Exposing a Currently Active Domain Portfolio Managed and Operated by Members of the Ashiyane Digital Security Team - An OSINT Analysis

Note: This OSINT analysis has been originally published at my current employer's Web site - https://whoisxmlapi.com where I'm currently acting as a DNS Threat Researcher since January, 2021.

We’ve decided to take a closer look at the current and historical domain portfolio managed and operated by members of Iran’s Ashiyane Digital Security Team using Maltego in combination with WhoisXML API’s integration for the purpose of providing actionable threat intelligence including to assist fellow researchers vendors and organization on their way to track down and monitor the Internet connected infrastructure of key members of Iran’s Ashiyane Digital Security Team for the purpose of monitoring it and attempting to take it offline.

In this article we’ll provide actionable intelligence on some of the currently active domains managed run and operated by Iran’s Ashiyane Digital Security Team with the idea to assist fellow researchers vendors and organizations on their way to track down and monitor the infrastructure managed run and operated by Iran’s Ashiyane Digital Security Team.

A list of currently active domain portfolio known to be managed and operated by members of Iran’s Ashiyane Digital Security Team:

life-guard[.]ir

sepahan-trans[.]ir

kashanit[.]ir

websazangroup[.]ir

namvarnameybastan[.]ir

ashiyane-ads[.]com

tamamkar-chalous[.]ir

padidehafagh[.]com

padideafagh[.]com

bahmanshahreza[.]com

vatanpaydar[.]com

pkpersian[.]net

xn--wgba3di6y7p[.]com

jonoobhost[.]net

mahmoudbahmani[.]ir

piremehr[.]ir

shahrepars[.]ir

3diamond[.]ir

mhdcard[.]com

ashiyanecrm[.]com

tabta2[.]com

ashiyane-bot[.]ir

projejob[.]ir

rizone[.]ir

iedb[.]ir

unmobile[.]ir

razmaraa[.]ir

tabrizigold[.]ir

galleryfirozeh[.]ir

foroozanborj[.]ir

unicornart[.]ir

rahnamayeiran[.]ir

iranhack[.]ir

shomalbeauty[.]ir

andishehig[.]ir

meelk[.]ir

tamamkar-sari[.]ir

namehybastan[.]ir

chemiiran[.]ir

A list of currently active domain portfolio known to have been registered managed and operated by members of Iran’s Ashiyane Digital Security Team:

websazanco[.]ir

rahnamayeiran[.]ir

maz-laa[.]ir

esnikan[.]ir

foroozanborj[.]ir

royall-shop[.]ir

ashiyane[.]ir

chemiiran[.]ir

account-yahoo[.]com

arshiasanat-babol[.]ir

ashiyane-ads[.]com

jahandarco[.]ir

momtazbarbari[.]ir

pouyaandishan-mazand[.]ir

shomalbeauty[.]ir

tractorsazi[.]com

aleyaasin[.]com

farsmarket[.]com

englishdl[.]com

zproje[.]ir

projejob[.]ir

songdownload[.]ir

ashiyanesms[.]com

ihybrid[.]us

drsjalili[.]com

ashiyane[.]org

ashiyanecrm[.]com

ashiyanehost[.]com

ashiyanex[.]com

rasht-samacollege[.]ir

instapacks[.]ir

bahmanshahreza[.]com

shaahreza[.]com

shahrezanews[.]com

taktaweb[.]net

javannovin[.]com

padidehafagh[.]com

padideafagh[.]com

sahebnews[.]com

nasiri[.]info

taktaweb[.]org

bamemar[.]com

talakesht[.]com

sepahan-trans[.]ir

opencart5[.]ir

rasulsh[.]ir

kashanit[.]ir

facebooktu[.]com

life-guard[.]ir

pr0grammers[.]ir

lammer[.]ir

sepahantrans[.]ir

facecode[.]ir

iranhack[.]org

aryanenergy[.]org

khsmt-sabzevar[.]com

orveh[.]com

tipec[.]org

iranhack[.]ir

shantya3d[.]ir

razmaraa[.]ir

soroshland[.]ir

galleryfirozeh[.]ir

unicornart[.]ir

shahrepars[.]ir

3diamond[.]ir

ashiyane-bot[.]ir

mahmoudbahmani[.]ir

piremehr[.]ir

dcligner[.]com

tabta2[.]com

chipiran[.]org

ashiyanebot[.]ir

bnls[.]ir

lamroid[.]com

persiandutyfree[.]com

iran3erver[.]com

hivacom[.]com

irantwitter[.]com

persian-pasargad[.]com

chatafg[.]com

kasraprofile[.]com

gharnict[.]com

minachoob[.]com

gigmeg[.]com

shoka-chat[.]com

serajmehr[.]com

asrarweb[.]com

niazezamuneh[.]com

sana-mobile[.]com

rizone[.]ir

iedb[.]ir

unmobile[.]ir

progmans[.]com

design84u[.]com

istgah-salavati[.]com

iranhack[.]net

shantya3d[.]com

kamelannews[.]com

rangeshab[.]com

dihim[.]com

hdphysics[.]com

cgsolar[.]net

vahidelmi[.]ir

maincoretechnology[.]com

bastanteam[.]com

vvfa[.]com

Irsecteam[.]org

We’ll continue to monitor for new domain registrations courtesy of Iran’s Ashiyane Digital Security Team and we’ll post updates as soon as new developments take place.

Stay tuned!

Continue reading →

Exposing a Currently Active Free Rogue VPN Domains Portfolio Courtesy of the NSA - An OSINT Analysis

Note: This OSINT analysis has been originally published at my current employer's Web site - https://whoisxmlapi.com where I'm currently acting as a DNS Threat Researcher since January, 2021.

We’ve recently came across to a currently active free VPN domains portfolio which based on ourn research and publicly accessible sources appears to be run and operated by the NSA where the ultimate goal would be to trick users into using these rogue and bogus free VPN service providers in particular Iran-based users where the ultimate goal would be to monitor an eavesdrop on their Internet activities and we’ve decided to take a deeper look inside the Internet-connected infrastructure of these domains and offer practical and relevant threat intelligence and cyber attack attribution details on the true origins of the campaign.

In this case study we’ll offer practical and relevant technical information on the Internet-connected infrastructure of this campaign with the idea to assist the security community on its way to track down and monitor this campaign including to offer actual cyber attack and cyber campaign attribution clues which could come handy to a security researcher or a threat intelligence analyst on their way to track down and monitor the campaign.

Original rogue portfolio of fake VPN service domains courtesy of the NSA:

bluewebx[.]com

bluewebx[.]us

irs1[.]ga

iranianvpn[.]net

IRSV[.]ME

DNSSPEEDY[.]TK

ironvpn[.]tk

ironvpn[.]pw

irgomake[.]win

make-account[.]us

make-account[.]ir

IRANTUNEL[.]COM

JET-VPN[.]COM

newhost[.]ir

homeunix[.]net

vpnmakers[.]com

hidethisip[.]info

uk[.]myfastport[.]com

witopia[.]net

worldserver[.]in

music30ty[.]net

misconfused[.]org

privatetunnel[.]com

aseman-sky[.]in

Related domain registrant email addresses known to have been involved in the campaign:

zodaraxe@yandex[.]com

2alfaman@gmail[.]com

rossma@aliyun[.]com

uletmed@gmail[.]com

xy168899@gmail[.]com

baoma123654@gmail[.]com

88guaji@gmail[.]com

deshintawiida@gmail[.]com

2710282345@qq[.]com

youji364558@163[.]com

ngelaa337@gmail[.]com

THEPOUTHOOEB@HOTMAIL[.]COM

michalrestl@email[.]cz

cfwwx2@126[.]com

20702176@qq[.]com

ljytyhdeai@foxmail[.]com

2140426952@qq[.]com

marocsofiane20@gmail[.]com

17891750@qq[.]com

moniqueburorb@yahoo[.]com

rayyxy@163[.]com

chaxun@dispostable[.]com

Related domains known to have been involved in the campaign:

gaysexvideo[.]us

keezmovies[.]us

hitporntube[.]com

enjoyfreesex[.]com

allfreesextube[.]com

thegaytubes[.]com

sextubeshop[.]com

pornfetishexxx[.]com

ebonypornox[.]com

freepornpig[.]com

marriagesextube[.]com

searchporntubes[.]com

suckporntube[.]com

darlingmatures[.]com

pornretrotube[.]com

teensexfusion[.]net

rough18[.]us

teendorf[.]us

1retrotube[.]com

typeteam[.]com

biosextube[.]com

hadcoreporntube[.]com

reporntube[.]com

telltake[.]com

asianprivatetube[.]com

hostednude[.]com

alfaporn[.]com

sexbring[.]com

porntubem[.]com

newerotictube[.]com

firstretrotube[.]com

oralsexlove[.]com

1bdsmtubes[.]com

hairytubeporn[.]com

brunettetubex[.]com

tubelatinaporn[.]com

xxxgaytubes[.]com

analxxxvideo[.]com

analsexytube[.]com

aeroxxxtube[.]com

amateurpornlove[.]com

admingay[.]com

xxxretrotube[.]com

xxxshemaletubes[.]com

hotpornstartube[.]com

firsttrannytube[.]com

erotixtubes[.]com

1pornstartube[.]com

1asiantube[.]com

18mpegs[.]com

maturediva[.]com

elitematures[.]com

vipmatures[.]com

pcsextube[.]com

porn-vote[.]com

pornbrunettes[.]com

maturedtube[.]com

alfatubes[.]com

maturetubesexy[.]com

justhairyporn[.]com

hotblowjobporn[.]com

homemadetubez[.]com

homemadexx[.]com

golesbiansex[.]com

fuck-k[.]com

freebdsmxxx[.]com

emeraldporntube[.]com

dosextube[.]com

bigtitslove[.]com

yoursex[.]sexy

tubez[.]sexy

japaneseporn[.]win

hdfuck[.]me

tubelesbianporn[.]com

vipebonytube[.]com

vipamateurtube[.]com

largematuretube[.]com

latinosextube[.]com

xxxhardest[.]com

tubebigtit[.]com

tubesexa[.]com

realfetishtube[.]com

pornways[.]com

Related domains known to have been involved in the campaign:

qhbzkj[.]cn

mmbrbdf[.]cn

daosidanbao[.]cn

txxutmgs[.]cn

sdhsyl[.]cn

butrxmgp[.]cn

aiin[.]com[.]cn

xuxinwuliu[.]cn

qaqbhvnb[.]cn

hnldfm[.]cn

tjtyfs[.]cn

china-sum[.]com

bjyfjh[.]cn

lianstea[.]cn

shufaxuetang[.]cn

wdjjsc[.]cn

hjstory[.]cn

domcc[.]cn

918mzj[.]com

chninvest[.]cn

jfcng[.]com

nksale[.]cn

davidzhu[.]cn

tswfg[.]cn

realpornmovies[.]xyz

freepornosvideo[.]xyz

xxxpornomovies[.]xyz

sexbring[.]com

discountsale[.]xyz

howmanyweeksinayear[.]net

nutridot[.]xyz

doomyaffiliate[.]com

gacha3[.]online

hollybox[.]store

slimevideoyoutube[.]com

gooogle[.]site

vtrpic[.]com

hg301[.]com

pornvv[.]com

voonage[.]com

pornonada[.]com

uscab[.]com

pornoporntube[.]com

beaces[.]com

spaziotorte[.]com

spermix[.]com

eyew[.]com

pornky[.]com

cosmos-nc[.]com

pornlow[.]com

topbridal[.]com

coolporntube[.]com

pornotubevideos[.]com

freshporntv[.]com

pornushkin[.]com

pornodayiz[.]com

fjser[.]com

egreenfusion[.]com

ahbest[.]net

cvm[.]cn

spccsd[.]com

kozw[.]com

finalyearprojects[.]net

ylciyuiw[.]com

ylcimgsm[.]com

ylcddldz[.]com

ylchzhvb[.]com

rhshh[.]cn

ylcksqag[.]com

coodj[.]com

ylckigoa[.]com

qzguangda[.]com

ylcawqoq[.]com

laohe360[.]net

ylcxzlxd[.]com

miracure-bio[.]com

nmhxt[.]com

bjaiweiyi[.]com

hermankardon[.]com

ybcvideo[.]com

vindowsad[.]net

hpimsummit[.]com

wilmassage[.]com

cpfpz[.]com

gaysexvideo[.]us

keezmovies[.]us

ylcaiyay[.]com

lewan123[.]com

tbtmzk[.]com

haigouusa[.]com

ztmzp[.]com

hacctv[.]com

zuikuho[.]com

enping1[.]com

xgfxw[.]com

xzkywx[.]com

alotof-people[.]com

choreographyourhealth[.]us

acwt[.]us

somethinglovely[.]us

onlinestock-investing[.]us

lionheartgallery[.]us

host4bit[.]us

computerpartsdirect[.]us

sjb152[.]com

sjb513[.]com

sjb073[.]com

sjb458[.]com

sjb632[.]com

sjb272[.]com

sjb190[.]com

bighank[.]com

funskip[.]com

funnyjp[.]com

n6i[.]com

forgoodfuture[.]com

dzhfgj[.]cn

wbag[.]com

ceducation[.]cn

ahound[.]com

kenchu[.]net

bigsaks[.]com

7l0[.]com

psichiomega[.]us

blankparkzoo[.]us

ujdah[.]us

my-ask[.]com

yourtutor[.]us

cbdemon[.]us

anweigps[.]cn

szdjt[.]cn

yooyle[.]com[.]cn

maturediva[.]com

ccy-sj[.]com[.]cn

ntdoc[.]cn

024jk[.]cn

cd8888[.]cn

tlmlj[.]cn

bjostore[.]com

lockhan[.]cn

yangqiu[.]cn

bigaq[.]com

szca[.]org[.]cn

cnturtle[.]com[.]cn

gzycdz[.]cn

pdshdzz[.]cn

zhjzzz[.]cn

szms678[.]com[.]cn

taifengzd[.]com

100airport[.]cn

rtchache[.]com

dtcs[.]com[.]cn

szhychem[.]cn

lqqz[.]net

hyfk[.]net

geoer[.]cn

jjzyhhy[.]cn

goroog[.]cn

ey-x[.]com

yabtsf[.]cn

blzyds[.]cn

dgtdzs[.]cn

118km[.]cn

ad-cct[.]com

52huimin[.]com

zeshangze[.]com

0971jz[.]com

scxzt[.]cn

sjzxwg[.]cn

yhyizhneit[.]com

51hikao[.]com

holomovie[.]xyz

alisale[.]xyz

itangv[.]com

qhlqq[.]com

pdsyicheng[.]com

sjb925[.]com

sjb312[.]com

sjb301[.]com

yun034[.]com

zhc240[.]com

youpindaojia[.]cn

We’ll continue monitoring the campaign and post updates as soon as new developments take place

Stay tuned!

Continue reading →

Exposing a Currently Active List of Iran-Based Hacker and Hacker Team's Handles - An OSINT Analysis

Dear blog readers,

I've decided to share with everyone a currently active list of Iran-based hacker and hacker team's handles which could greatly assist in possible cyber attack attribution campaigns including cyber threat actor attribution campaigns.

Sample currently active Iran-based hacker and hacker team's handles currently used in massive or targeted Web site defacement campaigns:

[7] || Hacked By Reza_Blz |||| Hacked By Reza_Blz||

[8] .:: Hacked By M4st3r_4w4r3 ::.

[9] ...:: Hacked By Wonted ::....

[10] Hacked By Cair3x

[11] =====Hacked By Aref ====

[12] Hacked By alipc1

[13] Hacked By BrainBoy

[14] Hacked By Mr.Bami

[15] Hacked !? /Cyber Terrorist

[16] Hacked By SaMiR

[17] Hacked By Remove !

[18] HaCkEd By ArMaN InvIsIbLe

[19] Hacked by Original-Hackers

[20] Hacked By : MSN-HACKER

[21] [Hacked..By..Number14]

[22] Hacked By: D4rk_Kn1ght U

[23] [ Hacked By Sootak ]

[24] Hacked By Dr.Root

[25] Hacked By Cocain TeaM

[26] Hacked By Tir3x

[27] ..::HACKED BY MsU360::..

[28] >> HaCKed By MoHSenSUnBOY

[29] Hacked By GHOST

[30] Hacked By Dedmaster

[31] Hacked By amob07

[32] *** HACKED BY PUNISHER ***

[33] Hacked by Hellboy Group

[34] Hacked By infohooman

[35] HacKeD By Cair3x

[36] Hacked By H3LL BOY$

[37] HACKED BY PERSIAN DALTONS

[38] Hacked By MuteMove... !!!

[39] HAcKed By Karaji_kt21

[40] HaCKeD By rootqurd

[41] HaCkEd By ArMaN InvIsIbLe

[42] Hacked By Delta

[43] HACKED BY H3X73L

[44] [ Hacked By SHIA ]

[45] Hacked By SaeedSaaDi

[46] Hacked By #RooTer ;)

[47] [ Hacked By OptiShock ]

[48] Hacked By DevilZ TM

[49] Hacked By Busy Hacker

[50] Hacked By T3rr0r

[51] Hacked By nitROJen

[52] .:: HACKED BY ESSAJI ::.

[53] Hacked By : DangerMan

[54] Hacked By Security Team

[55] Hacked By Solt6n

[56] Hacked by R3d ErRor

[57] HacKeD By Cca

[58] Hacked by Arash Cyber

[59] Hacked By Never More !

[60] ||| Hacked by Afghan Hacker |||

[61] Hacked By Sianor

[62] ---==[ Hacked By MoHaMaD VakeR ]==---

[63] Hacked by Msu360

[64] HACKED BY Anti Shakh !

[65] -=: Hacked By kazi_root :=-

[66] Hacked By DevilZ TM

[67] Hacked By SaMiR

[68] Hacked By Dr.Pantagon

[69] hacked by inJenious

[70] Hacked by D3stroyer

[71] ::: Hacked By ArvinHacker :::

[72] Hacked By ShakafTeam

[73] HACKED BY B!0S

[74] Hacked By Tink3r

[75] Hacked By DevilZ TM

[76] HacKeD By Cair3x

[77] Hacked By Cyber Saboteur

[78] HACKED By Shadow.hacker

[79] -=[ HaCked By TBH ]=-

[80] -=: Hacked By two wolfs :=-

[81] << HACKED by Ali.ERROOR >>

[82] XPERSIA(HACKED BY HACKER)

[83] ????? Hacked By AR3S ?????|| HackeD By AR3S ||HACKED BY AR3S

[84] Hacked By ParsiHacker Security Team

[85] ::... This Site Hacked By TerminatoR

[86] [Hacked by Black hat group ]

[87] HaCked By Shishe security team=====

[88] THIS SITE HACKED BY dani.love666

[89] ::. HACKED BY TODAY PROGRAM GROUP .::

[90] .:hack_really:. hacked by firehackers hack_really

[91] -= Hacked By IrIsT Security Team =-

[92] Hacked By Loooooord Hacking Team

[93] HaCkEd By Anti Security Team

[94] .:::: Hacked By IRaNHaCK Security Team ::::.

[95] This Site Hacked by DiaGraM

[96] .:::: Hacked By IRaNHaCK Security Team ::::.

[97] ????? Hacked By kingback ?????

[98] o--[ Hacked By devilzc0der ]--o

[99] --= Hacked By Hijack Security Team =--

[0] || Hacked By Reza_Blz |||| Hacked By Reza_Blz||

[1] .:: Hacked By M4st3r_4w4r3 ::.

[2] ...:: Hacked By Wonted ::....

