Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

How I Got Busted for Loving the U.S in Cyberspace?

April 28, 2023

Guess who's been busy setting them straight in cyberspace? Well that would be unfortunately throughout 2008–2013 when I was most active online making the headlines at unknown places online making my day and inspiring me to track down the Koobface botnet on a daily basis.

Keywords: Dark Web, Dark Web Onion, Hacking, Hacker, Hackers, Dancho Danchev, Intelligence, Intelligence Studies, Intelligence Community, NSA, GCHQ, Cyber Intelligence, Malicious Software, Malware, Cyber Surveillance, Eavesdropping, Wiretapping, Top Secret, Classified, Top Secret Program, Classified Program, Cybercrime, Data Mining, Big Data, Cybercrime Research, Threat Intelligence, Security Industry, Information Security, Information Security Industry, Computer Security, Computer Hacking, Network Security, Network Hacking, OSINT, Russia, Iran, Russian Hackers, Iranian Hackers, Russian Cybercriminal, Cybercrime Forum, Cybercrime Forum Community, Astalavista, Astalavista.box.sk, Box.sk, Box.sk Network, Cracks, Serials, Keygens, Key Generators, Hacker Search Engine, Cracks Search Engine, Serials Search Engine, Threat Intelligence, Cybercrime Research, Malware, Malicious Software, Botnet, Botnets, Reverse Engineering

It used to be quite a privilege when I originally attempted to publish an article which I proposed to one of my homeland’s primary technology magazine HiComm and when I got actually invited to publish a series of articles on a monthly basis. Among the first things which I did back then was to translate my extremely popular document “The Complete Windows Trojans Paper” to Bulgarian which was quite a success and the article got published and accepted which was originally published in the Christmas edition of the magazine. The original story behind my infamous “The Complete Windows Trojans Paper” was a major shift between my understanding and experience within the hacking Scene and the modern security industry where I really wanted and did my best to have a career which leads me to today’s leading expert in the field of cybercrime research and threat intelligence including security blogging and OSINT research and analysis on the bad guys including various international and well known cyber threat actors.

I originally wrote and released my “The Complete Windows Trojans Paper” on my own as part of a major marketing effort to promote my knowledge and expertise in the scene where the ultimate goal was to produce a high-quality and never released publication on the topic and basically make it easier for everyone to understand the ongoing trend that have to do with trojan horses back then where I later on originally published my publication on what used to be among my first independent contractor position at my first employer at the time which was Netherlands-based Frame4 Security Systems where I also did a marketing editorial on the company’s web site and has been supporting and working with the company ever since. The interesting part back then was that I also got a personal recommendation from the company owner for my university application which at the time was a Netherlands-based university where I had the ambition to relocate with my girlfriend and partner in life at the time which we eventually did with the idea to visit and actually go to study in that country.

While I was in Bulgaria during my teenage hacker years I was busy freelancing as an information security consultant while working with international security portals where I was busy offering advice and practical information security advice and practical solution recommendations including my work with CIO.bg where I once contributed with an article on Cyberterrorism and Cyber Jihad including a series of publications for HiComm.bg where I was running a popular information security rubric and participated with several articles in several of the magazine’s issues.

At a later stage I somehow decided to go corporate an in a way find a way to enter the commercial information security industry with my knowledge potentially beginning to contribute with knowledge and information using my personal contacts at various information security portals on my way to land a possible job preferably as a writer security blogger or a journalist which I apparently succeeded in doing as I’ve been actively contributing with my own research and knowledge on a variety of h/c/p/a (Hacking/Cracking/Phreaking/Anarchy) portals at the time. At some point in time Dancho decide to approach the primary operator of one of his favorite security Web sites at the time — https://net-security.org for the purpose of contributing with an article for their newly launched forbidden.net-security.org project.

My idea was to contribute with a security article for their recently launched Newsletter and the article in question was a good old-fashioned “How to use trojan horses” manual. The article eventually got accepted and Dancho felt proud of himself for making a contribution to the project and having his article published so that eventually more people will read it and send him an email with questions about trojan horses and the actual article. The primary Webmaster of net-security.org at the time was Berislav Kucan and the project still remains one of my favorite and most popular visited security Web site on a daily basis. At a later stage I decided to establish a working relationship with Frame4 Security Systems which is a Dutch-based company for the purpose of writing an improved version of the original “How to use trojan horses” paper which later on became the “The Complete Windows Trojans Paper” which quickly became one of the Scene’s most popular and highly read paper on modern trojan horses and how to use them and how to protect against them.

With the summer coming to an end I got an offer to begin to work at the local office of his ISP (Internet Service Provider) which at the time was Digital Systems for the position of office assistant where he was responsible for introducing new clients to the ISP’s service offering and for processing invoices. Among the key benefits for working at the local ISP office was the actual bandwidth that he got access to allowing him to access the Internet without any sort of limitations which he used to visit some of his favorite Top50 and Top100 security and hacking Web sites where he eventually downloaded some of the most recently released hacking and security tools including trojan horses which he copied on a floppy disk and eventually brought back home during the lunch break for the purpose of exchanging the information with his second employer at the time which was an anti-trojans vendor using a publicly accessible FTP server for the purpose of helping his employer improve the detection rate for these type of programs and trojan horses. I would then receive a payment for having collected and actually shared these programs and trojan horses which he would use to pay the bills at the time and actually pay for using his ISP’s service.

At some point in time he eventually got approached by a guy known as HeLLfiReZ who was interested in working with him and actually sharing his collection of trojan horses which he would then also share with his employer which at the time was LockDownCorp and earn revenue in the process. It would later come to his attention that the guy that approached him was actually one of the key members of the infamous Sub7 trojan horse group which at a particual point in time was responsible for launching a DDoS (Distributed Denial of Service) attack against the researcher Steve Gibson who extensively profiled the campaign and actually had a conversation with HeLLfiReZ and his team members for the purpose of finding out how launched the attack and how it took place. He would eventually run a personal hacking and security Web site archive using hosting courtesy of his employer LockDownCorp and run a popular Hacking and Security Web site which he would then feature on Progenic.com’s Top100 Hacking and Security Web sites including to actually offer paid security consultations in terms of finding out ways to help people protect their home PCs from trojan horses and teaching them how to use a firewall and how they can secure their home PCs.

At a later stage in his early Information Security career he would visit and join https://itsecurity.com’s Security Clinic where I would have his personal biography featured and actually respond to common security questions which users of the Web site will submit and have his response featured on the front page potentially driving traffic to his employer at the time which was Frame4 Security Systems and actually improving his knowledge and understanding of Information Security in general. Dancho was also known for having participated in the Blackcode Ravers hacking group which was running the popular https://blackcode.com Web site at the time and actually participated with two issues of a popular Security Newsletter at the time which were featured on the home page of the portal. During the glorious years of IRC (Internet Relay Chat) where Dancho was busy hanging on several IRC networks including DALNet and his local country’s IRC network he managed to obtain the /etc/shadow password file for his entire ISP (Internet Service Provider) which at the time was Digital Systems and shared a copy of it with his best friend at the time George Kadiyski for the purpose of using several popular and high-profile Wordlists including John the Ripper password cracker potentially obtaining access and brute-forcing the entire password list for hundreds of active dial-up Internet based accounts at the time.

Over a period of several days the results at the time were outstanding in the context of actually succeeding in the brute-forcing process potentially allowing Dancho and his friend to easily access free Internet based dial-up accounts which at the time cost money allowing them to use the Internet for free. At a later stage Dancho also managed to obtain access to his local town’s competing ISP (Internet Service Provider) which was known as BIANet /etc/shadow which was send to him by a friend and he also once again shared it with his friend who would once again begin brute-forcing the password file using a variety of Worldlists and the infamous John the Ripper passwor cracking tool at the time potentially allowing Dancho and his friend easy access to unlimited Internet based dial-up connectivity.

It would be fairly easy to assume how things got complicated with Dancho quickly obtaining access to Internet Relay Chat’s primary mIRC application including a variety of IRC-based “War Scripts” including a dozen of mail-bombers and various other ICQ-based type of Nukers and Flooders on his way to demonstrate a proper technical know-how to his friends and peers in the shady world of hacking. Among the first channels he tried to access were #hacker #hackers #hacking and the infamous #hackphreak on EFNet including to actually open several personal channels on the local IRC networks including #drugs #KGB and #linuxsecurity. At a later stage he actually managed to ask a friend for a possible operator status on the local town’s IRC channel where he was basically running a 24/7 online protection bot known as xploit including the active use of a Socks5 server which at the time was offered by his employer LockDownCorp where he was busy acting as Technical Collector of trojan horses/worms/viruses and VBS scripts for the purpose of improving the anti-trojan software’s signatures-based detection rates.

Among the first thing that Dancho decided to do in his spare time is to actively research the local Webmaster of his hometown’s official Web site for the purpose of attempting to launch a social engineering attack against his local town’s official Web site which basically succeed and resulted in a “greeting” message being posted on the official Web site with no actual data destruction and data removal taking place in what would appear to be a professional approach when compromising a legitimate Web site for the purpose of greeting his personal friends and spread a message on behalf of “Trojan Hacking Group” which at the time basically consisted of one of his closest friends and another fellow hacker enthusiast. Among his responsibilities the time included the active collection of trojan horses/worms/viruses and VBS Scripts with the idea to share them with his employer which at the time was LockDownCorp one of the world’s leading anti-trojan vendors for the purpose of improving the detection rate for these publicly accessible trojan horses in what would later on mature into a successful Technical Collection operation which basically paid his bills and actually offered him a decent financial incentive to continue getting involved in security as a hacker enthusiast and actually improved his employer’s overall detection rate for some of the most prolific trojan horses at the time.

The actual contractual agreement had to do with Dancho using a private FTP server where he would spend hours uploading collected trojan horses using his home-based dial-up connection and eventually earning a revenue in the process using Western Union where he was happy to have established direct working relationship with one of the world’s leading anti-trojans vendors which at the time was located at — http://proxy2.stealthedip.com/maniac/incoming/ Whenever Dancho would attempt to reach out to his friends he would attempt to find out whether they are online using a popular trojan horse including to actually check his email account for their recently changed passwords and other related information including their current IP so that he can properly connect to their home PC for educational purposes.

While Dancho was busy studying in the Netherlands he was busy persistently checking one of the World’s most popular and high-trafficked Web sites for hackers and security experts - Astalavista.com - and sticking to the common wisdom circa the 90‘s where everyone was busy making contributions and launching new groups - he decided to approach the company behind the portal with a possible business proposal that basically consisted of having him monitor and actually maintain the portal in terms of content including the actual production of a high-profile Security Newsletter where we would produce security and hacking articles including a featured Security Interview with key members from the Scene and the Security Industry.

What used to be a daily routine to work for ZDNet's Zero Day blog for four productive years on a daily basis as a security blogger in between publishing personal research on my blog and later on receiving a direct offer to work with Webroot for the position of a security blogger was a dream come true where on both places I had the privilege to work and contribute with knowledge and research with some extremely knowledgeable and popular folks including my corporate citizenship passport which at the time was the crown jewel of my experience which was to visit InfoSec Europe 2012 in Earls Court in London with my company Webroot where knowing everyone and working with everyone from day one was quite a success and I'm extremely grateful for contributing to the growth of the company with my own knowledge and expertise and for basically that I have up to present day which was the highlight of my research at the time namely to join the company and enter the corporate world of information security and security blogging which I know so well up to present day and highly miss the productive days back then.

Prior to getting a confirmation from a Team Member of the actual owner of the portal at the time Dancho quickly began entering into negotiations about a possibly paid including a free venture at the time where he could earn a small commission for producing a high-quality security newsletter and actually be responsible for all the security and hacking content at Astalavista.com on a monthly and daily basis. As he began working on the monthly newsletter the first issue including the remaining twenty six issues which he produced over a period of three years were quite a success including the actual Geeky Photos section where portal users could send in photos of their desktop computers for the purpose of featuring them at the Web site potentially promoting their desktop setups to our audience at the time eventually leading him and the portal to win a PCMagaine Top 100 Security Sites Award back in 2005. Among Dancho’s main responsibilities at the time where the daily updating of the portal with high quality security documents tools and presentations including actual hacking and security links and overall responsibility for all the content at the Web site including the production of a highly popular security newsletter at the time including to actually answer and work on possible partnership and advertising inquiries at the time which led to a successful repositioning of the portal as one of the primary information security portal services online.

