Profiling Yaroslav Vasinskyi from the Kaseya Ransomware Attack Campaign - An OSINT Analysis

It appears that the U.S Justice Department has recently made arrests in the Kaseya ransomware dropping campaign and I've decided to dig a little bit deeper and actually offer and provide the necessary actionable intelligence in the context of exposing the individuals behind these campaigns in the context of assisting U.S Law Enforcement on its way to track down and prosecute the cybercriminals behind these campaigns.

Sample personally identifiable information on Yaroslav Vasinskyi:

Mobile: +380993082660

Phone: 1-800-225-5324 which is actually the phone number of the FBI

Personal email address accounts: yarik45@gmail[.]com, yaroslav2468@mail[.]ru

Online handles: Yarik45, Yaroslav2468

ICQ: 635995970

including the following Web site which is he known to have been offering around various cybercrime-friendly forum communities as a template - hxxp://wholesale-dress[.]net which is currently owned and managed by hxxp://counterfeittechnology[.]com including the following domains known to have been registered by the same individual that registered the original domain:

opensib[.]com

fotonota[.]me

bartrans[.]net

nebolsina[.]com

digitalreality[.]world

digitalrealty[.]world

whitecrow[.]club

opensib[.]club

vkfoto[.]org

vkfoto[.]net

vkfoto[.]biz

foto2u[.]info

foto2u[.]org

foto2u[.]net

foto2u[.]biz

foto4u[.]biz

photo2u[.]biz

gospace[.]biz

aircitypost[.]com

youhavedownloaded[.]com

xmllogistic[.]org

mega-battery[.]com

aramzam[.]com

allforlaptop[.]com

soirot[.]com

mailingtechnology[.]info

mailingtechnology[.]org

counterfeit[.]technology

xmllogistic[.]net

xmllogistic[.]com

ftn-presentation[.]com

counterfeittechnology[.]com

toskanmarket[.]com

identificationninja[.]com

mrboating[.]com

ironsyssecurity[.]com

danandnadia[.]us

xmlshop[.]biz

shopxml[.]biz

xmlshop[.]us

shopxml[.]us

mrboating[.]us

mrboating[.]biz

xmlshop[.]org

shopxml[.]org

mrboating[.]org

dressinus[.]us

dressywomen[.]com

bridalcorn[.]org

promdressesuk[.]org

lafemmedresses2015[.]org

sherrihilldress[.]org

cheap-dressuk[.]org

talkdressprom[.]org

promdressbee[.]us

weddingdresshotsale[.]org

mypromdressstore[.]org

sweetymalada[.]us

onlydress[.]org

promdressstores[.]org

promdressesshop[.]org

addressingmachines[.]org

dresskey[.]org

justdress[.]org

Sample personally identifiable information on Yevgeniy Igorevich Polyanin also known as LK4D4, Damnating, Dam2life, Noodlleds, Antunpitre, Affilate 23:

Email: damnating@yandex[.]ru, antunpitre@gmail[.]com

The following email account - antunpitre@gmail[.]com is known to have registered an android malware C&C server in the past (hxxp://foto2u[.]biz) - 209[.]99[.]40[.]224; 209[.]99[.]17[.]27; 178[.]32[.]152[.]214; 5[.]254[.]113[.]102) which is known to have been serving the following malicious MD5 (7a140b4835e9ed857eda1f0dbfbfa3e8) and once executed is known to have phoned back to the following malicious C&C server domain - hxxp://phoneactivities[.]com - 103[.]232[.]215[.]133 including the following related malicious and fraudulent C&C server domains:

hxxp://vkfoto[.]org

hxxp:// vkfoto[.]net

hxxp:// vkfoto[.]biz

hxxp:// foto2u[.]info

hxxp:// foto2u[.]org

hxxp:// foto2u[.]net

hxxp:// foto2u[.]biz

hxxp:// photo2u[.]biz

Stay tuned!

Continue reading →

Exposing FBI's Most Wanted Iran's Mabna Hackers - An OSINT Analysis

Dear blog readers,

In this post I've decided to share actionable intelligence on the online infrastructure of FBI's Most Wanted Iran's Mabna Hackers for the purpose of assisting everyone in their cyber attack and cyber threat actor attribution campaigns.

