64[.]165[.]20
104[.]31[.]67[.]244
172[.]67[.]208[.]152
104[.]27[.]130[.]71
104[.]27[.]131[.]71
104[.]28[.]30[.]58
104[.]28[.]31[.]58
104[.]28[.]24[.]57
104[.]28[.]25[.]57
172[.]67[.]131[.]147
104[.]27[.]156[.]242
104[.]27[.]157[.]242
172[.]67[.]155[.]254
104[.]27[.]144[.]175
172[.]67[.]150[.]9
104[.]27[.]145[.]175
104[.]28[.]20[.]243
104[.]28[.]21[.]243
172[.]67[.]159[.]181
104[.]27[.]128[.]230
172[.]67[.]164[.]23
104[.]27[.]129[.]230
18[.]215[.]128[.]143
192[.]157[.]56[.]141
192[.]157[.]56[.]140
185[.]107[.]56[.]55
185[.]107[.]56[.]193
192[.]157[.]56[.]142
185[.]107[.]56[.]194
185[.]107[.]56[.]195
185[.]107[.]56[.]192
192[.]157[.]56[.]139
109[.]201[.]135[.]39
207[.]244[.]67[.]138
37[.]48[.]65[.]150
207[.]244[.]67[.]139
5[.]79[.]68[.]109
37[.]48[.]65[.]149
172[.]67[.]167[.]170
104[.]21[.]42[.]229
18[.]213[.]250[.]117
52[.]4[.]209[.]250
162[.]210[.]195[.]111
96[.]47[.]230[.]68
109[.]201[.]135[.]45
162[.]210[.]195[.]122
199[.]115[.]115[.]118
96[.]47[.]230[.]70
81[.]171[.]22[.]4
207[.]244[.]67[.]174
109[.]201[.]133[.]69
81[.]171[.]22[.]6
96[.]47[.]230[.]69
109[.]201[.]135[.]46
109[.]201[.]135[.]43
109[.]201[.]135[.]65
162[.]210[.]195[.]123
109[.]201[.]133[.]39
109[.]201[.]135[.]44
109[.]201[.]135[.]35
37[.]48[.]65[.]151
207[.]244[.]67[.]218
199[.]115[.]115[.]116
109[.]201[.]135[.]71
207[.]244[.]67[.]216
199[.]115[.]115[.]102
37[.]48[.]65[.]148
199[.]115[.]115[.]119
207[.]244[.]67[.]214
81[.]171[.]22[.]5
5[.]79[.]68[.]110
207[.]244[.]67[.]215
96[.]47[.]230[.]67
95[.]211[.]75[.]25
108[.]61[.]19[.]12
172[.]93[.]194[.]60
108[.]61[.]19[.]11
85[.]159[.]233[.]44
78[.]41[.]204[.]28
162[.]210[.]196[.]167
162[.]222[.]213[.]196
78[.]41[.]204[.]34
78[.]41[.]204[.]39
162[.]222[.]213[.]199
109[.]201[.]133[.]56
162[.]210[.]199[.]65
209[.]126[.]123[.]11
109[.]201[.]133[.]23
209[.]126[.]123[.]13
37[.]48[.]65[.]155
109[.]201[.]133[.]68
95[.]211[.]75[.]10
95[.]211[.]75[.]26
95[.]211[.]75[.]16
207[.]244[.]67[.]172
207[.]244[.]67[.]173
108[.]61[.]19[.]13
46[.]166[.]182[.]54
108[.]61[.]19[.]14
162[.]222[.]213[.]197
5[.]79[.]68[.]107
104[.]237[.]196[.]115
81[.]171[.]22[.]7
172[.]93[.]194[.]62
5[.]79[.]68[.]108
46[.]166[.]182[.]62
184[.]168[.]221[.]79
104[.]27[.]176[.]87
104[.]27[.]177[.]87
109[.]201[.]133[.]54
162[.]210[.]196[.]166
162[.]210[.]199[.]87
37[.]48[.]65[.]152
199[.]115[.]116[.]216
209[.]126[.]123[.]12
207[.]244[.]65[.]58
37[.]48[.]65[.]143
37[.]48[.]65[.]136
162[.]210[.]199[.]85
37[.]48[.]65[.]154
109[.]201[.]133[.]73
37[.]48[.]65[.]153
37[.]48[.]65[.]145
162[.]210[.]196[.]168
52[.]0[.]217[.]44
23[.]20[.]239[.]12
52[.]54[.]24[.]134
52[.]6[.]128[.]155
91[.]195[.]240[.]13
74[.]208[.]236[.]102
31[.]220[.]16[.]53
31[.]31[.]204[.]59
103[.]41[.]71[.]252
104[.]21[.]64[.]203
104[.]24[.]117[.]5
172[.]67[.]136[.]54
104[.]24[.]116[.]5
154[.]92[.]19[.]56
107[.]161[.]23[.]204
192[.]161[.]187[.]200
209[.]141[.]38[.]71
50[.]63[.]202[.]53
104[.]21[.]61[.]156
172[.]67[.]211[.]138
160[.]153[.]128[.]46
172[.]67[.]70[.]135
104[.]26[.]3[.]83
104[.]26[.]2[.]83
162[.]159[.]138[.]85
162[.]159[.]137[.]85
172[.]67[.]74[.]48
104[.]26[.]10[.]44
104[.]26[.]11[.]44
172[.]67[.]186[.]213
104[.]21[.]60[.]9
104[.]21[.]51[.]145
172[.]67[.]181[.]106
104[.]21[.]69[.]194
104[.]24[.]124[.]54
104[.]24[.]125[.]54
172[.]67[.]212[.]102
172[.]64[.]166[.]18
172[.]64[.]167[.]18
172[.]64[.]194[.]2
172[.]64[.]195[.]2
104[.]18[.]42[.]185
172[.]67[.]176[.]254
104[.]18[.]43[.]185
172[.]64[.]132[.]21
172[.]64[.]133[.]21
104[.]18[.]45[.]185
172[.]67[.]176[.]253
104[.]18[.]44[.]185
172[.]67[.]187[.]191
104[.]21[.]68[.]57
104[.]21[.]43[.]43
172[.]67[.]219[.]48
172[.]67[.]215[.]32
104[.]21[.]59[.]56
172[.]67[.]190[.]82
104[.]21[.]76[.]60
172[.]67[.]159[.]196
104[.]21[.]9[.]111
104[.]21[.]9[.]110
172[.]67[.]159[.]195
104[.]21[.]9[.]109
172[.]67[.]159[.]194
104[.]21[.]83[.]91
172[.]67[.]220[.]239
172[.]67[.]165[.]64
104[.]27[.]145[.]226
172[.]67[.]207[.]132
104[.]18[.]40[.]76
104[.]18[.]41[.]76
104[.]31[.]83[.]75
104[.]31[.]82[.]75
104[.]24[.]124[.]157
104[.]24[.]125[.]157
104[.]27[.]151[.]157
104[.]27[.]150[.]157
172[.]64[.]99[.]15
172[.]64[.]98[.]15
172[.]64[.]173[.]16
172[.]64[.]203[.]29
172[.]64[.]202[.]29
172[.]64[.]96[.]28
172[.]64[.]97[.]28
104[.]31[.]68[.]221
172[.]67[.]166[.]166
104[.]31[.]69[.]221
172[.]67[.]146[.]41
104[.]18[.]53[.]227
104[.]18[.]52[.]227
172[.]67[.]165[.]4
172[.]64[.]111[.]14
172[.]64[.]110[.]14
172[.]64[.]170[.]34
172[.]64[.]171[.]34
172[.]64[.]207[.]12
172[.]64[.]206[.]12
104[.]27[.]144[.]226
104[.]21[.]79[.]147
104[.]21[.]55[.]52
172[.]67[.]144[.]212
172[.]64[.]137[.]22
172[.]67[.]184[.]144
104[.]21[.]76[.]2
172[.]67[.]168[.]239
104[.]21[.]79[.]32
172[.]64[.]202[.]7
172[.]64[.]203[.]7
172[.]67[.]222[.]59
104[.]21[.]46[.]11
104[.]21[.]49[.]148
172[.]67[.]163[.]242
172[.]67[.]220[.]103
104[.]21[.]62[.]52
172[.]64[.]169[.]16
172[.]64[.]168[.]16
172[.]64[.]105[.]13
104[.]21[.]40[.]11
172[.]64[.]167[.]16
172[.]67[.]173[.]216
172[.]64[.]166[.]16
188[.]114[.]96[.]2
172[.]64[.]137[.]31
188[.]114[.]97[.]2
172[.]64[.]136[.]31
188[.]114[.]96[.]3
104[.]18[.]40[.]160
104[.]21[.]76[.]225
104[.]18[.]41[.]160
172[.]67[.]201[.]234
172[.]64[.]172[.]16
104[.]21[.]70[.]92
104[.]24[.]113[.]28
172[.]67[.]222[.]47
104[.]24[.]112[.]28
104[.]21[.]86[.]68
178[.]128[.]139[.]249
172[.]67[.]216[.]91
167[.]99[.]215[.]175
104[.]21[.]39[.]132
185[.]165[.]123[.]206
172[.]67[.]145[.]207
45[.]77[.]55[.]61
172[.]67[.]146[.]78