[3] Hacked By Cair3x

[4] =====Hacked By Aref ====

[5] Hacked By alipc1

[6] Hacked By BrainBoy

[7] Hacked By Mr.Bami

[8] Hacked By SaMiR

[9] Hacked By Remove !

[10] HaCkEd By ArMaN InvIsIbLe

[11] Hacked by Original-Hackers

[12] Hacked By : MSN-HACKER

[13] [Hacked..By..Number14]

[14] Hacked By: D4rk_Kn1ght U

[15] [ Hacked By Sootak ]

[16] Hacked By Dr.Root

[17] Hacked By Cocain TeaM

[18] Hacked By Tir3x

[19] ..::HACKED BY MsU360::..

[20] >> HaCKed By MoHSenSUnBOY

[21] Hacked By GHOST

[22] Hacked By Dedmaster

[23] Hacked By amob07

[24] *** HACKED BY PUNISHER ***

[25] Hacked by Hellboy Group

[26] Hacked By infohooman

[27] HacKeD By Cair3x

[28] Hacked By H3LL BOY$

[29] HACKED BY PERSIAN DALTONS

[30] Hacked By MuteMove... !!!

[31] HAcKed By Karaji_kt21

[32] HaCKeD By rootqurd

[33] HaCkEd By ArMaN InvIsIbLe

[34] Hacked By Delta

[35] HACKED BY H3X73L

[36] [ Hacked By SHIA ]

[37] Hacked By SaeedSaaDi

[38] Hacked By #RooTer ;)

[39] [ Hacked By OptiShock ]

[40] Hacked By DevilZ TM

[41] Hacked By Busy Hacker

[42] Hacked By T3rr0r

[43] Hacked By nitROJen

[44] .:: HACKED BY ESSAJI ::.

[45] Hacked By : DangerMan

[46] Hacked By Security Team

[47] Hacked By Solt6n

[48] Hacked by R3d ErRor

[49] HacKeD By Cca

[50] Hacked by Arash Cyber

[51] Hacked By Never More !

[52] ||| Hacked by Afghan Hacker |||

[53] Hacked By Sianor

[54] ---==[ Hacked By MoHaMaD VakeR ]==---

[55] Hacked by Msu360

[56] HACKED BY Anti Shakh !

[57] -=: Hacked By kazi_root :=-

[58] Hacked By DevilZ TM

[59] Hacked By SaMiR

[60] Hacked By Dr.Pantagon

[61] hacked by inJenious

[62] Hacked by D3stroyer

[63] ::: Hacked By ArvinHacker :::

[64] Hacked By ShakafTeam

[65] HACKED BY B!0S

[66] Hacked By Tink3r

[67] Hacked By DevilZ TM

[68] HacKeD By Cair3x

[69] Hacked By Cyber Saboteur

[70] HACKED By Shadow.hacker

[71] -=[ HaCked By TBH ]=-

[72] -=: Hacked By two wolfs :=-

[73] << HACKED by Ali.ERROOR >>

[74] XPERSIA(HACKED BY HACKER)

[75] [ Hacked ! ]

[76] Hacked

[77] ????? Hacked By AR3S ?????|| HackeD By AR3S ||HACKED BY AR3S

[78] Hacked

[79] Hacked By ParsiHacker Security Team

[80] ::... This Site Hacked By TerminatoR

[81] [Hacked by Black hat group ]

[82] HaCked By Shishe security team=====

[83] THIS SITE HACKED BY dani.love666

[84] ::. HACKED BY TODAY PROGRAM GROUP .::

[85] .:hack_really:. hacked by firehackers hack_really

[86] -= Hacked By IrIsT Security Team =-

[87] Hacked By Loooooord Hacking Team

[88] HaCkEd By Anti Security Team

[89] .:::: Hacked By IRaNHaCK Security Team ::::.

[90] This Site Hacked by DiaGraM

[91] .:::: Hacked By IRaNHaCK Security Team ::::.

[92] ????? Hacked By kingback ?????

[93] o--[ Hacked By devilzc0der ]--o

[94] --= Hacked By Hijack Security Team =--

[95] [ Hacked By Root Security Team ]

[96] Hacked By Iran Security Team

[97] .:::HACKED BY $py_F!$K3|2:::.

[98] HaCkEd By vahshatestan Security Team

[99] HACKED BY Mr,farshad,and.skote_vahshat

[0] Hacked!

[1] HACKED !

[2] Hacked!

[3] Hacked

[4] [ Hacked ! ]

[5] Hacked

[6] Hacked By Nob0dy

[7] || Hacked By Reza_Blz |||| Hacked By Reza_Blz||

[8] .:: Hacked By M4st3r_4w4r3 ::.

[9] ...:: Hacked By Wonted ::....

[10] Hacked By Cair3x

[11] =====Hacked By Aref ====

[12] Hacked By alipc1

[13] Hacked By BrainBoy

[14] Hacked By Mr.Bami

[15] Hacked !? /Cyber Terrorist

[16] Hacked By SaMiR

[17] Hacked By Remove !

[18] HaCkEd By ArMaN InvIsIbLe

[19] Hacked by Original-Hackers

[20] Hacked By : MSN-HACKER

[21] [Hacked..By..Number14]

[22] Hacked By: D4rk_Kn1ght U

[23] [ Hacked By Sootak ]

[24] Hacked By Dr.Root

[25] Hacked By Cocain TeaM

[26] Hacked By Tir3x

[27] ..::HACKED BY MsU360::..

[28] >> HaCKed By MoHSenSUnBOY

[29] Hacked By GHOST

[30] Hacked By Dedmaster

[31] Hacked By amob07

[32] *** HACKED BY PUNISHER ***

[33] Hacked by Hellboy Group

[34] Hacked By infohooman

[35] HacKeD By Cair3x

[36] Hacked By H3LL BOY$

[37] HACKED BY PERSIAN DALTONS

[38] Hacked By MuteMove... !!!

[39] HAcKed By Karaji_kt21

[40] HaCKeD By rootqurd

[41] HaCkEd By ArMaN InvIsIbLe

[42] Hacked By Delta

[43] HACKED BY H3X73L

[44] [ Hacked By SHIA ]

[45] Hacked By SaeedSaaDi

[46] Hacked By #RooTer ;)

[47] [ Hacked By OptiShock ]

[48] Hacked By DevilZ TM

[49] Hacked By Busy Hacker

[50] Hacked By T3rr0r

[51] Hacked By nitROJen

[52] .:: HACKED BY ESSAJI ::.

[53] Hacked By : DangerMan

[54] Hacked By Security Team

[55] Hacked By Solt6n

[56] Hacked by R3d ErRor

[57] HacKeD By Cca

[58] Hacked by Arash Cyber

[59] Hacked By Never More !

[60] ||| Hacked by Afghan Hacker |||

[61] Hacked By Sianor

[62] ---==[ Hacked By MoHaMaD VakeR ]==---

[63] Hacked by Msu360

[64] HACKED BY Anti Shakh !

[65] -=: Hacked By kazi_root :=-

[66] Hacked By DevilZ TM

[67] Hacked By SaMiR

[68] Hacked By Dr.Pantagon

[69] hacked by inJenious

[70] Hacked by D3stroyer

[71] ::: Hacked By ArvinHacker :::

[72] Hacked By ShakafTeam

[73] HACKED BY B!0S

[74] Hacked By Tink3r

[75] Hacked By DevilZ TM

[76] HacKeD By Cair3x

[77] Hacked By Cyber Saboteur

[78] HACKED By Shadow.hacker

[79] -=[ HaCked By TBH ]=-

[80] -=: Hacked By two wolfs :=-

[81] << HACKED by Ali.ERROOR >>

[82] XPERSIA(HACKED BY HACKER)

[83] ????? Hacked By AR3S ?????|| HackeD By AR3S ||HACKED BY AR3S

[84] Hacked By ParsiHacker Security Team

[85] ::... This Site Hacked By TerminatoR

[86] [Hacked by Black hat group ]

[87] HaCked By Shishe security team=====

[88] THIS SITE HACKED BY dani.love666

[89] ::. HACKED BY TODAY PROGRAM GROUP .::

[90] .:hack_really:. hacked by firehackers hack_really

[91] -= Hacked By IrIsT Security Team =-

[92] Hacked By Loooooord Hacking Team

[93] HaCkEd By Anti Security Team

[94] .:::: Hacked By IRaNHaCK Security Team ::::.

[95] This Site Hacked by DiaGraM

[96] .:::: Hacked By IRaNHaCK Security Team ::::.

[97] ????? Hacked By kingback ?????

[98] o--[ Hacked By devilzc0der ]--o

[99] --= Hacked By Hijack Security Team =--

[6] Hacked By Nob0dy

[7] || Hacked By Reza_Blz |||| Hacked By Reza_Blz||

[8] .:: Hacked By M4st3r_4w4r3 ::.

[9] ...:: Hacked By Wonted ::....

[10] Hacked By Cair3x

[11] =====Hacked By Aref ====

[12] Hacked By alipc1

[13] Hacked By BrainBoy

[14] Hacked By Mr.Bami

[15] Hacked !? /Cyber Terrorist

[16] Hacked By SaMiR

[17] Hacked By Remove !

[18] HaCkEd By ArMaN InvIsIbLe

[19] Hacked by Original-Hackers

[20] Hacked By : MSN-HACKER

[21] [Hacked..By..Number14]

[22] Hacked By: D4rk_Kn1ght U

[23] [ Hacked By Sootak ]

[24] Hacked By Dr.Root

[25] Hacked By Cocain TeaM

[26] Hacked By Tir3x

[27] ..::HACKED BY MsU360::..

[28] >> HaCKed By MoHSenSUnBOY

[29] Hacked By GHOST

[30] Hacked By Dedmaster

[31] Hacked By amob07

[32] *** HACKED BY PUNISHER ***

[33] Hacked by Hellboy Group

[34] Hacked By infohooman

[35] HacKeD By Cair3x

[36] Hacked By H3LL BOY$

[37] HACKED BY PERSIAN DALTONS

[38] Hacked By MuteMove... !!!

