Profiling the Liberty Front Press Network Online - An OSINT Analysis

Note: This OSINT analysis has been originally published at my current employer's Web site - https://whoisxmlapi.com where I'm currently acting as a DNS Threat Researcher since January, 2021.

We’ve decided to take a closer look at the Internet-connected infrastructure of the Liberty Front Press Network part of a recent takedown and domain seizure part of an ongoing law enforcement operation fighting online propaganda online and to offer practical and relevant including actionable intelligence on the Internet-connected infrastructure behind the Liberty Front Press Network including the individuals behind it.

In this analysis we’ll take a closer look inside the Internet-connected infrastructure behind the Liberty Front Press Network and offer practical and relevant information including actionable intelligence on its Internet-connected infrastructure including the individuals behind it. Sample screenshot of various related domain name registrations using WhoisXML API’s and Maltego’s Integration

Related domains known to have been currently registered using the same registrant email addresses part of the Liberty Front Press Network Internet-connected infrastructure:

syriact-sy[.]com

darfikr[.]net

aminbaik[.]com

aminelzeintrading[.]com

khamenaei[.]com

shaghaaf[.]com

app-line[.]ir

alzouzougroup[.]com

trustmiddleeast[.]com

raha-travel[.]com

mg-sy[.]com

sinasibsalamat[.]com

ansar-allah[.]com

aletthadnews-iq[.]org

asiaquran[.]com

payamkherad[.]com

alavitile[.]com

mohseny[.]org

farhang-press[.]com

moshaver-sanati[.]ir

nsafari[.]ir

bpaorg[.]com

payamekherad[.]com

goshayesh[.]org

walifaqih[.]com

islamwilayah[.]com

walifaqih[.]info

Related malicious and fraudulent domains known to have been historically registered using the same email addresses:

nilenetonline[.]org

ansaroallah[.]org

hajez-sy[.]info

syriaalhadath[.]org

alwaienews[.]net

syriaalhadath[.]com

alwaght[.]net

alwaienews[.]com

ansaroallah[.]net

ansaroallah[.]info

farhang-press[.]com

navidplast[.]ir

iauaf[.]ir

nsafari[.]ir

sokhanetarikh[.]com

af[.]gl

mohajeronline[.]ir

yosin[.]org

mohajeronline[.]org

afghanistanema[.]ir

iranindia[.]org

imenhost[.]org

iuvmdaily[.]net

iuvmdaily[.]com

arab-now[.]com

aleppospace[.]com

harbi-media[.]com

ehsan-sy[.]org

truemedia-sy[.]com

syria-victory[.]com

scope-photos[.]com

u-roqayya[.]com

aminbaik[.]com

furatorder[.]com

alzouzougroup[.]com

darfikr[.]net

trustmiddleeast[.]net

eset-sy[.]com

darfikr[.]com

syriact-sy[.]com

souqsyria[.]com

alameensupport[.]com

ait-sy[.]com

shaghaaf[.]com

app-line[.]ir

afghanfeed[.]com

atlaspress[.]org

roushd[.]com

haghline[.]com

faryadmag[.]com

barchinews[.]com

pashtunews[.]com

reachpage[.]ir

darinews[.]com

raha-travel[.]com

sinasibsalamat[.]com

walifaqih[.]com

titisan[.]net

hpiiran[.]com

titisan[.]org

walifaqih[.]org

islamwilayah[.]com

mediaadil[.]com

syiahahlilbait[.]com

saintshepherd[.]com

walifaqih[.]info

newsaktual[.]com

hajez-sy[.]com

ansar-allah[.]com

online-traveler[.]com

Sample responding IPs for some of the domains known to have been historically registered using the same email addresses:

5[.]220[.]32[.]26

104[.]31[.]90[.]232

172[.]67[.]218[.]252

185[.]202[.]92[.]26

104[.]21[.]6[.]144

104[.]28[.]15[.]223

104[.]31[.]91[.]232

104[.]27[.]191[.]22

172[.]245[.]14[.]202

172[.]67[.]155[.]39

104[.]27[.]190[.]22

104[.]21[.]11[.]89

104[.]28[.]14[.]223

199[.]59[.]242[.]150

188[.]0[.]245[.]26

172[.]67[.]165[.]178

104[.]18[.]63[.]141

104[.]27[.]174[.]61

104[.]27[.]175[.]61

104[.]31[.]95[.]165

104[.]31[.]94[.]165

95[.]217[.]63[.]156

185[.]88[.]178[.]104

94[.]130[.]129[.]47

95[.]216[.]246[.]232

46[.]166[.]182[.]56

108[.]59[.]12[.]100

198[.]71[.]232[.]3

108[.]61[.]19[.]12

18[.]197[.]248[.]23

199[.]115[.]115[.]102

172[.]93[.]194[.]60

192[.]155[.]108[.]158

199[.]115[.]115[.]119

108[.]59[.]12[.]98

46[.]166[.]182[.]55

52[.]59[.]120[.]70

108[.]59[.]12[.]101

217[.]182[.]208[.]108

5[.]79[.]68[.]109

162[.]210[.]195[.]123

46[.]166[.]182[.]52

63[.]143[.]32[.]94

172[.]93[.]194[.]61

184[.]168[.]221[.]34

108[.]61[.]19[.]13

52[.]11[.]10[.]90

52[.]40[.]118[.]225

44[.]229[.]223[.]74

34[.]211[.]213[.]227

167[.]99[.]26[.]105

185[.]26[.]105[.]244

34[.]208[.]93[.]148

52[.]43[.]21[.]0

52[.]8[.]174[.]68

50[.]112[.]29[.]189

34[.]214[.]135[.]41

50[.]112[.]46[.]4

34[.]211[.]118[.]203

209[.]251[.]26[.]166

172[.]67[.]145[.]166

79[.]143[.]85[.]44

104[.]21[.]73[.]146

88[.]198[.]13[.]86

46[.]4[.]6[.]184

104[.]18[.]40[.]203

104[.]18[.]41[.]203

172[.]67[.]131[.]105

104[.]21[.]4[.]3

138[.]201[.]142[.]150

78[.]47[.]230[.]139

104[.]27[.]154[.]187

172[.]67[.]176[.]84

104[.]27[.]155[.]187

198[.]38[.]82[.]90

127[.]0[.]0[.]1

216[.]104[.]165[.]72

209[.]251[.]26[.]169

172[.]67[.]133[.]177

104[.]21[.]5[.]179

173[.]45[.]114[.]24

104[.]28[.]12[.]91

209[.]251[.]26[.]164

104[.]28[.]13[.]91

104[.]31[.]77[.]253

47[.]91[.]170[.]222

185[.]53[.]177[.]20

104[.]31[.]76[.]253

176[.]9[.]79[.]91

88[.]198[.]56[.]139

104[.]18[.]47[.]243

104[.]18[.]46[.]243

185[.]87[.]187[.]198

52[.]213[.]114[.]86

104[.]28[.]25[.]112

212[.]83[.]172[.]150

104[.]21[.]6[.]168

172[.]67[.]135[.]11

176[.]9[.]29[.]165

104[.]28[.]24[.]112

144[.]91[.]104[.]181

34[.]102[.]136[.]180

62[.]171[.]177[.]42

192[.]64[.]10[.]106

216[.]104[.]165[.]3

216[.]104[.]165[.]2

208[.]67[.]23[.]136

208[.]67[.]23[.]101

34[.]224[.]160[.]149

216[.]104[.]165[.]90

72[.]1[.]32[.]168

162[.]210[.]196[.]167

37[.]48[.]65[.]152

37[.]48[.]65[.]154

37[.]48[.]65[.]155

216[.]104[.]165[.]30

109[.]201[.]135[.]45

104[.]18[.]34[.]105

5[.]79[.]68[.]107

162[.]210[.]196[.]168

199[.]115[.]116[.]216

172[.]98[.]192[.]37

104[.]21[.]88[.]42

37[.]48[.]65[.]153

172[.]67[.]172[.]76

104[.]18[.]35[.]105

172[.]67[.]208[.]182

104[.]24[.]118[.]67

208[.]91[.]197[.]46

104[.]31[.]83[.]28

172[.]67[.]152[.]252

104[.]31[.]82[.]28

104[.]21[.]49[.]222

104[.]24[.]109[.]208

104[.]24[.]108[.]208

199[.]115[.]116[.]162

162[.]210[.]196[.]173

94[.]229[.]72[.]117

104[.]21[.]51[.]133

94[.]229[.]72[.]115

95[.]211[.]187[.]100

162[.]210[.]196[.]171

188[.]165[.]44[.]218

94[.]229[.]72[.]116

104[.]24[.]119[.]67

94[.]229[.]72[.]120

216[.]104[.]165[.]12

162[.]210[.]196[.]172

104[.]28[.]30[.]73

94[.]229[.]72[.]118

172[.]67[.]180[.]160

94[.]229[.]72[.]124

104[.]24[.]97[.]171

94[.]229[.]72[.]123

104[.]24[.]96[.]171

144[.]76[.]32[.]148

104[.]28[.]31[.]73

148[.]251[.]1[.]71

109[.]201[.]135[.]71

185[.]208[.]173[.]3

109[.]201[.]135[.]39

54[.]38[.]220[.]85

96[.]47[.]230[.]67

151[.]106[.]5[.]168

108[.]61[.]19[.]11

192[.]155[.]108[.]153

162[.]210[.]196[.]166

109[.]201[.]135[.]46

151[.]106[.]5[.]173

192[.]155[.]108[.]156

151[.]106[.]5[.]165

192[.]155[.]108[.]150

151[.]106[.]5[.]164

104[.]21[.]32[.]133

172[.]67[.]152[.]55

172[.]67[.]187[.]82

104[.]21[.]72[.]204

104[.]27[.]149[.]153

104[.]27[.]148[.]153

207[.]244[.]67[.]218

208[.]67[.]16[.]254

151[.]106[.]5[.]169

192[.]155[.]108[.]152

37[.]48[.]65[.]149

151[.]106[.]5[.]170

151[.]106[.]5[.]167

192[.]155[.]108[.]151

151[.]106[.]5[.]163

37[.]48[.]65[.]150

192[.]155[.]108[.]149

192[.]155[.]108[.]154

37[.]48[.]65[.]151

192[.]155[.]108[.]147

151[.]106[.]5[.]166

151[.]106[.]5[.]174

209[.]99[.]40[.]222

156[.]67[.]211[.]180

213[.]247[.]47[.]190

104[.]31[.]82[.]19

104[.]31[.]83[.]19

104[.]247[.]81[.]10

34[.]98[.]99[.]30

173[.]239[.]8[.]164

173[.]239[.]5[.]6

46[.]166[.]184[.]102

104[.]247[.]82[.]10

91[.]195[.]240[.]117

176[.]9[.]85[.]197

185[.]53[.]179[.]7

185[.]206[.]180[.]123

185[.]53[.]178[.]10

192[.]99[.]147[.]163

107[.]150[.]52[.]242

104[.]21[.]40[.]221

104[.]18[.]49[.]253

174[.]120[.]70[.]159

172[.]67[.]157[.]38

151[.]106[.]5[.]172

208[.]67[.]23[.]31

104[.]18[.]48[.]253

192[.]155[.]108[.]157

104[.]21[.]6[.]160

66[.]152[.]163[.]75

104[.]28[.]9[.]112

172[.]67[.]135[.]3

209[.]99[.]40[.]220

192[.]155[.]108[.]155

49[.]128[.]177[.]81

156[.]67[.]211[.]189

207[.]244[.]67[.]138

109[.]201[.]135[.]65

37[.]48[.]65[.]148

104[.]28[.]8[.]112

5[.]79[.]68[.]110

104[.]28[.]21[.]230

104[.]27[.]177[.]28

172[.]67[.]154[.]209

172[.]67[.]218[.]104

208[.]67[.]23[.]36

104[.]27[.]176[.]28

104[.]21[.]6[.]86

104[.]31[.]66[.]144

104[.]21[.]10[.]32

104[.]28[.]20[.]230

172[.]67[.]189[.]225

51[.]89[.]88[.]96

104[.]31[.]67[.]144

69[.]172[.]201[.]153

69[.]172[.]201[.]208

46[.]166[.]184[.]104

52[.]128[.]23[.]153

78[.]46[.]102[.]123

176[.]9[.]43[.]40

173[.]208[.]153[.]250

174[.]128[.]248[.]231

149[.]56[.]147[.]39

88[.]198[.]48[.]179

144[.]76[.]140[.]66

150[.]95[.]255[.]38

184[.]168[.]221[.]43

104[.]28[.]15[.]51

104[.]28[.]14[.]51

202[.]150[.]213[.]60

156[.]67[.]209[.]15

85[.]159[.]233[.]35

192[.]155[.]108[.]148

104[.]27[.]130[.]254

104[.]31[.]94[.]4

154[.]92[.]251[.]72

104[.]27[.]131[.]254

104[.]21[.]75[.]92

104[.]27[.]146[.]35

104[.]21[.]39[.]77

104[.]27[.]147[.]35

85[.]159[.]233[.]60

104[.]237[.]196[.]117

207[.]244[.]67[.]214

104[.]24[.]118[.]189

104[.]24[.]119[.]189

104[.]18[.]40[.]90

5[.]9[.]96[.]104

136[.]243[.]19[.]6

95[.]216[.]77[.]5

192[.]99[.]92[.]2

172[.]67[.]217[.]163

176[.]31[.]51[.]154

51[.]254[.]232[.]56

104[.]18[.]41[.]90

54[.]37[.]218[.]50

172[.]67[.]143[.]200

209[.]251[.]26[.]162

104[.]27[.]154[.]78

172[.]67[.]206[.]116

184[.]168[.]221[.]59

104[.]27[.]155[.]78

104[.]21[.]77[.]94

We’ll continue monitoring the campaign and post updates as soon as new developments take place.

