Exposing a Currently Active Portfolio of High-Profile Cybercriminal Email Addresses - Part Four

Dear blog readers,

I've decided to share a recently profiled portfolio of high-profile cybercriminal themed email addresses with the idea to assist U.S Law Enforcement and the U.S Intelligence Community on its way to track down and prosecute the cybercriminals behind these campaigns.

Sample emails known to have been involved in the campaign:

richard_tveter_2005@yahoo.com

mardoran@hotmail.com

secway26@rambler.ru

tytyo_kkk@mail.ru

beautiful_algv@yahoo.com

mihishaha@yahoo.com

neo2srx@yahoo.com

mihuanyao_lover@yahoo.com.cn

svetlana_serg26@yahoo.com

newcat@fromru.com

maff@ua.fm

wmliza@mail.ru

card-service@bk.ru

r0bing00d@yahoo.com

1sd@list.ru

dada777@inbox.ru

mekmekov@yahoo.com

oxygen121@gmail.com

bouzo@mal.ru

mayhem7@post.com

a234retf8@yahoo.com

lebertyreserve29@yandex.ru

saneksanek@yandex.ru

dottss@gmail.com

arm.defense@tut.by

hotgirl8820@yahoo.com

raliki@hotail.com

ns7100@gmail.com

AMBALok@gmail.com

iilabs@gmail.com

gildersleeve@representative.com

misc323@safe-mail.net

miraxmd@yahoo.com

jb.giver@gmail.com

markkuehling99@yahoo.com

ivan.zakarov@googlemail.com

ctrlspace@mail.ru

snake_s@hushmail.com

wess101@mail.ru

ITex@safe-mal.net

forkeks@Safe-mail.net

nitefox187@yahoo.com

msg_dark@yahoo.com

markschweir@yahoo.com

salton@drop4rent.info

kkimmi@mail.ru

mz4crt_p1n@mail.ru

kollega1987@mail.ru

stunkofpunk@gmail.com

uhozhu@front.ru

home5@inbox.ru

denmon_kg@mail.ru

d.s45@bk.ru

skyinthesea@mail.ru

is4ez@yahoo.com

Tikkatak10@gmail.com

hwrsmail@yahoo.com

orgish_andrey@mail.ru

cargofs@gmail.com

vldb@safe-mail.net

kattz@mail.ru

realm@freecj.com

mazafakacecil@rambler.ru

mail4crap@hush.com

vaiomz@yahoo.com

amka_s@mail.ru

offspring2003@mail.ru

vorui@bk.ru

zabriskiuntverpen845@mail.ru

ddan@mail.ru

ib1aqq73he@yahoo.com

dex_lawsen@bluebottle.com

theberserk@safe-mail.net

johnnytorrio_01@yahoo.com

sladernon@antichat.ru

bnyt@safe-mail.net

markyc05@safe-mail.net

john.silver.jr@gmail.com

bro.mazafaka@gmail.com

isaacgalegos@live.com

doctordre@Safe-mail.net

fan.n9@rambler.ru

nick.wanderer@gmail.com

jcdev@protonmail.ch

free0sky@rambler.ru

avolgin76@gmail.com

cortes@exploit.im

elusive140@yandex.ru

theprotection@safe-mail.net

perezoricardo@yahoo.it

hochukupit@gmail.com

aleks9ndr@tutamail.com

gl2me2gl@yahoo.com

zct@ptz.biz

addraddr@gmail.com

sandrodiascomprende@yahoo.com

torexan@yahoo.com

nodesign@yandex.ru

sereda333@yahoo.com

m@m.hk

vagabonds@safe-mail.net

chrixxmorris@yahoo.com

cash@contractor.net

-@0nl1ne.at

kennibig@yahoo.com

eric@g.com

petzlnow@googlemail.com

davidexfin@gmail.com

dampil@gmail.com

eeemaileee@safe-mail.net

ivanov173@gmail.com

puzb1p@gmail.com

genterman0911@mail.ru

workhardandgetcash@mail.ru

jnash6@gmail.com

sssr007@yahoo.co.uk

unauthdirtydeeds@gmail.com

support@openvpn.ru

west.denny@yahoo.com

levo@iname.com

dale.goodson@yahoo.com

flooddos@rambler.ru

gregory@faber.net

BlgspuQk@Safe-mail.net

Tereveniblin@gmail.com

forex01@runbox.com

danielmuzic@yahoo.com

lasylvfa@gmail.com

falcon340@gmail.com

minotatu@yandex.ru

FirstFresh11@jabber.org

calrcox12345@yahoo.com

infraud@yandex.ru