[39] HAcKed By Karaji_kt21

[40] HaCKeD By rootqurd

[41] HaCkEd By ArMaN InvIsIbLe

[42] Hacked By Delta

[43] HACKED BY H3X73L

[44] [ Hacked By SHIA ]

[45] Hacked By SaeedSaaDi

[46] Hacked By #RooTer ;)

[47] [ Hacked By OptiShock ]

[48] Hacked By DevilZ TM

[49] Hacked By Busy Hacker

[50] Hacked By T3rr0r

[51] Hacked By nitROJen

[52] .:: HACKED BY ESSAJI ::.

[53] Hacked By : DangerMan

[54] Hacked By Security Team

[55] Hacked By Solt6n

[56] Hacked by R3d ErRor

[57] HacKeD By Cca

[58] Hacked by Arash Cyber

[59] Hacked By Never More !

[60] ||| Hacked by Afghan Hacker |||

[61] Hacked By Sianor

[62] ---==[ Hacked By MoHaMaD VakeR ]==---

[63] Hacked by Msu360

[64] HACKED BY Anti Shakh !

[65] -=: Hacked By kazi_root :=-

[66] Hacked By DevilZ TM

[67] Hacked By SaMiR

[68] Hacked By Dr.Pantagon

[69] hacked by inJenious

[70] Hacked by D3stroyer

[71] ::: Hacked By ArvinHacker :::

[72] Hacked By ShakafTeam

[73] HACKED BY B!0S

[74] Hacked By Tink3r

[75] Hacked By DevilZ TM

[76] HacKeD By Cair3x

[77] Hacked By Cyber Saboteur

[78] HACKED By Shadow.hacker

[79] -=[ HaCked By TBH ]=-

[80] -=: Hacked By two wolfs :=-

[81] << HACKED by Ali.ERROOR >>

[82] XPERSIA(HACKED BY HACKER)

[83] ????? Hacked By AR3S ?????|| HackeD By AR3S ||HACKED BY AR3S

[84] Hacked By ParsiHacker Security Team

[85] ::... This Site Hacked By TerminatoR

[86] [Hacked by Black hat group ]

[87] HaCked By Shishe security team=====

[88] THIS SITE HACKED BY dani.love666

[89] ::. HACKED BY TODAY PROGRAM GROUP .::

[90] .:hack_really:. hacked by firehackers hack_really

[91] -= Hacked By IrIsT Security Team =-

[92] Hacked By Loooooord Hacking Team

[93] HaCkEd By Anti Security Team

[94] .:::: Hacked By IRaNHaCK Security Team ::::.

[95] This Site Hacked by DiaGraM

[96] .:::: Hacked By IRaNHaCK Security Team ::::.

[97] ????? Hacked By kingback ?????

[98] o--[ Hacked By devilzc0der ]--o

[99] --= Hacked By Hijack Security Team =--

[0] || Hacked By Reza_Blz |||| Hacked By Reza_Blz||

[1] .:: Hacked By M4st3r_4w4r3 ::.

[2] ...:: Hacked By Wonted ::....

[3] Hacked By Cair3x

[4] =====Hacked By Aref ====

[5] Hacked By alipc1

[6] Hacked By BrainBoy

[7] Hacked By Mr.Bami

[8] Hacked By SaMiR

[9] Hacked By Remove !

[10] HaCkEd By ArMaN InvIsIbLe

[11] Hacked by Original-Hackers

[12] Hacked By : MSN-HACKER

[13] [Hacked..By..Number14]

[14] Hacked By: D4rk_Kn1ght U

[15] [ Hacked By Sootak ]

[16] Hacked By Dr.Root

[17] Hacked By Cocain TeaM

[18] Hacked By Tir3x

[19] ..::HACKED BY MsU360::..

[20] >> HaCKed By MoHSenSUnBOY

[21] Hacked By GHOST

[22] Hacked By Dedmaster

[23] Hacked By amob07

[24] *** HACKED BY PUNISHER ***

[25] Hacked by Hellboy Group

[26] Hacked By infohooman

[27] HacKeD By Cair3x

[28] Hacked By H3LL BOY$

[29] HACKED BY PERSIAN DALTONS

[30] Hacked By MuteMove... !!!

[31] HAcKed By Karaji_kt21

[32] HaCKeD By rootqurd

[33] HaCkEd By ArMaN InvIsIbLe

[34] Hacked By Delta

[35] HACKED BY H3X73L

[36] [ Hacked By SHIA ]

[37] Hacked By SaeedSaaDi

[38] Hacked By #RooTer ;)

[39] [ Hacked By OptiShock ]

[40] Hacked By DevilZ TM

[41] Hacked By Busy Hacker

[42] Hacked By T3rr0r

[43] Hacked By nitROJen

[44] .:: HACKED BY ESSAJI ::.

[45] Hacked By : DangerMan

[46] Hacked By Security Team

[47] Hacked By Solt6n

[48] Hacked by R3d ErRor

[49] HacKeD By Cca

[50] Hacked by Arash Cyber

[51] Hacked By Never More !

[52] ||| Hacked by Afghan Hacker |||

[53] Hacked By Sianor

[54] ---==[ Hacked By MoHaMaD VakeR ]==---

[55] Hacked by Msu360

[56] HACKED BY Anti Shakh !

[57] -=: Hacked By kazi_root :=-

[58] Hacked By DevilZ TM

[59] Hacked By SaMiR

[60] Hacked By Dr.Pantagon

[61] hacked by inJenious

[62] Hacked by D3stroyer

[63] ::: Hacked By ArvinHacker :::

[64] Hacked By ShakafTeam

[65] HACKED BY B!0S

[66] Hacked By Tink3r

[67] Hacked By DevilZ TM

[68] HacKeD By Cair3x

[69] Hacked By Cyber Saboteur

[70] HACKED By Shadow.hacker

[71] -=[ HaCked By TBH ]=-

[72] -=: Hacked By two wolfs :=-

[73] << HACKED by Ali.ERROOR >>

[74] XPERSIA(HACKED BY HACKER)

[75] [ Hacked ! ]

[76] Hacked

[77] ????? Hacked By AR3S ?????|| HackeD By AR3S ||HACKED BY AR3S

[78] Hacked

[79] Hacked By ParsiHacker Security Team

[80] ::... This Site Hacked By TerminatoR

[81] [Hacked by Black hat group ]

[82] HaCked By Shishe security team=====

[83] THIS SITE HACKED BY dani.love666

[84] ::. HACKED BY TODAY PROGRAM GROUP .::

[85] .:hack_really:. hacked by firehackers hack_really

[86] -= Hacked By IrIsT Security Team =-

[87] Hacked By Loooooord Hacking Team

[88] HaCkEd By Anti Security Team

[89] .:::: Hacked By IRaNHaCK Security Team ::::.

[90] This Site Hacked by DiaGraM

[91] .:::: Hacked By IRaNHaCK Security Team ::::.

[92] ????? Hacked By kingback ?????

[93] o--[ Hacked By devilzc0der ]--o

[94] --= Hacked By Hijack Security Team =--

[95] [ Hacked By Root Security Team ]

[96] Hacked By Iran Security Team

[97] .:::HACKED BY $py_F!$K3|2:::.

[98] HaCkEd By vahshatestan Security Team

[99] HACKED BY Mr,farshad,and.skote_vahshat

[0] Hacked By Cocain TeaM

[1] Vvolf Hackerz Team

[2] Ashiyane Digital Security Team

[3] Hacked By Security Team

[4] Hacked By ParsiHacker Security Team

[5] HaCked By Shishe security team=====

[6] -= Hacked By IrIsT Security Team =-

[7] Hacked By Loooooord Hacking Team

[8] HaCkEd By Anti Security Team

[9] .:::: Hacked By IRaNHaCK Security Team ::::.

[10] .:::: Hacked By IRaNHaCK Security Team ::::.

[11] --= Hacked By Hijack Security Team =--

[12] [ Hacked By Root Security Team ]

[13] Hacked By Iran Security Team

[14] Defaced By Irazic Hacking Team

[15] HaCkEd By vahshatestan Security Team

[16] Hacked By ZaHackers Security Team

[17] .:: ----~~~D E L T A ,,, HACKING ,,, TEAM~~~ ---- ::

[18] Hacked By Ashiyane Digital Security Team - farbodmahini

[19] Defaced By RMA Digital Security Team

[20] Hacked By Scary Boys Digital Hacking Team

[21] Hacked By Black Fox Security Team

[22] ---= Hacked By Iranian DataCoders Security Team =---

[23] Hacked By Ashiyane Digital Security Team

[24] ::: Hacked By East Hackers Digital Security Team :::

[25] Delta-Hacker Security Team : Home Page

[26] Hacked By Ashiyane Digital Security Team

[27] [ Hacked By Iran Black Hats Team ]

[28] hacked by Esfahan Digital Security Team.!!!

[29] H4cKeD By Sahel-soft Security Team

[30] Hacked by Mohammad {2M Team(The ROCK)}

[31] Hacked By Parshan Digital Security Team

[32] [ Hacked By Iran Black Hats Team ]

[33] Hacked By Delta hacking Digital Security TEAM..........

[34] Hacked By Ashiyane Digital Security Team

[35] ????? Iranian South Coders Security Team ?????

[36] Hacked BY HashoR - Ashiyane Digital Security Team

[37] Hacked By Ramian Digital Security Team

[38] HACKED BY IHZ-TEAM ( Invisible Hackers Zone )

[39] Hacked By Ashiyane Digital Security Team

[40] Hacked By Scary Boys Digital Hacking Team

[41] ---= Hacked By Iranian DataCoders Security Team =---

[42] ---= Hacked By Iranian DataCoders Security Team =---

[43] Hacked by golpayegan Hacking Team --mortal_error----

[44] HACKED BY Iran Black Hats Team

[45] This Site Hacked By ParsiHacker Team ! ?