Stay tuned!

Continue reading →

Profiling Russia's U.S Election Interference 2016 - An OSINT Analysis

Note: This OSINT analysis has been originally published at my current employer's Web site - https://whoisxmlapi.com where I'm currently acting as a DNS Threat Researcher since January, 2021. 

We’ve decided to take a closer look at the U.S Elecetion 2016 interference provoked by several spear phishing and malicious campaigns courtesy of Russia for the purpose of offering and providing actionable threat intelligence including possible attribution clues for some of the known participants in this campaign potentially assisting fellow researchers and Law Enforcement on its way to track down and prosecute the cybercriminals behind these campaigns.

In this analysis we’ll take a closer look at the Internet connected infrastructure behind the U.S Election 2016 campaign in terms of malicious activity and offer practical and relevant including actionable threat intelligence on their whereabouts.

Sample malicious and fraudulent C&C domains known to have participated in the U.S Elections 2016 campaign:

linuxkrnl[.]net

accounts-qooqle[.]com

account-gooogle[.]com

accoounts-google[.]com

account-yahoo[.]com

accounts-googlc[.]com

accoutns-google[.]com

addmereger[.]com

akamainet[.]net

akamaivirusscan[.]com

apple-icloud-services[.]com

apple-notification[.]com

arabianbusinessreport[.]com

azamtelecom[.]com

babylonn[.]com

baengmail[.]com

boobleg[.]com

chinainternetservices[.]com

com-hdkurknfkjdnkrnngujdknhgfr[.]com

combin-banska-stiavnica[.]com

cvk-leaks[.]com

fb-security[.]com

g00qle[.]com

global-exchange[.]net

googlesetting[.]com

hlbnk[.]com

homesecuritysystems-sale[.]com

icloud-localisation[.]com

imperialc0nsult[.]com

informationen24[.]com

interglobalswiss[.]com

intra-asiarisk[.]com

invest-sro[.]com

iphone-onlineshopping[.]net

kur4[.]com

lastdmp[.]com

localisation-apple-icloud[.]com

localisation-apple-support[.]com

localisation-mail[.]com

login-163[.]com

login-kundenservice[.]com

magic-exchange[.]com

mail-apple-icloud[.]com

mailpho[.]com

malprosoft[.]com

medicalalertgroup[.]com

megafileuploader[.]com

mfadaily[.]com

mfapress[.]com

militaryexponews[.]com

msoftonline[.]com

myaccountgoogle[.]com

myaccountsgoogle[.]com

mydomainlookup[.]net

mypmpcert[.]com

net-a-porter-coupon[.]com

newiphone-online[.]net

newiphone-supply[.]net

newreviewgames[.]com

nobel-labs[.]net

nvidiaupdate[.]com

obamacarerx[.]net

onlinecsportal[.]com

pass-google[.]com

password-google[.]com

paydaytoday-uk[.]com

pb-forum[.]com

planetaryprogeneration[.]com

regionoline[.]com

security-notifications[.]com

service-facebook[.]com

servicesupdates[.]com

set121[.]com

set132[.]com

set133[.]com

sicherheitsteam-pp[.]com

sicherheitsteam-pp[.]net

skypeupdate[.]com

smp-cz[.]com

soft-storage[.]com

solutionmanualtestbank[.]com

ssl-icloud[.]com

team-google[.]com

techlicenses[.]com

techlicenses[.]net

ua-freedom[.]com

updates-verify[.]com

us-mg7mail-transferservice[.]com

us-westmail-undeliversystem[.]com

us6-yahoo[.]com

vatlcan[.]com

wordpressjointventure[.]com

ya-support[.]com

yandex-site[.]com

yepost[.]com

Related malicious and fraudulent emails known to have participated in the U[.]S Elections 2016 campaign:

julienobruno@hotmail[.]com

jenna[.]stehr@mail[.]com

s[.]simonis@mail[.]com

domreg@247livesupport[.]biz

kumarhpt@yahoo[.]com

aksnes[.]thomas@yahoo[.]com

yingw90@yahoo[.]com

andre_roy@mail[.]com

myprimaryreger@gmail[.]com

okorsukov@yahoo[.]com

tzubtfpx5@mail[.]ru

annaablony@mail[.]com

jamesyip823@gmail[.]com

tmazaker@gmail[.]com

emmer[.]brown@mail[.]com

qupton@mail[.]com

adel[.]rice@mail[.]com

trainerkart2@gmail[.]com

cowrob@mail[.]com

direct2playstore@gmail[.]com

cffaccll@mail[.]com

drgtradingllc@gmail[.]com

jack2020@outlook[.]com

pdkt00@Safe-mail[.]net

david_thompson62@aol[.]com

distardrupp@gmail[.]com

perplencorp@gmail[.]com

spammer11@superrito[.]com

jilberaner@yahoo[.]de

snowyowl@jpnsec[.]com

asainchuk@gmail[.]com

OKEKECHIDIC@GMAIL[.]COM

abelinmarcel@outlook[.]fr

idesk[.]corp[.]apple[.]com@gmail[.]com

mutantcode@outlook[.]fr

pier@pipimerah[.]com

vrickson@mail[.]com

prabhakar_malreddy@yahoo[.]com

Sample related email known to have participated in the U[.]S Elections 2016 campaign:

jack2020@outlook[.]com

Sample Maltego Graph of a sample malicious and fraudulent domain registrant known to have participated in the U.S Election 2016 campaign:

Sample related domains known to have participated in the U.S Elections 2016 campaign:

support-forum[.]org

oceaninformation[.]org

vodafoneupdate[.]org

succourtion[.]org

eascd[.]org

northropgruman[.]org

apple-iphone-services[.]com

localisation-security-icloud[.]com

applesecurity-supporticloud[.]com

icloud-iphone-services[.]com

icloud-id-localisation[.]com

apple-localisation-id[.]com

identification-icloud-id[.]com

cloud-id-localisation[.]com

support-security-icloud[.]com

identification-apple-id[.]com

localisation-apple-security[.]com

security-icloud-localisation[.]com

dabocom[.]com

quick-exchange[.]com

hygani[.]com

hztx88[.]com

sddqgs[.]net

qufu001[.]com

lutushiqi[.]com

gsctgs[.]com

tazehong[.]com

hthgj[.]com

kvistberga[.]com

bjytj[.]net

cqhuicang[.]com

softbank-tech[.]com

osce-press[.]org

maxidea[.]tw

sdti[.]tw

gmailcom[.]tw

zex[.]tw

gain-paris-notaire[.]fr

loto-fdj[.]fr

client-amzon[.]fr

idse-orange[.]fr

rgraduzkfghgd[.]com

jmhgjqtmhanoncp[.]com

stwdchstclovuzk[.]com

puxqtyrwzuzybgzehc[.]com

maatil[.]com[.]ng

surestbookings[.]com

asatuyouth[.]org[.]ng

hanna[.]ng

hostlink[.]com[.]ng

sirbenlimited[.]com

dce[.]edu[.]ng

eventsms[.]com[.]ng

krsbczmxwdsjwtizmx[.]com

alizirwzyjazurof[.]com

zslipanehule[.]com

cxotonspmjkxw[.]com

wpifmhyjkxyt[.]com

ngvsngpwdidmn[.]com

imperialvillas[.]com[.]ng

lipyhgpofsnifste[.]com

flexceeweb[.]com

fgfcpkdcnebgduls[.]com

shinjiru[.]us

supportchannel[.]net

couponofferte[.]com

psepaperindustrial[.]com

lakws[.]com

perplencorp[.]com

lbchemtrade[.]com

viaggibelli[.]com

liontitco[.]com

svendiamo[.]com

orogenicgroup[.]com

giudeviaggio[.]com

greenskill[.]net

siteseditor[.]net

e-mail-supports[.]com

biplen[.]com

infradesajohor[.]com

dealhot[.]net

suanmin[.]com

on9on9[.]com

accoutns-google[.]com

puroniq[.]com

sinqa[.]com

sadihadi[.]com

mrangkang[.]com

terumbu[.]com

phygitail[.]com

veraniq[.]com

potxr[.]com

icraw[.]com

thearoid[.]com

teempo[.]com

parblue[.]com

mydomainlookup[.]net

adrianvonziegler[.]net

zetindustries[.]com

researchs[.]com[.]ng

joymoontech[.]com

researchmaterials[.]com[.]ng

james823[.]com

oneibeauty[.]net

We’ll continue monitoring the campaign and post updates as soon as new developments take place.

Stay tuned!

Continue reading →

Exposing a Currently Active Domain Portfolio Managed and Operated by Members of the Ashiyane Digital Security Team - An OSINT Analysis

Note: This OSINT analysis has been originally published at my current employer's Web site - https://whoisxmlapi.com where I'm currently acting as a DNS Threat Researcher since January, 2021.

We’ve decided to take a closer look at the current and historical domain portfolio managed and operated by members of Iran’s Ashiyane Digital Security Team using Maltego in combination with WhoisXML API’s integration for the purpose of providing actionable threat intelligence including to assist fellow researchers vendors and organization on their way to track down and monitor the Internet connected infrastructure of key members of Iran’s Ashiyane Digital Security Team for the purpose of monitoring it and attempting to take it offline.

In this article we’ll provide actionable intelligence on some of the currently active domains managed run and operated by Iran’s Ashiyane Digital Security Team with the idea to assist fellow researchers vendors and organizations on their way to track down and monitor the infrastructure managed run and operated by Iran’s Ashiyane Digital Security Team.