nolan@californiamal.com

ntaccessjit@yahoo.com

likevisa@gmail.com

miller1444@gmail.com

hoteltokio@yahoo.com

atom@humanoid.net

irvindmelind@gmail.com

denshauhoward@protonmail.com

mext@bk.ru

cctron@gmail.com

ud389dj9@yahoo.com

bossf@gmail.com

wermansed@gmail.com

bcd@europe.com

wilson.vn.inc@gmail.com

77.uk@mail.ru

bordo@jabber.se

petrigemobile@petml.com

latertrans@gmail.com

bernardoprovencano@yandex.ru

ccbesik@gmail.com

ohlsson76@gmail.com

vilia13@rambler.ru

promo_mail@yahoo.com

alexandr.volkov@gmx.us

software_komp@yahoo.com

mpotop441@yahoo.com

jahamota@gmail.com

urbanwave@yahoo.com

davidhershey@rocketmail.com

gugulya@safrica.com

sawyer.on@gmail.com

scamp7777@googlemail.com

sssr12345@gmail.com

akunamatata1@protonmail.com

mikelarose8@gmail.com

black.art@bk.ru

butt-head90@yandex.ru

v@voland.cc

zygin1@gmail.com

specialist.7777@gmail.com

prava@mail.org

doubtan1111@gmail.com

flipik23@yahoo.com

danil_ural@yahoo.com

flowerstoy7@mail.ru

jonzvitt@yahoo.com

rusrid@gmail.com

alanbakernyc@yahoo.com

neggaster@gmail.com

dm123321@gmail.com

opedsa@mail.com

nreky@yahoo.com

r231231312312421@yahoo.com

kalisher1122@yahoo.com

ininho55555555555@yahoo.com.in

ukjden@gmal.com

ok@ok.com

partner4ik@yahoo.com

rodert.harrison@gmail.com

cash.group@yahoo.com

stor8288@safe-mail.net

4232vlad@gmail.com

scanservisdv@gmail.com

poloz.dimulya@mail.ru

digweedsound@gmail.com

support@affstats.biz

visa_focus@yahoo.com

gigabait78@mail.ru

dearon08@gmail.com

Try2CheckMe@gmal.com

1@12.com

bruse.macmahon@gmail.com

sj6105@gmail.com

mr.qwertys@googlemail.com

sds21v@mail.ru

lucik.andrey@yahoo.com

xottab6ich@gmail.com

megarapide@yahoo.com

takahashi.cash@gmail.com

roshkvip@gmail.com

extndforum@gmail.com

procashcorp@gmail.com

baks2008@yandex.ru

seofun77@gmail.com

lilk2006@yandex.ru

die.leiche@gmail.com

shaks@ya.ru

alexwyoming@gmail.com

oldfenix@inbox.ru

johncool@Safe-mail.net

rchrdrglnd@gmail.com

asiento77@gmail.com

manaimar1@gmail.com

dalsjkdlkasd@gmail.com

k1976sh@seznam.cz

valex7@gmail.com

mm122990@gmail.com

support@sweetsexsite.com

verified900@yahoo.com

ruscomps@inbox.ru

nimful12131415@gmail.com

cermanik@gmail.com

ioanpavlov@yahoo.com

aerostars18@gmail.com

paimao@yandex.ru

xix.user@gmail.com

vegasfromchicago@yahoo.com

robben@london.com

etcher2007@gmail.com

ayoolu.omo@gmx.com

FunkyTalk@jabber.se

blik@jabber.no

rexsilver@jabber.cz

root@corps-software.info

karihardi@gmail.com

pro@hot-chili.net

modnar@jabber.ru

jasreop@yahoo.com

sergio.raviolli@aol.com

leniv_2@xmpp.jp

litovecki-leh@rambler.ru

rstrecord@yahoo.com

sales@servergun.com

mr.kasim74@mail.ru

Lauri_whiter@yahoo.com

chingizz@pm.me

1234901dsa@gmail.com

wizinfo7@gmail.com

informatik-forym@yandex.ru

alexes.2010@qip.ru

upchix@yahoo.it

ferragamo2013@gmal.com

rabotak3@yandex.ru

nackruchivatel@jabber.jp

mik@jabbim.sk

david645i@yahoo.com

olo@opa.la

dapcevicf@live.com

feedback86@live.com

Slaige_ex@xsmail.com

aquabox@jabber.jp

marylucasa9@hotmal.it

Mok@la.yt

mr.albandy@yandex.ru

eduard.rook@inbox.lv

TedDurham63@revenue.com

godaccs@gmail.com

Hig@hway.com

x5ms3@mail.ru

blackjack121@yandex.com

mail@logservice.com

bendr956@gmal.com

lomarklow23@yahoo.com