mlibo[.]ml

blibo[.]ga

azll[.]cf

azlll[.]cf

lzll[.]cf

jlll[.]cf

elll[.]cf

lllib[.]cf

tsll[.]cf

ulll[.]tk

tlll[.]cf

libt[.]ga

libk[.]ga

libf[.]ga

libe[.]ga

liba[.]gq

libver[.]ml

ntll[.]tk

ills[.]cf

vtll[.]cf

clll[.]tk

stll[.]tk

llii[.]xyz

lill[.]pro

eduv[.]icu

univ[.]red

unir[.]cf

unir[.]gq

unisv[.]xyz

unir[.]ml

unin[.]icu

unie[.]ml

unip[.]gq

unie[.]ga

unip[.]cf

nimc[.]ga

nimc[.]ml

savantaz[.]cf

unie[.]gq

unip[.]ga

unip[.]ml

unir[.]ga

untc[.]me

jhbn[.]me

unts[.]me

uncr[.]me

lib-service[.]com

unvc[.]me

untf[.]me

nimc[.]cf

anvc[.]me

ebookfafa[.]com

nicn[.]gq

untc[.]ir

librarylog[.]in

llli[.]nl

lllf[.]nl

libg[.]tk

ttil[.]nl

llil[.]nl

lliv[.]nl

llit[.]site

flil[.]cf

e-library[.]me

cill[.]ml

fill[.]cf

libm[.]ga

eill[.]cf

llib[.]cf

eill[.]ga

nuec[.]cf

illl[.]cf

cnen[.]cf

aill[.]nl

eill[.]nl

mlib[.]cf

ulll[.]cf

nlll[.]cf

clll[.]nl

llii[.]cf

etll[.]cf

1edu[.]in

aill[.]cf

atna[.]cf

atti[.]cf

aztt[.]tk

cave[.]gq

ccli[.]cf

cnma[.]cf

cntt[.]cf

crll[.]tk

csll[.]cf

ctll[.]tk

cvnc[.]ga

cvve[.]cf

czll[.]tk

cztt[.]tk

euca[.]cf

euce[.]in

ezll[.]tk

ezplog[.]in

ezproxy[.]tk

eztt[.]tk

flll[.]cf

iell[.]tk

iull[.]tk

izll[.]tk

lett[.]cf

lib1[.]bid

lib1[.]pw

libb[.]ga

libe[.]ml

libg[.]cf

libg[.]ga

libg[.]gq

libloan[.]xyz

libnicinfo[.]xyz

libraryme[.]ir

libt[.]ml

libu[.]gq

lill[.]gq

llbt[.]tk

llib[.]ga

llic[.]cf

llic[.]tk

llil[.]cf

llit[.]cf

lliv[.]tk

llse[.]cf

ncll[.]tk

ncnc[.]cf

nctt[.]tk

necr[.]ga

nika[.]ga

nsae[.]ml

nuec[.]ml

rill[.]cf

rnva[.]cf

rtll[.]tk

sctt[.]cf

shibboleth[.]link

sitl[.]tk

slli[.]cf

till[.]cf

titt[.]cf

uill[.]cf

uitt[.]tk

ulibe[.]ml

ulibr[.]ga

umlib[.]ml

umll[.]tk

uni-lb[.]com

unll[.]tk

utll[.]tk

vsre[.]cf

web2lib[.]info

xill[.]tk

zedviros[.]ir

zill[.]cf

Sample URL structure for the rogue and fraudulent online phishing infrastructure for the campaign:

ezvpn[.]mskcc[.]saea[.]ga

library[.]asu[.]saea[.]ga

library[.]lehigh[.]saea[.]ga

moodle[.]ucl[.]ac[.]saea[.]ga

saea[.]ga

unex[.]learn[.]saea[.]ga

unomaha[.]on[.]saea[.]ga

www[.]uvic[.]saea[.]ga

catalog[.]lib[.]usm[.]edu[.]seae[.]tk

elearning[.]uky[.]edu[.]seae[.]tk

www[.]aladin[.]wrlc[.]org[.]seae[.]tk

alexandria[.]rice[.]ulibr[.]ga

cmich[.]ulibr[.]ga

columbia[.]ulibr[.]ga

edu[.]edu[.]libt[.]cf

ezproxy-authcate[.]lib[.]monash[.]ulibr[.]ga

login[.]revproxy[.]brown[.]edu[.]edu[.]libt[.]cf

ezproxy-authcate[.]monash[.]lib[.]ulibr[.]ga

ezproxy-f[.]deakin[.]au[.]ulibr[.]ga

lib[.]dundee[.]ac[.]uk[.]ulibr[.]ga

cas[.]usherbrooke[.]ca[.]cavc[.]tk

catalog[.]lib[.]ksu[.]edu[.]cavc[.]tk

isa[.]epfl[.]ch[.]cavc[.]tk

login[.]vcu[.]edu[.]cavc[.]tk

www[.]med[.]unc[.]edu[.]cavc[.]tk

cas[.]iu[.]edu[.]cavc[.]tk

ltuvpn[.]latrobe[.]edu[.]au[.]reactivation[.]in

passport[.]pitt[.]edu[.]reactivation[.]in

edu[.]login[.]revproxy[.]brown[.]edu[.]libt[.]cf

shibboleth[.]nyu[.]edu[.]reactivation[.]in

login[.]revproxy[.]brown[.]edu[.]login[.]revproxy[.]brown[.]edu[.]libt[.]cf

weblogin[.]pennkey[.]upenn[.]edu[.]reactivation[.]in

webmail[.]reactivation[.]in

www[.]ezlibproxy1[.]ntu[.]edu[.]sg[.]reactivation[.]in

www[.]ezpa[.]library[.]ualberta[.]ca[.]reactivation[.]in

www[.]lib[.]just[.]edu[.]jo[.]reactivation[.]in

www[.]passport[.]pitt[.]edu[.]reactivation[.]in

http://shib[.]ncsu[.]ulibr[.]cf/idp/profile/SAML2/POST/SSO

www[.]shibboleth[.]nyu[.]edu[.]reactivation[.]in

www[.]weblogin[.]pennkey[.]upenn[.]edu[.]reactivation[.]in

ezlibproxy1[.]ntu[.]edu[.]sg[.]reactivation[.]in

login[.]revproxy[.]brown[.]edu[.]libt[.]cf

weblogin[.]umich[.]edu[.]lib2[.]ml

catalog[.]sju[.]edu[.]mncr[.]tk

ezpa[.]library[.]ualberta[.]ca[.]reactivation[.]in

lib[.]just[.]edu[.]jo[.]reactivation[.]in

login[.]ezproxy[.]lib[.]purdue[.]edu[.]reactivation[.]in

login[.]libproxy[.]temple[.]shibboleth2[.]uchicago[.]ulibr[.]cf

shib[.]ncsu[.]shibboleth2[.]uchicago[.]ulibr[.]cf

shibboleth2[.]uchicago[.]shibboleth2[.]uchicago[.]ulibr[.]cf

singlesignon[.]gwu[.]shibboleth2[.]uchicago[.]ulibr[.]cf

webauth[.]ox[.]ac[.]uk[.]shibboleth2[.]uchicago[.]ulibr[.]cf

edu[.]libt[.]cf

login[.]libproxy[.]temple[.]ulibr[.]cf

shib[.]ncsu[.]ulibr[.]cf

singlesignon[.]gwu[.]ulibr[.]cf

webauth[.]ox[.]ac[.]uk[.]ulibr[.]cf

library[.]cornell[.]ulibr[.]ga

login[.]ezproxy[.]gsu[.]ulibr[.]ga

shibboleth2[.]uchicago[.]ulibr[.]cf

login[.]library[.]nyu[.]ulibr[.]ga

mail[.]ulibr[.]ga

webcat[.]lib[.]unc[.]ulibr[.]ga

www[.]ulibr[.]ga

www[.]alexandria[.]rice[.]ulibr[.]ga

www[.]cmich[.]ulibr[.]ga

www[.]columbia[.]ulibr[.]ga

www[.]ezproxy-authcate[.]lib[.]monash[.]ulibr[.]ga

www[.]ezproxy-authcate[.]monash[.]lib[.]ulibr[.]ga

www[.]ezproxy-f[.]deakin[.]au[.]ulibr[.]ga

www[.]lib[.]dundee[.]ac[.]uk[.]ulibr[.]ga

www[.]library[.]cornell[.]ulibr[.]ga

www[.]login[.]ezproxy[.]gsu[.]ulibr[.]ga

www[.]login[.]library[.]nyu[.]ulibr[.]ga

auth[.]berkeley[.]edu[.]libna[.]ml

sso[.]lib[.]uts[.]edu[.]au[.]libna[.]ml

bb[.]uvm[.]edu[.]cvre[.]tk

cline[.]lib[.]nau[.]edu[.]cvre[.]tk

illiad[.]lib[.]binghamton[.]edu[.]cvre[.]tk

libcat[.]smu[.]edu[.]cvre[.]tk

login[.]brandeis[.]edu[.]cvre[.]tk

msim[.]cvre[.]tk

libcat[.]library[.]qut[.]nsae[.]ml

www[.]webcat[.]lib[.]unc[.]ulibr[.]ga

Stay tuned!

Continue reading →

Exposing Behrooz Kamalian's Ashiyane ICT Company - An OSINT Analysis

Dear blog readers,

I've decided to share with everyone some practical and actionable threat intelligence information regarding members of the Ashiyane Digital Security Team also known as Behrooz Kamalian's Ashiyane ICT Company for the purpose of assisting everyone in their cyber attack and cyber attack attribution campaigns.

Name: Behrooz Kamalian

Postal address:

Tajrish Sq, Fana Khosro St,Amir Salam Alley,No 22, Ashiyane ICT Company

Phone number: 22727284-5

Fax number: 22727283

email: nima.salehi@yahoo.com

Technical Handle: nic36928h37

Name: Behrooz Kamalian

email: nima.salehi@yahoo.com

Domain Name: ashiyane.ir

Legal Holder: Behrooz Kamalian

Postal address:

Unit 28, Floor Seven, 36 Building , Daneshvar alley, Jamalzadeh St. , Enghelab Sq.

Tehran, IR

1336925748

Phone number: +98.2166935551

Fax number: +98.2166930577

Admin Contact: nic36928h37

Technical Contact: nic36928h37

Domain Name Server1: ns1.ashiyane.org

Domain Name Server2: ns2.ashiyane.org

Request Date: 29 December 2005

Last Verification: 21 September 2006

Reseller: Govah Tadbir Rayaneh

Postal address:

Unir 1 , 1th Floor , No.376 , North Bahar St .

Phone number: +98 21 88849956-7

Fax number: +98 21 88307682

email: info@tadbir.ir

Continue reading →

Profiling the Emotet Botnet C&C Infrastructure - An OSINT Analysis

Dear blog readers,

I've decided to share a recently obtained Emotet botnet C&C server IPs for the purpose of empowering everyone with the necessary technical information on their way to track down and monitor the botnet including to possibly assist and help where necessary in terms of cyber attack campaign attribution including cyber threat actor attribution campaigns.

Sample currently active Emotet botnet C&C server IPs:

hxxp://109[.]123[.]78[.]10

hxxp://66[.]54[.]51[.]172

hxxp://108[.]161[.]128[.]103

hxxp://195[.]210[.]29[.]237

hxxp://5[.]35[.]249[.]46

hxxp://5[.]159[.]57[.]195

hxxp://206[.]210[.]70[.]175

hxxp://88[.]80[.]187[.]139

hxxp://188[.]93[.]174[.]136

hxxp://130[.]133[.]3[.]7

hxxp://162[.]144[.]79[.]192

hxxp://79[.]110[.]90[.]207

hxxp://72[.]18[.]204[.]17

hxxp://212[.]129[.]13[.]110

hxxp://66[.]228[.]61[.]248

hxxp://193[.]171[.]152[.]53

hxxp://129[.]187[.]254[.]237

hxxp://178[.]248[.]200[.]118

hxxp://133[.]242[.]19[.]182

hxxp://195[.]154[.]243[.]237

hxxp://80[.]237[.]133[.]77

hxxp://158[.]255[.]238[.]163

hxxp://91[.]198[.]174[.]192

hxxp://46[.]105[.]236[.]18

hxxp://205[.]186[.]139[.]105

hxxp://72[.]10[.]49[.]117

hxxp://133[.]242[.]54[.]221

hxxp://198[.]1[.]66[.]98

hxxp://148[.]251[.]11[.]107

hxxp://213[.]208[.]154[.]110

hxxp://192[.]163[.]245[.]236

hxxp://88[.]80[.]189[.]50

hxxp://185[.]46[.]55[.]88

hxxp://173[.]255[.]248[.]34

hxxp://104[.]219[.]55[.]50

hxxp://200[.]159[.]128[.]19

hxxp://198[.]23[.]78[.]98

hxxp://70[.]32[.]92[.]133

hxxp://192[.]163[.]253[.]154

hxxp://192[.]138[.]21[.]214

hxxp://106[.]187[.]103[.]213

hxxp://162[.]144[.]80[.]214

hxxp://128[.]199[.]214[.]100

hxxp://69[.]167[.]152[.]111

hxxp://46[.]214[.]107[.]142

hxxp://195[.]154[.]176[.]172

hxxp://106[.]186[.]17[.]24

hxxp://74[.]207[.]247[.]144

hxxp://209[.]250[.]6[.]60

hxxp://142[.]34[.]138[.]90

hxxp://74[.]217[.]254[.]29

hxxp://212[.]48[.]85[.]224

hxxp://167[.]216[.]129[.]13

hxxp://91[.]194[.]151[.]38

hxxp://162[.]42[.]207[.]58

hxxp://104[.]28[.]17[.]67

hxxp://8[.]247[.]6[.]134

hxxp://5[.]9[.]189[.]24

hxxp://78[.]129[.]213[.]41

hxxp://184[.]86[.]225[.]91

hxxp://107[.]189[.]160[.]196

hxxp://88[.]208[.]193[.]123

hxxp://50[.]56[.]135[.]44

hxxp://184[.]106[.]3[.]194

hxxp://185[.]31[.]17[.]144

hxxp://67[.]19[.]105[.]107

hxxp://218[.]185[.]224[.]231

Related Emotet C&C server IPs known to have been involved in the campaign:

103[.]201[.]150[.]209

104[.]131[.]11[.]150

104[.]131[.]208[.]175

104[.]236[.]151[.]95

104[.]236[.]246[.]93

104[.]236[.]99[.]225

105[.]224[.]171[.]102

109[.]104[.]79[.]48

109[.]73[.]52[.]242

111[.]67[.]12[.]221

112[.]72[.]9[.]242

115[.]124[.]109[.]85

115[.]71[.]233[.]127

117[.]218[.]133[.]244

125[.]99[.]106[.]226

125[.]99[.]61[.]162

128[.]199[.]78[.]227

134[.]196[.]209[.]126

136[.]243[.]177[.]26

138[.]201[.]140[.]110

138[.]219[.]214[.]164

138[.]68[.]106[.]4

142[.]4[.]198[.]249

142[.]93[.]88[.]16

144[.]139[.]247[.]220

147[.]135[.]210[.]39

149[.]62[.]173[.]247

159[.]203[.]204[.]126

159[.]65[.]241[.]220

159[.]65[.]25[.]128

162[.]144[.]119[.]216

162[.]217[.]250[.]243

162[.]243[.]125[.]212

167[.]114[.]210[.]191

169[.]239[.]182[.]217

170[.]247[.]122[.]37

173[.]212[.]203[.]26

174[.]136[.]14[.]100

175[.]100[.]138[.]82

176[.]250[.]213[.]131

176[.]31[.]200[.]136

177[.]242[.]214[.]30

177[.]246[.]193[.]139

178[.]62[.]37[.]188

178[.]79[.]161[.]166

178[.]79[.]163[.]131

179[.]14[.]2[.]75

179[.]32[.]19[.]219

179[.]40[.]105[.]76

181[.]134[.]105[.]191

181[.]15[.]180[.]140

181[.]15[.]243[.]22

181[.]16[.]127[.]226

181[.]171[.]118[.]19

181[.]189[.]213[.]231

181[.]198[.]67[.]178

181[.]231[.]72[.]200

181[.]28[.]144[.]64

181[.]28[.]248[.]205

181[.]39[.]134[.]122

181[.]48[.]174[.]242

183[.]82[.]97[.]25

185[.]129[.]93[.]140

185[.]86[.]148[.]222

185[.]94[.]252[.]27

186[.]138[.]56[.]183

186[.]144[.]64[.]31

186[.]22[.]209[.]16

186[.]23[.]146[.]42

186[.]23[.]18[.]211

186[.]4[.]167[.]166

186[.]4[.]234[.]27

186[.]83[.]133[.]253

186[.]86[.]177[.]193

187[.]149[.]41[.]205

187[.]163[.]180[.]243

187[.]163[.]222[.]244

187[.]178[.]9[.]19

187[.]188[.]166[.]192

187[.]189[.]195[.]208

187[.]242[.]204[.]142

188[.]166[.]253[.]46

189[.]180[.]84[.]115

189[.]196[.]140[.]187

189[.]209[.]217[.]49

190[.]1[.]37[.]125

190[.]102[.]226[.]91

190[.]112[.]228[.]47

190[.]113[.]233[.]4

190[.]117[.]206[.]153

190[.]145[.]67[.]134

190[.]147[.]12[.]71

190[.]186[.]203[.]55

190[.]186[.]221[.]50

190[.]189[.]112[.]116

190[.]189[.]204[.]100

190[.]19[.]42[.]131

190[.]193[.]131[.]141

190[.]230[.]60[.]129

190[.]246[.]166[.]217

190[.]25[.]255[.]98

190[.]36[.]88[.]98

190[.]55[.]39[.]215

190[.]72[.]136[.]214

190[.]97[.]10[.]198

191[.]97[.]116[.]232

195[.]242[.]117[.]231

196[.]6[.]112[.]70

197[.]211[.]244[.]6

198[.]58[.]114[.]91

200[.]107[.]105[.]16

200[.]123[.]101[.]90

200[.]24[.]248[.]206

200[.]28[.]131[.]215

200[.]32[.]61[.]210

200[.]43[.]231[.]10

200[.]57[.]102[.]71

200[.]58[.]171[.]51

200[.]58[.]83[.]179

200[.]80[.]198[.]34

200[.]85[.]46[.]122

201[.]199[.]89[.]223

201[.]212[.]24[.]6

201[.]219[.]183[.]243

201[.]220[.]152[.]101

201[.]231[.]44[.]78

201[.]238[.]152[.]20

201[.]251[.]229[.]37

201[.]252[.]229[.]169

202[.]83[.]16[.]150

203[.]25[.]159[.]3

205[.]186[.]154[.]130

206[.]189[.]98[.]125

211[.]63[.]71[.]72

212[.]71[.]234[.]16

213[.]120[.]104[.]180

216[.]98[.]148[.]136

216[.]98[.]148[.]156

217[.]113[.]27[.]158

217[.]13[.]106[.]160

217[.]92[.]171[.]167

219[.]74[.]237[.]49

222[.]214[.]218[.]136

222[.]214[.]218[.]192

225[.]153[.]252[.]228

77[.]122[.]183[.]203

109[.]123[.]78[.]10

66[.]54[.]51[.]172

108[.]161[.]128[.]103

195[.]210[.]29[.]237

5[.]35[.]249[.]46

5[.]159[.]57[.]195

206[.]210[.]70[.]175

88[.]80[.]187[.]139

188[.]93[.]174[.]136

130[.]133[.]3[.]7

162[.]144[.]79[.]192

79[.]110[.]90[.]207

72[.]18[.]204[.]17

212[.]129[.]13[.]110

66[.]228[.]61[.]248

193[.]171[.]152[.]53

129[.]187[.]254[.]237

178[.]248[.]200[.]118

133[.]242[.]19[.]182

195[.]154[.]243[.]237

80[.]237[.]133[.]77

158[.]255[.]238[.]163

91[.]198[.]174[.]192

46[.]105[.]236[.]18

205[.]186[.]139[.]105

72[.]10[.]49[.]117

133[.]242[.]54[.]221

198[.]1[.]66[.]98

148[.]251[.]11[.]107

213[.]208[.]154[.]110

192[.]163[.]245[.]236

88[.]80[.]189[.]50

185[.]46[.]55[.]88

173[.]255[.]248[.]34

104[.]219[.]55[.]50

200[.]159[.]128[.]19

198[.]23[.]78[.]98

70[.]32[.]92[.]133

192[.]163[.]253[.]154

192[.]138[.]21[.]214

106[.]187[.]103[.]213

162[.]144[.]80[.]214

128[.]199[.]214[.]100

69[.]167[.]152[.]111

46[.]214[.]107[.]142

195[.]154[.]176[.]172

106[.]186[.]17[.]24

74[.]207[.]247[.]144

209[.]250[.]6[.]60

142[.]34[.]138[.]90

74[.]217[.]254[.]29

212[.]48[.]85[.]224

167[.]216[.]129[.]13

91[.]194[.]151[.]38

162[.]42[.]207[.]58

104[.]28[.]17[.]67

8[.]247[.]6[.]134

5[.]9[.]189[.]24

78[.]129[.]213[.]41

184[.]86[.]225[.]91

107[.]189[.]160[.]196

88[.]208[.]193[.]123

50[.]56[.]135[.]44

184[.]106[.]3[.]194

185[.]31[.]17[.]144

67[.]19[.]105[.]107

218[.]185[.]224[.]231

Stay tuned!

Continue reading →

Exposing a Currently Active "Jabber ZeuS" also known as "Aqua ZeuS" Gang Personal Email Portfolio - An OSINT Analysis

Note: This OSINT analysis has been originally published at my current employer's Web site - https://whoisxmlapi.com where I'm currently acting as a DNS Threat Researcher since January, 2021.

Dear blog readers,

I've decided to share a recently obtained portfolio of personal emails belonging to the "Jabber ZeuS" also known as "Aqua ZeuS" gang members with the idea to assist everyone on their way to track down and monitor the botnet masters behind the botnet including to assist in possible cyber attack campaign attribution including possible cyber threat actor attribution campaigns.

Sample personal emails known to have been currently in use by the "Jabber ZeuS" also known as "Aqua ZeuS" gang:

donsft@hotmail[.]com

johnny@guru[.]bearin[.]donetsk[.]ua

t4ank@ua[.]fm

airlord1988@gmail[.]com

alexeysafin@yahoo[.]com

aqua@incomeet[.]com

bashorg@talking[.]cc

benny@jabber[.]cz

bind@email[.]ru

bx1@hotmail[.]com

bx1_@msn[.]com

cruelintention@email[.]ru

d[.]frank@0nl1ne[.]at

d[.]frank@jabber[.]jp

danibx1@hotmail[.]fr

danieldelcore@hotmail[.]com

demon@jabber[.]ru

duo@jabber[.]cn

fering99@yahoo[.]com

firstmen17@rambler[.]ru

getready@safebox[.]ru

notifier@gajim[.]org

gribodemon@pochta[.]ru

h4x0rdz@hotmail[.]com

hof@headcounter[.]org

i_amhere@hotmail[.]fr

jheto2002@gmail[.]com

john[.]mikle@ymail[.]com

johnlecun@gmail[.]com

kainehabe@hotmail[.]com

lostbuffer@gmail[.]com

lostbuffer@hotmail[.]com

mary[.]j555@hotmail[.]com

miami@jabbluisa[.]com

moscow[.]berlin@yahoo[.]com

mricq@incomeet[.]com

niko@grad[.]com

petr0vich@incomeet[.]com

princedelune@hotmail[.]fr

sector[.]exploits@gmail[.]com

secustar@mail[.]ru

sere[.]bro@hotmail[.]com

shwark[.]power[.]andrew@gmail[.]com

spanishp@hotmail[.]com

susanneon@googlemail[.]com

tank@incomeet[.]com

theklutch@gmail[.]com

um@jabbim[.]com

virus_e_2003@hotmail[.]com

vlad[.]dimitrov@hotmail[.]com

Stay tuned!

Continue reading →

Profiling the Liberty Front Press Network Online - An OSINT Analysis

Note: This OSINT analysis has been originally published at my current employer's Web site - https://whoisxmlapi.com where I'm currently acting as a DNS Threat Researcher since January, 2021.