A list of currently active domain portfolio known to be managed and operated by members of Iran’s Ashiyane Digital Security Team:

life-guard[.]ir

sepahan-trans[.]ir

kashanit[.]ir

websazangroup[.]ir

namvarnameybastan[.]ir

ashiyane-ads[.]com

tamamkar-chalous[.]ir

padidehafagh[.]com

padideafagh[.]com

bahmanshahreza[.]com

vatanpaydar[.]com

pkpersian[.]net

xn--wgba3di6y7p[.]com

jonoobhost[.]net

mahmoudbahmani[.]ir

piremehr[.]ir

shahrepars[.]ir

3diamond[.]ir

mhdcard[.]com

ashiyanecrm[.]com

tabta2[.]com

ashiyane-bot[.]ir

projejob[.]ir

rizone[.]ir

iedb[.]ir

unmobile[.]ir

razmaraa[.]ir

tabrizigold[.]ir

galleryfirozeh[.]ir

foroozanborj[.]ir

unicornart[.]ir

rahnamayeiran[.]ir

iranhack[.]ir

shomalbeauty[.]ir

andishehig[.]ir

meelk[.]ir

tamamkar-sari[.]ir

namehybastan[.]ir

chemiiran[.]ir

A list of currently active domain portfolio known to have been registered managed and operated by members of Iran’s Ashiyane Digital Security Team:

websazanco[.]ir

rahnamayeiran[.]ir

maz-laa[.]ir

esnikan[.]ir

foroozanborj[.]ir

royall-shop[.]ir

ashiyane[.]ir

chemiiran[.]ir

account-yahoo[.]com

arshiasanat-babol[.]ir

ashiyane-ads[.]com

jahandarco[.]ir

momtazbarbari[.]ir

pouyaandishan-mazand[.]ir

shomalbeauty[.]ir

tractorsazi[.]com

aleyaasin[.]com

farsmarket[.]com

englishdl[.]com

zproje[.]ir

projejob[.]ir

songdownload[.]ir

ashiyanesms[.]com

ihybrid[.]us

drsjalili[.]com

ashiyane[.]org

ashiyanecrm[.]com

ashiyanehost[.]com

ashiyanex[.]com

rasht-samacollege[.]ir

instapacks[.]ir

bahmanshahreza[.]com

shaahreza[.]com

shahrezanews[.]com

taktaweb[.]net

javannovin[.]com

padidehafagh[.]com

padideafagh[.]com

sahebnews[.]com

nasiri[.]info

taktaweb[.]org

bamemar[.]com

talakesht[.]com

sepahan-trans[.]ir

opencart5[.]ir

rasulsh[.]ir

kashanit[.]ir

facebooktu[.]com

life-guard[.]ir

pr0grammers[.]ir

lammer[.]ir

sepahantrans[.]ir

facecode[.]ir

iranhack[.]org

aryanenergy[.]org

khsmt-sabzevar[.]com

orveh[.]com

tipec[.]org

iranhack[.]ir

shantya3d[.]ir

razmaraa[.]ir

soroshland[.]ir

galleryfirozeh[.]ir

unicornart[.]ir

shahrepars[.]ir

3diamond[.]ir

ashiyane-bot[.]ir

mahmoudbahmani[.]ir

piremehr[.]ir

dcligner[.]com

tabta2[.]com

chipiran[.]org

ashiyanebot[.]ir

bnls[.]ir

lamroid[.]com

persiandutyfree[.]com

iran3erver[.]com

hivacom[.]com

irantwitter[.]com

persian-pasargad[.]com

chatafg[.]com

kasraprofile[.]com

gharnict[.]com

minachoob[.]com

gigmeg[.]com

shoka-chat[.]com

serajmehr[.]com

asrarweb[.]com

niazezamuneh[.]com

sana-mobile[.]com

rizone[.]ir

iedb[.]ir

unmobile[.]ir

progmans[.]com

design84u[.]com

istgah-salavati[.]com

iranhack[.]net

shantya3d[.]com

kamelannews[.]com

rangeshab[.]com

dihim[.]com

hdphysics[.]com

cgsolar[.]net

vahidelmi[.]ir

maincoretechnology[.]com

bastanteam[.]com

vvfa[.]com

Irsecteam[.]org

We’ll continue to monitor for new domain registrations courtesy of Iran’s Ashiyane Digital Security Team and we’ll post updates as soon as new developments take place.

Stay tuned!

Continue reading →

Exposing a Currently Active Free Rogue VPN Domains Portfolio Courtesy of the NSA - An OSINT Analysis

Note: This OSINT analysis has been originally published at my current employer's Web site - https://whoisxmlapi.com where I'm currently acting as a DNS Threat Researcher since January, 2021.

We’ve recently came across to a currently active free VPN domains portfolio which based on ourn research and publicly accessible sources appears to be run and operated by the NSA where the ultimate goal would be to trick users into using these rogue and bogus free VPN service providers in particular Iran-based users where the ultimate goal would be to monitor an eavesdrop on their Internet activities and we’ve decided to take a deeper look inside the Internet-connected infrastructure of these domains and offer practical and relevant threat intelligence and cyber attack attribution details on the true origins of the campaign.

In this case study we’ll offer practical and relevant technical information on the Internet-connected infrastructure of this campaign with the idea to assist the security community on its way to track down and monitor this campaign including to offer actual cyber attack and cyber campaign attribution clues which could come handy to a security researcher or a threat intelligence analyst on their way to track down and monitor the campaign.

Original rogue portfolio of fake VPN service domains courtesy of the NSA:

bluewebx[.]com

bluewebx[.]us

irs1[.]ga

iranianvpn[.]net

IRSV[.]ME

DNSSPEEDY[.]TK

ironvpn[.]tk

ironvpn[.]pw

irgomake[.]win

make-account[.]us

make-account[.]ir

IRANTUNEL[.]COM

JET-VPN[.]COM

newhost[.]ir

homeunix[.]net

vpnmakers[.]com

hidethisip[.]info

uk[.]myfastport[.]com

witopia[.]net

worldserver[.]in

music30ty[.]net

misconfused[.]org

privatetunnel[.]com

aseman-sky[.]in

Related domain registrant email addresses known to have been involved in the campaign:

zodaraxe@yandex[.]com

2alfaman@gmail[.]com

rossma@aliyun[.]com

uletmed@gmail[.]com

xy168899@gmail[.]com

baoma123654@gmail[.]com

88guaji@gmail[.]com

deshintawiida@gmail[.]com

2710282345@qq[.]com

youji364558@163[.]com

ngelaa337@gmail[.]com

THEPOUTHOOEB@HOTMAIL[.]COM

michalrestl@email[.]cz

cfwwx2@126[.]com

20702176@qq[.]com

ljytyhdeai@foxmail[.]com

2140426952@qq[.]com

marocsofiane20@gmail[.]com

17891750@qq[.]com

moniqueburorb@yahoo[.]com

rayyxy@163[.]com

chaxun@dispostable[.]com

Related domains known to have been involved in the campaign:

gaysexvideo[.]us

keezmovies[.]us

hitporntube[.]com

enjoyfreesex[.]com

allfreesextube[.]com

thegaytubes[.]com

sextubeshop[.]com

pornfetishexxx[.]com

ebonypornox[.]com

freepornpig[.]com

marriagesextube[.]com

searchporntubes[.]com

suckporntube[.]com

darlingmatures[.]com

pornretrotube[.]com

teensexfusion[.]net

rough18[.]us

teendorf[.]us

1retrotube[.]com

typeteam[.]com

biosextube[.]com

hadcoreporntube[.]com

reporntube[.]com

telltake[.]com

asianprivatetube[.]com

hostednude[.]com

alfaporn[.]com

sexbring[.]com

porntubem[.]com

newerotictube[.]com

firstretrotube[.]com

oralsexlove[.]com

1bdsmtubes[.]com

hairytubeporn[.]com

brunettetubex[.]com

tubelatinaporn[.]com

xxxgaytubes[.]com

analxxxvideo[.]com

analsexytube[.]com

aeroxxxtube[.]com

amateurpornlove[.]com

admingay[.]com

xxxretrotube[.]com

xxxshemaletubes[.]com

hotpornstartube[.]com

firsttrannytube[.]com

erotixtubes[.]com

1pornstartube[.]com

1asiantube[.]com

18mpegs[.]com

maturediva[.]com

elitematures[.]com

vipmatures[.]com

pcsextube[.]com

porn-vote[.]com

pornbrunettes[.]com

maturedtube[.]com

alfatubes[.]com

maturetubesexy[.]com

justhairyporn[.]com

hotblowjobporn[.]com

homemadetubez[.]com

homemadexx[.]com

golesbiansex[.]com

fuck-k[.]com

freebdsmxxx[.]com

emeraldporntube[.]com

dosextube[.]com

bigtitslove[.]com

yoursex[.]sexy

tubez[.]sexy

japaneseporn[.]win

hdfuck[.]me

tubelesbianporn[.]com

vipebonytube[.]com

vipamateurtube[.]com

largematuretube[.]com

latinosextube[.]com

xxxhardest[.]com

tubebigtit[.]com

tubesexa[.]com

realfetishtube[.]com

pornways[.]com

Related domains known to have been involved in the campaign:

qhbzkj[.]cn

mmbrbdf[.]cn

daosidanbao[.]cn

txxutmgs[.]cn

sdhsyl[.]cn

butrxmgp[.]cn

aiin[.]com[.]cn

xuxinwuliu[.]cn

qaqbhvnb[.]cn

hnldfm[.]cn

tjtyfs[.]cn

china-sum[.]com

bjyfjh[.]cn

lianstea[.]cn

shufaxuetang[.]cn

wdjjsc[.]cn

hjstory[.]cn

domcc[.]cn

918mzj[.]com

chninvest[.]cn

jfcng[.]com

nksale[.]cn

davidzhu[.]cn

tswfg[.]cn

realpornmovies[.]xyz

freepornosvideo[.]xyz

xxxpornomovies[.]xyz

sexbring[.]com

discountsale[.]xyz

howmanyweeksinayear[.]net

nutridot[.]xyz

doomyaffiliate[.]com

gacha3[.]online

hollybox[.]store

slimevideoyoutube[.]com

gooogle[.]site

vtrpic[.]com

hg301[.]com

pornvv[.]com

voonage[.]com

pornonada[.]com

uscab[.]com

pornoporntube[.]com

beaces[.]com

spaziotorte[.]com

spermix[.]com

eyew[.]com

pornky[.]com

cosmos-nc[.]com

pornlow[.]com

topbridal[.]com

coolporntube[.]com

pornotubevideos[.]com

freshporntv[.]com

pornushkin[.]com

pornodayiz[.]com

fjser[.]com

egreenfusion[.]com

ahbest[.]net

cvm[.]cn

spccsd[.]com

kozw[.]com

finalyearprojects[.]net

ylciyuiw[.]com

ylcimgsm[.]com

ylcddldz[.]com

ylchzhvb[.]com

rhshh[.]cn

ylcksqag[.]com

coodj[.]com

ylckigoa[.]com

qzguangda[.]com

ylcawqoq[.]com

laohe360[.]net

ylcxzlxd[.]com

miracure-bio[.]com

nmhxt[.]com

bjaiweiyi[.]com

hermankardon[.]com

ybcvideo[.]com

vindowsad[.]net

hpimsummit[.]com

wilmassage[.]com

cpfpz[.]com

gaysexvideo[.]us

keezmovies[.]us

ylcaiyay[.]com

lewan123[.]com

tbtmzk[.]com

haigouusa[.]com

ztmzp[.]com

hacctv[.]com

zuikuho[.]com

enping1[.]com

xgfxw[.]com

xzkywx[.]com

alotof-people[.]com

choreographyourhealth[.]us

acwt[.]us

somethinglovely[.]us

onlinestock-investing[.]us

lionheartgallery[.]us

host4bit[.]us

computerpartsdirect[.]us

sjb152[.]com

sjb513[.]com

sjb073[.]com

sjb458[.]com

sjb632[.]com

sjb272[.]com

sjb190[.]com

bighank[.]com

funskip[.]com

funnyjp[.]com

n6i[.]com

forgoodfuture[.]com

dzhfgj[.]cn

wbag[.]com

ceducation[.]cn

ahound[.]com

kenchu[.]net

bigsaks[.]com

7l0[.]com

psichiomega[.]us

blankparkzoo[.]us

ujdah[.]us

my-ask[.]com

yourtutor[.]us

cbdemon[.]us

anweigps[.]cn

szdjt[.]cn

yooyle[.]com[.]cn

maturediva[.]com

ccy-sj[.]com[.]cn

ntdoc[.]cn

024jk[.]cn

cd8888[.]cn

tlmlj[.]cn

bjostore[.]com

lockhan[.]cn

yangqiu[.]cn

bigaq[.]com

szca[.]org[.]cn

cnturtle[.]com[.]cn

gzycdz[.]cn

pdshdzz[.]cn

zhjzzz[.]cn

szms678[.]com[.]cn

taifengzd[.]com

100airport[.]cn

rtchache[.]com

dtcs[.]com[.]cn

szhychem[.]cn

lqqz[.]net

hyfk[.]net

geoer[.]cn

jjzyhhy[.]cn

goroog[.]cn

ey-x[.]com

yabtsf[.]cn

blzyds[.]cn

dgtdzs[.]cn

118km[.]cn

ad-cct[.]com

52huimin[.]com

zeshangze[.]com

0971jz[.]com

scxzt[.]cn

sjzxwg[.]cn

yhyizhneit[.]com

51hikao[.]com

holomovie[.]xyz

alisale[.]xyz

itangv[.]com

qhlqq[.]com

pdsyicheng[.]com

sjb925[.]com

sjb312[.]com

sjb301[.]com

yun034[.]com

zhc240[.]com

youpindaojia[.]cn

We’ll continue monitoring the campaign and post updates as soon as new developments take place

Stay tuned!