[46] Hacked By Tr0y Digital Security TeaM

[47] ++ Hacked By P30Hack Digital Hacking Team ++

[48] Hacked By ShakafTeam

[49] ..::~ This Site Hacked by Iranian DataCoders Security Team ~::..

[50] This Site Hacked by ART@N DiGiTal Security TeaM

[51] [----> This Site Is Hacked By : Digital West Asia Security Team <----

[52] ????? .::MaHDi PaTrioT-=- Hacked BY Ashiyane Digital Security Team::. ?????

[53] Hacked By G0D-0F-W4R Digital Security TeaM

[54] This site hacked by Iranian Datacoders Security team

[55] Hacked By IRAN-BABOL-HACKERS-SECURITY-TEAM ~ Popo WAS HERE !~

[56] This Web Site Hacked By ku4ng Hacking Team

[57] Hacked By Delta

[58] [----> This Site Is Hacked By : Digital West Asia Security Team <----] ???? | ???? | ????| ????|

[59] Home Page

[60] Hacked By 0261 Under Earth

[61] [ Hacked ! ]

[62] Hacked By Cyber Saboteur

[63] Hacked By amob07

[64] [ Hacked By SHIA ]

[65] YahooSwatTeam.jpg

[66] YahooSwatTeam2.gif

[67]

[68] Defaced By Lord Nemesis

[69] Hacked by D3stroyer

[70] Index of /

[71] \..Crack3R../

[72] iranash.jpg

[73] You Have Been Hacked By UfS

[74] ::: Hacked By ArvinHacker :::

[75] << HACKED by Ali.ERROOR >>

[76] Hacked By GHOST

[77] HacKeD By Cair3x

[78] By -Sun Army-

[79] __Hacked By __WANTED__

[80] [ L0v3-H4cking-w4s-Here ] { Hacked }H4cked By:Love Hacking

[81] Hacked By Sianor

[82] Hacked by Msu360

[83] -[ Defaced By ExeCutiveIM Group & BioS ]-Defaced By ExecutiveIM Group & BioS

[84] Local index - HTTrack Website CopierLocal index - HTTrack

[85] Annoncer

[86] Hacked By Remove !

[87] HAcKed By Karaji_kt21

[88] ~ This Site Hacked By Crazy LoveR ~

[89] Hacked by Arash Cyber

[90] Index of /

[91] Index of /ID Maker

[92] Index of /

[93]

[94] Hacked !

Stay tuned!

Continue reading →

Exposing a Currently Active List of Iran-Based Hacker and Hacker Team's Handles - An OSINT Analysis - Part Two

Continue reading →

Who Wants to Support My Work Commercially?

Folks,

Who wants to dive deep into some of my latest commercially available research and stay on the top of their OSINT/cybercrime research and threat intelligence gathering game that also includes their team and organization?

Check out my latest project here where I'm currently doing my best to guarantee and deliver approximately 12 unique articles and OSINT research and analysis on a daily basis including the following currently active portfolio of research which I made available online exclusively for commercial purposes and to further empower you and your team and organization:

• A Compilation of Currently Active and Related Scams Scammer Email Addresses – An OSINT Analysis
• A Compilation of Currently Active Cyber Jihad Themed Personal Email Addresses – An OSINT Analysis
• A Compilation of Currently Active Full Offline Copies of Cybercrime-Friendly Forum Communities – Direct Technical Collection Download -[RAR]
• A Compilation of Personally Identifiable Information on Various Iran-based Hacker Groups and Lone Hacker Teams – Direct Technical Collection Download – [RAR]
• A Koobface Botnet Themed Infographic Courtesy of my Keynote at CyberCamp – A Photo
• Advanced Bulletproof Malicious Infrastructure Investigation – WhoisXML API Analysis
• Advanced Mapping and Reconnaissance of Botnet Command and Control Infrastructure using Hostinger’s Legitimate Infrastructure – WhoisXML API Analysis
• Advanced Mapping and Reconnaissance of the Emotet Botnet – WhoisXML API Analysis
• Assessing The Computer Network Operation (CNO) Capabilities of the Islamic Republic of Iran – Free Research Report
• Astalavista Security Newsletter - 2003-2006 - Full Offline Reading Copy
• Compilations of Personally Identifiable Information Including XMPP/Jabber and Personal Emails Belonging to Cybercriminals and Malicious Threat Actors Internationally – An OSINT Analysis
• Cyber Intelligence – Personal Memoir – Dancho Danchev – – Download Free Copy Today!
• Cybercriminals Impersonate Legitimate Security Researcher Launch a Typosquatting C&C Server Campaign – WhoisXML API Analysis
• Dancho Danchev – Cyber Intelligence – Personal Memoir – Direct Download Copy Available
• Dancho Danchev’s “A Qualitative and Technical Collection OSINT-Enriched Analysis of the Iranian Hacking Scene Through the Prism of the Infamous Ashiyane Digital Security Team” Report – [PDF]
• Dancho Danchev’s “Assessing The Computer Network Operation (CNO) Capabilities of the Islamic Republic of Iran” Report – [PDF]
• Dancho Danchev’s “Astalavista Security Group – Investment Proposal” Presentation – A Photos Compilation
• Dancho Danchev’s “Building and Implementing a Successful Information Security Policy” White Paper – [PDF]
• Dancho Danchev’s “Cyber Jihad vs Cyberterrorim – Separating Hype from Reality” Presentation – [PDF]
• Dancho Danchev’s “Cyber Jihad vs Cyberterrorism – Separating Hype from Reality – A Photos Compilation
• Dancho Danchev’s “Exposing Koobface – The World’s Largest Botnet” Presentation – A Photos Compilation
• Dancho Danchev’s “Exposing Koobface – The World’s Largest Botnet” Presentation – [PDF]
• Dancho Danchev’s “Exposing the Dynamic Money Mule Recruitment Ecosystem” Presentation – A Photos Compilation
• Dancho Danchev’s “Exposing the Dynamic Money Mule Recruitment Ecosystem” Presentation – [PDF]
• Dancho Danchev’s “Intell on the Criminal Underground – Who’s Who in Cybercrime for ” Presentation – [PDF]
• Dancho Danchev’s “Intell on the Criminal Underground – Who’s Who in Cybercrime for ?” – A Photos Compilation
• Dancho Danchev’s – Cybercrime Forum Data Set – Free Direct Technical Collection Download Available – GB – [RAR]
• Dancho Danchev’s Blog – Full Offline Copy Available – Volume – [PDF]
• Dancho Danchev’s Blog – Full Offline Copy Available – Volume – [PDF]
• Dancho Danchev’s Blog – Full Offline Copy Available – Volume – [PDF]
• Dancho Danchev’s Blog – Full Offline Copy Available – Volume – [PDF]
• Dancho Danchev’s Blog – Full Offline Copy Available – Volume – [PDF]
• Dancho Danchev’s Blog – Full Offline Copy Available – Volume – [PDF]
• Dancho Danchev’s Blog – Full Offline Copy Available – Volume – [PDF]
• Dancho Danchev’s Blog – Full Offline Copy Available – Volume – [PDF]
• Dancho Danchev’s Blog – Full Offline Copy Available – Volume – [PDF]
• Dancho Danchev’s Blog – Full Offline Copy Available – Volume – [PDF]
• Dancho Danchev’s Blog – Full Offline Copy Available – Volume – [PDF]
• Dancho Danchev’s Blog – Full Offline Copy Available – Volume – [PDF]
• Dancho Danchev’s Blog – Full Offline Copy Available – Volume – [PDF]
• Dancho Danchev’s Blog – Full Offline Copy Available – Volume – [PDF]
• Dancho Danchev’s Comeback Livestream Today – Join me on Facebook Live!
• Dancho Danchev’s CV – Direct Download Copy Available
• Dancho Danchev’s Cybercrime Forum Data Set for – Upcoming Direct Technical Collection Download Available
• Dancho Danchev’s Primary Contact Points for this Project – Email/XMPP/Jabber/OMEMO and PGP Key Accounts
• Dancho Danchev’s Privacy and Security Research Compilation – Medium Account Research Compilation – [PDF]
• Dancho Danchev’s Private Party Videos – Direct Video Download Available
• Dancho Danchev’s Private Party Videos – Part Three – Direct Video Download Available
• Dancho Danchev’s Private Party Videos – Part Two – Direct Video Download Available
• Dancho Danchev’s Random Conference and Event Photos – A Compilation
• Dancho Danchev’s Random Personal Photos and Research Photos Compilation – A Compilation
• Dancho Danchev’s Research for Unit-.org – Direct Download Copy Available
• Dancho Danchev’s Research for Webroot – Direct Download Copy Available
• Dancho Danchev’s RSA Europe Conference Event Photos – A Photos Compilation
• Dancho Danchev’s Security Articles and Research for ZDNet’s Zero Day Blog – Full Offline Copy Available – [PDF]
• Dancho Danchev’s Security/OSINT/Cybercrime Research and Threat Intelligence Gathering Research Compilations – [PDF]
• Dancho Danchev’s Twitter Archive – Direct Download – [ZIP]
• Dancho Danchev’s Upcoming Cybercrime Research OSINT and Threat Intelligence Gathering E-Book Titles – Sample E-Book Covers
• Dancho Danchev’s Video Keynote Presentation – “Exposing Koobface – The World’s Largest Botnet” – Video Download Available
• Dancho Danchev’s Random Personal Photos and Research Photos Compilation – Part Three – A Compilation
• Dancho Danchev’s Random Personal Photos and Research Photos Compilation – Part Two – A Compilation
• Exposing A Virus Coding Group – An OSINT Analysis
• Exposing a Boutique Fraudulent and Rogue Cybercrime-Friendly Forum Community – WhoisXML API Analysis
• Exposing a Currently Active “Jabber ZeuS” also known as “Aqua ZeuS” Gang Personal Email Portfolio – An OSINT Analysis
• Exposing a Currently Active CoolWebSearch Rogue and Malicious Domains Portfolio – An OSINT Analysis
• Exposing a Currently Active CoolWebSearch Rogue and Malicious Domains Portfolio – Part Two – An OSINT Analysis
• Exposing a Currently Active CoolWebSearch Rogue and Malicious Domains Portfolio – Part Four – An OSINT Analysis
• Exposing a Currently Active CoolWebSearch Rogue and Malicious Domains Portfolio – Part Three – An OSINT Analysis
• Exposing a Currently Active CoolWebSearch Rogue and Malicious IPs Portfolio – An OSINT Analysis
• Exposing a Currently Active CoolWebSearch Rogue and Malicious IPs Portfolio – Part Two – An OSINT Analysis
• Exposing a Currently Active Cyber Jihad Domain Portfolio – An OSINT Analysis
• Exposing a Currently Active Cyber Jihad Domains Portfolio – WhoisXML API Analysis
• Exposing a Currently Active Cyber Jihad Social Media Twitter Accounts – An OSINT Analysis
• Exposing a Currently Active Domain Portfolio Belonging to Iran’s Mabna Hackers – An OSINT Analysis
• Exposing a Currently Active Domain Portfolio Managed and Operated by Members of the Ashiyane Digital Security Team – WhoisXML API Analysis
• Exposing a Currently Active Domain Portfolio of Currently Active High-Profile Cybercriminals Internationally – WhoisXML API Analysis
• Exposing A Currently Active Domain Portfolio of Cybercrime Friendly Forum Communities – An OSINT Analysis
• Exposing A Currently Active Domain Portfolio of Cybercrime Friendly Forum Communities – Part Two – An OSINT Analysis
• Exposing A Currently Active Domain Portfolio of Cybercrime Friendly Forum Communities – Part Three – An OSINT Analysis
• Exposing a Currently Active Domain Portfolio of Tech Support Scam Domains – An OSINT Analysis
• Exposing a Currently Active Free Rogue VPN Domains Portfolio Courtesy of the NSA – WhoisXML API Analysis
• Exposing a Currently Active Iran-Based Lone Hacker and Hacker Group’s Personal Web Sites Full Offline Copies – Direct Technical Collection Download – [RAR]
• Exposing a Currently Active Kaseya Ransomware Domains Portfolio – WhoisXML API Analysis
• Exposing a Currently Active Koobface Botnet C&C Server Domains Portfolio – Historical OSINT
• Exposing a Currently Active List of Iran-Based Hacker and Hacker Team’s Handles – An OSINT Analysis
• Exposing a Currently Active List of Iran-Based Hacker and Hacker Team’s Handles – Part Two – An OSINT Analysis
• Exposing a Currently Active List of Iran-Based Hacker and Hacker Team’s Handles – Part Three – An OSINT Analysis
• Exposing a Currently Active List of Iran-Based Hacker and Hacker Team’s Handles – Part Two – An OSINT Analysis
• Exposing a Currently Active Money Mule Recruitment Domain Registrant Portfolio – Historical OSINT
• Exposing a Currently Active NSO Spyware Group’s Domain Portfolio – WhoisXML API Analysis
• Exposing a Currently Active Portfolio of Personal Web Sites Belonging to Iran-Based Hackers and Hacking Teams and Groups – An OSINT Analysis
• Exposing a Currently Active Portfolio of Personal Web Sites Belonging to Iran-Based Hackers and Hacking Teams and Groups – Part Two – An OSINT Analysis
• Exposing a Currently Active Portfolio of Ransomware-Themed Protonmail Personal Email Address Accounts – An OSINT Analysis
• Exposing a Currently Active Portfolio of RAT (Remote Access Tool) C&C Server IPs and Domains – An OSINT Analysis
• Exposing a Currently Active Rock Phish Domain Portfolio – Historical OSINT
• Exposing a Currently Active SolarWinds Rogue and Malicious C&C Domains Portfolio – An OSINT Analysis
• Exposing a Currently Active WannaCry Ransomware Domains Portfolio – WhoisXML API Analysis
• Exposing a Personal Photo Portfolio of Iran Hack Security Team – An OSINT Analysis
• Exposing A Personal Photos Portfolio of Ashiyane Digital Security Group Team Members – An OSINT Analysis
• Exposing a Personal Ransomware-Themed Email Address Portfolio – An OSINT Analysis
• Exposing a Personal Ransomware-Themed Email Address Portfolio – Part Two – An OSINT Analysis
• Exposing a Portfolio of Ashiyane Digital Security Team Hacking Tools – Direct Technical Collection Download – [RAR]
• Exposing a Portfolio of Personal Photos of Iran-Based Hacker and Hacker Teams and Groups – An OSINT Analysis
• Exposing a Rogue Domain Portfolio of Fake News Sites – WhoisXML API Analysis
• Exposing Bulgarian Cyber Army Hacking Group – An OSINT Analysis
• Exposing HackPhreak Hacking Group – An OSINT Analysis
• Exposing Personally Identifiable Information on Ashiyane Digital Security Group Team Members – An OSINT Analysis
• Exposing Random Koobface Botnet Related Screenshots – An OSINT Analysis
• Exposing Team Code Zero Hacking Group – An OSINT Analysis
• From the “Definitely Busted” Department – A Compilation of Personally Identifiable Information on Various Cyber Threat Actors Internationally – An OSINT Analysis – [PDF]
• Introducing Astalavista.box.sk’s “Threat Crawler” Project – Earn Cryptocurrency for Catching the Bad Guys – Hardware Version Available
• Introducing Dancho Danchevs’s “Blog” Android Mobile Application – Google Play Version Available
• Malware – Future Trends – Research Paper – Copy
• Person on the U.S Secret Service Most Wanted Cybercriminals Identified Runs a Black Energy DDoS Botnet – WhoisXML API
• Profiling a Currently Active CoolWebSearch Domains Portfolio – WhoisXML API Analysis
• Profiling a Currently Active Domain Portfolio of Fake Job Proposition and Pharmaceutical Scam Domains – An OSINT Analysis
• Profiling a Currently Active Domain Portfolio of Pay-Per-Install Rogue and Fraudulent Affiliate Network Domains – An OSINT Analysis
• Profiling a Currently Active Personal Email Address Portfolio of Members of Iran’s Ashiyane Digital Security Team – An OSINT Analysis
• Profiling a Currently Active Personal Email Addresses Portfolio Operated by Cybercriminals Internationally – An OSINT Analysis
• Profiling a Currently Active Portfolio of Rogue and Malicious Domains – An OSINT Analysis
• Profiling a Currently Active Portfolio of Scareware and Malicious Domain Registrants – Historical OSINT
• Profiling a Currently Active Portfolio of Scareware Domains – Historical OSINT
• Profiling a Currently Active Portfolio of Spam Domains that Hit ZDNet.com Circa – An OSINT Analysis
• Profiling a Currently Active Scareware Domains Portfolio – An OSINT Analysis
• Profiling a Money Mule Recruitment Registrant Emails Portfolio – WhoisXML API Analysis
• Profiling a Portfolio of Cybercriminal Email Addresses – WhoisXML API Analysis
• Profiling a Portfolio of Personal Photos Courtesy of Koobface Botnet Master Anton Korotchenko – An OSINT Analysis
• Profiling a Portfolio of Personal Photos of Behrooz Kamalian Team Member of Ashiyane Digital Security Team – An OSINT Analysis
• Profiling a Portfolio of Personally Identifiable OSINT Artifacts from Law Enforcement and OSINT Operation “Uncle George” – An OSINT Analysis
• Profiling a Rogue Fast-Flux Botnet Infrastructure Currently Hosting Multiple Online Cybercrime Enterprises – WhoisXML API Analysis
• Profiling Iran’s Hacking Scene Using Maltego – A Practical Case Study and a Qualitative Approach – An Analysis
• Profiling Russia’s U.S Election Interference – WhoisXML API Analysis
• Profiling the “Jabber ZeuS” Rogue Botnet Enterprise – WhoisXML API Analysis
• Profiling the Emotet Botnet C&C Infrastructure – An OSINT Analysis
• Profiling the Internet Connected Infrastructure of the Individuals on the U.S Sanctions List – WhoisXML API Analysis
• Profiling the Liberty Front Press Network Online – WhoisXML API Analysis
• Profiling the U.S Election Interference – An OSINT Analysis
• Random Photos from the “Lab” Circa up to Present Day – A Compilation
• Sample Random Cybercrime Ecosystem Screenshots – A Compilation of Images – Direct Technical Collection Download – An Analysis
• Sample Random Cybercrime Ecosystem Screenshots – A Compilation of , Images – An Analysis
• Sample Random Cybercrime Ecosystem Screenshots – A Compilation of , Images – An Analysis
• Sample Random Cybercrime Ecosystem Screenshots – A Compilation of Images – An Analysis
• Security Researchers Targeted in Spear Phishing Campaign – WhoisXML API Analysis
• Shots from the Wild West – Random Cybercrime Ecosystem Screenshots – An OSINT Analysis – Part Three
• The Pareto Botnet – Advanced Cross-Platform Android Malware Using Amazon AWS Spotted in the Wild – WhoisXML API Analysis
• Who’s Behind the Conficker Botnet? – WhoisXML API Analysis
• Who’s on Twitter?

 Stay tuned!

Continue reading →

Exposing a Portfolio of Pay Per Install Rogue and Fraudulent and Malicious Affiliate Network Domains - An OSINT Analysis

 

Dear blog readers,

I've decided to share with everyone an in-depth historical OSINT analysis on some of the primary pay per install rogue fraudulent and malicious affiliate network based rogue and fraudulent revenue sharing scheme operating malicious software gangs that are known to have been active back in 2008 with the idea to assist everyone in their cyber campaign attribution efforts.