epolc@mail.ru

3d@businessall.net

l0vesan666@yahoo.com

Ioshkin@Kot.in

norbertkorpek@gmail.com

richdoug@yandex.ru

blunder333@yahoo.com

david.akimov@gmail.com

lyndst6@hotmail.com

nakolujnii@rambler.ru

clincoln@gmail.com

katarina@jsrv.org

pak@live.com

triest@yahoo.com

xxomax@yahoo.com

sky44@email.com

bono@dara.net

ng@jabber.no

sdams@yahoo.com

babos@list.ru

gazprom2222@yahoo.com

zorton@jab.org

khan@climko.org

unix1221@hotmail.com

laimis.sim@web.de

marvin.uk@mail.ru

kk77@default.rs

ot@limun.org

kino@swissjabber.ch

babos52@mail.ru

Piramidepiranija@mail.ru

crystalo@jabber.ru

asdkhasjeg1287361@gmail.com

galiotto2011@gmail.com

jbjb1020304050@jabber.ru

kingsizexxx@exploit.im

moskovka2@mal.ru

meisbatman4@gmal.com

samuil@0x48k.cc

stnkn@maii.ru

moysha@climm.org

antibiotik@korovka.name

swindler5@xmpp.ru

Landron@safe-mail.net

999@xmpp.jp

shk@et.com

sim@sim.pl

sgs@jabber.no

itional@yandex.ru

shifr77777@exploit.im

molot@swissjabber.ch

skyfall800@yahoo.com

eurodream777@ymail.com

BREMBO@europe.com

validcc@0nl1ne.at

mazar@mazar.ma

berg@neko.im

recovery3000@protonmail.com

ch@jabber.org

oldnew@gmail.com

vkarleone@protonmail.com

kosmopolit9@gmail.com

nellymarytanase@yahoo.com

john.beebop@gmail.com

jackychan@europe.com

weffy61@gmail.com

evilworm@xmpp.jp

hercogfrolen@yahoo.com

alanskix@thesecure.biz

adasler@live.com

nikitko.hud@googlemail.com

y@macjabber.de

auth@jabber.se

at@0nl1ne.at

hdfyfdgdfg@jfjgu124434342dfhjj.com

tremels@rediff.com

martinstr123@gmail.com

be.clint@yahoo.com

garden@im.flosoft.biz

y@aveg.me

Arbitr4@maza.cc

maxim.loginov@inbox.ru

botrabot@rocketmail.com

swordfish77555@yahoo.com

manager@0nl1ne.at

sandokan7@safe-mail.net

roud@linuxlovers.at

9781k10@bk.ru

anonymous13@hush.com

anonymous130@hush.com

deboshxxx@gmail.com

trakher@gmail.com

t0ilet@tsec.pro

rynka.ltd@gmail.com

biz@jabber.at

hiddenuser@jabber.cz

razor@swissjabber.ch

mwrd69@mail.ru

roman.gromov777@gmail.com

elly@exploit.im

JMin9990@gmail.com

cia1one@mal.com

vlad_maxaon@mail.ru

blackhatnew@googlemail.com

bil@rambler.ru

hqspence_6@hotmail.com

cb1h@climm.org

guter6848@gmail.com

wash1017@mail.ru

xxx@securetalks.biz

maxziz01@gmail.com

wordfish@mail.ru

ivanpetrov@uymal.com

papa333@list.ru

innspirit2012@gmail.com

i.poo2000@yandex.ru

debro@exploit.im

luigi@default.rs

z33ps@jabber.cz

rexetol@mail.ru

7guest@jabber.org

spart.sv@gmal.com

chomes71@gmail.com

bor.duka4eff@yandex.ru

porsche777@thesecure.biz

mdonatti44@hotmail.com

volkoff@jabber.ru

miron1@xmpp.jp

nickelback@jabster.pl

bugatti@xmpp.jp

adm@unitaco.com

h@jabbim.com

pving@codingteam.net

jj@copov.net

ukraine@maillim.com

forme.ltd@zoho.com

8twattle@twattle.net

medoedupox@protonmail.com

garry.kasparov@safe-mail.net

dor@jabber.cz

6d6f6e6579@676f6c64.biz

edis.werton@gmail.com

nagibator@tutanota.de

zlatko@0nl1ne.at

cryptograf@ymail.com

drops-uk@jabber.ru

911@thesecure.biz

gruver@mrgruver.com

simke@jabber.vc

nameja@inbox.ru

admin@off-sho.re

gert@jabster.pl

avaman555@rambler.ru

archi@jabber.ccc.de

stegi@tuta.io

v.o4karik@yandex.ru

lockinprofit@exploit.im

V-2013@sj.ms

shefferrol@xmpp.jp

anddevl@jabber.ru

true@reborn.com

rrigel@imun.org

kukutun@xmpp.jp

