Wednesday, February 21, 2024

Conti Ransomware Gang's Web Properties Domain Reconnaissance - An OSINT Analysis

The following is a set of domain name reconnaissance for Conti Ransomware Gang's related web properties.

Sample domains:

hxxp://aes[.]one - Kirill Borzov - Email: borzoff_k[.]grr[.]la; 89531976767@mail[.]ru

Sample URL: hxxp:/aes[.]one/files/d/e0t/1u4lg8iu6deal10c4k13lei1q7/94290198d07d9e0e/

Related domains:hxxp:/ запчасти71[.]рус - Email: 89531976767[.]mail[.]ru
hxxp:/continews[.]click - 89[.]45[.]4[.]98; 86[.]106[.]20[.]166; 146[.]70[.]71[.]184

Related Conti domains known to have been parked on the same IP (89[.]45[.]4[.]98):
hxxp:/continews[.]club
hxxp:/continews[.]xyz
hxxp:/contirecovery[.]click
hxxp:/contirecovery[.]best - 185[.]14[.]30[.]76

Related Conti domains known to have been parked on the same IP (185[.]14[.]30[.]76):
hxxp:/contirecovery[.]top
hxxp:/contirecovery[.]icu



Related Conti domains known to have been parked on the same IP (185[.]14[.]30[.]76):
hxxp://bet4rate[.]com - Anton Petrov - Email: a[.]lexboesky@gmail[.]com

Related domains known to have been registered using a[.]lexboesky@gmail[.]com include:
hxxp:/bet4rate[.]fr
hxxp:/bet4forum[.]com
hxxp:/nbaforecast[.]com
hxxp:/mlbforecasts[.]com
hxxp:/forecastpackage[.]com
hxxp:/betforrate[.]com
hxxp:/betspackage[.]com
hxxp:/analytics4sport[.]net
hxxp:/analytics4sport[.]org
hxxp:/sport4[.]us
hxxp:/4sport[.]us
hxxp:/bet4rate[.]com
hxxp:/center4sportanalytics[.]com
hxxp:/sport4analysis[.]com

Working spreadsheet:
hxxp:/docs[.]google[.]com/spreadsheets/d/1pI71arcyNDmcCZPfGFDFc0o9GJlrcJOycBWZEyrfjlA/edit

Working Google Drive account:
https://drive[.]usercontent[.]google[.]com/download?id=1TzaiXSmdZpSUvm_quI4DjiedpxAQ05mo

Related domains:
hxxp:/dropfiles[.]me - hxxp:/xchange[.]cash

No comments:

Post a Comment