We’ve decided to take a closer look at the Internet-connected infrastructure of the Liberty Front Press Network part of a recent takedown and domain seizure part of an ongoing law enforcement operation fighting online propaganda online and to offer practical and relevant including actionable intelligence on the Internet-connected infrastructure behind the Liberty Front Press Network including the individuals behind it.

In this analysis we’ll take a closer look inside the Internet-connected infrastructure behind the Liberty Front Press Network and offer practical and relevant information including actionable intelligence on its Internet-connected infrastructure including the individuals behind it. Sample screenshot of various related domain name registrations using WhoisXML API’s and Maltego’s Integration

Related domains known to have been currently registered using the same registrant email addresses part of the Liberty Front Press Network Internet-connected infrastructure:

syriact-sy[.]com

darfikr[.]net

aminbaik[.]com

aminelzeintrading[.]com

khamenaei[.]com

shaghaaf[.]com

app-line[.]ir

alzouzougroup[.]com

trustmiddleeast[.]com

raha-travel[.]com

mg-sy[.]com

sinasibsalamat[.]com

ansar-allah[.]com

aletthadnews-iq[.]org

asiaquran[.]com

payamkherad[.]com

alavitile[.]com

mohseny[.]org

farhang-press[.]com

moshaver-sanati[.]ir

nsafari[.]ir

bpaorg[.]com

payamekherad[.]com

goshayesh[.]org

walifaqih[.]com

islamwilayah[.]com

walifaqih[.]info

Related malicious and fraudulent domains known to have been historically registered using the same email addresses:

nilenetonline[.]org

ansaroallah[.]org

hajez-sy[.]info

syriaalhadath[.]org

alwaienews[.]net

syriaalhadath[.]com

alwaght[.]net

alwaienews[.]com

ansaroallah[.]net

ansaroallah[.]info

farhang-press[.]com

navidplast[.]ir

iauaf[.]ir

nsafari[.]ir

sokhanetarikh[.]com

af[.]gl

mohajeronline[.]ir

yosin[.]org

mohajeronline[.]org

afghanistanema[.]ir

iranindia[.]org

imenhost[.]org

iuvmdaily[.]net

iuvmdaily[.]com

arab-now[.]com

aleppospace[.]com

harbi-media[.]com

ehsan-sy[.]org

truemedia-sy[.]com

syria-victory[.]com

scope-photos[.]com

u-roqayya[.]com

aminbaik[.]com

furatorder[.]com

alzouzougroup[.]com

darfikr[.]net

trustmiddleeast[.]net

eset-sy[.]com

darfikr[.]com

syriact-sy[.]com

souqsyria[.]com

alameensupport[.]com

ait-sy[.]com

shaghaaf[.]com

app-line[.]ir

afghanfeed[.]com

atlaspress[.]org

roushd[.]com

haghline[.]com

faryadmag[.]com

barchinews[.]com

pashtunews[.]com

reachpage[.]ir

darinews[.]com

raha-travel[.]com

sinasibsalamat[.]com

walifaqih[.]com

titisan[.]net

hpiiran[.]com

titisan[.]org

walifaqih[.]org

islamwilayah[.]com

mediaadil[.]com

syiahahlilbait[.]com

saintshepherd[.]com

walifaqih[.]info

newsaktual[.]com

hajez-sy[.]com

ansar-allah[.]com

online-traveler[.]com

Sample responding IPs for some of the domains known to have been historically registered using the same email addresses:

5[.]220[.]32[.]26

104[.]31[.]90[.]232

172[.]67[.]218[.]252

185[.]202[.]92[.]26

104[.]21[.]6[.]144

104[.]28[.]15[.]223

104[.]31[.]91[.]232

104[.]27[.]191[.]22

172[.]245[.]14[.]202

172[.]67[.]155[.]39

104[.]27[.]190[.]22

104[.]21[.]11[.]89

104[.]28[.]14[.]223

199[.]59[.]242[.]150

188[.]0[.]245[.]26

172[.]67[.]165[.]178

104[.]18[.]63[.]141

104[.]27[.]174[.]61

104[.]27[.]175[.]61

104[.]31[.]95[.]165

104[.]31[.]94[.]165

95[.]217[.]63[.]156

185[.]88[.]178[.]104

94[.]130[.]129[.]47

95[.]216[.]246[.]232

46[.]166[.]182[.]56

108[.]59[.]12[.]100

198[.]71[.]232[.]3

108[.]61[.]19[.]12

18[.]197[.]248[.]23

199[.]115[.]115[.]102

172[.]93[.]194[.]60

192[.]155[.]108[.]158

199[.]115[.]115[.]119

108[.]59[.]12[.]98

46[.]166[.]182[.]55

52[.]59[.]120[.]70

108[.]59[.]12[.]101

217[.]182[.]208[.]108

5[.]79[.]68[.]109

162[.]210[.]195[.]123

46[.]166[.]182[.]52

63[.]143[.]32[.]94

172[.]93[.]194[.]61

184[.]168[.]221[.]34

108[.]61[.]19[.]13

52[.]11[.]10[.]90

52[.]40[.]118[.]225

44[.]229[.]223[.]74

34[.]211[.]213[.]227

167[.]99[.]26[.]105

185[.]26[.]105[.]244

34[.]208[.]93[.]148

52[.]43[.]21[.]0

52[.]8[.]174[.]68

50[.]112[.]29[.]189

34[.]214[.]135[.]41

50[.]112[.]46[.]4

34[.]211[.]118[.]203

209[.]251[.]26[.]166

172[.]67[.]145[.]166

79[.]143[.]85[.]44

104[.]21[.]73[.]146

88[.]198[.]13[.]86

46[.]4[.]6[.]184

104[.]18[.]40[.]203

104[.]18[.]41[.]203

172[.]67[.]131[.]105

104[.]21[.]4[.]3

138[.]201[.]142[.]150

78[.]47[.]230[.]139

104[.]27[.]154[.]187

172[.]67[.]176[.]84

104[.]27[.]155[.]187

198[.]38[.]82[.]90

127[.]0[.]0[.]1

216[.]104[.]165[.]72

209[.]251[.]26[.]169

172[.]67[.]133[.]177

104[.]21[.]5[.]179

173[.]45[.]114[.]24

104[.]28[.]12[.]91

209[.]251[.]26[.]164

104[.]28[.]13[.]91

104[.]31[.]77[.]253

47[.]91[.]170[.]222

185[.]53[.]177[.]20

104[.]31[.]76[.]253

176[.]9[.]79[.]91

88[.]198[.]56[.]139

104[.]18[.]47[.]243

104[.]18[.]46[.]243

185[.]87[.]187[.]198

52[.]213[.]114[.]86

104[.]28[.]25[.]112

212[.]83[.]172[.]150

104[.]21[.]6[.]168

172[.]67[.]135[.]11

176[.]9[.]29[.]165

104[.]28[.]24[.]112

144[.]91[.]104[.]181

34[.]102[.]136[.]180

62[.]171[.]177[.]42

192[.]64[.]10[.]106

216[.]104[.]165[.]3

216[.]104[.]165[.]2

208[.]67[.]23[.]136

208[.]67[.]23[.]101

34[.]224[.]160[.]149

216[.]104[.]165[.]90

72[.]1[.]32[.]168

162[.]210[.]196[.]167

37[.]48[.]65[.]152

37[.]48[.]65[.]154

37[.]48[.]65[.]155

216[.]104[.]165[.]30

109[.]201[.]135[.]45

104[.]18[.]34[.]105

5[.]79[.]68[.]107

162[.]210[.]196[.]168

199[.]115[.]116[.]216

172[.]98[.]192[.]37

104[.]21[.]88[.]42

37[.]48[.]65[.]153

172[.]67[.]172[.]76

104[.]18[.]35[.]105

172[.]67[.]208[.]182

104[.]24[.]118[.]67

208[.]91[.]197[.]46

104[.]31[.]83[.]28

172[.]67[.]152[.]252

104[.]31[.]82[.]28

104[.]21[.]49[.]222

104[.]24[.]109[.]208

104[.]24[.]108[.]208

199[.]115[.]116[.]162

162[.]210[.]196[.]173

94[.]229[.]72[.]117

104[.]21[.]51[.]133

94[.]229[.]72[.]115

95[.]211[.]187[.]100

162[.]210[.]196[.]171

188[.]165[.]44[.]218

94[.]229[.]72[.]116

104[.]24[.]119[.]67

94[.]229[.]72[.]120

216[.]104[.]165[.]12

162[.]210[.]196[.]172

104[.]28[.]30[.]73

94[.]229[.]72[.]118

172[.]67[.]180[.]160

94[.]229[.]72[.]124

104[.]24[.]97[.]171

94[.]229[.]72[.]123

104[.]24[.]96[.]171

144[.]76[.]32[.]148

104[.]28[.]31[.]73

148[.]251[.]1[.]71

109[.]201[.]135[.]71

185[.]208[.]173[.]3

109[.]201[.]135[.]39

54[.]38[.]220[.]85

96[.]47[.]230[.]67

151[.]106[.]5[.]168

108[.]61[.]19[.]11

192[.]155[.]108[.]153

162[.]210[.]196[.]166

109[.]201[.]135[.]46

151[.]106[.]5[.]173

192[.]155[.]108[.]156

151[.]106[.]5[.]165

192[.]155[.]108[.]150

151[.]106[.]5[.]164

104[.]21[.]32[.]133

172[.]67[.]152[.]55

172[.]67[.]187[.]82

104[.]21[.]72[.]204

104[.]27[.]149[.]153

104[.]27[.]148[.]153

207[.]244[.]67[.]218

208[.]67[.]16[.]254

151[.]106[.]5[.]169

192[.]155[.]108[.]152

37[.]48[.]65[.]149

151[.]106[.]5[.]170

151[.]106[.]5[.]167

192[.]155[.]108[.]151

151[.]106[.]5[.]163

37[.]48[.]65[.]150

192[.]155[.]108[.]149

192[.]155[.]108[.]154

37[.]48[.]65[.]151

192[.]155[.]108[.]147

151[.]106[.]5[.]166

151[.]106[.]5[.]174

209[.]99[.]40[.]222

156[.]67[.]211[.]180

213[.]247[.]47[.]190

104[.]31[.]82[.]19

104[.]31[.]83[.]19

104[.]247[.]81[.]10

34[.]98[.]99[.]30

173[.]239[.]8[.]164

173[.]239[.]5[.]6

46[.]166[.]184[.]102

104[.]247[.]82[.]10

91[.]195[.]240[.]117

176[.]9[.]85[.]197

185[.]53[.]179[.]7

185[.]206[.]180[.]123

185[.]53[.]178[.]10

192[.]99[.]147[.]163

107[.]150[.]52[.]242

104[.]21[.]40[.]221

104[.]18[.]49[.]253

174[.]120[.]70[.]159

172[.]67[.]157[.]38

151[.]106[.]5[.]172

208[.]67[.]23[.]31

104[.]18[.]48[.]253

192[.]155[.]108[.]157

104[.]21[.]6[.]160