robert-burger@gmx.de

webprojects@contractor.net

london7london@gmail.com

london7@xmpp.ru

dcs@rows.io

portikul@sj.ms

dropsfromuk@jabbim.sk

newteam@hushmail.com

bander@cerberus.la

cake2004@yandex.ru

salimis@bk.ru

tankep@inbox.com

shadow.ekzot@gmail.com

poker3331@jabber.cz

kalilinux99998888@gmail.com

slsls@mail.ru

relainium@xmpp.jp

sofitel@thies.it

antpri@neko.im

ministriim@exploit.im

fx03nix@yandex.ru

ironhid@jabbim.cz

genrih@post.com

hs@mail.com

rat.zau@mail.ru

qwerqwer38@xabber.de

1provendor@jabber.ru

eglaguernon@mail.com

support@novus.pk

mail88888none@mail.com

total@jabber.mu

bigqik@gmail.com

studentv@jabber.se

primomandrake@gmail.com

mmishamc@gmail.com

first.artem@bk.ru

russvitiaaa@gmail.com

krikun@xmpp.jp

a-ikov@mal.ru

billywhels@verdammung.org

ogono@xmpp.jp

qwertysocks@mail.ru

dagger@jabberes.org

o6hajl@xmpp.jp

mys0133@gmail.com

k1b3r_p4nk@jabber.ru

Yamamoto22@xmpp.jp

trust@exploit.im

ganesh604@dukgo.com

dwb777@default.rs

finviz@jabba.biz

marwdmn@gmail.com

dozzer999@jaim.at

tramper@exploit.im

mr.cash@0nl1ne.at

altex@0bscured.net

1@3456.com

jazz@0nl1ne.at

Lui@ya.org

mr.bablomet@mail.ru

kilzzik@gmail.com

taco@jabbim.cz

red700@jabba.biz

johnson@exploit.im

phi@linuxlovers.at

cooker@0nl1ne.at

4ipalino@sj.ms

shackless@mail.ru

smile@safetyjabber.com

support@profitmaker.im

vovochka_dal@mail.ru

greenteam@swissjabber.ch

kilo@jabster.pl

zonder77@0nl1ne.at

hornet@mfclub.ws

c2oper@mpro.la

cashout-service@jabberes.org

feromon@neko.im

ccsversion1@verdammung.org

wehrwolf@evilwolves.org

netcat@thesecure.biz

bro@mazafaka.info

ernest@jabber.ru

heavygear@jabber.cz

csh@jabme.de

Jack@korovka.pro

junglebell777@jabber.ru

coirt@exploit.im

stepanxx90@gmail.com

tutututu@exploit.im

platon1980@xmpp.ru

goodw1n@jabber.cz

babtist@exploit.im

bugsy@exploit.im

0025@0nl1ne.at

nashc2h5oh@jabber.dk

kefka@sj.ms

aviracard@sj.ms

usa@exploit.im

messiah@zloy.im

cahal@sassssss111.com

lamborghini@jabber.se

zavulon777@xmpp.jp

1717@mpro.la

halya@inject4you.com

promac_new@protonmail.com

protected@mfclub.ws

insaner@linuxlovers.at

shantaram@jabme.de

eps-cash@wwf.tl

elvi@exploit.im

x@thesecure.biz

net@net.net

bossigorya@jabbim.cz

idealist@exploit.im

hasss@exploit.im

spichki@xabber.de

biller@default.rs

brazentmen@gmail.com

amgrik@im.koderoot.net

parampampam@jabber.org

freed0m@yax.im

mon3ywest@exploit.im

ocean@fastservice.com

sservice@exploit.im

corpbot@swissjabber.ch

hardlock@shangryla.net

jabberok777@gmail.com

johniren80@gmail.com

goosmail@protonmail.com

pandar1an74@0nl1ne.at

set@0nl1ne.at

ex@exploit.im

blackb0t@0nl1ne.at

Onlyship@xmpp.jp

levanec9@exploit.im

tnddin@xmpp.jp

gaze@jabbim.sk

mel@0nl1ne.at

tzarlt@exploit.im

wolfman@exploit.im

kotovskii@xmpp.ru

suntrust@exploit.im

williams1@pandion.im

ray@jabber.linux.it

inst1nct@shangryla.net

mufasu@exploit.im

blackangus@exploit.im

myne@exploit.im

obamich@mfclub.ws

597@xta.im

bb@mfclub.ws

robbbin@draugr.de

blackcoffe@0nl1ne.at

partymaker@mfclub.ws

zaraza@jclub.pw

w1llb30k@linuxlovers.at

xplo@brauchen.info

wows@jabbim.com

navie@exploit.im

greytech@patchcord.be

markdevido@exploit.im

pubicman@jabber.kiev.ua

pin_plus@exploit.im