Jessus. Who would have thought? At a specific point in my time and my career as a cybercrime fighter and cybercrime researcher including OSINT analyst and threat intelligence analyst at some point in time after approximately a decade in fighting bad guys and actually tracking them down and exposing their infrastructure I finally got a very interesting email which was basically a screenshot courtesy of a Russian Business Network franchise member that was basically showcasing ownership over their primary domain which was nearly impossible to receive and in specific the fact that the original and primary Russian Business Network franchise domain name doesn’t really exist in the context of having virtual no clues of its online existence which was quite a remarkable success in the context that it would have motivated many to pursue a pension in the field which basically included the actual message saying “hi” and greeting me which was quite a success at the time in the context of receiving a personal message from the Russian Business Network franchise proving ownership of their primary domain name. How did I originally stumbled upon the Russian Business Network? It was by going through other people’s research on the topic and basically by doing my job at the time which was quite a success in terms of daily monitoring for malicious and fraudulent online activity which led me to stumble upon their malicious infrastructure on numerous occasions in specific to find out more about their rogue and malicious bulletproof hosting infrastructure which used to dominate the threat landscape at the time in terms of popularity and the primary bulletproof hosting provider for a variety of cybercriminals internationally. I was also originally inspired by the usual source of inspiration for me which was basically iDefense actual threat research reports at the time that were basically going a step beyond the typical threat intelligence reports and were basically including all the necessary and in-depth details on various cyber threat actors at the time including primary sources of cybercrime activity internationally.

Among the first things that I did prior to trying to pop up online back in full speed and fashion was to quickly built a set of projects including to launch several popular and interesting initiatives such as for instance Law Enforcement and OSINT operation called “Uncle George” where the ultimate goal was to collect as much publicly accessible information on the bad guys then data mine and present my findings to the wider security industry and community including to look for and present tons of actionable intelligence on the bad guys which could have been useful in the context of having vendors and organizations attempt to launch cyber attack and cyber campaign attribution efforts against these individuals.

At some specific point in time I came across the local for Bulgaria Cyber Security Talks event where I applied to make a presentation which got accepted which led me to eventually pop up at the event in front of eighty people and make a high-quality personal presentation on cybercrime research OSINT and threat intelligence including my general experience in the field as an expert in the field of cybercrime research OSINT and threat intelligence gathering where I’m an independent contractor since practically December, 2005.

It used to be a moment when I originally started getting involved in OSINT (Open Source Intelligence) as an independent contractor when I originally came across to the following document which greatly inspired me to join this space - “Reexamining the Distinction Between Open Information and Secrets” while browsing through Globalsecurity.org Fas.org Cryptome.org at that time. The primary reason why OSINT inspired me to become an independent contractor in this space in specific information security is the fact that a lot of the documents that I had to go through to learn what OSINT is and how to do it were either classified or publicly accessible however coming from important sources of information such as for instance the CIA.gov including various other U.S Government and U.S Intelligence Community sources of information. It is my opinion that the power of OSINT primary relies on the actual collection and working with the actual decision-making information using public sources which also includes actual enrichment and colleration between multiple sources of publicly accessible classified and declassified information which makes this area quite interesting to join from an independent contractor perspective in the information security field.

At a specific point in time I must have gathered a proper momentum among my readers which I never really knew anything about including the bad guys in the context of intercepting a chatter mentioning me in a pretty bad context despite the fact that this is untrue as most of my research and the research that I did was in a passive mode namely I never really engaged anyone in specific friends and colleagues from the industry including the bad guys as I’m a firm believer that you can collect all the information that you need on them without bothering to interact or approach them. Among the few key comments that I’ve ever came across to referencing me in my entire career on a major cybercrime-friendly forum community was a Darkode discussion including a hitman request for me which apparently managed to find me one way or another including a second discussion which basically referenced my name and insisted that the same thing that took place with me back in 2011 will happen again. What really took place back in 2011 in my apartment in Sofia where I relocated on my own and where I insisted to live on my own and do my research using my ZDNet salary as a primary means to pay for my rent and living expenses is.

The primary reason behind this post is to tell my story with all the juicy details up to present day and actually offer an in-depth and never discussed before perspective on my research including to present and communicate the crown jewels of my research to a vast and growing network of readers internationally where the ultimate goal would be to properly present the true story behind my professional career including to offer an in-depth peek inside my teenage hacker years experiences while properly present my story up to present day where I’m an internationally recognized cybercrime researcher security blogger and threat intelligence analyst. Dancho Danchev Presenting at CyberCamp 2016 in Spain How did I attempt to take down the Koobface botnet? Who’s Hilary Kneber? What was the primary idea behind “Keeping Money Mule Recruits on a Short Leash” blog post series? How did I prevented and actually detected a possible kidnapping attempt? How did I made it to the GCHQ with the Honeynet Project? Is is true that I’ve received an invitation to present at Canadian Intelligence Services? What’s my professional experience with my current employer WhoisXML API?

I never really bothered to stop publishing content on my personal blog which I felt is an obligation to the society and my readers who I really know nothing about in the context of presenting my knowledge and they will come and in the context of never really bothering to set up my Google Analytics property properly where I was sticking to basically monitoring my RSS Feedburner subscriber account which at the time peaked at 7,000 RSS readers on average on a daily basis which is quite a success for one man operation that never really bothered to know anyone from the industry in the context of basically presenting my findings and knowledge and later on getting surprised in the context of having folks and people from the industry approach me to say hi invite me to attend a conference share information or ask for information where I'm always there to appreciate their research and knowledge and continue to contribute with research and knowledge on my personal blog.

How did I attempt to take down the Koobface botnet? Who's Hilary Kneber? What was the primary idea behind "Keeping Money Mule Recruits on a Short Leash" blog post series? How did I prevented and actually detected a possible kidnapping attempt? How did I made it to the GCHQ with the Honeynet Project? Is is true that I've received an invitation to present at Canadian Intelligence Services? What's my professional experience with my current employer WhoisXML API?

What does rocking the boat really means? If it's going to be massive it better be good. At some particular point in time when I was busy working on my personal blog I remember a moment when every day's story used to dominate my life being in particular the fact that I've managed to tell a story for the purpose of sharing it and reaching out to my readership which at the time I was hoping that it was growing with several high prole daily users that I was busy tracking on a daily basis.

The juicy details? At some point in time when I was originally secretly monitoring who was visiting my blog using Statcounter.com where I was hoping to see someone famous I've noticed that I got a regular visitor from The Pentagon who was basically visiting the blog on a daily basis during not necessarily a specific time but in general which was great news and this greatly motivated me to continue posting high-quality research and news and commentary articles on various events that took place in the security industry including across the globe.

I also got several visitors from the CIA, the NSA including the FBI the NYTimes and BBC which was an outstanding audience at the time which was quite interesting to monitor and interact with at that time through my daily blog posts on a variety of interesting and high-quality topics.

Up to present day I'm a 38 years old security blogger OSINT analyst and threat intelligence analyst from Bulgaria. I'm currently running one of the security industry's most popular security publications which is my personal blog - Dancho Danchev's Blog - Mind Streams of Information Security Knowlwedge. I've been running my publication since December, 2005 and throughout the years I had an overage of 7,000 RSS feed subscribers including 5.6M page views throughout the years making my blog an extremely important switchboard to the world of security blogging OSINT research and analysis threat intelligence analysis and most importantly cybercrime fighting research and analysis.

I'm also acting as a DNS Threat Reseaarcher at WhoisXML API.

Among my key accomplishments include my "lawful surveillance" and "lawful interception" experience as teenage hacker the production of the popular Astalavista Security Newsletter circa 2003–2006 including the "take-down" of the Koobface botnet [MP3] including a participation in Top Secret GCHQ program called "Lovely Horse" including regular appearance in major news publications for interview and expert opinion including Techmeme, ZDNet, CNN, PCWorld, SCMagazine, TheRegister, NYTimes, CNET, ComputerWorld, H+Magazine and regular security and research presentation appearance at major security events at GCHQ, Interpol, InfoSec Europe, RSA Europe and CyberCamp.

I'm an internationally recognized expert in the field of cybercrime fighting and threat intelligence gathering having actively pioneered my own methodlogy for processing threat intelligence which leads me to a successful set of hundreas of high-quality anaysis and research articles published at the industry's leading threat intelligence blog - ZDNet's Zero Day, Dancho Danchev's Mind Streams of Information Security Knowledge and Webroot's Threat Blog with his research featured in Techmeme, ZDNet, CNN, PCWorld, SCMagazine, TheRegister, NYTimes, CNET, ComputerWorld, H+Magazine currently producing threat intelligence at the industry's leading threat intelligence blog - Dancho Danchev's - Mind Streams of Information Security Knowledge.

With my research featured at RSA Europe, CyberCamp, InfoSec, GCHQ and Interpol I continue to actively produce threat intelligence at the industry's leading threat intelligence blog - Dancho Danchev's - Mind Streams of Information Security Knowledge publishing a diverse set of hundreds of high-quality research analysis detailing the malicious and fraudulent activities at nation-state and malicious actors across the globe.

Key achievements include:

- Presented at the GCHQ with the Honeynet Project

- SCMagazine Who to Follow on Twitter for 2011

- Participated in a Top Secret GCHQ Program called "Lovely Horse"

- Identified a major victim of the SolarWinds Attack - PaloAltoNetworks

- Found malware on the Web Site of Flashpoint

- Tracked monitored and profiled the Koobface Botnet and exposed one botnet operator

- Made it to Slashdot two times

- My Personal Blog got 5.6M Page Views Since December, 2005

- My old Twitter Account got 11,000 followers

- I had an average of 7,000 RSS readers on my blog

- I have my own vinyl "Blue Sabbath Black Cheer / Griefer - We Hate You / Dancho Danchev Suck My Dick" madeby a Canadian artist

- Currently running Astalavista.box.sk

- I gave an interview to DW on the Koobface Botnet

- I gave an interview to NYTimes on the Koobface botnet

- I gave an interview to Russian OSINT

- Listed as a major competitor by Jeffrey Carr's Taia Global

- Presented at the GCHQ

- Presented at Interpol

- Presented at InfoSec

- Presented at CyberCamp

- Presented at RSA Europe

In the past I've been a member of:

* A Member to WarIndustries (http://warindustries.com)

* List Moderator at BlackCode Ravers (http://blackcode.com)

* Contributor Black Sun Research Facility (http://blacksun.box.sk) (BSRF)

* List Moderator Software Contributor (TDS-2 Trojan Information Database) (https://packetstormsecurity.com/files/25533/tlibrary.zip.html) DiamondCS Trojan Defense (http://tds.diamondcs.com.au)

* Contributor to LockDownCorp (http://lockdowncorp.com)

* Contributor to HelpNetSecurity (http://forbidden.net-security.org)

* A Security Consultant for Frame4 Security Systems (http://frame4.com)

* Contributor to TechGenix's WindowSecurity.com (http://www.windowsecurity.com/authors/dancho-danchev/)

* Technical Collector - LockDownCorp - (https://lockdowncorp.com)

* Managing Director - Astalavista Security Group - (https://astalavista.com)

* Security Consultant - Wandera - (https://wandera.com)

* Threat Intelligence Analyst - GroupSense - (https://groupsense.io)

* Security Consultant - KCS Group Europe - (https://kcsgroup.com)

* OSINT Analyst - Treadstone71 - (https://treadstone71.com)

* Security Blogger - Armadillo Phone - (https://armadillophone.com)

* Security Blogger for ZDNet (http://www.zdnet.com/blog/security/)

* Threat Intelligence Analyst for Webroot (https://www.webroot.com/blog/)

I would like to thank the following people for contributing to the Scene throughout the 90's up to present day and for keeping up the good work part of Astalavista.com's Security Newsletter which I produced circa 2003–2006.

* Proge - http://www.progenic.com/

* Jason Scott - http://www.textfiles.com/

* Kevin Townsend - http://www.Itsecurity.com/

* Richard Menta - http://www.bankinfosecurity.com

* MrYowler - http://www.cyberarmy.net/

* Prozac - http://www.astalavista.com/

* Candid Wuest - http://www.trojan.ch/

* Anthony Aykut - http://www.frame4.com/

* Dave Wreski - http://www.linuxsecurity.com/

* Mitchell Rowtow - http://www.securitydocs.com/

* Eric (SnakeByte) - http://www.snake-basket.de/

* Björn Andreasson - http://www.warindustries.com/

* Bruce - http://www.dallascon.com/

* Nikolay Nedyalkov - http://www.iseca.org/

* Roman Polesek - http://www.hakin9.org/en/

* John Young - http://www.cryptome.org/

* Eric Goldman - http://www.ericgoldman.org/

* Robert - http://www.cgisecurity.com/

* Johannes B. Ullrich - http://isc.sans.org/

* Daniel Brandt - http://google-watch.org/

* David Endler - http://www.tippingpoint.com/

* Vladimir, 3APA3A - http://security.nnov.ru

In this video I'll discuss in-depth a variety of personal projects and current and ongoing both real-time current and historical research and analysis activities in the following categories such as for instance:

- My Dark Web Onion

- My Uncle George Law Enforcement and OSINT Enrichment Operation

- My Cybercrime Forum Data Set

- My Unit-123.org E-Shop for Intelligence Deliverables Project

- My Offensive Warfare 2.0 Threat Intelligence Clearing House Project

- My Disruptive Individual's Threat Intelligence Feed

- My Current work as a DNS Threat Researcher with WhoisXML API

- How I ended up in Snowden's Archive?a

- How I ended up on Wikileaks?