Sample photos of the individuals behind the campaign:









Sample related MD5s known to have phoned back to these domains:
7a6f2d84c3eb8db4d91ce07ea3ac9772bd5fea06fe2c762f0077cba876ed4b13
994ecf65c45d64965191445dcd5408eab1cd5b8a99a7073968da5cd14036ea4b
7c074a18640479cc1073f56dedd3b7794ffd7d3c1605f3660cd2d5c480b55dcc
d14461d2642994a3ef194c6f1c4d542d48bc8d6ccbf16f18a3e4ef0d61739ca5
fd5541baaabab71fa71762c8490205dbc16af038a5243923593845f922b501ee
411cfd693f38f0b39d5689e48b5b7ec4d660ba95a1ec6d842d8fcc1b116994a7
2e12c3bf63facebb6e4fac6e2b0ee715de2127d4ace510b1a188158d3588fabc
d29544e4e66e74468d38f667603a55da657cd10b5ec999e615b9a7b920f32441
3305706d89aa2ef1e0a03f381f94c78c00b11b2bd5b400d73ee010c876bd77cc
68130f4b25cfa991c20f73b508a795a7a81b54d04fb7b39d3fb663aae43dee4a
c64edf4e3c7fa154fe85eb3dd69e99a561dcfae16e24a4f5360527b2137f8925
75a2a61d9822fcf3b41b43a2a9b2bfa2bc7b723aa57180b404e6bc9b36d18337
2164f91e3aad0cc69015d0ba9e33d6cdcf7595c48161c2858566e64008ef9ae9
a9c93131325212be8fc88c6b8cb9b83a32c7c39875b2861d79fec1851a067f6a
78e72c1ca6d4c2c0e4bb9be957d6a8302ddd0c24d3c51f28482c5211f9c90074
ad01f17ebf40b4d66598fb30be1a84a5f3fdda301b8bed285b6b2c966d68c463

The domains are currently seized and sinkholed by the ShadowServer Foundation.

Stay tuned!