sash@jabber.cz

ethlinor@protonmail.com

denvers@jabber.org

mod12@mfclub.ws

bhp@yax.im

mod10@mfclub.ws

obmennik@exploit.im

i@xta.im

topbro@xmpp.jp

themarket@exploit.im

cn_sicario@exploit.im

don1@1jabber.com

obmennikx@exploit.im

donkihot100@exploit.im

xterjex@gmail.com

dalikas@jabber.kiev.ua

jb498683492@1jabber.com

mopspops@xmpp.jp

emot10n@swissjabber.ch

d0ct0r@exploit.im

-@swissjabber.ch

green@xmpp.name

webkit@exploit.im

825164538@jabberes.org

user5055@exploit.im

012@mfclub.ws

the_reeper@jabber.org

skrill_support@creep.im

diegogo@xmpp.jp

goobs_1@exploit.im

berlin7778@talk.mipt.ru

1up@0nl1ne.cc

mod11@mfclub.ws

boo66@exploit.im

tunahost@yandex.ru

48512753@xta.im

root123@jabbim.cz

admin@localhost.com

stacksm@ch3kr.net

goldend2@exploit.im

m48h@exploit.im

molot_drop@exploit.im

zero001@exploit.im

littlebears@exploit.im

redsnapper@jabber.de

221.221.221.221@mail.com

dungeonkeeper@xmpp.pro

lokid@xmpp.jp

Sandokan@0bscured.net

lynx999@jabbim.cz

sskoaksokaokaoskoas@jabber.hot-chilli.net

amigo112@linuxlovers.at

supp_terror@pandion.im

farinet@mazafaka.info

glasgow@jabb.im

Mulag1@exploit.im

a@xta.im

959595@jabb.im

crddoktor@pm.me

m1k3y@neko.im

bigboss3412@0nl1ne.at

ph.d@jab.undernet.cz

fluxdns@gmail.com

krut@jabber.sk

skydex@exploit.im

rh1n0@xmpp.jp

hirok77@xmpp.jp

ace@lcp.cc

comediant@jabber.dk

serebrei8@jabb3r.de

badhombre@tutanota.com

BaseBuyer@xmpp.is

ddosplay@jabber.org

nobel@thiessen.it

mek@exploit.im

belialus@xmpp.jp

roofer@xmpp.jp

maza@jabbim.ru

i@mainjabber.com

likeadesign@exploit.im

8374@jabber.fr

0bnal@exploit.im

shady100@protonmail.com

filthyfew1312@jabbim.sk

bizdev@exploit.im

Xprox@1.com

las_vegas@draugr.de

manssoni@xabber.org

masterblaster@exploit.im

bitcoin@intellectx.ru

looklingtobuy@xmpp.jp

dreamdream@jabbim.cz

1337@mfclub.ws

kerberosik@jabber.de

Moderator@x.com

joseph@mazafaka.info

dailem@Safe-mail.net

ghost911@xmpp.jp

080808@jabber.no

crymsonwyrm@exploit.im

mus3@xmpp.jp

dillinger@thesecure.biz

2Garln@exploit.im

weteam@jabbim.sk

nash0@exploit.im

agora@exploit.im

0x73686f70@slilpp.me

satanna@exploit.im

kazobmennik@cashgroup.me

mod6@mfclub.ws

france@jabb.im

Dacorox@kode.im

benumb@mescalito.be

mod4@mfclub.ws

volk@zloy.im

info@brokercap.com

kembrij@keemail.me

washingtonnn@xmpp.jp

1@isilence.biz

Stay tuned!

Continue reading →

Exposing FBI's Most Wanted Cybercriminals - "JabberZeuS" Crew - An OSINT Analysis

This summary is not available. Please click here to view the post. Continue reading →

Exposing the Guccifer 2.0 "GRU-Connected" Enterprise - An OSINT Analysis

Dear blog readers,

I wanted to take the time and effort and elaborate more on the so called Guccifer 2.0 enterprise which basically represent a single lone hacker who basically made a high-profile Web site compromise and actually launched a social media account behind it for the purpose of communicating the purpose of attacking and actually making the information publicly accessible online for free.

In this post I'll provide actionable intelligence on the Guccifer 2.0 enterprise which basically represent a single lone hacker that actually distributed a high-profile data leak and build a social media account behind it.