Sample portfolio of pay per install rogue fraudulent and malicious affiliate network domains known to have been in operation in 2008 include:

vipsoftcash[.]com

iframevip[.]com

avicash[.]com

softmonsters[.]biz

cashboom[.]biz

loader[.]cc

luxecash[.]com

iframepartners[.]com

installsforyou[.]biz

topsale2[.]ru

cashcodec[.]com

go-go-cash[.]com

oxocash[.]com

3xl-cash2[.]com

3xlpartnership[.]com

installs4sale[.]com

profitclick[.]org

megatraffer[.]com

oemcash[.]com

goldencashworld[.]biz

topsale[.]us

installsmarket[.]com

profit-cash[.]biz

ADWSearch[.]com

ovocash[.]com

loadsprofit[.]com

exerevenue[.]com

adwaredollars[.]com

yabucks[.]com

installing[.]cc

installconverter[.]com

topsale[.]us

bakasoftware[.]com

goldencashworld[.]net

niftystats[.]com

niftystats[.]com

royal-cash[.]com

dogmasoftware[.]com

3xlsoftware[.]com

rashacash[.]com

3xltop[.]com

vipinstall[.]cn

installercash[.]com

spicycodec[.]com

softwareprofit[.]com

codecmoney[.]biz

trafcash[.]com

smilecash[.]biz

bucksloads[.]com

traffic-converter[.]biz

eupays[.]com

seocash[.]us

vipppc[.]ru

cashwrestler[.]com

VipSoftCash[.]com

vscstatistics[.]com

vipsoftcashstats[.]com

Spy-Partners[.]com

vippirog[.]com

cashbotnet[.]com

installsforyou[.]biz

profit-cash[.]biz

bestcash[.]biz

VisitPay[.]com

partnerka[.]com

spy-partners[.]com

download4money[.]com

luxecash[.]net

iframe911[.]com

LOADBUCKS[.]BIZ

Cashpanic[.]com

longbucks[.]com

drugrevenue[.]com

evapharmacy[.]ru

bucksloads[.]com

spydevastator[.]com

softcash[.]org

3xlsoftware[.]com

rashacash[.]com

3xlcash[.]com

spicycodec[.]com

buckster[.]ru

trafficconverter2[.]biz

bucksware[.]com

bucksware-admin[.]com

mac-codec[.]com

traffic-converter[.]biz

klikadult[.]com

goldencash[.]com

payperinstall[.]org

pay-per-install[.]com

pay-per-install[.]org

zangocash[.]com

iframebiz[.]com

webmaster-money[.]org

cash4toolbar[.]com

toolbar4cash[.]com

bluechillies[.]com

adwaredollars[.]com

iframestat[.]org

snapinstalls[.]com

installercash[.]com

installcash[.]org

earnperinstall[.]com

dollarsengine[.]com

installercash[.]com

vombacash[.]com

softahead[.]com

iframestat[.]org

antispy[.]ws

sexprofit[.]com

evapharmacy-login[.]biz

vipsoftcash[.]com

glavmed[.]com

Sample name servers known to have been used by the same rogue fraudulent and malicious pay per install affiliate network domains include:

ns1[.]cgymwmlcaa[.]com A 85[.]17[.]136[.]135

ns1[.]cdpvaqnlod[.]com A 85[.]17[.]136[.]135

ns1[.]ccytvpbsdg[.]com A 85[.]17[.]136[.]135

ns1[.]cbfkzhtyik[.]com A 85[.]17[.]136[.]135

ns1[.]cezqtessjo[.]com A 85[.]17[.]136[.]135

ns1[.]cfsiqejclo[.]com A 85[.]17[.]136[.]135

ns1[.]catjepzcft[.]com A 85[.]17[.]136[.]135

ns1[.]dhxkycjmrg[.]net A 85[.]17[.]136[.]135

ns1[.]dglcxlcfmk[.]net A 85[.]17[.]136[.]135

ns1[.]damqrgldev[.]net A 85[.]17[.]136[.]135

ns1[.]dfhatnjfjw[.]net A 85[.]17[.]136[.]135

ns1[.]ddzmuatncz[.]net A 85[.]17[.]136[.]135

ns1[.]cgymwmlcaa[.]com A 72[.]232[.]184[.]10

ns1[.]cdpvaqnlod[.]com A 72[.]232[.]184[.]10

ns1[.]ccytvpbsdg[.]com A 72[.]232[.]184[.]10

ns1[.]cbfkzhtyik[.]com A 72[.]232[.]184[.]10

ns1[.]cezqtessjo[.]com A 72[.]232[.]184[.]10

ns1[.]cfsiqejclo[.]com A 72[.]232[.]184[.]10

ns1[.]chyaicpvxo[.]com A 72[.]232[.]184[.]10

ns1[.]catjepzcft[.]com A 72[.]232[.]184[.]10

ns1[.]dhxkycjmrg[.]net A 72[.]232[.]184[.]10

ns1[.]dcorbtfyni[.]net A 72[.]232[.]184[.]10

ns1[.]dglcxlcfmk[.]net A 72[.]232[.]184[.]10

ns1[.]detjstniup[.]net A 72[.]232[.]184[.]10

ns1[.]damqrgldev[.]net A 72[.]232[.]184[.]10

ns1[.]dfhatnjfjw[.]net A 72[.]232[.]184[.]10

ns1[.]dbsjxuvijx[.]net A 72[.]232[.]184[.]10

ns1[.]ddzmuatncz[.]net A 72[.]232[.]184[.]10

cgymwmlcaa[.]com  A  195[.]2[.]253[.]247 

cezqtessjo[.]com  A  195[.]2[.]253[.]247 

cfsiqejclo[.]com  A  195[.]2[.]253[.]247 

chyaicpvxo[.]com  A  195[.]2[.]253[.]247 

cdpvaqnlod[.]com  A  195[.]2[.]253[.]246 

ccytvpbsdg[.]com  A  195[.]2[.]253[.]246 

cbfkzhtyik[.]com  A  195[.]2[.]253[.]246 

catjepzcft[.]com  A  195[.]2[.]253[.]246 

http://catjepzcft[.]com

http://catjepzcft[.]com

http://damqrgldev[.]net

http://catjepzcft[.]com 

http://damqrgldev[.]net

catjepzcft[.]com

damqrgldev[.]net  195[.]2[.]253[.]248  

dcorbtfyni[.]net A 195[.]2[.]253[.]248

damqrgldev[.]net A 195[.]2[.]253[.]248

dbsjxuvijx[.]net A 195[.]2[.]253[.]248

ddzmuatncz[.]net A 195[.]2[.]253[.]248

dhxkycjmrg[.]net A 195[.]2[.]253[.]249

dglcxlcfmk[.]net A 195[.]2[.]253[.]249

detjstniup[.]net A 195[.]2[.]253[.]249

dfhatnjfjw[.]net A 195[.]2[.]253[.]249

dhxkycjmrg[.]net NS ns1[.]dhxkycjmrg[.]net

ns1[.]dhxkycjmrg[.]net A 72[.]232[.]184[.]10

ns1[.]dhxkycjmrg[.]net A 85[.]17[.]136[.]135

dcorbtfyni[.]net NS ns1[.]dhxkycjmrg[.]net

dglcxlcfmk[.]net NS ns1[.]dhxkycjmrg[.]net

detjstniup[.]net NS ns1[.]dhxkycjmrg[.]net

damqrgldev[.]net NS ns1[.]dhxkycjmrg[.]net

dfhatnjfjw[.]net NS ns1[.]dhxkycjmrg[.]net

dbsjxuvijx[.]net NS ns1[.]dhxkycjmrg[.]net

ddzmuatncz[.]net NS ns1[.]dhxkycjmrg[.]net

Related pay per install rogue fraudulent and malicious domains known to have been used back in 2008 for various rogue fraudulent and malicious purposes include:

drawn-cash[.]com

vippay[.]com

bucksware-admin[.]com

www[.]system-protector[.]net

sys-scan-1[.]biz

sys-scan-wiz[.]biz

topsale2[.]ru

earning4u[.]com

flashdollars[.]com

installing[.]cc

siteload[.]cn A 94[.]247[.]2[.]54

hostnsload[.]cn

siteinstall[.]cn

hostnsinstall[.]cn

jjupsport[.]ru

installz[.]cn

adware-help[.]com

fliporn[.]com

dailybucks[.]org

installloader[.]com

installaga[.]cn

georgenatas[.]in

naemnitibo[.]in

tirosanare[.]in

mialo-goodle[.]info

nailcash[.]com

ultraantivirus2009[.]com

nailcash[.]com  A  64[.]86[.]17[.]9 

virusalarmpro[.]com  A  64[.]86[.]17[.]9 

vmfastscanner[.]com  A  64[.]86[.]17[.]9 

mysuperviser[.]com  A  64[.]86[.]17[.]9 

virusmelt[.]com  A  64[.]86[.]17[.]9 

payvirusmelt[.]com  A  64[.]86[.]17[.]9 

updvmfnow[.]cn  A  64[.]86[.]17[.]9 

mysupervisor[.]net  A  64[.]86[.]17[.]9

Related personal email accounts known to have been used for various related pay per install rogue fraudulent and malicious affiliate network domain registrations include:

pvc6168@sina[.]com

windinv@yahoo[.]com

new@loveplus[.]in

johnson8402@post[.]com

lmunozv1@live[.]com

ididid828@gmail[.]com

onlineprivacy@aol[.]com

alex@bnetworks[.]us

milen[.]radumilo@gmail[.]com

ztao72945@gmail[.]com

redsunray@hotmail[.]com

WINDINV@YAHOO[.]COM

tvmt2000@yahoo[.]com

325214476@qq[.]com

adxluxe@gmail[.]com

SexPicker@gmail[.]com

domainaccount@protonmail[.]com

ancientholdings@fastmail[.]fm

newseowork12@gmail[.]com

oem[.]myrian@gmail[.]com

229848501@qq[.]com

bdmailhere@gmail[.]com

danny9@gmail[.]com

phone49012@yahoo[.]com

miok2001@mail[.]ru

zuev@cmedia-online[.]ru

daniel[.]bastien@gmail[.]com

domainadmin1900@gmail[.]com

larsonown@gmail[.]com

ppcseo2@gmail[.]com

sima[.]jogminaite@inbox[.]lt

topsaleus@gmail[.]com

Stay tuned!