- How I made it into several comparative academic studies on the quality of sharing threat intelligence and cybercrime research information?

- How come I'm the only one listed as a competitor in Jeffrey Carr's Taia Global Competitors Slide?

- What's it's like to run the infamous Astalavista.com portal back in 2003–2006 where I was acting as a Managing Director?

- What it's like to get the privilege to work as a security blogger at ZDNet's Zero Day blog for four years?

- What's it's like to work as a security blogger with Webroot for two years?

- How I ended up and spend the last couple of years doing OSINT on the bad guys?

- How I ended up having a project on the infamous Astalavista.box.sk?

- A brief introduction into some of the latest developments and research that I posted on my personal blog - Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

- How I ended up having a mobile application?

- How I ended up having a personal memoir?

- How I got busted?

- What it's like to visit the GCHQ?

- What it's like to meet the security industry?

- What it's like to visit RSA Europe 2012?

- What it's like to visit InfoSec 2012?

- What it's like to visit CyberCamp 2016?

- What it's like to get an invitation to visit Canada's Security Service?

- My DIA Needpedia Investment Proposal

- How I ended up discovering a SolarWinds victim?

- How I ended up with a real-time OSINT and cyber attack attribution campaign on the Conti Ransomware Gang?

- How I ended up almost retiring and offering OSINT and threat intelligence training?

Continue reading →

Today's Compilation of Botnet's C&C Panels

April 28, 2023

I decided to share with everyone a currently active set of botnet C&C panels which I obtained using OSINT and public sources which are currently active in the time of posting this with the idea to raise more awareness on their existence and potentially prompt you to go deeper in terms of research and tracking down the cybercriminals behind these campaigns.

Known responding IPs:

190[.]123[.]44[.]145

37[.]139[.]129[.]69

79[.]137[.]203[.]19

179[.]43[.]142[.]172

31[.]41[.]244[.]146

Sample C&C Panels:

hxxp://sertvs[.]com/8vcWxwwx3/index[.]php

hxxp://specialblue[.]in/dF30Hn4m/index[.]php

hxxp://79[.]137[.]203[.]19/6nd8ssa3/Login[.]php

hxxp://179[.]43[.]142[.]172:443/admin/console/

hxxp://31[.]41[.]244[.]146/u83mfdS2/Login[.]php

Continue reading →

A Compilation of Koobface Botnet Themed Malicious Executable Download Locations 2009 - 2011

April 28, 2023

While digging into my old threat intelligence research archive I found the following which I decided to share with everyone.

Happy "takes you back doesn't it" time and OSINT and threat intelligence for historical cross-checking and connecting the dots time.

Sample URLs include:

hxxp://quwudgwddcjbsjdwdjwopdwojdjjjjjjw[.]com/?getexe=tumlike[.]2[.]exe

hxxp://selectionmusic[.]co[.]za/[.]sys[.]php?getexe=poster[.]10[.]exe

hxxp://selectionmusic[.]co[.]za/[.]sys[.]php?getexe=friendfeedreg[.]1[.]exe

hxxp://selectionmusic[.]co[.]za/[.]sys[.]php?getexe=aolsbm[.]2[.]exe

hxxp://selectionmusic[.]co[.]za/[.]sys[.]php?getexe=twreg[.]12[.]exe

hxxp://selectionmusic[.]co[.]za/[.]sys[.]php?getexe=tumreg[.]1[.]exe

hxxp://roomservicedesign[.]com[.]au/[.]9mov05w/?getexe=drk[.]exe

hxxp://roomservicedesign[.]com[.]au/[.]9mov05w/?getexe=ffe32[.]exe

hxxp://roomservicedesign[.]com[.]au/[.]9mov05w/?getexe=yahblog[.]exe

hxxp://mdcoc[.]net/jxjv0z2s/setup798342[.]exe

hxxp://www[.]blowmeupbig[.]com/[.]iunb8/?getexe=za[.]exe

hxxp://www[.]blowmeupbig[.]com/[.]iunb8/?getexe=hny32[.]exe

hxxp://www[.]chateaudecoisse[.]com/[.]tfdmezb/?getexe=m24[.]in[.]exe

hxxp://www[.]chateaudecoisse[.]com/[.]tfdmezb/?getexe=dg[.]exe

hxxp://anlaegkp[.]dk/trygxqlz/setup314555[.]exe

hxxp://lyulf[.]co[.]uk/2pmf1qq/setup742472[.]exe

hxxp://careyadkinsdesign[.]com/[.]uzb62/?getexe=ff2ie[.]exe

hxxp://careyadkinsdesign[.]com/[.]uzb62/?getexe=p[.]exe

hxxp://careyadkinsdesign[.]com/[.]uzb62/?getexe=m24[.]in[.]exe

hxxp://careyadkinsdesign[.]com/[.]uzb62/?getexe=dg[.]exe

hxxp://solarinstitut[.]com/yf734/index[.]php?e=635893

hxxp://helpingouryouthachieve[.]com/sim/index[.]php?e=590202

hxxp://www[.]darelorenzo[.]it/[.]sys/?action=fbgen&v=104&crc=669

hxxp://1zabslwvn538n4i5tcjl[.]com/temp/exe/codec[.]exe

hxxp://smx[.]nu/y580/setup[.]exe

hxxp://mantleofmercy[.]org/07/

hxxp://watvindteindhoven[.]nl/614/?go

hxxp://stagnescathedral[.]org/actualperformans/?72691/

hxxp://partenaires-particuliers[.]fr/[.]abodpg/?getexe=tg[.]16[.]exe

hxxp://viale[.]be/[.]jxel/?getexe=p[.]exe

hxxp://viale[.]be/[.]jxel/?getexe=ws[.]exe

hxxp://cedelevator[.]com/[.]sys/?getexe=tg[.]16[.]exe

hxxp://www[.]person[.]doae[.]go[.]th/[.]sys/?getexe=tg[.]16[.]exe

hxxp://ntas[.]com/[.]sys/?getexe=tg[.]16[.]exe

hxxp://waypoint-center[.]org/[.]sys/?action=ppgen&a=-2001606274&v=106&pid=1000

hxxp://waypoint-center[.]org/[.]sys/?action=fbgen&v=106&crc=669

hxxp://deltasatuk[.]com/[.]sys/?getexe=cmd[.]exe

hxxp://deltasatuk[.]com/[.]sys/?getexe=hostsgb3[.]exe

hxxp://deltasatuk[.]com/[.]sys/?getexe=ws[.]exe

hxxp://formacio[.]eio[.]es/[.]sys/?getexe=hostsgb3[.]exe

hxxp://formacio[.]eio[.]es/[.]sys/?getexe=ws[.]exe

hxxp://grdcb[.]com/[.]sys/?getexe=cmd[.]exe

hxxp://grdcb[.]com/[.]sys/?getexe=hostsgb3[.]exe

hxxp://grdcb[.]com/[.]sys/?getexe=ws[.]exe

hxxp://inartdesigns[.]com/[.]sys/?getexe=hostsgb3[.]exe

hxxp://inartdesigns[.]com/[.]sys/?getexe=ws[.]exe

hxxp://jcshop[.]netfirms[.]com/[.]sys/?getexe=ws[.]exe

hxxp://journalsexyplus[.]com/[.]sys/?getexe=hostsgb3[.]exe

hxxp://journalsexyplus[.]com/[.]sys/?getexe=ws[.]exe

hxxp://littlepalmbeach[.]com/[.]sys/?getexe=cmd[.]exe

hxxp://littlepalmbeach[.]com/[.]sys/?getexe=hostsgb3[.]exe

hxxp://littlepalmbeach[.]com/[.]sys/?getexe=ws[.]exe

hxxp://lotuscovecampground[.]com/[.]sys/?getexe=cmd[.]exe

hxxp://lotuscovecampground[.]com/[.]sys/?getexe=hostsgb3[.]exe

hxxp://lotuscovecampground[.]com/[.]sys/?getexe=ws[.]exe

hxxp://micaelmarkstrom[.]se/[.]sys/?getexe=cmd[.]exe

hxxp://micaelmarkstrom[.]se/[.]sys/?getexe=hostsgb3[.]exe

hxxp://micaelmarkstrom[.]se/[.]sys/?getexe=ws[.]exe

hxxp://sphusa[.]com/[.]sys/?getexe=cmd[.]exe

hxxp://sphusa[.]com/[.]sys/?getexe=hostsgb3[.]exe

hxxp://sphusa[.]com/[.]sys/?getexe=v2bloggerjs[.]exe

hxxp://sphusa[.]com/[.]sys/?getexe=v2newblogger[.]exe

hxxp://sphusa[.]com/[.]sys/?getexe=ws[.]exe

hxxp://tjsokolosek[.]wz[.]cz/[.]sys/?getexe=loader[.]exe

hxxp://www[.]shogunlevallois[.]com/[.]sys/?getexe=cmd[.]exe

hxxp://www[.]shogunlevallois[.]com/[.]sys/?getexe=hostsgb3[.]exe

hxxp://www[.]shogunlevallois[.]com/[.]sys/?getexe=ws[.]exe

hxxp://www[.]trattoriabilly[.]com/[.]sys/?getexe=hostsgb3[.]exe

hxxp://www[.]trattoriabilly[.]com/[.]sys/?getexe=ws[.]exe

hxxp://goldmaniac[.]com/[.]sys/?getexe=hostsgb3[.]exe

hxxp://www[.]jwdtrees[.]com/[.]sys/?getexe=hostsgb3[.]exe

hxxp://www[.]jwdtrees[.]com/[.]sys/?getexe=loader[.]exe

hxxp://www[.]lionkitchen[.]com[.]sg/[.]sys/?getexe=loader[.]exe

hxxp://www[.]shogunlevallois[.]com/[.]sys/?getexe=hosts2[.]exe

hxxp://www[.]wttcmi[.]com/[.]sys/?getexe=hosts2[.]exe

hxxp://car-transport[.]com[.]au/[.]sys/?getexe=loader[.]exe

hxxp://cooperville[.]be/[.]sys/?getexe=go[.]exe

hxxp://cooperville[.]be/[.]sys/?getexe=loader[.]exe

hxxp://cooperville[.]be/[.]sys/?getexe=pp[.]14[.]exe

hxxp://cooperville[.]be/[.]sys/?getexe=v2bloggerjs[.]exe

hxxp://cooperville[.]be/[.]sys/?getexe=v2captcha21[.]exe

hxxp://cooperville[.]be/[.]sys/?getexe=v2newblogger[.]exe

hxxp://cooperville[.]be/[.]sys/?getexe=v2webserver[.]exe

hxxp://deltasatuk[.]com/[.]sys/?getexe=go[.]exe

hxxp://deltasatuk[.]com/[.]sys/?getexe=loader[.]exe

hxxp://deltasatuk[.]com/[.]sys/?getexe=pp[.]14[.]exe

hxxp://deltasatuk[.]com/[.]sys/?getexe=v2bloggerjs[.]exe

hxxp://deltasatuk[.]com/[.]sys/?getexe=v2captcha21[.]exe

hxxp://deltasatuk[.]com/[.]sys/?getexe=v2newblogger[.]exe

hxxp://deltasatuk[.]com/[.]sys/?getexe=v2webserver[.]exe

hxxp://edensensuel[.]fr/[.]sys/?getexe=go[.]exe

hxxp://edensensuel[.]fr/[.]sys/?getexe=loader[.]exe

hxxp://edensensuel[.]fr/[.]sys/?getexe=pp[.]14[.]exe

hxxp://edensensuel[.]fr/[.]sys/?getexe=v2bloggerjs[.]exe

hxxp://edensensuel[.]fr/[.]sys/?getexe=v2captcha21[.]exe

hxxp://edensensuel[.]fr/[.]sys/?getexe=v2googlecheck[.]exe

hxxp://edensensuel[.]fr/[.]sys/?getexe=v2newblogger[.]exe

hxxp://edensensuel[.]fr/[.]sys/?getexe=v2webserver[.]exe

hxxp://ertrafikskola[.]se/[.]sys/?getexe=go[.]exe

hxxp://ertrafikskola[.]se/[.]sys/?getexe=hosts2[.]exe

hxxp://ertrafikskola[.]se/[.]sys/?getexe=loader[.]exe

hxxp://ertrafikskola[.]se/[.]sys/?getexe=p[.]exe

hxxp://ertrafikskola[.]se/[.]sys/?getexe=pp[.]14[.]exe

hxxp://ertrafikskola[.]se/[.]sys/?getexe=v2webserver[.]exe

hxxp://formacio[.]eio[.]es/[.]sys/?getexe=go[.]exe

hxxp://formacio[.]eio[.]es/[.]sys/?getexe=hosts2[.]exe

hxxp://formacio[.]eio[.]es/[.]sys/?getexe=pp[.]14[.]exe

hxxp://formacio[.]eio[.]es/[.]sys/?getexe=v2bloggerjs[.]exe

hxxp://formacio[.]eio[.]es/[.]sys/?getexe=v2captcha21[.]exe

hxxp://formacio[.]eio[.]es/[.]sys/?getexe=v2newblogger[.]exe

hxxp://formacio[.]eio[.]es/[.]sys/?getexe=v2webserver[.]exe

hxxp://goldenliontech[.]com/[.]sys/?getexe=loader[.]exe

hxxp://grdcb[.]com/[.]sys/?getexe=go[.]exe

hxxp://grdcb[.]com/[.]sys/?getexe=hosts2[.]exe

hxxp://grdcb[.]com/[.]sys/?getexe=p[.]exe

hxxp://grdcb[.]com/[.]sys/?getexe=v2bloggerjs[.]exe

hxxp://grdcb[.]com/[.]sys/?getexe=v2captcha21[.]exe

hxxp://grdcb[.]com/[.]sys/?getexe=v2webserver[.]exe

hxxp://jcshop[.]netfirms[.]com/[.]sys/?getexe=go[.]exe

hxxp://jcshop[.]netfirms[.]com/[.]sys/?getexe=loader[.]exe

hxxp://jcshop[.]netfirms[.]com/[.]sys/?getexe=pp[.]14[.]exe

hxxp://jcshop[.]netfirms[.]com/[.]sys/?getexe=v2bloggerjs[.]exe

hxxp://jcshop[.]netfirms[.]com/[.]sys/?getexe=v2captcha21[.]exe

hxxp://jcshop[.]netfirms[.]com/[.]sys/?getexe=v2newblogger[.]exe

hxxp://jcshop[.]netfirms[.]com/[.]sys/?getexe=v2webserver[.]exe

hxxp://journalsexyplus[.]com/[.]sys/?getexe=v2bloggerjs[.]exe

hxxp://journalsexyplus[.]com/[.]sys/?getexe=v2captcha21[.]exe

hxxp://journalsexyplus[.]com/[.]sys/?getexe=v2newblogger[.]exe

hxxp://journalsexyplus[.]com/[.]sys/?getexe=v2webserver[.]exe

hxxp://juanfurlan[.]com[.]ar/[.]sys/?getexe=v2captcha21[.]exe

hxxp://littlepalmbeach[.]com/[.]sys/?getexe=go[.]exe

hxxp://littlepalmbeach[.]com/[.]sys/?getexe=hosts2[.]exe

hxxp://littlepalmbeach[.]com/[.]sys/?getexe=loader[.]exe

hxxp://littlepalmbeach[.]com/[.]sys/?getexe=pp[.]14[.]exe

hxxp://littlepalmbeach[.]com/[.]sys/?getexe=v2bloggerjs[.]exe

hxxp://littlepalmbeach[.]com/[.]sys/?getexe=v2captcha21[.]exe

hxxp://littlepalmbeach[.]com/[.]sys/?getexe=v2newblogger[.]exe

hxxp://littlepalmbeach[.]com/[.]sys/?getexe=v2webserver[.]exe

hxxp://mahjongmuseum[.]com/[.]sys/?getexe=p[.]exe

hxxp://mdcoc[.]net/[.]sys/?getexe=go[.]exe

hxxp://mdcoc[.]net/[.]sys/?getexe=hosts2[.]exe

hxxp://mdcoc[.]net/[.]sys/?getexe=p[.]exe

hxxp://mdcoc[.]net/[.]sys/?getexe=pp[.]14[.]exe

hxxp://mdcoc[.]net/[.]sys/?getexe=v2bloggerjs[.]exe

hxxp://mdcoc[.]net/[.]sys/?getexe=v2captcha21[.]exe

hxxp://mdcoc[.]net/[.]sys/?getexe=v2googlecheck[.]exe

hxxp://mdcoc[.]net/[.]sys/?getexe=v2newblogger[.]exe

hxxp://mdcoc[.]net/[.]sys/?getexe=v2webserver[.]exe

hxxp://micaelmarkstrom[.]se/[.]sys/?getexe=go[.]exe

hxxp://micaelmarkstrom[.]se/[.]sys/?getexe=loader[.]exe

hxxp://micaelmarkstrom[.]se/[.]sys/?getexe=pp[.]14[.]exe

hxxp://micaelmarkstrom[.]se/[.]sys/?getexe=v2bloggerjs[.]exe

hxxp://micaelmarkstrom[.]se/[.]sys/?getexe=v2captcha21[.]exe

hxxp://micaelmarkstrom[.]se/[.]sys/?getexe=v2newblogger[.]exe

hxxp://micaelmarkstrom[.]se/[.]sys/?getexe=v2webserver[.]exe

hxxp://prostruction[.]net/[.]sys/?getexe=go[.]exe

hxxp://prostruction[.]net/[.]sys/?getexe=hosts2[.]exe

hxxp://prostruction[.]net/[.]sys/?getexe=p[.]exe

hxxp://prostruction[.]net/[.]sys/?getexe=v2webserver[.]exe

hxxp://shirleymancino[.]com/[.]sys/?getexe=go[.]exe

hxxp://shirleymancino[.]com/[.]sys/?getexe=hosts2[.]exe

hxxp://shirleymancino[.]com/[.]sys/?getexe=loader[.]exe

hxxp://shirleymancino[.]com/[.]sys/?getexe=pp[.]14[.]exe

hxxp://shirleymancino[.]com/[.]sys/?getexe=v2bloggerjs[.]exe

hxxp://shirleymancino[.]com/[.]sys/?getexe=v2captcha21[.]exe

hxxp://shirleymancino[.]com/[.]sys/?getexe=v2googlecheck[.]exe

hxxp://shirleymancino[.]com/[.]sys/?getexe=v2newblogger[.]exe

hxxp://shirleymancino[.]com/[.]sys/?getexe=v2webserver[.]exe

hxxp://sphusa[.]com/[.]sys/?getexe=go[.]exe

hxxp://sphusa[.]com/[.]sys/?getexe=loader[.]exe

hxxp://sphusa[.]com/[.]sys/?getexe=pp[.]14[.]exe

hxxp://sphusa[.]com/[.]sys/?getexe=v2captcha21[.]exe

hxxp://testing[.]onlinesigns[.]co[.]za/[.]sys/?getexe=loader[.]exe

hxxp://testing[.]onlinesigns[.]co[.]za/[.]sys/?getexe=pp[.]14[.]exe

hxxp://testing[.]onlinesigns[.]co[.]za/[.]sys/?getexe=v2bloggerjs[.]exe

hxxp://testing[.]onlinesigns[.]co[.]za/[.]sys/?getexe=v2captcha21[.]exe

hxxp://testing[.]onlinesigns[.]co[.]za/[.]sys/?getexe=v2googlecheck[.]exe

hxxp://testing[.]onlinesigns[.]co[.]za/[.]sys/?getexe=v2newblogger[.]exe

hxxp://testing[.]onlinesigns[.]co[.]za/[.]sys/?getexe=v2webserver[.]exe

hxxp://www[.]australianslongevity[.]net/[.]sys/?getexe=loader[.]exe

hxxp://www[.]corteostoricoterrasanctibenedicti[.]org/[.]sys/?getexe=go[.]exe

hxxp://www[.]corteostoricoterrasanctibenedicti[.]org/[.]sys/?getexe=loader[.]exe

hxxp://www[.]corteostoricoterrasanctibenedicti[.]org/[.]sys/?getexe=pp[.]14[.]exe

hxxp://www[.]corteostoricoterrasanctibenedicti[.]org/[.]sys/?getexe=v2bloggerjs[.]exe

hxxp://www[.]corteostoricoterrasanctibenedicti[.]org/[.]sys/?getexe=v2captcha21[.]exe

hxxp://www[.]corteostoricoterrasanctibenedicti[.]org/[.]sys/?getexe=v2newblogger[.]exe

hxxp://www[.]corteostoricoterrasanctibenedicti[.]org/[.]sys/?getexe=v2webserver[.]exe