Sample Personal URLs: https://guccifer2.wordpress.com; https://twitter.com/GUCCIFER_2

Sample personal email: Guccifer20@aol.fr

Sample IPs known to have been involved in the campaign: 95.13.15.34; 95.130.9.198; 212.117.164.35; 95.211.168.139

Sample VPN service provider which was used by the Guccifer 2.0 enterprise:

hxxp://ns1.vpn-service.us - 176.9.89.229 - Email: sec.service@mail.ru

hxxp://ns2.vpn-service.us - 85.17.139.9

hxxp://ns3.vpn-service.us - 212.117.164.35

hxxp://ns1.vpn-service.us - 212.32.234.134

hxxp://ns2.vpn-service.us - 37.48.92.139

hxxp://ns3.vpn-service.us - 193.161.87.105

Sample screenshots of conversation with the Guccifer 2.0 enterprise:

Stay tuned!

Continue reading →

Exposing FBI's Most Wanted Cybercriminals - Iran's Mabna Hackers - An OSINT Analysis

Dear blog readers,

I've decided to share some of the actionable intelligence that I have at my disposal regarding the FBI's Most Wanted Iran-based Mabna Hackers which I originally outlined in my second release of the "A Qualitative and Technical Collection OSINT-Enriched Analysis of the Iranian Hacking Scene Through the Prism of the Infamous Ashiyane Digital Security Team" where you can also obtain a copy of the first release entitled "Assessing The Computer Network Operation (CNO) Capabilities of the Islamic Republic of Iran" in terms of catching up in terms of what Iran-based hackers and hacking groups are up to up to present day with the research report basically representing one of the most comprehensive and in-depth publicly accessible report on Iran's hacking scene.

Sample screenshots of Mabna Institute including the associated Web sites where the information is offered:

Sample phishing URLs known to have been involved in the campaign:

ezvpn.mskcc.saea.ga    

library.asu.saea.ga    

library.lehigh.saea.ga    

moodle.ucl.ac.saea.ga    

saea.ga    

unex.learn.saea.ga    

unomaha.on.saea.ga    

www.uvic.saea.ga

catalog.lib.usm.edu.seae.tk

elearning.uky.edu.seae.tk

www.aladin.wrlc.org.seae.tk

alexandria.rice.ulibr.ga

cmich.ulibr.ga

columbia.ulibr.ga

edu.edu.libt.cf

ezproxy-authcate.lib.monash.ulibr.ga

login.revproxy.brown.edu.edu.libt.cf

ezproxy-authcate.monash.lib.ulibr.ga

ezproxy-f.deakin.au.ulibr.ga

lib.dundee.ac.uk.ulibr.ga

cas.usherbrooke.ca.cavc.tk

catalog.lib.ksu.edu.cavc.tk

isa.epfl.ch.cavc.tk

login.vcu.edu.cavc.tk

www.med.unc.edu.cavc.tk

cas.iu.edu.cavc.tk

ltuvpn.latrobe.edu.au.reactivation.in

passport.pitt.edu.reactivation.in

edu.login.revproxy.brown.edu.libt.cf

shibboleth.nyu.edu.reactivation.in

login.revproxy.brown.edu.login.revproxy.brown.edu.libt.cf

weblogin.pennkey.upenn.edu.reactivation.in

webmail.reactivation.in

www.ezlibproxy1.ntu.edu.sg.reactivation.in

www.ezpa.library.ualberta.ca.reactivation.in

www.lib.just.edu.jo.reactivation.in

www.passport.pitt.edu.reactivation.in

shib.ncsu.ulibr.cf/

www.shibboleth.nyu.edu.reactivation.in

www.weblogin.pennkey.upenn.edu.reactivation.in

ezlibproxy1.ntu.edu.sg.reactivation.in

login.revproxy.brown.edu.libt.cf

weblogin.umich.edu.lib2.ml

catalog.sju.edu.mncr.tk

ezpa.library.ualberta.ca.reactivation.in

lib.just.edu.jo.reactivation.in

login.ezproxy.lib.purdue.edu.reactivation.in

login.libproxy.temple.shibboleth2.uchicago.ulibr.cf

shib.ncsu.shibboleth2.uchicago.ulibr.cf

shibboleth2.uchicago.shibboleth2.uchicago.ulibr.cf

singlesignon.gwu.shibboleth2.uchicago.ulibr.cf

webauth.ox.ac.uk.shibboleth2.uchicago.ulibr.cf

edu.libt.cf

login.libproxy.temple.ulibr.cf

shib.ncsu.ulibr.cf

singlesignon.gwu.ulibr.cf

webauth.ox.ac.uk.ulibr.cf

library.cornell.ulibr.ga

login.ezproxy.gsu.ulibr.ga

shibboleth2.uchicago.ulibr.cf

login.library.nyu.ulibr.ga

mail.ulibr.ga

webcat.lib.unc.ulibr.ga

www.ulibr.ga

www.alexandria.rice.ulibr.ga

www.cmich.ulibr.ga

www.columbia.ulibr.ga

www.ezproxy-authcate.lib.monash.ulibr.ga

www.ezproxy-authcate.monash.lib.ulibr.ga

www.ezproxy-f.deakin.au.ulibr.ga

www.lib.dundee.ac.uk.ulibr.ga

www.library.cornell.ulibr.ga

www.login.ezproxy.gsu.ulibr.ga

www.login.library.nyu.ulibr.ga

auth.berkeley.edu.libna.ml

sso.lib.uts.edu.au.libna.ml

bb.uvm.edu.cvre.tk

cline.lib.nau.edu.cvre.tk

illiad.lib.binghamton.edu.cvre.tk

libcat.smu.edu.cvre.tk

login.brandeis.edu.cvre.tk

msim.cvre.tk

libcat.library.qut.nsae.ml

www.webcat.lib.unc.ulibr.ga

Sample domains known to have been involved in the campaign:

mlibo.ml

blibo.ga

azll.cf

azlll.cf

lzll.cf

jlll.cf

elll.cf

lllib.cf

tsll.cf

ulll.tk

tlll.cf

libt.ga

libk.ga

libf.ga

libe.ga

liba.gq

libver.ml

ntll.tk

ills.cf

vtll.cf

clll.tk

stll.tk

llii.xyz

lill.pro

eduv.icu

univ.red

unir.cf

unir.gq

unisv.xyz

unir.ml

unin.icu

unie.ml

unip.gq

unie.ga

unip.cf

nimc.ga

nimc.ml

savantaz.cf

unie.gq

unip.ga

unip.ml

unir.ga

untc.me

jhbn.me

unts.me

uncr.me

lib-service.com

unvc.me

untf.me

nimc.cf

anvc.me

ebookfafa.com

nicn.gq

untc.ir

librarylog.in

llli.nl

lllf.nl

libg.tk

ttil.nl

llil.nl

lliv.nl

llit.site

flil.cf

e-library.me

cill.ml

fill.cf

libm.ga

eill.cf

llib.cf

eill.ga

nuec.cf

illl.cf

cnen.cf

aill.nl

eill.nl

mlib.cf

ulll.cf

nlll.cf

clll.nl

llii.cf

etll.cf

1edu.in

aill.cf

atna.cf

atti.cf

aztt.tk

cave.gq

ccli.cf

cnma.cf

cntt.cf

crll.tk

csll.cf

ctll.tk

cvnc.ga

cvve.cf

czll.tk

cztt.tk

euca.cf

euce.in

ezll.tk

ezplog.in

ezproxy.tk

eztt.tk

flll.cf

iell.tk

iull.tk

izll.tk

lett.cf

lib1.bid

lib1.pw

libb.ga

libe.ml

libg.cf

libg.ga

libg.gq

libloan.xyz

libnicinfo.xyz

libraryme.ir

libt.ml

libu.gq

lill.gq

llbt.tk

llib.ga

llic.cf

llic.tk

llil.cf

llit.cf

lliv.tk

llse.cf

ncll.tk

ncnc.cf

nctt.tk

necr.ga

nika.ga

nsae.ml

nuec.ml

rill.cf

rnva.cf

rtll.tk

sctt.cf

shibboleth.link

sitl.tk

slli.cf

till.cf

titt.cf

uill.cf

uitt.tk

ulibe.ml

ulibr.ga

umlib.ml

umll.tk

uni-lb.com

unll.tk

utll.tk

vsre.cf

web2lib.info

xill.tk

zedviros.ir

zill.cf 

Sample IPs known to have been involved in the campaign:

103.241.3.91

104.152.168.23

107.180.57.7

107.180.58.47

138.201.17.56

144.217.120.73

144.76.189.80

162.218.237.3

167.114.103.215

173.254.239.2

176.31.33.115

178.33.115.10

184.95.37.90

185.105.185.22

185.28.21.83

185.55.227.104

185.86.180.250

188.40.34.186

193.70.117.250

195.154.102.75

198.252.106.149

198.91.81.5

199.204.187.164

31.220.20.111

66.70.197.208

78.46.77.105

79.175.181.11

82.102.15.215

87.98.249.207

88.99.139.8

88.99.160.209

88.99.40.240

88.99.69.4

93.174.95.64

94.76.204.201

136.243.145.233

136.243.198.45

141.8.224.221

148.251.116.93

148.251.12.172

162.218.237.31

167.114.13.164

172.246.144.34

173.254.239.217

6.31.33.115

176.31.33.116

176.9.188.235

85.28.21.83

185.28.21.95

192.169.82.134

198.27.68.142

198.91.81.51

45.35.33.126

46.4.91.26

5.135.123.163

5.196.194.234

51.254.198.131

51.254.21.142

79.175.181.118

88.99.128.229

88.99.139.88

88.99.69.49

3.174.95.64

Stay tuned!