Continue reading →

This presentation aims to detail Dancho Danchev's perspective into gathering threat intelligence processing it and enriching and disseminating it to users vendors and organizations globally heavily relying on a threat intelligence "rock star" model and methodology where the ultimate goal for this case study would be to take down Iran-based hackers and hacking groups and their entire online operations and attempt to shut them down and take them offline citing possible malicious use and actual abuse of international Internet laws and regulations and ultimatetely attempt to make an impact in terms of tracking them down and offering never-published and discussed personally identifiable information on their whereabouts and malicious online activities.

Continue reading →

Exposing the Internet-Connected Infrastructure of the REvil Ransomware Gang - An In-Depth OSINT Analysis

Dear blog readers,

In this post I've decided to do an in-depth OSINT analysis on the recently busted REvil ransomware gang and decided to elaborate more and emphasize on the key fact in specific how come that a single ransomware group with several publicly accessible and easy to shut down C&C (command and control) server domains including several randomly generated Dark Web Onion URLs could easily result in millions of damage and who really remembers a situation when getting paid for getting hacked including the basic principle that you should never interact with cybercriminals but instead should passively and proactively monitor them could result in today's modern and unspoken ransomware growth epidemic and the rise of wrong buzz words as for instance ransomware-as-a-corporation where you basically have the bad guys obtain initial access to an organization's network and then hold its information encryption leading us to the logical conclusion who on Earth would pay millions of dollars to avoid possible bad reputation damage including to fuel growth into a rogue and fraudulent scheme as as for instance the encryption of sensitive company information and leaking it to the public in exchange for financial rewards.

Sample REvil ransomware gang publicly accessible C&C (command and control) servers include:

hxxp://decoder[.]re

hxxp://decryptor[.]cc - 136[.]243[.]214[.]30; 45[.]138[.]74[.]27

hxxp://decryptor[.]top

Related name servers known to have been used in the campaign include:

hxxp://1-you[.]njalla[.]no

hxxp://3-get[.]njalla[.]fo

hxxp://2-can[.]njalla[.]in

hxxp://1-you[.]njalla[.]no

Related responding IPs for hxxp://decryptor[.]cc:

2021/12/30 - 103[.]224[.]212[.]219

2021/10/23 - 198[.]58[.]118[.]167

2021/10/23 - 45[.]79[.]19[.]196

2021/10/23 - 45[.]56[.]79[.]23

2021/10/23 - 45[.]33[.]18[.]44

2021/10/23 - 72[.]14[.]178[.]174

2021/10/23 - 45[.]33[.]2[.]79

2021/10/23 - 45[.]33[.]30[.]197

2021/10/23 - 96[.]126[.]123[.]244

2021/10/23 - 45[.]33[.]23[.]183

2021/10/23 - 173[.]255[.]194[.]134

2021/10/23 - 45[.]33[.]20[.]235

2021/10/23 - 72[.]14[.]185[.]43

2021/10/08 - 78[.]41[.]204[.]37

2021/10/03 - 209[.]126[.]123[.]12

2021/09/24 - 78[.]41[.]204[.]28

2021/09/03 - 209[.]126[.]123[.]13

2021/08/19 - 78[.]41[.]204[.]38

2021/08/02 - 81[.]171[.]22[.]4

2021/07/27 - 81[.]171[.]22[.]6

2021/04/17 - 103[.]224[.]212[.]219

2020/11/10 - 45[.]138[.]74[.]27

2020/11/04 - 45[.]138[.]74[.]27

2020/09/14 - 136[.]243[.]214[.]30

2020/09/06 - 136[.]243[.]214[.]30

2020/08/30 - 212[.]22[.]78[.]23

2020/08/23 - 212[.]22[.]78[.]23

2020/07/30 - 212[.]22[.]78[.]23

2020/07/24 - 212[.]22[.]78[.]23

2020/07/07 - 212[.]22[.]78[.]23

2020/05/30 - 193[.]164[.]150[.]68

2020/05/20 - 193[.]164[.]150[.]68

2020/05/10 - 194[.]36[.]190[.]41

2020/05/08 - 194[.]36[.]190[.]41

2020/04/29 - 194[.]36[.]190[.]41

2020/04/06 - 194[.]36[.]190[.]41

2020/02/17 - 94[.]103[.]87[.]78

Related responding IPs for hxxp://decryptor[.]top (185[.]193[.]127[.]162; 192[.]124[.]249[.]13; 96[.]9[.]252[.]156):

2021/07/12 - 45[.]9[.]148[.]108

2020/09/18 - 185[.]193[.]127[.]162

2020/09/15 - 185[.]193[.]127[.]162

2020/08/07 - 185[.]193[.]127[.]162

2020/01/16 - 162[.]251[.]120[.]66

2019/12/23 - 45[.]138[.]96[.]206

2019/12/12 - 107[.]175[.]217[.]162

2019/10/07 - 96[.]9[.]252[.]156

2019/09/04 - 96[.]9[.]252[.]156

2019/07/15 - 91[.]214[.]71[.]139

Related MD5s known to have been involved in the campaign:

MD5: 57d4ea7d1a9f6b1ee6b22262c40c8ef6

MD5: fe682fad324bd55e3ea9999abc463d76

MD5: e87402a779262d1a90879f86dba9249acb3dce47

MD5: 4334009488b277d8ea378a2dba5ec609990f2338

MD5: 2dccf13e199b60dd2cd52000a26f8394dceccaa6

Stay tuned!

Continue reading →

Inquire About One-on-One or One-to-Many Virtual OSINT Training Today!

Folks,

Who's been following my work on this blog since December, 2005? Are you interested in OSINT training? One-on-one or one-to-many sessions? Drop me a line today at dancho.danchev@hush.com on behalf of you or your organization or team and let's help you take your team and organization to the next level.

Sample portfolio of services which I'm currently offering can be also seen here - https://disruptive-individuals.com including a copy of my CV here including the following two sample of my work here and here.

Check out some sample chapters from a free book on cyber attribution that I'm currently working on to get a better idea of what I have in mind including my style and methodology:

Stay tuned!

Continue reading →

My Participation in GCHQ's Top Secret "Lovely Horse" Program to Monitor Hackers Online - An Elaboration

Dear blog readers,

Did you know that you can actually find me in Snowden's archive by simply searching for my name where it will eventually lead you to a GCHQ Top Secret lawful surveillance program to monitor hackers online in specific their Twitter accounts?

Check out the following Medium article where I do my best to elaborate on my participation in the Top Secret GCHQ Program "Lovely Horse".

Stay tuned!

Continue reading →

Profiling the Blood and Honor Online Hate Group - An OSINT Analysis

As it's been a while since I've last posted a quality update I wanted to take the time and effort and elaborate more on a current project of mine which is the "International OSINT Journal Compilation on Online Terrorism Hate and Militarized Social Movements" which aims to expose and offer a massive information on currently active online terrorism hate and militarized social movements including actionable information on their online infrastructure.

In this post I'll elaborate more and offer actionable intelligence on the online infrastructure of the Blood and Honor hate group with the idea to help you get a better perspective of their online infrastructure and possibly assist you in your cyber campaign attribution efforts.

Sample personal email address accounts belonging to Blood and Honor International Groups include:

bloodandhonouraustralis@hotmail[.]com 

 bloodhonournsw@hotmail[.]com 

 bloodhonoursa@hotmail[.]com 

 bloodhonourqld@hotmail[.]com 

 bloodhonourvic@hotmail[.]com 

 bloodhonourwa@hotmail[.]com 

 bhvlaanderen@hotmail[.]com 

 bh_wallonie@hotmail[.]com 

 bloodandhonour_bulgaria@abv[.]bg 

 bandhcanada@yahoo[.]co[.]uk 

 bhhexagone@hotmail[.]fr 

 bh_hellas@yahoo[.]gr 

 support_28_zh@hotmail[.]com 

 nederland@bloodhonournederland[.]com 

 bloodandhonourhungary28@gmail[.]com 

 isdm2010@gmail[.]com 

 vfs@libero[.]it 

 bhportugal28@yahoo[.]com 

 brotherhood28serbia@hotmail[.]com 

 28slov@gmail[.]com 

 bhe_bloodhonour@yahoo[.]es 

 28sweden@hotmail[.]se 

 ehukraine@bhukraine[.]org 

 RAGEN[.]FURY@VIRGIN[.]NET 

 axis@bloodandhonourworldwide[.]co[.]uk 

 southlands28@hotmail[.]com 

 westcountrybloodandhonour@yahoo[.]co[.]uk 

 wycombe828@yahoo[.]com 

 bandhcentral@bloodandhonourcentral[.]co[.]uk 

 westmidsbandh@yahoo[.]co[.]uk 

 bnsm@bnsm[.]co[.]uk 

 general@bloodandhonourworldwide[.]co[.]uk 

 webmaster@bloodandhonourworldwide[.]co[.]uk 

 s[.]london-bh@hotmail[.]co[.]uk 

 bloodandhonour[.]yorkshire@hotmail[.]co[.]uk 

 northeast1488@hotmail[.]co[.]uk 

 highlanderdivision28@hotmail[.]co[.]uk 

 highlander[.]eastcoast@hotmail[.]com ;

 bhamericandivision@yahoo[.]com 

 bhwales@googlemail[.]com 

 ulsterbg@hotmail[.]co[.]uk

Sample screenshots of logo of Blood and Honor Bulgaria include:

Stay tuned! Continue reading →