hxxp://www[.]dinovincenzopatroni[.]com/[.]sys/?getexe=go[.]exe

hxxp://www[.]dinovincenzopatroni[.]com/[.]sys/?getexe=hosts2[.]exe

hxxp://www[.]dinovincenzopatroni[.]com/[.]sys/?getexe=loader[.]exe

hxxp://www[.]dinovincenzopatroni[.]com/[.]sys/?getexe=pp[.]14[.]exe

hxxp://www[.]dinovincenzopatroni[.]com/[.]sys/?getexe=v2bloggerjs[.]exe

hxxp://www[.]dinovincenzopatroni[.]com/[.]sys/?getexe=v2captcha21[.]exe

hxxp://www[.]dinovincenzopatroni[.]com/[.]sys/?getexe=v2googlecheck[.]exe

hxxp://www[.]dinovincenzopatroni[.]com/[.]sys/?getexe=v2newblogger[.]exe

hxxp://www[.]dinovincenzopatroni[.]com/[.]sys/?getexe=v2webserver[.]exe

hxxp://www[.]fininve[.]it/[.]sys/?getexe=go[.]exe

hxxp://www[.]fininve[.]it/[.]sys/?getexe=loader[.]exe

hxxp://www[.]fininve[.]it/[.]sys/?getexe=pp[.]14[.]exe

hxxp://www[.]fininve[.]it/[.]sys/?getexe=v2bloggerjs[.]exe

hxxp://www[.]fininve[.]it/[.]sys/?getexe=v2captcha21[.]exe

hxxp://www[.]fininve[.]it/[.]sys/?getexe=v2newblogger[.]exe

hxxp://www[.]fininve[.]it/[.]sys/?getexe=v2webserver[.]exe

hxxp://www[.]firststategymnastics[.]com/[.]sys/?getexe=go[.]exe

hxxp://www[.]firststategymnastics[.]com/[.]sys/?getexe=loader[.]exe

hxxp://www[.]firststategymnastics[.]com/[.]sys/?getexe=pp[.]14[.]exe

hxxp://www[.]firststategymnastics[.]com/[.]sys/?getexe=v2bloggerjs[.]exe

hxxp://www[.]firststategymnastics[.]com/[.]sys/?getexe=v2captcha21[.]exe

hxxp://www[.]firststategymnastics[.]com/[.]sys/?getexe=v2googlecheck[.]exe

hxxp://www[.]firststategymnastics[.]com/[.]sys/?getexe=v2newblogger[.]exe

hxxp://www[.]firststategymnastics[.]com/[.]sys/?getexe=v2webserver[.]exe

hxxp://www[.]gecahe[.]com/[.]sys/?getexe=v2bloggerjs[.]exe

hxxp://www[.]gecahe[.]com/[.]sys/?getexe=v2captcha21[.]exe

hxxp://www[.]lavalledellupo[.]it/[.]sys/?getexe=go[.]exe

hxxp://www[.]lavalledellupo[.]it/[.]sys/?getexe=pp[.]14[.]exe

hxxp://www[.]lavalledellupo[.]it/[.]sys/?getexe=v2bloggerjs[.]exe

hxxp://www[.]lavalledellupo[.]it/[.]sys/?getexe=v2captcha21[.]exe

hxxp://www[.]lavalledellupo[.]it/[.]sys/?getexe=v2newblogger[.]exe

hxxp://www[.]lavalledellupo[.]it/[.]sys/?getexe=v2webserver[.]exe

hxxp://www[.]person[.]doae[.]go[.]th/[.]sys/?getexe=pp[.]14[.]exe

hxxp://www[.]powertreecorp[.]com/[.]sys/?getexe=loader[.]exe

hxxp://www[.]proelec-dpt[.]fr/[.]sys/?getexe=go[.]exe

hxxp://www[.]proelec-dpt[.]fr/[.]sys/?getexe=loader[.]exe

hxxp://www[.]proelec-dpt[.]fr/[.]sys/?getexe=pp[.]14[.]exe

hxxp://www[.]proelec-dpt[.]fr/[.]sys/?getexe=v2captcha21[.]exe

hxxp://www[.]proelec-dpt[.]fr/[.]sys/?getexe=v2webserver[.]exe

hxxp://www[.]shogunlevallois[.]com/[.]sys/?getexe=go[.]exe

hxxp://www[.]shogunlevallois[.]com/[.]sys/?getexe=loader[.]exe

hxxp://www[.]shogunlevallois[.]com/[.]sys/?getexe=pp[.]14[.]exe

hxxp://www[.]shogunlevallois[.]com/[.]sys/?getexe=v2bloggerjs[.]exe

hxxp://www[.]shogunlevallois[.]com/[.]sys/?getexe=v2captcha21[.]exe

hxxp://www[.]shogunlevallois[.]com/[.]sys/?getexe=v2googlecheck[.]exe

hxxp://www[.]shogunlevallois[.]com/[.]sys/?getexe=v2newblogger[.]exe

hxxp://www[.]shogunlevallois[.]com/[.]sys/?getexe=v2webserver[.]exe

hxxp://www[.]skylergreene[.]com/[.]sys/?getexe=loader[.]exe

hxxp://www[.]skylergreene[.]com/[.]sys/?getexe=pp[.]14[.]exe

hxxp://www[.]skylergreene[.]com/[.]sys/?getexe=v2bloggerjs[.]exe

hxxp://www[.]skylergreene[.]com/[.]sys/?getexe=v2captcha21[.]exe

hxxp://www[.]skylergreene[.]com/[.]sys/?getexe=v2googlecheck[.]exe

hxxp://www[.]skylergreene[.]com/[.]sys/?getexe=v2newblogger[.]exe

hxxp://www[.]skylergreene[.]com/[.]sys/?getexe=v2webserver[.]exe

hxxp://www[.]trattoriabilly[.]com/[.]sys/?getexe=go[.]exe

hxxp://www[.]trattoriabilly[.]com/[.]sys/?getexe=hosts2[.]exe

hxxp://www[.]trattoriabilly[.]com/[.]sys/?getexe=loader[.]exe

hxxp://www[.]trattoriabilly[.]com/[.]sys/?getexe=pp[.]14[.]exe

hxxp://www[.]trattoriabilly[.]com/[.]sys/?getexe=v2bloggerjs[.]exe

hxxp://www[.]trattoriabilly[.]com/[.]sys/?getexe=v2captcha21[.]exe

hxxp://www[.]trattoriabilly[.]com/[.]sys/?getexe=v2googlecheck[.]exe

hxxp://www[.]trattoriabilly[.]com/[.]sys/?getexe=v2newblogger[.]exe

hxxp://www[.]trattoriabilly[.]com/[.]sys/?getexe=v2webserver[.]exe

hxxp://www[.]waypoint-center[.]org/[.]sys/?getexe=go[.]exe

hxxp://www[.]waypoint-center[.]org/[.]sys/?getexe=hosts2[.]exe

hxxp://www[.]waypoint-center[.]org/[.]sys/?getexe=p[.]exe

hxxp://www[.]waypoint-center[.]org/[.]sys/?getexe=pp[.]14[.]exe

hxxp://www[.]waypoint-center[.]org/[.]sys/?getexe=v2captcha21[.]exe

hxxp://www[.]waypoint-center[.]org/[.]sys/?getexe=v2webserver[.]exe

hxxp://www[.]wttcmi[.]com/[.]sys/?getexe=go[.]exe

hxxp://www[.]wttcmi[.]com/[.]sys/?getexe=pp[.]14[.]exe

hxxp://www[.]wttcmi[.]com/[.]sys/?getexe=v2bloggerjs[.]exe

hxxp://www[.]wttcmi[.]com/[.]sys/?getexe=v2captcha21[.]exe

hxxp://www[.]wttcmi[.]com/[.]sys/?getexe=v2googlecheck[.]exe

hxxp://www[.]wttcmi[.]com/[.]sys/?getexe=v2newblogger[.]exe

hxxp://www[.]wttcmi[.]com/[.]sys/?getexe=v2webserver[.]exe

hxxp://zaferburo[.]com[.]tr/[.]sys/?getexe=go[.]exe

hxxp://zaferburo[.]com[.]tr/[.]sys/?getexe=hosts2[.]exe

hxxp://zaferburo[.]com[.]tr/[.]sys/?getexe=p[.]exe

hxxp://zaferburo[.]com[.]tr/[.]sys/?getexe=pp[.]14[.]exe

hxxp://zaferburo[.]com[.]tr/[.]sys/?getexe=v2newblogger[.]exe

hxxp://zaferburo[.]com[.]tr/[.]sys/?getexe=v2webserver[.]exe

hxxp://car-transport[.]com[.]au/[.]sys/?getexe=fb[.]101[.]exe

hxxp://car-transport[.]com[.]au/[.]sys/?getexe=pp[.]14[.]exe

hxxp://car-transport[.]com[.]au/[.]sys/?getexe=v2bloggerjs[.]exe

hxxp://car-transport[.]com[.]au/[.]sys/?getexe=v2captcha21[.]exe

hxxp://car-transport[.]com[.]au/[.]sys/?getexe=v2googlecheck[.]exe

hxxp://car-transport[.]com[.]au/[.]sys/?getexe=v2newblogger[.]exe

hxxp://car-transport[.]com[.]au/[.]sys/?getexe=v2webserver[.]exe

hxxp://goldenliontech[.]com/[.]sys/?getexe=fb[.]101[.]exe

hxxp://goldenliontech[.]com/[.]sys/?getexe=go[.]exe

hxxp://goldenliontech[.]com/[.]sys/?getexe=pp[.]14[.]exe

hxxp://goldenliontech[.]com/[.]sys/?getexe=v2captcha21[.]exe

hxxp://goldenliontech[.]com/[.]sys/?getexe=v2webserver[.]exe

hxxp://lotuscovecampground[.]com/[.]sys/?getexe=fb[.]101[.]exe

hxxp://lotuscovecampground[.]com/[.]sys/?getexe=go[.]exe

hxxp://lotuscovecampground[.]com/[.]sys/?getexe=pp[.]14[.]exe

hxxp://lotuscovecampground[.]com/[.]sys/?getexe=v2bloggerjs[.]exe

hxxp://lotuscovecampground[.]com/[.]sys/?getexe=v2captcha21[.]exe

hxxp://lotuscovecampground[.]com/[.]sys/?getexe=v2googlecheck[.]exe

hxxp://lotuscovecampground[.]com/[.]sys/?getexe=v2newblogger[.]exe

hxxp://lotuscovecampground[.]com/[.]sys/?getexe=v2prx[.]exe

hxxp://lotuscovecampground[.]com/[.]sys/?getexe=v2webserver[.]exe

hxxp://www[.]ntas[.]com/[.]sys/?getexe=v2captcha21[.]exe

hxxp://www[.]australianslongevity[.]net/[.]sys/?getexe=v2newblogger[.]exe

hxxp://www[.]australianslongevity[.]net/[.]sys/?getexe=v2webserver[.]exe

hxxp://www[.]australianslongevity[.]net/[.]sys/?getexe=pp[.]14[.]exe

hxxp://www[.]australianslongevity[.]net/[.]sys/?getexe=v2bloggerjs[.]exe

hxxp://www[.]australianslongevity[.]net/[.]sys/?getexe=v2captcha21[.]exe

hxxp://www[.]ntas[.]com/[.]sys/?getexe=fb[.]101[.]exe

hxxp://www[.]ntas[.]com/[.]sys/?getexe=go[.]exe

hxxp://www[.]ntas[.]com/[.]sys/?getexe=pp[.]14[.]exe

hxxp://www[.]ntas[.]com/[.]sys/?getexe=v2bloggerjs[.]exe

hxxp://www[.]ntas[.]com/[.]sys/?getexe=v2googlecheck[.]exe

hxxp://www[.]ntas[.]com/[.]sys/?getexe=v2newblogger[.]exe

hxxp://www[.]ntas[.]com/[.]sys/?getexe=v2prx[.]exe

hxxp://www[.]ntas[.]com/[.]sys/?getexe=v2webserver[.]exe

hxxp://www[.]powertreecorp[.]com/[.]sys/?getexe=fb[.]101[.]exe

hxxp://www[.]powertreecorp[.]com/[.]sys/?getexe=go[.]exe

hxxp://www[.]powertreecorp[.]com/[.]sys/?getexe=pp[.]14[.]exe

hxxp://www[.]powertreecorp[.]com/[.]sys/?getexe=v2bloggerjs[.]exe

hxxp://www[.]powertreecorp[.]com/[.]sys/?getexe=v2captcha21[.]exe

hxxp://www[.]powertreecorp[.]com/[.]sys/?getexe=v2googlecheck[.]exe

hxxp://www[.]powertreecorp[.]com/[.]sys/?getexe=v2newblogger[.]exe

hxxp://www[.]powertreecorp[.]com/[.]sys/?getexe=v2webserver[.]exe

hxxp://comunicat-de-presa[.]ro/[.]sys/?getexe=hosts2[.]exe

hxxp://goldmaniac[.]com/[.]sys/?getexe=v2bloggerjs[.]exe

hxxp://goldmaniac[.]com/[.]sys/?getexe=v2captcha21[.]exe

hxxp://goldmaniac[.]com/[.]sys/?getexe=v2newblogger[.]exe

hxxp://inartdesigns[.]com/[.]sys/?getexe=v2captcha21[.]exe

hxxp://qatar-business-guide[.]net/[.]sys/?getexe=v2captcha21[.]exe

hxxp://reishus[.]de/[.]sys/?getexe=loader[.]exe

hxxp://reishus[.]de/[.]sys/?getexe=v2captcha21[.]exe

hxxp://www[.]bastakigroup[.]com/[.]sys/?getexe=v2captcha21[.]exe

hxxp://www[.]comunicat-de-presa[.]ro/[.]sys/?getexe=v2captcha21[.]exe

hxxp://www[.]its-email[.]co[.]uk/[.]sys/?getexe=v2bloggerjs[.]exe

hxxp://www[.]its-email[.]co[.]uk/[.]sys/?getexe=v2captcha21[.]exe

hxxp://goldmaniac[.]com/[.]sys/?getexe=fb[.]101[.]exe

hxxp://goldmaniac[.]com/[.]sys/?getexe=go[.]exe

hxxp://goldmaniac[.]com/[.]sys/?getexe=hosts2[.]exe

hxxp://goldmaniac[.]com/[.]sys/?getexe=loader[.]exe

hxxp://goldmaniac[.]com/[.]sys/?getexe=v2googlecheck[.]exe

hxxp://goldmaniac[.]com/[.]sys/?getexe=v2webserver[.]exe

hxxp://www[.]bastakigroup[.]com/[.]sys/?getexe=pp[.]14[.]exe

hxxp://www[.]comunicat-de-presa[.]ro/[.]sys/?getexe=fb[.]101[.]exe

hxxp://www[.]comunicat-de-presa[.]ro/[.]sys/?getexe=go[.]exe

hxxp://www[.]comunicat-de-presa[.]ro/[.]sys/?getexe=hosts2[.]exe

hxxp://www[.]comunicat-de-presa[.]ro/[.]sys/?getexe=loader[.]exe

hxxp://www[.]comunicat-de-presa[.]ro/[.]sys/?getexe=pp[.]14[.]exe

hxxp://www[.]comunicat-de-presa[.]ro/[.]sys/?getexe=v2bloggerjs[.]exe

hxxp://www[.]comunicat-de-presa[.]ro/[.]sys/?getexe=v2captcha[.]exe

hxxp://www[.]comunicat-de-presa[.]ro/[.]sys/?getexe=v2googlecheck[.]exe

hxxp://www[.]comunicat-de-presa[.]ro/[.]sys/?getexe=v2newblogger[.]exe

hxxp://www[.]comunicat-de-presa[.]ro/[.]sys/?getexe=v2prx[.]exe

hxxp://www[.]comunicat-de-presa[.]ro/[.]sys/?getexe=v2webserver[.]exe

hxxp://www[.]timsmurf[.]com/[.]sys/?getexe=hosts2[.]exe

hxxp://reishus[.]de/[.]sys/?action=fbgen&mode=s&age=193&a=-186345958&v=82&crc=669&ie=6[.]0[.]2900[.]2180