Continue reading →

Dancho Danchev's Law Enforcement and OSINT Operation "Uncle George" - An Update

Dear blog readers,

I wanted to take the time and effort and elaborate more on some of the current activities behind my currently ongoing Law Enforcement and OSINT Operation "Uncle George" where I've managed to process and actively crawl approximately 1M of publicly accessible cybercrime forum community web sites for the purpose of enriching and actually distributing the Data Set to interested parties with the idea to assist U.S Law Enforcement and the U.S Intelligence Community on its way to properly respond to track down and prosecute the cybercriminals behind these campaigns.

The current state of Law Enforcement and OSINT Operation "Uncle George" is that I've been approached by several vendors including independent researchers who expressed interest in obtaining access to the Data Set for the purpose of data mining and enriching it.

I've also decided to share some recently produced graphs which basically represent a decent portion of popular keywords and topics that cybercriminals are busy discussing on the communities found in the original Law Enforcement and OSINT operation "Uncle George" cybercrime forum Data Set.

Users organizations and vendors interested in obtaining access to the Cybercrime Forum Data Set for 2019 can approach me at dancho.danchev@hush.com and I'd be happy to share a copy for research purposes and the actual enrichment process.

Sample screenshots of active cybercrime research intelligence and clustered words produced by me while working on my Law Enforcement and OSINT Operation "Uncle George":

Stay tuned!

Continue reading →

Dancho Danchev's Disappearance - 2010 - Official Complaint Against Republic of Bulgaria - Part Two

Dear blog readers,

This is a quick note on my current situation in my home town in Troyan Bulgaria where I was originally kidnapped and home molested by three police offers from the local police department who stole my ID from my place and with no witnesses escorted my and locked me in a room in another town for a period of several months and injected me on a daily basis without anyone's knowledge and with no legal action and legal consequences from anyone including anyone from Republic of Bulgaria.

Bulgarian name of people involved in my kidnapping and illegal arrest including robbery 5 years later that used to act as local police inspectors in Troyan Police, Bulgaria circa 2010:

• Марин Моев Маринов
• Павлин Стоянов Георгиев
• Красимир Михов Колев
• Тихомир Найденов Славков\
• Стефан Иванов Милев
• Анатоли Пламенов Трифонов
• Станимир Цочев Инковски
• Иван Недялков Иванов
• Мирослав Стойков Михайлов
• Васил Моев Гачевски
• Божидар Банков Петров
• Веско Цветанов Минков
• Момчил Стефанов Цочев
• Минко Стоянов Минков
• Георги Митков Илиев

Sample personal photo of my personal kidnapper circa 2010 from my place in Troyan, Bulgaria - Павлин Стоянов Георгиев (https://www.facebook.com/profile.php?id=100005932519460):

Primary points of contacts in case someone is worried about well-being and whereabouts in this case should be:

Email: dans@dans.bg

Telefon za korupciq na slujiteli na MVR - 02 / 982 22 22

GDBOP - Signal za korupciq i izpirane na pari - gdbop@mvr.bg

Nachalnik RPU Troyan - rutr.lo@mvr.bg

Troyan Police - Email: police_troyan@abv.bg

Troyan Hospital - Email: mbal_troyan@abv.bg

Lovech Psychiatry Clinic - Email: dpblovech@abv.bg 

Troyan Municipality - Email: mail@troyan.bg

Related reading:

Dancho Danchev's Disappearance - 2010 - Official Complaint Against Republic of Bulgaria

How I Got Robbed and Beaten and Illegally Arrested by a Local Troyan Gang in Bulgaria?

Dancho Danchev's 2010 Disappearance - An Elaboration - Part Two

Continue reading →

Historical OSINT - Exposing Bulgaria circa 2008-2013 - An OSINT Analysis

Missing Durzhavna Sigurnost? Worry about your IP (Intellectual Property) as if it was U.S National Security? Did the Klingons did it? Keep reading.

asen.kumanov@dans.bg

milko.milenov@dans.bg

miroslav.tsvetkov@dans.bg

tsvetan.kitov@dans.bg

Continue reading →