Continue reading →

Exposing a Currently Active List of Iran-Based Hacker and Hacker Team's Handles - An OSINT Analysis

Dear blog readers,

I've decided to share with everyone a currently active list of Iran-based hacker and hacker team's handles which could greatly assist in possible cyber attack attribution campaigns including cyber threat actor attribution campaigns.

Sample currently active Iran-based hacker and hacker team's handles currently used in massive or targeted Web site defacement campaigns:

[7] || Hacked By Reza_Blz |||| Hacked By Reza_Blz||

[8] .:: Hacked By M4st3r_4w4r3 ::.

[9] ...:: Hacked By Wonted ::....

[10] Hacked By Cair3x

[11] =====Hacked By Aref ====

[12] Hacked By alipc1

[13] Hacked By BrainBoy

[14] Hacked By Mr.Bami

[15] Hacked !? /Cyber Terrorist

[16] Hacked By SaMiR

[17] Hacked By Remove !

[18] HaCkEd By ArMaN InvIsIbLe

[19] Hacked by Original-Hackers

[20] Hacked By : MSN-HACKER

[21] [Hacked..By..Number14]

[22] Hacked By: D4rk_Kn1ght U

[23] [ Hacked By Sootak ]

[24] Hacked By Dr.Root

[25] Hacked By Cocain TeaM

[26] Hacked By Tir3x

[27] ..::HACKED BY MsU360::..

[28] >> HaCKed By MoHSenSUnBOY

[29] Hacked By GHOST

[30] Hacked By Dedmaster

[31] Hacked By amob07

[32] *** HACKED BY PUNISHER ***

[33] Hacked by Hellboy Group

[34] Hacked By infohooman

[35] HacKeD By Cair3x

[36] Hacked By H3LL BOY$

[37] HACKED BY PERSIAN DALTONS

[38] Hacked By MuteMove... !!!

[39] HAcKed By Karaji_kt21

[40] HaCKeD By rootqurd

[41] HaCkEd By ArMaN InvIsIbLe

[42] Hacked By Delta

[43] HACKED BY H3X73L

[44] [ Hacked By SHIA ]

[45] Hacked By SaeedSaaDi

[46] Hacked By #RooTer ;)

[47] [ Hacked By OptiShock ]

[48] Hacked By DevilZ TM

[49] Hacked By Busy Hacker

[50] Hacked By T3rr0r

[51] Hacked By nitROJen

[52] .:: HACKED BY ESSAJI ::.

[53] Hacked By : DangerMan

[54] Hacked By Security Team

[55] Hacked By Solt6n

[56] Hacked by R3d ErRor

[57] HacKeD By Cca

[58] Hacked by Arash Cyber

[59] Hacked By Never More !

[60] ||| Hacked by Afghan Hacker |||

[61] Hacked By Sianor

[62] ---==[ Hacked By MoHaMaD VakeR ]==---

[63] Hacked by Msu360

[64] HACKED BY Anti Shakh !

[65] -=: Hacked By kazi_root :=-

[66] Hacked By DevilZ TM

[67] Hacked By SaMiR

[68] Hacked By Dr.Pantagon

[69] hacked by inJenious

[70] Hacked by D3stroyer

[71] ::: Hacked By ArvinHacker :::

[72] Hacked By ShakafTeam

[73] HACKED BY B!0S

[74] Hacked By Tink3r

[75] Hacked By DevilZ TM

[76] HacKeD By Cair3x

[77] Hacked By Cyber Saboteur

[78] HACKED By Shadow.hacker

[79] -=[ HaCked By TBH ]=-

[80] -=: Hacked By two wolfs :=-

[81] << HACKED by Ali.ERROOR >>

[82] XPERSIA(HACKED BY HACKER)

[83] ????? Hacked By AR3S ?????|| HackeD By AR3S ||HACKED BY AR3S

[84] Hacked By ParsiHacker Security Team

[85] ::... This Site Hacked By TerminatoR

[86] [Hacked by Black hat group ]

[87] HaCked By Shishe security team=====

[88] THIS SITE HACKED BY dani.love666

[89] ::. HACKED BY TODAY PROGRAM GROUP .::

[90] .:hack_really:. hacked by firehackers hack_really

[91] -= Hacked By IrIsT Security Team =-

[92] Hacked By Loooooord Hacking Team

[93] HaCkEd By Anti Security Team

[94] .:::: Hacked By IRaNHaCK Security Team ::::.

[95] This Site Hacked by DiaGraM

[96] .:::: Hacked By IRaNHaCK Security Team ::::.

[97] ????? Hacked By kingback ?????

[98] o--[ Hacked By devilzc0der ]--o

[99] --= Hacked By Hijack Security Team =--

[0] || Hacked By Reza_Blz |||| Hacked By Reza_Blz||

[1] .:: Hacked By M4st3r_4w4r3 ::.

[2] ...:: Hacked By Wonted ::....

[3] Hacked By Cair3x

[4] =====Hacked By Aref ====

[5] Hacked By alipc1

[6] Hacked By BrainBoy

[7] Hacked By Mr.Bami

[8] Hacked By SaMiR

[9] Hacked By Remove !

[10] HaCkEd By ArMaN InvIsIbLe

[11] Hacked by Original-Hackers

[12] Hacked By : MSN-HACKER

[13] [Hacked..By..Number14]

[14] Hacked By: D4rk_Kn1ght U

[15] [ Hacked By Sootak ]

[16] Hacked By Dr.Root

[17] Hacked By Cocain TeaM

[18] Hacked By Tir3x

[19] ..::HACKED BY MsU360::..

[20] >> HaCKed By MoHSenSUnBOY

[21] Hacked By GHOST

[22] Hacked By Dedmaster

[23] Hacked By amob07

[24] *** HACKED BY PUNISHER ***

[25] Hacked by Hellboy Group

[26] Hacked By infohooman

[27] HacKeD By Cair3x

[28] Hacked By H3LL BOY$

[29] HACKED BY PERSIAN DALTONS

[30] Hacked By MuteMove... !!!

[31] HAcKed By Karaji_kt21

[32] HaCKeD By rootqurd

[33] HaCkEd By ArMaN InvIsIbLe

[34] Hacked By Delta

[35] HACKED BY H3X73L

[36] [ Hacked By SHIA ]

[37] Hacked By SaeedSaaDi

[38] Hacked By #RooTer ;)

[39] [ Hacked By OptiShock ]

[40] Hacked By DevilZ TM

[41] Hacked By Busy Hacker

[42] Hacked By T3rr0r

[43] Hacked By nitROJen

[44] .:: HACKED BY ESSAJI ::.

[45] Hacked By : DangerMan

[46] Hacked By Security Team

[47] Hacked By Solt6n

[48] Hacked by R3d ErRor

[49] HacKeD By Cca

[50] Hacked by Arash Cyber

[51] Hacked By Never More !

[52] ||| Hacked by Afghan Hacker |||

[53] Hacked By Sianor

[54] ---==[ Hacked By MoHaMaD VakeR ]==---

[55] Hacked by Msu360

[56] HACKED BY Anti Shakh !

[57] -=: Hacked By kazi_root :=-

[58] Hacked By DevilZ TM

[59] Hacked By SaMiR

[60] Hacked By Dr.Pantagon

[61] hacked by inJenious

[62] Hacked by D3stroyer

[63] ::: Hacked By ArvinHacker :::

[64] Hacked By ShakafTeam

[65] HACKED BY B!0S

[66] Hacked By Tink3r

[67] Hacked By DevilZ TM

[68] HacKeD By Cair3x

[69] Hacked By Cyber Saboteur

[70] HACKED By Shadow.hacker

[71] -=[ HaCked By TBH ]=-

[72] -=: Hacked By two wolfs :=-

[73] << HACKED by Ali.ERROOR >>

[74] XPERSIA(HACKED BY HACKER)

[75] [ Hacked ! ]

[76] Hacked

[77] ????? Hacked By AR3S ?????|| HackeD By AR3S ||HACKED BY AR3S

[78] Hacked

[79] Hacked By ParsiHacker Security Team

[80] ::... This Site Hacked By TerminatoR

[81] [Hacked by Black hat group ]

[82] HaCked By Shishe security team=====

[83] THIS SITE HACKED BY dani.love666

[84] ::. HACKED BY TODAY PROGRAM GROUP .::

[85] .:hack_really:. hacked by firehackers hack_really

[86] -= Hacked By IrIsT Security Team =-

[87] Hacked By Loooooord Hacking Team

[88] HaCkEd By Anti Security Team

[89] .:::: Hacked By IRaNHaCK Security Team ::::.

[90] This Site Hacked by DiaGraM

[91] .:::: Hacked By IRaNHaCK Security Team ::::.

[92] ????? Hacked By kingback ?????

[93] o--[ Hacked By devilzc0der ]--o

[94] --= Hacked By Hijack Security Team =--

[95] [ Hacked By Root Security Team ]

[96] Hacked By Iran Security Team

[97] .:::HACKED BY $py_F!$K3|2:::.

[98] HaCkEd By vahshatestan Security Team

[99] HACKED BY Mr,farshad,and.skote_vahshat

[0] Hacked!

[1] HACKED !

[2] Hacked!

[3] Hacked

[4] [ Hacked ! ]

[5] Hacked

[6] Hacked By Nob0dy

[7] || Hacked By Reza_Blz |||| Hacked By Reza_Blz||

[8] .:: Hacked By M4st3r_4w4r3 ::.

[9] ...:: Hacked By Wonted ::....

[10] Hacked By Cair3x

[11] =====Hacked By Aref ====

[12] Hacked By alipc1

[13] Hacked By BrainBoy

[14] Hacked By Mr.Bami

[15] Hacked !? /Cyber Terrorist

[16] Hacked By SaMiR

[17] Hacked By Remove !

[18] HaCkEd By ArMaN InvIsIbLe

[19] Hacked by Original-Hackers

[20] Hacked By : MSN-HACKER

[21] [Hacked..By..Number14]

[22] Hacked By: D4rk_Kn1ght U

[23] [ Hacked By Sootak ]

[24] Hacked By Dr.Root

[25] Hacked By Cocain TeaM

[26] Hacked By Tir3x

[27] ..::HACKED BY MsU360::..

[28] >> HaCKed By MoHSenSUnBOY

[29] Hacked By GHOST

[30] Hacked By Dedmaster

[31] Hacked By amob07

[32] *** HACKED BY PUNISHER ***

[33] Hacked by Hellboy Group

[34] Hacked By infohooman

[35] HacKeD By Cair3x

[36] Hacked By H3LL BOY$

[37] HACKED BY PERSIAN DALTONS

[38] Hacked By MuteMove... !!!

[39] HAcKed By Karaji_kt21

[40] HaCKeD By rootqurd

[41] HaCkEd By ArMaN InvIsIbLe

[42] Hacked By Delta

[43] HACKED BY H3X73L

[44] [ Hacked By SHIA ]

[45] Hacked By SaeedSaaDi

[46] Hacked By #RooTer ;)

[47] [ Hacked By OptiShock ]

[48] Hacked By DevilZ TM

[49] Hacked By Busy Hacker

[50] Hacked By T3rr0r

[51] Hacked By nitROJen

[52] .:: HACKED BY ESSAJI ::.

[53] Hacked By : DangerMan

[54] Hacked By Security Team

[55] Hacked By Solt6n

[56] Hacked by R3d ErRor

[57] HacKeD By Cca

[58] Hacked by Arash Cyber

[59] Hacked By Never More !