hxxp://reishus[.]de/[.]sys/?getexe=fb[.]84[.]exe

hxxp://reishus[.]de/[.]sys/?getexe=fbcheck[.]exe

hxxp://reishus[.]de/[.]sys/?getexe=go[.]exe

hxxp://reishus[.]de/[.]sys/?getexe=hosts2[.]exe

hxxp://reishus[.]de/[.]sys/?getexe=pp[.]14[.]exe

hxxp://reishus[.]de/[.]sys/?getexe=v2captcha[.]exe

hxxp://reishus[.]de/[.]sys/?getexe=v2prx[.]exe

hxxp://reishus[.]de/[.]sys/?getexe=v2webserver[.]exe

hxxp://www[.]tabdesign[.]com[.]sg/[.]sys/?getexe=fb[.]84[.]exe

hxxp://www[.]tabdesign[.]com[.]sg/[.]sys/?getexe=fbcheck[.]exe

hxxp://www[.]tabdesign[.]com[.]sg/[.]sys/?getexe=go[.]exe

hxxp://www[.]tabdesign[.]com[.]sg/[.]sys/?getexe=hosts2[.]exe

hxxp://www[.]tabdesign[.]com[.]sg/[.]sys/?getexe=pp[.]14[.]exe

hxxp://www[.]tabdesign[.]com[.]sg/[.]sys/?getexe=v2captcha[.]exe

hxxp://www[.]tabdesign[.]com[.]sg/[.]sys/?getexe=v2prx[.]exe

hxxp://www[.]tabdesign[.]com[.]sg/[.]sys/?getexe=v2webserver[.]exe

hxxp://mahjongmuseum[.]com/[.]sys/?getexe=fb[.]84[.]exe

hxxp://mahjongmuseum[.]com/[.]sys/?getexe=fbcheck[.]exe

hxxp://mahjongmuseum[.]com/[.]sys/?getexe=go[.]exe

hxxp://mahjongmuseum[.]com/[.]sys/?getexe=hosts2[.]exe

hxxp://mahjongmuseum[.]com/[.]sys/?getexe=pp[.]14[.]exe

hxxp://mahjongmuseum[.]com/[.]sys/?getexe=v2captcha[.]exe

hxxp://mahjongmuseum[.]com/[.]sys/?getexe=v2prx[.]exe

hxxp://mahjongmuseum[.]com/[.]sys/?getexe=v2webserver[.]exe

hxxp://easygiftgiving[.]com/[.]sys/?getexe=go[.]exe

hxxp://easygiftgiving[.]com/[.]sys/?getexe=pp[.]14[.]exe

hxxp://easygiftgiving[.]com/[.]sys/?getexe=v2captcha[.]exe

hxxp://easygiftgiving[.]com/[.]sys/?getexe=v2prx[.]exe

hxxp://easygiftgiving[.]com/[.]sys/?getexe=v2webserver[.]exe

hxxp://inartdesigns[.]com/[.]sys/?getexe=fb[.]84[.]exe

hxxp://inartdesigns[.]com/[.]sys/?getexe=fbcheck[.]exe

hxxp://inartdesigns[.]com/[.]sys/?getexe=go[.]exe

hxxp://inartdesigns[.]com/[.]sys/?getexe=hosts2[.]exe

hxxp://inartdesigns[.]com/[.]sys/?getexe=pp[.]14[.]exe

hxxp://inartdesigns[.]com/[.]sys/?getexe=v2captcha[.]exe

hxxp://inartdesigns[.]com/[.]sys/?getexe=v2prx[.]exe

hxxp://inartdesigns[.]com/[.]sys/?getexe=v2webserver[.]exe

hxxp://mahjongmuseum[.]com/[.]sys/?getexe=fb[.]83[.]exe

hxxp://mahjongmuseum[.]com/[.]sys/?getexe=v2reader[.]exe

hxxp://reishus[.]de/[.]sys/?getexe=fb[.]83[.]exe

hxxp://reishus[.]de/[.]sys/?getexe=v2reader[.]exe

hxxp://www[.]timsmurf[.]com/[.]sys/?getexe=fb[.]80[.]exe

hxxp://www[.]timsmurf[.]com/[.]sys/?getexe=go[.]exe

hxxp://www[.]timsmurf[.]com/[.]sys/?getexe=pp[.]14[.]exe

hxxp://www[.]timsmurf[.]com/[.]sys/?getexe=v2prx[.]exe

hxxp://www[.]timsmurf[.]com/[.]sys/?getexe=v2webserver[.]exe

hxxp://www[.]tabdesign[.]com[.]sg/[.]sys/?getexe=fb[.]81[.]exe

hxxp://www[.]tabdesign[.]com[.]sg/[.]sys/?getexe=gr[.]05[.]exe

hxxp://www[.]timsmurf[.]com/[.]sys/?getexe=fb[.]81[.]exe

hxxp://www[.]timsmurf[.]com/[.]sys/?getexe=ff2ie[.]exe

hxxp://www[.]timsmurf[.]com/[.]sys/?getexe=loader[.]exe

hxxp://www[.]timsmurf[.]com/[.]sys/?getexe=tw[.]08[.]exe

hxxp://www[.]timsmurf[.]com/[.]sys/?getexe=v2captcha[.]exe

hxxp://www[.]timsmurf[.]com/[.]sys/?getexe=v2googlecheck[.]exe

hxxp://www[.]timsmurf[.]com/[.]sys/?getexe=v2newblogger[.]exe

hxxp://www[.]moviemusicuk[.]us/index[.]htm/?go

hxxp://www[.]wvgoldwings[.]com/video/

hxxp://www[.]wvgoldwings[.]com/video/?go

hxxp://boatnews[.]eu/[.]sys/?getexe=fb[.]76[.]exe

hxxp://boatnews[.]eu/[.]sys/?getexe=go[.]exe

hxxp://boatnews[.]eu/[.]sys/?getexe=pp[.]13[.]exe

hxxp://boatnews[.]eu/[.]sys/?getexe=v2prx[.]exe

hxxp://boatnews[.]eu/[.]sys/?getexe=v2webserver[.]exe

hxxp://jugendfeuerwehr-zermatt[.]ch/[.]sys/?getexe=fb[.]76[.]exe

hxxp://jugendfeuerwehr-zermatt[.]ch/[.]sys/?getexe=fblanding[.]exe

hxxp://jugendfeuerwehr-zermatt[.]ch/[.]sys/?getexe=go[.]exe

hxxp://jugendfeuerwehr-zermatt[.]ch/[.]sys/?getexe=pp[.]13[.]exe

hxxp://jugendfeuerwehr-zermatt[.]ch/[.]sys/?getexe=v2prx[.]exe

hxxp://jugendfeuerwehr-zermatt[.]ch/[.]sys/?getexe=v2webserver[.]exe

hxxp://qatar-business-guide[.]net/[.]sys/?getexe=fb[.]76[.]exe

hxxp://qatar-business-guide[.]net/[.]sys/?getexe=fblanding[.]exe

hxxp://qatar-business-guide[.]net/[.]sys/?getexe=pp[.]13[.]exe

hxxp://qatar-business-guide[.]net/[.]sys/?getexe=v2webserver[.]exe

hxxp://reishus[.]de/[.]sys/?getexe=ms[.]26[.]exe

hxxp://whatsupgreenville[.]com/[.]sys/?getexe=fb[.]76[.]exe

hxxp://whatsupgreenville[.]com/[.]sys/?getexe=fblanding[.]exe

hxxp://whatsupgreenville[.]com/[.]sys/?getexe=go[.]exe

hxxp://whatsupgreenville[.]com/[.]sys/?getexe=pp[.]13[.]exe

hxxp://whatsupgreenville[.]com/[.]sys/?getexe=v2prx[.]exe

hxxp://whatsupgreenville[.]com/[.]sys/?getexe=v2webserver[.]exe

hxxp://www[.]starbrands-ltd[.]com/[.]sys/?getexe=loader[.]exe

hxxp://suntico-dev[.]com/950/index[.]php?go

hxxp://musikskolan[.]orsa[.]se/434/?go

hxxp://rayfordliesbet[.]blogspot[.]com/

hxxp://sessionsmatarmatar[.]blogspot[.]com/

hxxp://jazz-brewery[.]com/[.]sys/?getexe=go[.]exe

hxxp://jazz-brewery[.]com/[.]sys/?getexe=mded[.]exe

hxxp://jazz-brewery[.]com/[.]sys/?getexe=tw[.]07[.]exe

hxxp://musikskolan[.]orsa[.]se/[.]sys/?getexe=go[.]exe

hxxp://qatar-business-guide[.]net/[.]sys/?getexe=go[.]exe

hxxp://teplomer1[.]czechian[.]net/[.]sys/?getexe=go[.]exe

hxxp://www[.]foo6[.]com/[.]sys/?getexe=fb[.]75[.]exe

hxxp://www[.]foo6[.]com/[.]sys/?getexe=go[.]exe

hxxp://www[.]foo6[.]com/[.]sys/?getexe=mded[.]exe

hxxp://www[.]foo6[.]com/[.]sys/?getexe=pp[.]12[.]exe

hxxp://www[.]foo6[.]com/[.]sys/?getexe=v2prx[.]exe

hxxp://www[.]fototeka[.]rs/[.]sys/?getexe=fb[.]75[.]exe

hxxp://www[.]fototeka[.]rs/[.]sys/?getexe=go[.]exe

hxxp://www[.]fototeka[.]rs/[.]sys/?getexe=mded[.]exe

hxxp://www[.]fototeka[.]rs/[.]sys/?getexe=pp[.]12[.]exe

hxxp://www[.]fototeka[.]rs/[.]sys/?getexe=v2prx[.]exe

hxxp://www[.]starbrands-ltd[.]com/[.]sys/?getexe=go[.]exe

hxxp://www[.]starbrands-ltd[.]com/[.]sys/?getexe=tw[.]07[.]exe

hxxp://russkiytoy[.]at/[.]sys/?getexe=tw[.]07[.]exe

hxxp://www[.]foo6[.]com/[.]sys/?getexe=ff2ie[.]exe

hxxp://arpkriswanto[.]blogspot[.]com/

hxxp://ayoubayoubpatouhas[.]blogspot[.]com/

hxxp://ayounirwinirwin[.]blogspot[.]com/

hxxp://bardinteagan[.]blogspot[.]com/

hxxp://cameliatarif[.]blogspot[.]com/

hxxp://focalshossam[.]blogspot[.]com/

hxxp://mckeehantangytangy[.]blogspot[.]com/

hxxp://pennockmuthanna[.]blogspot[.]com/

hxxp://rosalieishananto[.]blogspot[.]com/

hxxp://russkiytoy[.]at/[.]sys/?getexe=fb[.]75[.]exe

hxxp://russkiytoy[.]at/[.]sys/?getexe=go[.]exe

hxxp://russkiytoy[.]at/[.]sys/?getexe=pp[.]12[.]exe

hxxp://russkiytoy[.]at/[.]sys/?getexe=v2prx[.]exe

hxxp://totallyask[.]to[.]ohost[.]de/207/?go

hxxp://aidanaidantattersfield[.]blogspot[.]com/

hxxp://nine[.]jo/834/?go

hxxp://deploytech[.]co[.]nz/368/?go

hxxp://insalacotecwyn[.]blogspot[.]com/

hxxp://jurgisbooty[.]blogspot[.]com/

hxxp://parrisvistisen[.]blogspot[.]com/

hxxp://rotermundraimon[.]blogspot[.]com/

hxxp://tendaiblunk[.]blogspot[.]com/

hxxp://agr255[.]cne-escutismo[.]pt/[.]sys/?getexe=fb[.]75[.]exe

hxxp://agr255[.]cne-escutismo[.]pt/[.]sys/?getexe=get[.]exe

hxxp://agr255[.]cne-escutismo[.]pt/[.]sys/?getexe=pp[.]12[.]exe

hxxp://agr255[.]cne-escutismo[.]pt/[.]sys/?getexe=v2prx[.]exe

hxxp://indigozeus1[.]net/zs12/bot[.]exe

hxxp://jazz-brewery[.]com/[.]sys/?getexe=fb[.]75[.]exe

hxxp://jazz-brewery[.]com/[.]sys/?getexe=get[.]exe

hxxp://jazz-brewery[.]com/[.]sys/?getexe=pp[.]12[.]exe

hxxp://jazz-brewery[.]com/[.]sys/?getexe=v2prx[.]exe

hxxp://musikskolan[.]orsa[.]se/[.]sys/?getexe=fb[.]75[.]exe

hxxp://musikskolan[.]orsa[.]se/[.]sys/?getexe=get[.]exe

hxxp://musikskolan[.]orsa[.]se/[.]sys/?getexe=pp[.]12[.]exe

hxxp://musikskolan[.]orsa[.]se/[.]sys/?getexe=v2prx[.]exe

hxxp://qatar-business-guide[.]net/[.]sys/?getexe=fb[.]75[.]exe

hxxp://qatar-business-guide[.]net/[.]sys/?getexe=get[.]exe

hxxp://qatar-business-guide[.]net/[.]sys/?getexe=pp[.]12[.]exe

hxxp://qatar-business-guide[.]net/[.]sys/?getexe=v2prx[.]exe

hxxp://reishus[.]de/[.]sys/?getexe=fb[.]75[.]exe

hxxp://reishus[.]de/[.]sys/?getexe=get[.]exe

hxxp://reishus[.]de/[.]sys/?getexe=pp[.]12[.]exe

hxxp://www[.]delicesevdam[.]net/botistan[.]exe

hxxp://devline[.]se/6/

hxxp://kiano-180809[.]com/the/?pid=30759

hxxp://unix-service[.]com/js1[.]php

hxxp://tohva[.]org/bestacti0n/

hxxp://hellnax[.]com/e/install_126[.]exe

hxxp://magnaniwines[.]com/freeevlds/gteftf9hns2[.]js

hxxp://restaurant-soleildafrique[.]fr/fuunnyvide0/o4m833a8[.]js

hxxp://jagtridningjylland[.]dk/beestdwd/87m[.]js

hxxp://rtprestaurantguide[.]com/amalzlngc1ips/968e8[.]js

hxxp://s198814458[.]onlinehome[.]us/y0urperf0rmans/ui9o[.]js

hxxp://godupholdshim[.]netfirms[.]com/c00ldwd/vzde[.]js

hxxp://lionandlamb[.]biz/privalefi1m/a8es[.]js

hxxp://pangea-consulting[.]com/y0urperf0rmans/pd38ss9n-[.]js

hxxp://kristameier[.]com/fuunnysh0w/h80q-[.]js

hxxp://proteatr[.]edu[.]mhost[.]ru/privalec1ip/82yiiy3[.]js

hxxp://videoleverage[.]com/beesttw/coh[.]js

hxxp://lpexpressions[.]com/c00lperf0rmans/pgy[.]js

hxxp://ram-220709[.]com/go/?pid=30937&type=videxp

hxxp://r-d-cgpay-090709[.]com/go/index[.]php

hxxp://upload[.]octopus-multimedia[.]be/1/pdrv[.]exe

hxxp://upload[.]octopus-multimedia[.]be/1/pp[.]10[.]exe

hxxp://upload[.]octopus-multimedia[.]be/1/nfr[.]exe

hxxp://cgpay-re-230609[.]com/the/?pid=8176&type=videxp

hxxp://liesbethmilan[.]be/1/be[.]15[.]exe

hxxp://liesbethmilan[.]be/1/captcha6[.]exe

hxxp://liesbethmilan[.]be/1/hi[.]12[.]exe

hxxp://liesbethmilan[.]be/1/ms[.]19[.]exe

hxxp://liesbethmilan[.]be/1/pdrv[.]exe

hxxp://liesbethmilan[.]be/1/pp[.]10[.]exe

hxxp://liesbethmilan[.]be/1/tg[.]12[.]exe

hxxp://liesbethmilan[.]be/1/websrvx2[.]exe

hxxp://taahe[.]bij[.]pl/cowgirls[.]html

hxxp://yourfindguide[.]com/search[.]php?said=net15&q=jesus+christ&rfrl=

hxxp://rd040609-cgpay[.]net

hxxp://nicevideo18[.]net/software/ea2faf7008/11400/1/Setup[.]exe

hxxp://niceshoot89[.]com/software/04f456eca8/30000/1/Setup[.]exe

hxxp://updatedb87[.]cn/out/load[.]php

hxxp://bewfsnfwka[.]net/ccsuper3[.]php

hxxp://r-cgpay-15062009[.]com/go/index[.]php

hxxp://carlossextube[.]com

hxxp://r-cg100609[.]com/go/?pid=10160&type=videxp

hxxp://r-cg100609[.]com/the/?pid=8198

hxxp://utopia-products[.]com/setup[.]exe

hxxp://www[.]osftp[.]yoyo[.]pl/1/nfr[.]exe

hxxp://www[.]osftp[.]yoyo[.]pl/1/pp[.]10[.]exe

hxxp://www[.]utopia-footwear[.]com[.]au/setup[.]exe

hxxp://nicevideo44[.]com/download/1/1000/5

hxxp://cgpay0406[.]com/the/?pid=8198

hxxp://evidek[.]ro/1/tg[.]12[.]exe

hxxp://google-reseach[.]com/gfeed/link/18_escort_female_old_year/1_default[.]html

hxxp://mailgov[.]net/gfeed/click[.]php?q=&p=1

hxxp://mailgov[.]net/tds/go[.]php?sid=1&tds-key=

hxxp://evidek[.]ro/1/pp[.]10[.]exe

hxxp://redir3105[.]com/go/index[.]php

hxxp://videogtx4you1[.]com/download/1/1234/0

hxxp://videofx4you1[.]com/software/019d135faa/10180/1/Setup[.]exe

hxxp://search-adverts[.]net/forum/load[.]php?id=4

hxxp://indigolife[.]com[.]au/fantasticdemonstration/lrxgodudz[.]js

hxxp://videofx4you2[.]com/download/1/1000/5

hxxp://videofx4you2[.]com/software/a6a6ed398e/10005/1/Setup[.]exe

hxxp://videofx4you2[.]com/view/1/1000/5

hxxp://redir1805[.]com/go/fb_s[.]php

hxxp://www[.]limnos[.]si/home-video/

hxxp://dl[.]guarddog2009[.]com/cw[.]exe

hxxp://redir1805[.]com/the/?pid=10350&type=exe

hxxp://megavipsite[.]cn/avl/162[.]exe

hxxp://megavipsite[.]cn/avl/178[.]exe

hxxp://stjude-rawang[.]com/1/nfr[.]exe

hxxp://stjude-rawang[.]com/1/pp[.]08[.]exe

hxxp://mxviewworldmy2[.]com/download/1/1113/1/FlashPlayer[.]v9

hxxp://tubeee[.]com/video[.]php?l=5:52&id=0&n=teen&a=whiteboy66&path=[.]/tmb/teen/04[.]jpg&rat=[.]/img/rating3[.]jpg&v=122575

hxxp://jii[.]be/s116/in[.]cgi?16

hxxp://livestockfeed[.]cn/mov/r/index[.]html

hxxp://redir2404[.]com/the/?pid=8047&type=videxp

hxxp://mxviewworldmy1[.]com/view/1/1193/0

hxxp://puttsoftwareupdate[.]com/images/2[.]exe

hxxp://puttsoftwareupdate[.]com/images/p[.]exe

hxxp://tds[.]smallsexvids[.]info/go[.]php?sid=1

hxxp://hxviewworldmy1[.]com/software/3f507c14a5/12440/1/Setup[.]exe

hxxp://popka-klass[.]net

hxxp://rxtraffclicks[.]com/download/1/1000/5

hxxp://directseek[.]org/25/load[.]php

hxxp://redir1504[.]com/go/

hxxp://redir2304[.]com/go/

hxxp://redir2404[.]com/go/

hxxp://y18032009[.]com/go/

hxxp://y18032009[.]com/the/

hxxp://y18032009[.]com/the/?pid=1

hxxp://y18032009[.]com/the/?pid=2

hxxp://hxviewworldmy2[.]com/software/e3d6b7561f/10005/1/Setup[.]exe

hxxp://expfanclub[.]com/lom/index[.]php

hxxp://hqviewworldmy1[.]com/software/c2fb59fa16/12221/1/2[.]exe

hxxp://traffbox[.]com/in[.]cgi?3

hxxp://rtraffclicks[.]com/software/38e4f74690/10005/1/Setup[.]exe

hxxp://viewworldmy2[.]com/software/38e4f74690/10005/1/Setup[.]exe

hxxp://whitevilleportal[.]com/images/podmena[.]exe

hxxp://avprotect[.]net/podmena[.]exe

hxxp://viewworldmy1[.]com/download/1/1000/5

hxxp://xviewworldmy1[.]com/download/1/1000/5

hxxp://tri-visionhomes[.]com/im/podmena[.]exe

hxxp://edwardhomepage[.]info/podmena[.]exe

hxxp://steer2[.]co[.]uk/im/podmena[.]exe

hxxp://tmr-unlimited[.]com/podmena[.]exe

hxxp://tomsspace[.]co[.]uk/im/podmena[.]exe

hxxp://tryithere[.]net/podmena[.]exe

hxxp://ldj5[.]biz/setup[.]exe

hxxp://viewworldh[.]com/download/1/1000/5

hxxp://viewworldy[.]com/download/1/1000/5

hxxp://intelfarm[.]com/1/popup_main[.]exe

Continue reading →

Who Needs or Wants OSINT and Threat Intelligence Training?

April 27, 2023

If anyone's interested in advanced online OSINT and advanced online cyber threat actor profiling and threat intelligence training both individually or in group feel free to drop me a line at dancho.danchev@hush.com to discuss.

This is the primary Table of Contents for the advanced OSINT training which I can offer:

Introduction
Who is Dancho Danchev?
What are some of my current and future projects?
Basics of OSINT
Current State of the Cybercrime Ecosystem
Novice OSINT Tactics
Advanced OSINT Tactics
Fighting Cybercrime in the Context of Using OSINT
Threat Intelligence Gathering in the Context of Using OSINT
Technical Collection in the Context of Using OSINT
Cyber Attack Attribution in the Context of Using OSINT
Threat Intelligence Enrichment in the Context of Using OSINT
Cybercrime Research and Enrichment in the Context of Using OSINT
Practical OSINT Advices
Case Study on Fighting Cybercrime Using OSINT
Case Study
First Case Study
Second Case Study
Third Case Study
Fourth Case Study
Fifth Case Study
Conclusion

This is the primary Table of Contents for the advanced threat intelligence training:

Introduction
Overview
Threat Intelligence Methodologies
Proactive Threat Intelligence Methodologies
The Future of Threat Intelligence
Basics of Threat Intelligence
Current State of the Threat Intelligence Marketplace
Current State of the Threat Intelligence Ecosystem
Novice Threat Intelligence Concepts
Advanced Threat Intelligence Concepts
Fighting Cybercrime in the Context of Using Threat Intelligence
Using OSINT in the Context of Threat Intelligence Gathering
Threat Intelligence in the Context of Using Technical Collection for Cyber Threat Actor Attribution Attacks
Threat Intelligence in the Context of Cyber Attack. Attribution
Threat Intelligence Enrichment in the Context of Using OSINT
Cybercrime Research and Threat Intelligence IoC (Indicator of Compromise) Enrichment in the Context of Using OSINT
Practical Threat Intelligence Advices
Case Study on Fighting Cybercrime Using Threat Intelligence
Case Study
First Case Study - The Basics of Starting Into Threat Intelligence for Beginners - A Practical Case Study
Second Case Study - Advanced Threat Intelligence Practices Concepts and Methodologies - A Practical Case Study
Third Case Study - Does the "Aggregate and Forget" Methodology Really Work in the Field of Threat Intelligence? - A Practical Case Study
Fourth Case Study - The Basics of Launching and Maintaining and Operating a Company Wide Threat Intelligence Program for Beginners - A Practical Case Study
Fifth Case Study - Advanced Operation and Maintaining of a Company Wide Threat Intelligence Program for Advanced Users - A Practical Case Study
Sixth Case Study - How to Train Your Threat Intelligence Analysts to be Security Industry's and Analytical and Technical Rock Stars? - A Practical Case Study
Seventh Case Study - How to Convert Your Company Employee Endpoints Into a Distributed Threat Intelligence Passive and Active Threat Intelligence Gathering Sensor? - A Practical Case Study
Eight Case Study - How To Convert Your Clients Into a Passive and Active Distributed Threat Intelligence Gathering Sensors? - A Practical Case Study
Ninth Case Study - How to Utilize Public and Proprietary Threat Intelligence Databases for Cyber Threat Actor Attribution Campaigns Including Cross Reference and Cross Checking of
Tenth Case Study - How to Enrich Your Company Wide IoCs (Indicators of Compromise) Using Public and Proprietary Sources and Connect the Dots on a Major Cyber Attack and Cyber Threat Actor Campaign
Conclusion

And here's a sample introduction for the OSINT training which I can offer with the idea to get you to know the actual style of the training:

Basics of OSINT in the Context of Fighting Cybercrime - The Definite Beginner's Guide

“What use are they? They’ve got over 40,000 people over there reading newspapers.” - President Nixon

This introductory guide into the world of OSINT is part of an upcoming series of articles aiming to assist both novice and experienced security practitioners including analysts for the purpose of entering the world of OSINT for cybercrime research and aims to offer a high-profile and never-published before practical and relevant in today’s nation-state and rogue cyber adversaries Internet and cybercrime ecosystem whose purpose general overview and introductory material and training course material for novice beginners including advanced Internet users hackers security consultants analysts including researchers who are interested in exploring the world of OSINT (Open Source Intelligence) for the purpose of making a difference doing their work in a better and more efficient way including to actually be fully capable and equipped to catch the bad guys online including to monitor and track them down to the point of building the big picture of their fraudulent and rogue online activities. The course including the actual learning and training material is courtesy of Dancho Danchev who is considered one of the most popular security bloggers threat intelligence analysts and cybercrime researchers internationally and within the security industry.