[60] ||| Hacked by Afghan Hacker |||

[61] Hacked By Sianor

[62] ---==[ Hacked By MoHaMaD VakeR ]==---

[63] Hacked by Msu360

[64] HACKED BY Anti Shakh !

[65] -=: Hacked By kazi_root :=-

[66] Hacked By DevilZ TM

[67] Hacked By SaMiR

[68] Hacked By Dr.Pantagon

[69] hacked by inJenious

[70] Hacked by D3stroyer

[71] ::: Hacked By ArvinHacker :::

[72] Hacked By ShakafTeam

[73] HACKED BY B!0S

[74] Hacked By Tink3r

[75] Hacked By DevilZ TM

[76] HacKeD By Cair3x

[77] Hacked By Cyber Saboteur

[78] HACKED By Shadow.hacker

[79] -=[ HaCked By TBH ]=-

[80] -=: Hacked By two wolfs :=-

[81] << HACKED by Ali.ERROOR >>

[82] XPERSIA(HACKED BY HACKER)

[83] ????? Hacked By AR3S ?????|| HackeD By AR3S ||HACKED BY AR3S

[84] Hacked By ParsiHacker Security Team

[85] ::... This Site Hacked By TerminatoR

[86] [Hacked by Black hat group ]

[87] HaCked By Shishe security team=====

[88] THIS SITE HACKED BY dani.love666

[89] ::. HACKED BY TODAY PROGRAM GROUP .::

[90] .:hack_really:. hacked by firehackers hack_really

[91] -= Hacked By IrIsT Security Team =-

[92] Hacked By Loooooord Hacking Team

[93] HaCkEd By Anti Security Team

[94] .:::: Hacked By IRaNHaCK Security Team ::::.

[95] This Site Hacked by DiaGraM

[96] .:::: Hacked By IRaNHaCK Security Team ::::.

[97] ????? Hacked By kingback ?????

[98] o--[ Hacked By devilzc0der ]--o

[99] --= Hacked By Hijack Security Team =--

[6] Hacked By Nob0dy

[7] || Hacked By Reza_Blz |||| Hacked By Reza_Blz||

[8] .:: Hacked By M4st3r_4w4r3 ::.

[9] ...:: Hacked By Wonted ::....

[10] Hacked By Cair3x

[11] =====Hacked By Aref ====

[12] Hacked By alipc1

[13] Hacked By BrainBoy

[14] Hacked By Mr.Bami

[15] Hacked !? /Cyber Terrorist

[16] Hacked By SaMiR

[17] Hacked By Remove !

[18] HaCkEd By ArMaN InvIsIbLe

[19] Hacked by Original-Hackers

[20] Hacked By : MSN-HACKER

[21] [Hacked..By..Number14]

[22] Hacked By: D4rk_Kn1ght U

[23] [ Hacked By Sootak ]

[24] Hacked By Dr.Root

[25] Hacked By Cocain TeaM

[26] Hacked By Tir3x

[27] ..::HACKED BY MsU360::..

[28] >> HaCKed By MoHSenSUnBOY

[29] Hacked By GHOST

[30] Hacked By Dedmaster

[31] Hacked By amob07

[32] *** HACKED BY PUNISHER ***

[33] Hacked by Hellboy Group

[34] Hacked By infohooman

[35] HacKeD By Cair3x

[36] Hacked By H3LL BOY$

[37] HACKED BY PERSIAN DALTONS

[38] Hacked By MuteMove... !!!

[39] HAcKed By Karaji_kt21

[40] HaCKeD By rootqurd

[41] HaCkEd By ArMaN InvIsIbLe

[42] Hacked By Delta

[43] HACKED BY H3X73L

[44] [ Hacked By SHIA ]

[45] Hacked By SaeedSaaDi

[46] Hacked By #RooTer ;)

[47] [ Hacked By OptiShock ]

[48] Hacked By DevilZ TM

[49] Hacked By Busy Hacker

[50] Hacked By T3rr0r

[51] Hacked By nitROJen

[52] .:: HACKED BY ESSAJI ::.

[53] Hacked By : DangerMan

[54] Hacked By Security Team

[55] Hacked By Solt6n

[56] Hacked by R3d ErRor

[57] HacKeD By Cca

[58] Hacked by Arash Cyber

[59] Hacked By Never More !

[60] ||| Hacked by Afghan Hacker |||

[61] Hacked By Sianor

[62] ---==[ Hacked By MoHaMaD VakeR ]==---

[63] Hacked by Msu360

[64] HACKED BY Anti Shakh !

[65] -=: Hacked By kazi_root :=-

[66] Hacked By DevilZ TM

[67] Hacked By SaMiR

[68] Hacked By Dr.Pantagon

[69] hacked by inJenious

[70] Hacked by D3stroyer

[71] ::: Hacked By ArvinHacker :::

[72] Hacked By ShakafTeam

[73] HACKED BY B!0S

[74] Hacked By Tink3r

[75] Hacked By DevilZ TM

[76] HacKeD By Cair3x

[77] Hacked By Cyber Saboteur

[78] HACKED By Shadow.hacker

[79] -=[ HaCked By TBH ]=-

[80] -=: Hacked By two wolfs :=-

[81] << HACKED by Ali.ERROOR >>

[82] XPERSIA(HACKED BY HACKER)

[83] ????? Hacked By AR3S ?????|| HackeD By AR3S ||HACKED BY AR3S

[84] Hacked By ParsiHacker Security Team

[85] ::... This Site Hacked By TerminatoR

[86] [Hacked by Black hat group ]

[87] HaCked By Shishe security team=====

[88] THIS SITE HACKED BY dani.love666

[89] ::. HACKED BY TODAY PROGRAM GROUP .::

[90] .:hack_really:. hacked by firehackers hack_really

[91] -= Hacked By IrIsT Security Team =-

[92] Hacked By Loooooord Hacking Team

[93] HaCkEd By Anti Security Team

[94] .:::: Hacked By IRaNHaCK Security Team ::::.

[95] This Site Hacked by DiaGraM

[96] .:::: Hacked By IRaNHaCK Security Team ::::.

[97] ????? Hacked By kingback ?????

[98] o--[ Hacked By devilzc0der ]--o

[99] --= Hacked By Hijack Security Team =--

[0] || Hacked By Reza_Blz |||| Hacked By Reza_Blz||

[1] .:: Hacked By M4st3r_4w4r3 ::.

[2] ...:: Hacked By Wonted ::....

[3] Hacked By Cair3x

[4] =====Hacked By Aref ====

[5] Hacked By alipc1

[6] Hacked By BrainBoy

[7] Hacked By Mr.Bami

[8] Hacked By SaMiR

[9] Hacked By Remove !

[10] HaCkEd By ArMaN InvIsIbLe

[11] Hacked by Original-Hackers

[12] Hacked By : MSN-HACKER

[13] [Hacked..By..Number14]

[14] Hacked By: D4rk_Kn1ght U

[15] [ Hacked By Sootak ]

[16] Hacked By Dr.Root

[17] Hacked By Cocain TeaM

[18] Hacked By Tir3x

[19] ..::HACKED BY MsU360::..

[20] >> HaCKed By MoHSenSUnBOY

[21] Hacked By GHOST

[22] Hacked By Dedmaster

[23] Hacked By amob07

[24] *** HACKED BY PUNISHER ***

[25] Hacked by Hellboy Group

[26] Hacked By infohooman

[27] HacKeD By Cair3x

[28] Hacked By H3LL BOY$

[29] HACKED BY PERSIAN DALTONS

[30] Hacked By MuteMove... !!!

[31] HAcKed By Karaji_kt21

[32] HaCKeD By rootqurd

[33] HaCkEd By ArMaN InvIsIbLe

[34] Hacked By Delta

[35] HACKED BY H3X73L

[36] [ Hacked By SHIA ]

[37] Hacked By SaeedSaaDi

[38] Hacked By #RooTer ;)

[39] [ Hacked By OptiShock ]

[40] Hacked By DevilZ TM

[41] Hacked By Busy Hacker

[42] Hacked By T3rr0r

[43] Hacked By nitROJen

[44] .:: HACKED BY ESSAJI ::.

[45] Hacked By : DangerMan

[46] Hacked By Security Team

[47] Hacked By Solt6n

[48] Hacked by R3d ErRor

[49] HacKeD By Cca

[50] Hacked by Arash Cyber

[51] Hacked By Never More !

[52] ||| Hacked by Afghan Hacker |||

[53] Hacked By Sianor

[54] ---==[ Hacked By MoHaMaD VakeR ]==---

[55] Hacked by Msu360

[56] HACKED BY Anti Shakh !

[57] -=: Hacked By kazi_root :=-

[58] Hacked By DevilZ TM

[59] Hacked By SaMiR

[60] Hacked By Dr.Pantagon

[61] hacked by inJenious

[62] Hacked by D3stroyer

[63] ::: Hacked By ArvinHacker :::

[64] Hacked By ShakafTeam

[65] HACKED BY B!0S

[66] Hacked By Tink3r

[67] Hacked By DevilZ TM

[68] HacKeD By Cair3x

[69] Hacked By Cyber Saboteur

[70] HACKED By Shadow.hacker

[71] -=[ HaCked By TBH ]=-

[72] -=: Hacked By two wolfs :=-

[73] << HACKED by Ali.ERROOR >>

[74] XPERSIA(HACKED BY HACKER)

[75] [ Hacked ! ]

[76] Hacked

[77] ????? Hacked By AR3S ?????|| HackeD By AR3S ||HACKED BY AR3S

[78] Hacked

[79] Hacked By ParsiHacker Security Team

[80] ::... This Site Hacked By TerminatoR

[81] [Hacked by Black hat group ]

[82] HaCked By Shishe security team=====

[83] THIS SITE HACKED BY dani.love666

[84] ::. HACKED BY TODAY PROGRAM GROUP .::

[85] .:hack_really:. hacked by firehackers hack_really

[86] -= Hacked By IrIsT Security Team =-

[87] Hacked By Loooooord Hacking Team

[88] HaCkEd By Anti Security Team

[89] .:::: Hacked By IRaNHaCK Security Team ::::.

[90] This Site Hacked by DiaGraM

[91] .:::: Hacked By IRaNHaCK Security Team ::::.

[92] ????? Hacked By kingback ?????

[93] o--[ Hacked By devilzc0der ]--o

[94] --= Hacked By Hijack Security Team =--

[95] [ Hacked By Root Security Team ]

[96] Hacked By Iran Security Team

[97] .:::HACKED BY $py_F!$K3|2:::.

[98] HaCkEd By vahshatestan Security Team

[99] HACKED BY Mr,farshad,and.skote_vahshat

[0] Hacked By Cocain TeaM

[1] Vvolf Hackerz Team

[2] Ashiyane Digital Security Team

[3] Hacked By Security Team

[4] Hacked By ParsiHacker Security Team

[5] HaCked By Shishe security team=====

[6] -= Hacked By IrIsT Security Team =-

[7] Hacked By Loooooord Hacking Team

[8] HaCkEd By Anti Security Team

[9] .:::: Hacked By IRaNHaCK Security Team ::::.

[10] .:::: Hacked By IRaNHaCK Security Team ::::.

[11] --= Hacked By Hijack Security Team =--

[12] [ Hacked By Root Security Team ]

[13] Hacked By Iran Security Team

[14] Defaced By Irazic Hacking Team

[15] HaCkEd By vahshatestan Security Team

[16] Hacked By ZaHackers Security Team

[17] .:: ----~~~D E L T A ,,, HACKING ,,, TEAM~~~ ---- ::

[18] Hacked By Ashiyane Digital Security Team - farbodmahini

[19] Defaced By RMA Digital Security Team

[20] Hacked By Scary Boys Digital Hacking Team

[21] Hacked By Black Fox Security Team

[22] ---= Hacked By Iranian DataCoders Security Team =---

[23] Hacked By Ashiyane Digital Security Team

[24] ::: Hacked By East Hackers Digital Security Team :::

[25] Delta-Hacker Security Team : Home Page

[26] Hacked By Ashiyane Digital Security Team

[27] [ Hacked By Iran Black Hats Team ]

[28] hacked by Esfahan Digital Security Team.!!!