The primary purpose behind this guide is to summarize Dancho Danchev’s over a decade of active passive and active including actionable threat intelligence and OSINT research type of experience including cybercrime research type of experience where the ultimate goal would be to empower the student or the organization taking this course into better doing their online research work including to be fully capable of tracking down and monitoring the rogue and malicious online activities of the bad guys online where the ultimate goal would be to better position and enhance your cyber attack or malicious threat actor cyber campaign attribution skills ultimately improving your work activities and actually empowering you to learn how to do OSINT for good and most importantly to track down and monitor the bad guys.

Introduction

In a world dominated by sophisticated cybercrime gangs and nation-state sponsored and tolerated rogue cyber actors the use of OSINT (Open Source Intelligence) is crucial for building the big picture in the context of fighting cybercrime internationally including to actually "connect the dots" in the context of providing personally identifiable information to a closed-group and invite-only LE community including international Intelligence Agencies on their way to track down and prosecute the cybercriminals behind these campaigns.

In this training and learning material Dancho Danchev one of the security industry's most popular and high-value security blogger and cybercrime researcher will offer an in-depth peek inside the world of OSINT in the context of fighting cybercrime and will provide practical advice examples and case in particular on how he tracked down and shut down the infamous Koobface botnet and continued to supply never-published and released before potentially sensitive and classified information on new cyber threat actors which he continued to publish at his Dancho Danchev's blog.

Basics of OSINT

OSINT in the context of fighting cybercrime can be best described as the systematic and persistent use of public information for the purpose of building a cyber threat intelligence enriched data sets and intelligence databases both for real-time situational awareness and historical OSINT preservation purposes which also include to actually "connect the dots" in cybercrime gang and rogue cyber actor campaigns and cyber attack type of campaigns. A general example would consist of obtaining a single malicious software sample and using it on a public sandbox to further map the infrastructure of the cybercriminal behind it potentially exposing the big picture behind the campaign and connecting the dots behind their infrastructure which would lead to a multi-tude and variety of personally identifiable information getting exposed which could help build a proprietary cybercrime gang activity database and actually assist LE in tracking down the prosecuting the cybercriminals behind these campaigns.

"There's no such thing as new cyber threat actors. It's just new players adopting economic and marketing concepts to steal money and cause havoc online."

The primary idea here is to locate free and public online repositories of malicious software and to actually obtain a sample which will be later on used in a public sandbox for the purpose of mapping the Internet-connected infrastructure of the cybercrime gang in question including to actually elabore more on the ways they attempt to monetize the access to the compromised host including possibly ways in which they make money including to actually find out what exactly are they trying to compromise. Possible examples here include VirusTotal or actually running a malware interception honeypot such as for instance a spam trap which would allow you to intercept currently circulating in the wild malare campaigns that propagate using email and actually analyze them in terms of connecting the dots exposing their Internet-connected infrastructure and establishing the foundations for a successful career into the world of malicious software analysis and cybercrime research.

"Everything that can be seen is already there".

The next logical step would be to properly assess and analyze the recently obtained sample and to properly establish the foundation of a "connect the dots" culture within your organization where the primary goal would be to have researchers and analysts look for clues on their way to track down and monitor a specific campaign potentially coming up with new and novel cyber attack attribution research. Visualization is often the key to everything in terms of visualizing threats and looking for additional clues and possible cyber attack attribution clues where a popular visualization and threat analysis tool known as Maltego should come into play which basically offers an advanced and sophisticated way to process OSINT and cybercrime research and threat intelligence type of information and actually enrich it using public and proprietary sources of information for the purpose of establishing the big picture and actually connecting the dots for a specific cyber attack campaign.

Among the first things that you should consider before beginning your career in the World of OSINT is that everything that you need to know about a specific online event a specific online campaign that also includes the activities of the bad guys online is already out there in the form of publicly accessible information which should be only processed and enriched to the point where the big picture for a specific event or a malicious online campaign should be established using both qualitative and quantitative methodologies that also includes the process of obtaining access to the actual technical details and information behind a specific online event or an actual malicious and rogue online campaign.

Among the few key things to keep in mind when doing OSINT including actual OSINT for cyber attack and cyber campaign attack attribution is the fact that in 99% of the cases all the collection information that you need in terms of a specific case is already publicly known and is publicly accessible instead of having to obtain access to a private or a proprietary source of information and the only thing that you would have to do to obtain access to it is to use the World’s most popular search engine in terms of collection processing and enrichment.

The second most popular thing to keep in mind when doing OSINT is that you don’t need to obtain access to proprietary even public OSINT tools.

Current State of the Cybercrime Ecosystem

In 2021 a huge number of the threats facing the security industry including vendors and organizations online include RATs (Remote Access Tools) malicious software part of a larger bother malicious and fraudulent spam and phishing emails including client-side exploits and vulnerabilities which have the potential to exploit an organization or a vendor's end points for the purpose of dropping malware on the affected host including the rise of the ransomware threat which is basically an old fashioned academic concept known as cryptoviral extortion.

With more novice cybercriminals joining the underground ecosystem market segment largely driven by a set of newly emerged affiliate based revenue sharing fraudulent and malicious networks offering financial incentive for participation in a fraudulent scheme it shouldn't be surprising that more people are actually joining the cybercrime ecosystem potentially causing widespread damage and havoc online.

With cybercrime friendly forums continuing to proliferate it should be clearly evident that more people will eventually join these marketplaces potentially looking for new market segment propositions to take advantage of for the purpose of joining the cybercrime ecosystem and that more vendors will eventually continue to occupy and launch new underground forum market propositions for the purpose of promoting and looking for new clients for the services.

In a World dominated by a geopolitically relevant Internet cybercrime ecosystem it shouldn't be surprising that more international cybercrime gangs will eventually continue to launch new fraudulent and malicious spam and phishing campaigns that also includes malicious software campaigns for the purpose of earning fraudulent revenue.

With more affiliate based underground market segment based networks aiming to attract new uses where they would forward the risk for the actual infection process and fraudulent transaction to the actual user in exchange for offering access to sophisticated bulletproof infrastructure including advanced and sophisticated malware and ransomware releases it shouldn't be surprising that more people are actually joining these affiliate networks for the purpose of earning fraudulent revenue in the process of causing havoc and widespread disruption online.

In this brief Basics of OSINT in the context of fighting cybercrime article we provided a general overview of the process of using OSINT for cybercrime fighting purposes and we hope that you enjoyed the article and will be eager to go through the second part of the article series which will be published at our Web site in the coming weeks.

Sample screenshots include:

Continue reading →

Upcoming DVD Training and Educational Research Compilation Release

April 27, 2023

I wanted to let everyone know that I'm going in deep research mode which means approximately countless days of recording what appears to be my first DVD compilation in the context of reaching out to my readers and sharing my true story circa the 90's up to present day where I'll do my best to record my idea as soon as possible and publish it here.

Sample screenshots include:

Continue reading →

My Memoir - In Bulgarian

April 27, 2023

Did you know that I have a memoir [PDF] written in Bulgarian? Did you also known that I have a two hours long free audio book [MP3] in Bulgarian? Did you also know that you can also freely download my memoir in Bulgarian in various E-Book [ePub] format readers for free?

Continue reading →

Happy Holidays From The (Not) Republic of Bulgaria - An Analysis - Part Four

April 24, 2023

Dipshit.

Continue reading →

Who Has Information on the Bad Guys and Wants to Share it with Me?

April 24, 2023

Dear blog readers,

As of today I'm starting to do something that I haven't really done in ages and probably never really did throughout my entire career which is to do my best to assist friends and colleagues including the appropriate Law Enforcement parties with research and knowledge on the bad guys which in this particular case would be to solicit information from my readers on current and emerging cyber threat actors from my readers using a Dark Web Onion which in this particular case is:

http://3axk7cmmrvz5ynggt5of2qp5i7ifhfimlnavv23ymm7en7ogjxe57jyd.onion

Here's what I'm looking for:

anything related to cyber intelligence in terms of currently active and ongoing campaigns including all the associated IoCs that you can share and that you think I need to go through and work on based on your submission such as for instance raw cyber intelligence details on current and ongoing campaigns domains personally identifiable emails MD5s including anything that you think and believe might be worth working on in terms of what you're sharing in terms of "processing" and enriching and working on reaching out to the appropriate parties including the proper Law Enforcement parties involved in tracking down and prosecuting the cyber criminals behind these campaigns
personally identifiable information on the bad guys which I'll do my best to share with the appropriate Law Enforcement party including friends and colleagues who can truly make an impact to track down and prosecute the bad guys based on their campaign activity

Here's what to expect in exchange:

always make sure to know that I'll go through all the cyber intelligence IoCs personally identifiable information on the bad guys malware and exploits serving domains and associated MD5s including anything related to my line of work personally and will work to enrich and "process" your submission with the utmost professionalism as possible and as always.

Stay tuned!

Continue reading →

Auctioning Off? Think Twice and Show Your Support!

April 24, 2023

Surprise, surprise.

Guess who's selling out without being a sellout?

Although many of you know and remember me from 2010-2013 with my research when I was on the top of my research and analysis game today's harsh reality is that I think that I'm that very close to retiring and basically finding another venture to pursue possibly something in the lines of corporate cyber security investment portfolio and innovation management where I can be of great help where I'm currently busy paying the bills including a loan including to work on part time OSINT projects with great success where my primary goal would be to secure a financial pension and retirement fund in the context of auctioning off my 20TB personal files archive dating back to 2010 and 2023 for collectibles and memorabilia purposes where among my primarily long term projects would be to launch a training program in my line of work including to write a Second Edition of my personal memoir including to write several upcoming books.

Stay tuned!

Continue reading →

I'm Back - Part Two

April 13, 2023

Jesus. Jesus or Cyber Jessus or it's just a mentality?

If you can figure out what's happening here you've probably figured out that this is me circa 2010 trying to get "back to basics" online which in the context of meaning really means hard work a lot of socializing and distributing as much thoughts and random notes including hard-work driven research as possible to my fellow readers who greatly inspired me to continue blogging and doing research on my personal blog including the usual volume of traffic that I get here from friends and colleagues from the industry including the U.S Intelligence Community and U.S Law Enforcement where it's my pleasure and an honor to communicate my findings and research in my area of expertise to my readers and friends on a daily basis.

If a link is worth a thousand words try the following U.S Secret Server most wanted cybercriminal which guess what with no laughing here is AbdAllah one of my favorite Russian Business Network affiliates circa "back in the time".

Who wants to really help me fund my retirement fund is into collectables and memorabilia understands my "big picture" including the "big picture" and has BitCoin and wants to give me a hand here in exchange for something really personal which is my personal 20TB personal archive files from 2010 when I was on the top of my being popular game up to 2023 present day where I'm struggling with paying the bills working on part time OSINT projects? Keep reading.

Did you know that if you're a U.S Intelligence Community member doing cyber intelligence and possible research and stumble upon a "4PXFIL" or "E9BDJ4PXFIL" marking in terms of an email address account there's a high probability that this is me and several other online individuals doing "outsourcing SIGINT" also known as "fourth party exfil" for further campaign attribution and actually bothering to publicly "connect the dots" on major and high profile cyber attack campaigns where I was proud to participate in a Top Secret GCHQ Program known as "Lovely Horse" to monitor hackers online and on Twitter for technological know-how possible labeling them as

By the way for the record in case you still haven't reached the online dazzlement stage check out the following screenshot and stay tuned for the actual details. The best is yet to come.

Continue reading →

Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

How I Got Busted for Loving the U.S in Cyberspace?

Today's Compilation of Botnet's C&C Panels

A Compilation of Koobface Botnet Themed Malicious Executable Download Locations 2009 - 2011

Who Needs or Wants OSINT and Threat Intelligence Training?

Upcoming DVD Training and Educational Research Compilation Release

My Memoir - In Bulgarian

Happy Holidays From The (Not) Republic of Bulgaria - An Analysis - Part Four

Who Has Information on the Bad Guys and Wants to Share it with Me?

Auctioning Off? Think Twice and Show Your Support!

I'm Back - Part Two

RSS Feed

About Me

Blog Archive

Tags

Popular Posts