[29] H4cKeD By Sahel-soft Security Team

[30] Hacked by Mohammad {2M Team(The ROCK)}

[31] Hacked By Parshan Digital Security Team

[32] [ Hacked By Iran Black Hats Team ]

[33] Hacked By Delta hacking Digital Security TEAM..........

[34] Hacked By Ashiyane Digital Security Team

[35] ????? Iranian South Coders Security Team ?????

[36] Hacked BY HashoR - Ashiyane Digital Security Team

[37] Hacked By Ramian Digital Security Team

[38] HACKED BY IHZ-TEAM ( Invisible Hackers Zone )

[39] Hacked By Ashiyane Digital Security Team

[40] Hacked By Scary Boys Digital Hacking Team

[41] ---= Hacked By Iranian DataCoders Security Team =---

[42] ---= Hacked By Iranian DataCoders Security Team =---

[43] Hacked by golpayegan Hacking Team --mortal_error----

[44] HACKED BY Iran Black Hats Team

[45] This Site Hacked By ParsiHacker Team ! ?

[46] Hacked By Tr0y Digital Security TeaM

[47] ++ Hacked By P30Hack Digital Hacking Team ++

[48] Hacked By ShakafTeam

[49] ..::~ This Site Hacked by Iranian DataCoders Security Team ~::..

[50] This Site Hacked by ART@N DiGiTal Security TeaM

[51] [----> This Site Is Hacked By : Digital West Asia Security Team <----

[52] ????? .::MaHDi PaTrioT-=- Hacked BY Ashiyane Digital Security Team::. ?????

[53] Hacked By G0D-0F-W4R Digital Security TeaM

[54] This site hacked by Iranian Datacoders Security team

[55] Hacked By IRAN-BABOL-HACKERS-SECURITY-TEAM ~ Popo WAS HERE !~

[56] This Web Site Hacked By ku4ng Hacking Team

[57] Hacked By Delta

[58] [----> This Site Is Hacked By : Digital West Asia Security Team <----] ???? | ???? | ????| ????|

[59] Home Page

[60] Hacked By 0261 Under Earth

[61] [ Hacked ! ]

[62] Hacked By Cyber Saboteur

[63] Hacked By amob07

[64] [ Hacked By SHIA ]

[65] YahooSwatTeam.jpg

[66] YahooSwatTeam2.gif

[67]

[68] Defaced By Lord Nemesis

[69] Hacked by D3stroyer

[70] Index of /

[71] \..Crack3R../

[72] iranash.jpg

[73] You Have Been Hacked By UfS

[74] ::: Hacked By ArvinHacker :::

[75] << HACKED by Ali.ERROOR >>

[76] Hacked By GHOST

[77] HacKeD By Cair3x

[78] By -Sun Army-

[79] __Hacked By __WANTED__

[80] [ L0v3-H4cking-w4s-Here ] { Hacked }H4cked By:Love Hacking

[81] Hacked By Sianor

[82] Hacked by Msu360

[83] -[ Defaced By ExeCutiveIM Group & BioS ]-Defaced By ExecutiveIM Group & BioS

[84] Local index - HTTrack Website CopierLocal index - HTTrack

[85] Annoncer

[86] Hacked By Remove !

[87] HAcKed By Karaji_kt21

[88] ~ This Site Hacked By Crazy LoveR ~

[89] Hacked by Arash Cyber

[90] Index of /

[91] Index of /ID Maker

[92] Index of /

[93]

[94] Hacked !

Stay tuned!

Continue reading →

Exposing a Currently Active List of Iran-Based Hacker and Hacker Team's Handles - An OSINT Analysis - Part Two

Continue reading →

Who Wants to Support My Work Commercially?

Folks,

Who wants to dive deep into some of my latest commercially available research and stay on the top of their OSINT/cybercrime research and threat intelligence gathering game that also includes their team and organization?

Check out my latest project here where I'm currently doing my best to guarantee and deliver approximately 12 unique articles and OSINT research and analysis on a daily basis including the following currently active portfolio of research which I made available online exclusively for commercial purposes and to further empower you and your team and organization:

• A Compilation of Currently Active and Related Scams Scammer Email Addresses – An OSINT Analysis
• A Compilation of Currently Active Cyber Jihad Themed Personal Email Addresses – An OSINT Analysis
• A Compilation of Currently Active Full Offline Copies of Cybercrime-Friendly Forum Communities – Direct Technical Collection Download -[RAR]
• A Compilation of Personally Identifiable Information on Various Iran-based Hacker Groups and Lone Hacker Teams – Direct Technical Collection Download – [RAR]
• A Koobface Botnet Themed Infographic Courtesy of my Keynote at CyberCamp – A Photo
• Advanced Bulletproof Malicious Infrastructure Investigation – WhoisXML API Analysis
• Advanced Mapping and Reconnaissance of Botnet Command and Control Infrastructure using Hostinger’s Legitimate Infrastructure – WhoisXML API Analysis
• Advanced Mapping and Reconnaissance of the Emotet Botnet – WhoisXML API Analysis
• Assessing The Computer Network Operation (CNO) Capabilities of the Islamic Republic of Iran – Free Research Report
• Astalavista Security Newsletter - 2003-2006 - Full Offline Reading Copy
• Compilations of Personally Identifiable Information Including XMPP/Jabber and Personal Emails Belonging to Cybercriminals and Malicious Threat Actors Internationally – An OSINT Analysis
• Cyber Intelligence – Personal Memoir – Dancho Danchev – – Download Free Copy Today!
• Cybercriminals Impersonate Legitimate Security Researcher Launch a Typosquatting C&C Server Campaign – WhoisXML API Analysis
• Dancho Danchev – Cyber Intelligence – Personal Memoir – Direct Download Copy Available
• Dancho Danchev’s “A Qualitative and Technical Collection OSINT-Enriched Analysis of the Iranian Hacking Scene Through the Prism of the Infamous Ashiyane Digital Security Team” Report – [PDF]
• Dancho Danchev’s “Assessing The Computer Network Operation (CNO) Capabilities of the Islamic Republic of Iran” Report – [PDF]
• Dancho Danchev’s “Astalavista Security Group – Investment Proposal” Presentation – A Photos Compilation
• Dancho Danchev’s “Building and Implementing a Successful Information Security Policy” White Paper – [PDF]
• Dancho Danchev’s “Cyber Jihad vs Cyberterrorim – Separating Hype from Reality” Presentation – [PDF]
• Dancho Danchev’s “Cyber Jihad vs Cyberterrorism – Separating Hype from Reality – A Photos Compilation
• Dancho Danchev’s “Exposing Koobface – The World’s Largest Botnet” Presentation – A Photos Compilation
• Dancho Danchev’s “Exposing Koobface – The World’s Largest Botnet” Presentation – [PDF]
• Dancho Danchev’s “Exposing the Dynamic Money Mule Recruitment Ecosystem” Presentation – A Photos Compilation
• Dancho Danchev’s “Exposing the Dynamic Money Mule Recruitment Ecosystem” Presentation – [PDF]
• Dancho Danchev’s “Intell on the Criminal Underground – Who’s Who in Cybercrime for ” Presentation – [PDF]
• Dancho Danchev’s “Intell on the Criminal Underground – Who’s Who in Cybercrime for ?” – A Photos Compilation
• Dancho Danchev’s – Cybercrime Forum Data Set – Free Direct Technical Collection Download Available – GB – [RAR]
• Dancho Danchev’s Blog – Full Offline Copy Available – Volume – [PDF]
• Dancho Danchev’s Blog – Full Offline Copy Available – Volume – [PDF]
• Dancho Danchev’s Blog – Full Offline Copy Available – Volume – [PDF]
• Dancho Danchev’s Blog – Full Offline Copy Available – Volume – [PDF]
• Dancho Danchev’s Blog – Full Offline Copy Available – Volume – [PDF]
• Dancho Danchev’s Blog – Full Offline Copy Available – Volume – [PDF]
• Dancho Danchev’s Blog – Full Offline Copy Available – Volume – [PDF]
• Dancho Danchev’s Blog – Full Offline Copy Available – Volume – [PDF]
• Dancho Danchev’s Blog – Full Offline Copy Available – Volume – [PDF]
• Dancho Danchev’s Blog – Full Offline Copy Available – Volume – [PDF]
• Dancho Danchev’s Blog – Full Offline Copy Available – Volume – [PDF]
• Dancho Danchev’s Blog – Full Offline Copy Available – Volume – [PDF]
• Dancho Danchev’s Blog – Full Offline Copy Available – Volume – [PDF]
• Dancho Danchev’s Blog – Full Offline Copy Available – Volume – [PDF]
• Dancho Danchev’s Comeback Livestream Today – Join me on Facebook Live!
• Dancho Danchev’s CV – Direct Download Copy Available
• Dancho Danchev’s Cybercrime Forum Data Set for – Upcoming Direct Technical Collection Download Available
• Dancho Danchev’s Primary Contact Points for this Project – Email/XMPP/Jabber/OMEMO and PGP Key Accounts
• Dancho Danchev’s Privacy and Security Research Compilation – Medium Account Research Compilation – [PDF]
• Dancho Danchev’s Private Party Videos – Direct Video Download Available
• Dancho Danchev’s Private Party Videos – Part Three – Direct Video Download Available
• Dancho Danchev’s Private Party Videos – Part Two – Direct Video Download Available
• Dancho Danchev’s Random Conference and Event Photos – A Compilation
• Dancho Danchev’s Random Personal Photos and Research Photos Compilation – A Compilation
• Dancho Danchev’s Research for Unit-.org – Direct Download Copy Available
• Dancho Danchev’s Research for Webroot – Direct Download Copy Available
• Dancho Danchev’s RSA Europe Conference Event Photos – A Photos Compilation
• Dancho Danchev’s Security Articles and Research for ZDNet’s Zero Day Blog – Full Offline Copy Available – [PDF]
• Dancho Danchev’s Security/OSINT/Cybercrime Research and Threat Intelligence Gathering Research Compilations – [PDF]
• Dancho Danchev’s Twitter Archive – Direct Download – [ZIP]
• Dancho Danchev’s Upcoming Cybercrime Research OSINT and Threat Intelligence Gathering E-Book Titles – Sample E-Book Covers
• Dancho Danchev’s Video Keynote Presentation – “Exposing Koobface – The World’s Largest Botnet” – Video Download Available
• Dancho Danchev’s Random Personal Photos and Research Photos Compilation – Part Three – A Compilation
• Dancho Danchev’s Random Personal Photos and Research Photos Compilation – Part Two – A Compilation
• Exposing A Virus Coding Group – An OSINT Analysis
• Exposing a Boutique Fraudulent and Rogue Cybercrime-Friendly Forum Community – WhoisXML API Analysis
• Exposing a Currently Active “Jabber ZeuS” also known as “Aqua ZeuS” Gang Personal Email Portfolio – An OSINT Analysis
• Exposing a Currently Active CoolWebSearch Rogue and Malicious Domains Portfolio – An OSINT Analysis
• Exposing a Currently Active CoolWebSearch Rogue and Malicious Domains Portfolio – Part Two – An OSINT Analysis
• Exposing a Currently Active CoolWebSearch Rogue and Malicious Domains Portfolio – Part Four – An OSINT Analysis
• Exposing a Currently Active CoolWebSearch Rogue and Malicious Domains Portfolio – Part Three – An OSINT Analysis
• Exposing a Currently Active CoolWebSearch Rogue and Malicious IPs Portfolio – An OSINT Analysis
• Exposing a Currently Active CoolWebSearch Rogue and Malicious IPs Portfolio – Part Two – An OSINT Analysis
• Exposing a Currently Active Cyber Jihad Domain Portfolio – An OSINT Analysis
• Exposing a Currently Active Cyber Jihad Domains Portfolio – WhoisXML API Analysis
• Exposing a Currently Active Cyber Jihad Social Media Twitter Accounts – An OSINT Analysis
• Exposing a Currently Active Domain Portfolio Belonging to Iran’s Mabna Hackers – An OSINT Analysis
• Exposing a Currently Active Domain Portfolio Managed and Operated by Members of the Ashiyane Digital Security Team – WhoisXML API Analysis
• Exposing a Currently Active Domain Portfolio of Currently Active High-Profile Cybercriminals Internationally – WhoisXML API Analysis
• Exposing A Currently Active Domain Portfolio of Cybercrime Friendly Forum Communities – An OSINT Analysis
• Exposing A Currently Active Domain Portfolio of Cybercrime Friendly Forum Communities – Part Two – An OSINT Analysis
• Exposing A Currently Active Domain Portfolio of Cybercrime Friendly Forum Communities – Part Three – An OSINT Analysis
• Exposing a Currently Active Domain Portfolio of Tech Support Scam Domains – An OSINT Analysis
• Exposing a Currently Active Free Rogue VPN Domains Portfolio Courtesy of the NSA – WhoisXML API Analysis
• Exposing a Currently Active Iran-Based Lone Hacker and Hacker Group’s Personal Web Sites Full Offline Copies – Direct Technical Collection Download – [RAR]
• Exposing a Currently Active Kaseya Ransomware Domains Portfolio – WhoisXML API Analysis
• Exposing a Currently Active Koobface Botnet C&C Server Domains Portfolio – Historical OSINT
• Exposing a Currently Active List of Iran-Based Hacker and Hacker Team’s Handles – An OSINT Analysis
• Exposing a Currently Active List of Iran-Based Hacker and Hacker Team’s Handles – Part Two – An OSINT Analysis
• Exposing a Currently Active List of Iran-Based Hacker and Hacker Team’s Handles – Part Three – An OSINT Analysis
• Exposing a Currently Active List of Iran-Based Hacker and Hacker Team’s Handles – Part Two – An OSINT Analysis
• Exposing a Currently Active Money Mule Recruitment Domain Registrant Portfolio – Historical OSINT
• Exposing a Currently Active NSO Spyware Group’s Domain Portfolio – WhoisXML API Analysis
• Exposing a Currently Active Portfolio of Personal Web Sites Belonging to Iran-Based Hackers and Hacking Teams and Groups – An OSINT Analysis
• Exposing a Currently Active Portfolio of Personal Web Sites Belonging to Iran-Based Hackers and Hacking Teams and Groups – Part Two – An OSINT Analysis
• Exposing a Currently Active Portfolio of Ransomware-Themed Protonmail Personal Email Address Accounts – An OSINT Analysis
• Exposing a Currently Active Portfolio of RAT (Remote Access Tool) C&C Server IPs and Domains – An OSINT Analysis
• Exposing a Currently Active Rock Phish Domain Portfolio – Historical OSINT
• Exposing a Currently Active SolarWinds Rogue and Malicious C&C Domains Portfolio – An OSINT Analysis
• Exposing a Currently Active WannaCry Ransomware Domains Portfolio – WhoisXML API Analysis
• Exposing a Personal Photo Portfolio of Iran Hack Security Team – An OSINT Analysis
• Exposing A Personal Photos Portfolio of Ashiyane Digital Security Group Team Members – An OSINT Analysis
• Exposing a Personal Ransomware-Themed Email Address Portfolio – An OSINT Analysis
• Exposing a Personal Ransomware-Themed Email Address Portfolio – Part Two – An OSINT Analysis
• Exposing a Portfolio of Ashiyane Digital Security Team Hacking Tools – Direct Technical Collection Download – [RAR]
• Exposing a Portfolio of Personal Photos of Iran-Based Hacker and Hacker Teams and Groups – An OSINT Analysis
• Exposing a Rogue Domain Portfolio of Fake News Sites – WhoisXML API Analysis
• Exposing Bulgarian Cyber Army Hacking Group – An OSINT Analysis
• Exposing HackPhreak Hacking Group – An OSINT Analysis
• Exposing Personally Identifiable Information on Ashiyane Digital Security Group Team Members – An OSINT Analysis
• Exposing Random Koobface Botnet Related Screenshots – An OSINT Analysis
• Exposing Team Code Zero Hacking Group – An OSINT Analysis
• From the “Definitely Busted” Department – A Compilation of Personally Identifiable Information on Various Cyber Threat Actors Internationally – An OSINT Analysis – [PDF]
• Introducing Astalavista.box.sk’s “Threat Crawler” Project – Earn Cryptocurrency for Catching the Bad Guys – Hardware Version Available
• Introducing Dancho Danchevs’s “Blog” Android Mobile Application – Google Play Version Available
• Malware – Future Trends – Research Paper – Copy
• Person on the U.S Secret Service Most Wanted Cybercriminals Identified Runs a Black Energy DDoS Botnet – WhoisXML API
• Profiling a Currently Active CoolWebSearch Domains Portfolio – WhoisXML API Analysis
• Profiling a Currently Active Domain Portfolio of Fake Job Proposition and Pharmaceutical Scam Domains – An OSINT Analysis
• Profiling a Currently Active Domain Portfolio of Pay-Per-Install Rogue and Fraudulent Affiliate Network Domains – An OSINT Analysis
• Profiling a Currently Active Personal Email Address Portfolio of Members of Iran’s Ashiyane Digital Security Team – An OSINT Analysis
• Profiling a Currently Active Personal Email Addresses Portfolio Operated by Cybercriminals Internationally – An OSINT Analysis
• Profiling a Currently Active Portfolio of Rogue and Malicious Domains – An OSINT Analysis
• Profiling a Currently Active Portfolio of Scareware and Malicious Domain Registrants – Historical OSINT
• Profiling a Currently Active Portfolio of Scareware Domains – Historical OSINT
• Profiling a Currently Active Portfolio of Spam Domains that Hit ZDNet.com Circa – An OSINT Analysis
• Profiling a Currently Active Scareware Domains Portfolio – An OSINT Analysis
• Profiling a Money Mule Recruitment Registrant Emails Portfolio – WhoisXML API Analysis
• Profiling a Portfolio of Cybercriminal Email Addresses – WhoisXML API Analysis
• Profiling a Portfolio of Personal Photos Courtesy of Koobface Botnet Master Anton Korotchenko – An OSINT Analysis
• Profiling a Portfolio of Personal Photos of Behrooz Kamalian Team Member of Ashiyane Digital Security Team – An OSINT Analysis
• Profiling a Portfolio of Personally Identifiable OSINT Artifacts from Law Enforcement and OSINT Operation “Uncle George” – An OSINT Analysis
• Profiling a Rogue Fast-Flux Botnet Infrastructure Currently Hosting Multiple Online Cybercrime Enterprises – WhoisXML API Analysis
• Profiling Iran’s Hacking Scene Using Maltego – A Practical Case Study and a Qualitative Approach – An Analysis
• Profiling Russia’s U.S Election Interference – WhoisXML API Analysis
• Profiling the “Jabber ZeuS” Rogue Botnet Enterprise – WhoisXML API Analysis
• Profiling the Emotet Botnet C&C Infrastructure – An OSINT Analysis
• Profiling the Internet Connected Infrastructure of the Individuals on the U.S Sanctions List – WhoisXML API Analysis
• Profiling the Liberty Front Press Network Online – WhoisXML API Analysis
• Profiling the U.S Election Interference – An OSINT Analysis
• Random Photos from the “Lab” Circa up to Present Day – A Compilation
• Sample Random Cybercrime Ecosystem Screenshots – A Compilation of Images – Direct Technical Collection Download – An Analysis
• Sample Random Cybercrime Ecosystem Screenshots – A Compilation of , Images – An Analysis
• Sample Random Cybercrime Ecosystem Screenshots – A Compilation of , Images – An Analysis
• Sample Random Cybercrime Ecosystem Screenshots – A Compilation of Images – An Analysis
• Security Researchers Targeted in Spear Phishing Campaign – WhoisXML API Analysis
• Shots from the Wild West – Random Cybercrime Ecosystem Screenshots – An OSINT Analysis – Part Three
• The Pareto Botnet – Advanced Cross-Platform Android Malware Using Amazon AWS Spotted in the Wild – WhoisXML API Analysis
• Who’s Behind the Conficker Botnet? – WhoisXML API Analysis
• Who’s on Twitter?

 Stay tuned!

Continue reading →

Exposing a Portfolio of Pay Per Install Rogue and Fraudulent and Malicious Affiliate Network Domains - An OSINT Analysis

 

Dear blog readers,

I've decided to share with everyone an in-depth historical OSINT analysis on some of the primary pay per install rogue fraudulent and malicious affiliate network based rogue and fraudulent revenue sharing scheme operating malicious software gangs that are known to have been active back in 2008 with the idea to assist everyone in their cyber campaign attribution efforts.

Sample portfolio of pay per install rogue fraudulent and malicious affiliate network domains known to have been in operation in 2008 include:

vipsoftcash[.]com

iframevip[.]com

avicash[.]com

softmonsters[.]biz

cashboom[.]biz

loader[.]cc

luxecash[.]com

iframepartners[.]com

installsforyou[.]biz

topsale2[.]ru

cashcodec[.]com

go-go-cash[.]com

oxocash[.]com

3xl-cash2[.]com

3xlpartnership[.]com

installs4sale[.]com

profitclick[.]org

megatraffer[.]com

oemcash[.]com

goldencashworld[.]biz

topsale[.]us

installsmarket[.]com

profit-cash[.]biz

ADWSearch[.]com

ovocash[.]com

loadsprofit[.]com

exerevenue[.]com

adwaredollars[.]com

yabucks[.]com

installing[.]cc

installconverter[.]com

topsale[.]us

bakasoftware[.]com

goldencashworld[.]net

niftystats[.]com

niftystats[.]com

royal-cash[.]com

dogmasoftware[.]com

3xlsoftware[.]com

rashacash[.]com

3xltop[.]com

vipinstall[.]cn

installercash[.]com

spicycodec[.]com

softwareprofit[.]com

codecmoney[.]biz

trafcash[.]com

smilecash[.]biz

bucksloads[.]com

traffic-converter[.]biz

eupays[.]com

seocash[.]us

vipppc[.]ru

cashwrestler[.]com

VipSoftCash[.]com

vscstatistics[.]com

vipsoftcashstats[.]com

Spy-Partners[.]com

vippirog[.]com

cashbotnet[.]com

installsforyou[.]biz

profit-cash[.]biz

bestcash[.]biz

VisitPay[.]com

partnerka[.]com

spy-partners[.]com

download4money[.]com

luxecash[.]net

iframe911[.]com

LOADBUCKS[.]BIZ

Cashpanic[.]com

longbucks[.]com

drugrevenue[.]com

evapharmacy[.]ru

bucksloads[.]com

spydevastator[.]com

softcash[.]org

3xlsoftware[.]com

rashacash[.]com

3xlcash[.]com

spicycodec[.]com

buckster[.]ru

trafficconverter2[.]biz

bucksware[.]com

bucksware-admin[.]com

mac-codec[.]com

traffic-converter[.]biz

klikadult[.]com

goldencash[.]com

payperinstall[.]org

pay-per-install[.]com

pay-per-install[.]org

zangocash[.]com

iframebiz[.]com

webmaster-money[.]org

cash4toolbar[.]com

toolbar4cash[.]com

bluechillies[.]com

adwaredollars[.]com

iframestat[.]org

snapinstalls[.]com

installercash[.]com

installcash[.]org

earnperinstall[.]com

dollarsengine[.]com

installercash[.]com

vombacash[.]com

softahead[.]com

iframestat[.]org

antispy[.]ws

sexprofit[.]com

evapharmacy-login[.]biz

vipsoftcash[.]com

glavmed[.]com

Sample name servers known to have been used by the same rogue fraudulent and malicious pay per install affiliate network domains include:

ns1[.]cgymwmlcaa[.]com A 85[.]17[.]136[.]135

ns1[.]cdpvaqnlod[.]com A 85[.]17[.]136[.]135

ns1[.]ccytvpbsdg[.]com A 85[.]17[.]136[.]135

ns1[.]cbfkzhtyik[.]com A 85[.]17[.]136[.]135

ns1[.]cezqtessjo[.]com A 85[.]17[.]136[.]135

ns1[.]cfsiqejclo[.]com A 85[.]17[.]136[.]135

ns1[.]catjepzcft[.]com A 85[.]17[.]136[.]135

ns1[.]dhxkycjmrg[.]net A 85[.]17[.]136[.]135

ns1[.]dglcxlcfmk[.]net A 85[.]17[.]136[.]135

ns1[.]damqrgldev[.]net A 85[.]17[.]136[.]135

ns1[.]dfhatnjfjw[.]net A 85[.]17[.]136[.]135

ns1[.]ddzmuatncz[.]net A 85[.]17[.]136[.]135

ns1[.]cgymwmlcaa[.]com A 72[.]232[.]184[.]10

ns1[.]cdpvaqnlod[.]com A 72[.]232[.]184[.]10

ns1[.]ccytvpbsdg[.]com A 72[.]232[.]184[.]10

ns1[.]cbfkzhtyik[.]com A 72[.]232[.]184[.]10

ns1[.]cezqtessjo[.]com A 72[.]232[.]184[.]10

ns1[.]cfsiqejclo[.]com A 72[.]232[.]184[.]10

ns1[.]chyaicpvxo[.]com A 72[.]232[.]184[.]10

ns1[.]catjepzcft[.]com A 72[.]232[.]184[.]10

ns1[.]dhxkycjmrg[.]net A 72[.]232[.]184[.]10

ns1[.]dcorbtfyni[.]net A 72[.]232[.]184[.]10

ns1[.]dglcxlcfmk[.]net A 72[.]232[.]184[.]10

ns1[.]detjstniup[.]net A 72[.]232[.]184[.]10

ns1[.]damqrgldev[.]net A 72[.]232[.]184[.]10

ns1[.]dfhatnjfjw[.]net A 72[.]232[.]184[.]10

ns1[.]dbsjxuvijx[.]net A 72[.]232[.]184[.]10

ns1[.]ddzmuatncz[.]net A 72[.]232[.]184[.]10

cgymwmlcaa[.]com  A  195[.]2[.]253[.]247 

cezqtessjo[.]com  A  195[.]2[.]253[.]247 

cfsiqejclo[.]com  A  195[.]2[.]253[.]247 

chyaicpvxo[.]com  A  195[.]2[.]253[.]247 

cdpvaqnlod[.]com  A  195[.]2[.]253[.]246 

ccytvpbsdg[.]com  A  195[.]2[.]253[.]246 

cbfkzhtyik[.]com  A  195[.]2[.]253[.]246 

catjepzcft[.]com  A  195[.]2[.]253[.]246 

http://catjepzcft[.]com

http://catjepzcft[.]com

http://damqrgldev[.]net

http://catjepzcft[.]com 

http://damqrgldev[.]net

catjepzcft[.]com

damqrgldev[.]net  195[.]2[.]253[.]248  

dcorbtfyni[.]net A 195[.]2[.]253[.]248

damqrgldev[.]net A 195[.]2[.]253[.]248

dbsjxuvijx[.]net A 195[.]2[.]253[.]248

ddzmuatncz[.]net A 195[.]2[.]253[.]248

dhxkycjmrg[.]net A 195[.]2[.]253[.]249

dglcxlcfmk[.]net A 195[.]2[.]253[.]249

detjstniup[.]net A 195[.]2[.]253[.]249

dfhatnjfjw[.]net A 195[.]2[.]253[.]249

dhxkycjmrg[.]net NS ns1[.]dhxkycjmrg[.]net

ns1[.]dhxkycjmrg[.]net A 72[.]232[.]184[.]10

ns1[.]dhxkycjmrg[.]net A 85[.]17[.]136[.]135

dcorbtfyni[.]net NS ns1[.]dhxkycjmrg[.]net

dglcxlcfmk[.]net NS ns1[.]dhxkycjmrg[.]net

detjstniup[.]net NS ns1[.]dhxkycjmrg[.]net

damqrgldev[.]net NS ns1[.]dhxkycjmrg[.]net

dfhatnjfjw[.]net NS ns1[.]dhxkycjmrg[.]net

dbsjxuvijx[.]net NS ns1[.]dhxkycjmrg[.]net

ddzmuatncz[.]net NS ns1[.]dhxkycjmrg[.]net

Related pay per install rogue fraudulent and malicious domains known to have been used back in 2008 for various rogue fraudulent and malicious purposes include:

drawn-cash[.]com

vippay[.]com

bucksware-admin[.]com

www[.]system-protector[.]net

sys-scan-1[.]biz

sys-scan-wiz[.]biz

topsale2[.]ru

earning4u[.]com

flashdollars[.]com

installing[.]cc

siteload[.]cn A 94[.]247[.]2[.]54

hostnsload[.]cn

siteinstall[.]cn

hostnsinstall[.]cn

jjupsport[.]ru

installz[.]cn

adware-help[.]com

fliporn[.]com

dailybucks[.]org

installloader[.]com

installaga[.]cn

georgenatas[.]in

naemnitibo[.]in

tirosanare[.]in

mialo-goodle[.]info

nailcash[.]com

ultraantivirus2009[.]com

nailcash[.]com  A  64[.]86[.]17[.]9 

virusalarmpro[.]com  A  64[.]86[.]17[.]9 

vmfastscanner[.]com  A  64[.]86[.]17[.]9 

mysuperviser[.]com  A  64[.]86[.]17[.]9 

virusmelt[.]com  A  64[.]86[.]17[.]9 

payvirusmelt[.]com  A  64[.]86[.]17[.]9 

updvmfnow[.]cn  A  64[.]86[.]17[.]9 

mysupervisor[.]net  A  64[.]86[.]17[.]9

Related personal email accounts known to have been used for various related pay per install rogue fraudulent and malicious affiliate network domain registrations include:

pvc6168@sina[.]com

windinv@yahoo[.]com

new@loveplus[.]in

johnson8402@post[.]com

lmunozv1@live[.]com

ididid828@gmail[.]com

onlineprivacy@aol[.]com

alex@bnetworks[.]us

milen[.]radumilo@gmail[.]com

ztao72945@gmail[.]com

redsunray@hotmail[.]com

WINDINV@YAHOO[.]COM

tvmt2000@yahoo[.]com

325214476@qq[.]com

adxluxe@gmail[.]com

SexPicker@gmail[.]com

domainaccount@protonmail[.]com

ancientholdings@fastmail[.]fm

newseowork12@gmail[.]com

oem[.]myrian@gmail[.]com

229848501@qq[.]com

bdmailhere@gmail[.]com

danny9@gmail[.]com

phone49012@yahoo[.]com

miok2001@mail[.]ru

zuev@cmedia-online[.]ru

daniel[.]bastien@gmail[.]com

domainadmin1900@gmail[.]com

larsonown@gmail[.]com

ppcseo2@gmail[.]com

sima[.]jogminaite@inbox[.]lt

topsaleus@gmail[.]com

Stay tuned!

Continue reading →

This presentation aims to detail Dancho Danchev's perspective into gathering threat intelligence processing it and enriching and disseminating it to users vendors and organizations globally heavily relying on a threat intelligence "rock star" model and methodology where the ultimate goal for this case study would be to take down Iran-based hackers and hacking groups and their entire online operations and attempt to shut them down and take them offline citing possible malicious use and actual abuse of international Internet laws and regulations and ultimatetely attempt to make an impact in terms of tracking them down and offering never-published and discussed personally identifiable information on their whereabouts and malicious online activities.

Continue reading →

Exposing the Internet-Connected Infrastructure of the REvil Ransomware Gang - An In-Depth OSINT Analysis

Dear blog readers,

In this post I've decided to do an in-depth OSINT analysis on the recently busted REvil ransomware gang and decided to elaborate more and emphasize on the key fact in specific how come that a single ransomware group with several publicly accessible and easy to shut down C&C (command and control) server domains including several randomly generated Dark Web Onion URLs could easily result in millions of damage and who really remembers a situation when getting paid for getting hacked including the basic principle that you should never interact with cybercriminals but instead should passively and proactively monitor them could result in today's modern and unspoken ransomware growth epidemic and the rise of wrong buzz words as for instance ransomware-as-a-corporation where you basically have the bad guys obtain initial access to an organization's network and then hold its information encryption leading us to the logical conclusion who on Earth would pay millions of dollars to avoid possible bad reputation damage including to fuel growth into a rogue and fraudulent scheme as as for instance the encryption of sensitive company information and leaking it to the public in exchange for financial rewards.

Sample REvil ransomware gang publicly accessible C&C (command and control) servers include:

hxxp://decoder[.]re

hxxp://decryptor[.]cc - 136[.]243[.]214[.]30; 45[.]138[.]74[.]27

hxxp://decryptor[.]top

Related name servers known to have been used in the campaign include:

hxxp://1-you[.]njalla[.]no

hxxp://3-get[.]njalla[.]fo

hxxp://2-can[.]njalla[.]in

hxxp://1-you[.]njalla[.]no

Related responding IPs for hxxp://decryptor[.]cc:

2021/12/30 - 103[.]224[.]212[.]219

2021/10/23 - 198[.]58[.]118[.]167

2021/10/23 - 45[.]79[.]19[.]196

2021/10/23 - 45[.]56[.]79[.]23

2021/10/23 - 45[.]33[.]18[.]44

2021/10/23 - 72[.]14[.]178[.]174

2021/10/23 - 45[.]33[.]2[.]79

2021/10/23 - 45[.]33[.]30[.]197

2021/10/23 - 96[.]126[.]123[.]244

2021/10/23 - 45[.]33[.]23[.]183

2021/10/23 - 173[.]255[.]194[.]134

2021/10/23 - 45[.]33[.]20[.]235

2021/10/23 - 72[.]14[.]185[.]43

2021/10/08 - 78[.]41[.]204[.]37

2021/10/03 - 209[.]126[.]123[.]12

2021/09/24 - 78[.]41[.]204[.]28

2021/09/03 - 209[.]126[.]123[.]13

2021/08/19 - 78[.]41[.]204[.]38

2021/08/02 - 81[.]171[.]22[.]4

2021/07/27 - 81[.]171[.]22[.]6

2021/04/17 - 103[.]224[.]212[.]219

2020/11/10 - 45[.]138[.]74[.]27

2020/11/04 - 45[.]138[.]74[.]27

2020/09/14 - 136[.]243[.]214[.]30

2020/09/06 - 136[.]243[.]214[.]30

2020/08/30 - 212[.]22[.]78[.]23

2020/08/23 - 212[.]22[.]78[.]23

2020/07/30 - 212[.]22[.]78[.]23

2020/07/24 - 212[.]22[.]78[.]23

2020/07/07 - 212[.]22[.]78[.]23

2020/05/30 - 193[.]164[.]150[.]68

2020/05/20 - 193[.]164[.]150[.]68

2020/05/10 - 194[.]36[.]190[.]41

2020/05/08 - 194[.]36[.]190[.]41

2020/04/29 - 194[.]36[.]190[.]41

2020/04/06 - 194[.]36[.]190[.]41

2020/02/17 - 94[.]103[.]87[.]78

Related responding IPs for hxxp://decryptor[.]top (185[.]193[.]127[.]162; 192[.]124[.]249[.]13; 96[.]9[.]252[.]156):

2021/07/12 - 45[.]9[.]148[.]108

2020/09/18 - 185[.]193[.]127[.]162

2020/09/15 - 185[.]193[.]127[.]162

2020/08/07 - 185[.]193[.]127[.]162

2020/01/16 - 162[.]251[.]120[.]66

2019/12/23 - 45[.]138[.]96[.]206

2019/12/12 - 107[.]175[.]217[.]162

2019/10/07 - 96[.]9[.]252[.]156

2019/09/04 - 96[.]9[.]252[.]156

2019/07/15 - 91[.]214[.]71[.]139

Related MD5s known to have been involved in the campaign:

MD5: 57d4ea7d1a9f6b1ee6b22262c40c8ef6

MD5: fe682fad324bd55e3ea9999abc463d76

MD5: e87402a779262d1a90879f86dba9249acb3dce47

MD5: 4334009488b277d8ea378a2dba5ec609990f2338

MD5: 2dccf13e199b60dd2cd52000a26f8394dceccaa6

Stay tuned!

Continue reading →