66[.]152[.]163[.]75

104[.]28[.]9[.]112

172[.]67[.]135[.]3

209[.]99[.]40[.]220

192[.]155[.]108[.]155

49[.]128[.]177[.]81

156[.]67[.]211[.]189

207[.]244[.]67[.]138

109[.]201[.]135[.]65

37[.]48[.]65[.]148

104[.]28[.]8[.]112

5[.]79[.]68[.]110

104[.]28[.]21[.]230

104[.]27[.]177[.]28

172[.]67[.]154[.]209

172[.]67[.]218[.]104

208[.]67[.]23[.]36

104[.]27[.]176[.]28

104[.]21[.]6[.]86

104[.]31[.]66[.]144

104[.]21[.]10[.]32

104[.]28[.]20[.]230

172[.]67[.]189[.]225

51[.]89[.]88[.]96

104[.]31[.]67[.]144

69[.]172[.]201[.]153

69[.]172[.]201[.]208

46[.]166[.]184[.]104

52[.]128[.]23[.]153

78[.]46[.]102[.]123

176[.]9[.]43[.]40

173[.]208[.]153[.]250

174[.]128[.]248[.]231

149[.]56[.]147[.]39

88[.]198[.]48[.]179

144[.]76[.]140[.]66

150[.]95[.]255[.]38

184[.]168[.]221[.]43

104[.]28[.]15[.]51

104[.]28[.]14[.]51

202[.]150[.]213[.]60

156[.]67[.]209[.]15

85[.]159[.]233[.]35

192[.]155[.]108[.]148

104[.]27[.]130[.]254

104[.]31[.]94[.]4

154[.]92[.]251[.]72

104[.]27[.]131[.]254

104[.]21[.]75[.]92

104[.]27[.]146[.]35

104[.]21[.]39[.]77

104[.]27[.]147[.]35

85[.]159[.]233[.]60

104[.]237[.]196[.]117

207[.]244[.]67[.]214

104[.]24[.]118[.]189

104[.]24[.]119[.]189

104[.]18[.]40[.]90

5[.]9[.]96[.]104

136[.]243[.]19[.]6

95[.]216[.]77[.]5

192[.]99[.]92[.]2

172[.]67[.]217[.]163

176[.]31[.]51[.]154

51[.]254[.]232[.]56

104[.]18[.]41[.]90

54[.]37[.]218[.]50

172[.]67[.]143[.]200

209[.]251[.]26[.]162

104[.]27[.]154[.]78

172[.]67[.]206[.]116

184[.]168[.]221[.]59

104[.]27[.]155[.]78

104[.]21[.]77[.]94

We’ll continue monitoring the campaign and post updates as soon as new developments take place.

Stay tuned!

Continue reading →

Profiling Russia's U.S Election Interference 2016 - An OSINT Analysis

Note: This OSINT analysis has been originally published at my current employer's Web site - https://whoisxmlapi.com where I'm currently acting as a DNS Threat Researcher since January, 2021. 

We’ve decided to take a closer look at the U.S Elecetion 2016 interference provoked by several spear phishing and malicious campaigns courtesy of Russia for the purpose of offering and providing actionable threat intelligence including possible attribution clues for some of the known participants in this campaign potentially assisting fellow researchers and Law Enforcement on its way to track down and prosecute the cybercriminals behind these campaigns.

In this analysis we’ll take a closer look at the Internet connected infrastructure behind the U.S Election 2016 campaign in terms of malicious activity and offer practical and relevant including actionable threat intelligence on their whereabouts.

Sample malicious and fraudulent C&C domains known to have participated in the U.S Elections 2016 campaign:

linuxkrnl[.]net

accounts-qooqle[.]com

account-gooogle[.]com

accoounts-google[.]com

account-yahoo[.]com

accounts-googlc[.]com

accoutns-google[.]com

addmereger[.]com

akamainet[.]net

akamaivirusscan[.]com

apple-icloud-services[.]com

apple-notification[.]com

arabianbusinessreport[.]com

azamtelecom[.]com

babylonn[.]com

baengmail[.]com

boobleg[.]com

chinainternetservices[.]com

com-hdkurknfkjdnkrnngujdknhgfr[.]com

combin-banska-stiavnica[.]com

cvk-leaks[.]com

fb-security[.]com

g00qle[.]com

global-exchange[.]net

googlesetting[.]com

hlbnk[.]com

homesecuritysystems-sale[.]com

icloud-localisation[.]com

imperialc0nsult[.]com

informationen24[.]com

interglobalswiss[.]com

intra-asiarisk[.]com

invest-sro[.]com

iphone-onlineshopping[.]net

kur4[.]com

lastdmp[.]com

localisation-apple-icloud[.]com

localisation-apple-support[.]com

localisation-mail[.]com

login-163[.]com

login-kundenservice[.]com

magic-exchange[.]com

mail-apple-icloud[.]com

mailpho[.]com

malprosoft[.]com

medicalalertgroup[.]com

megafileuploader[.]com

mfadaily[.]com

mfapress[.]com

militaryexponews[.]com

msoftonline[.]com

myaccountgoogle[.]com

myaccountsgoogle[.]com

mydomainlookup[.]net

mypmpcert[.]com

net-a-porter-coupon[.]com

newiphone-online[.]net

newiphone-supply[.]net

newreviewgames[.]com

nobel-labs[.]net

nvidiaupdate[.]com

obamacarerx[.]net

onlinecsportal[.]com

pass-google[.]com

password-google[.]com

paydaytoday-uk[.]com

pb-forum[.]com

planetaryprogeneration[.]com

regionoline[.]com

security-notifications[.]com

service-facebook[.]com

servicesupdates[.]com

set121[.]com

set132[.]com

set133[.]com

sicherheitsteam-pp[.]com

sicherheitsteam-pp[.]net

skypeupdate[.]com

smp-cz[.]com

soft-storage[.]com

solutionmanualtestbank[.]com

ssl-icloud[.]com

team-google[.]com

techlicenses[.]com

techlicenses[.]net

ua-freedom[.]com

updates-verify[.]com

us-mg7mail-transferservice[.]com

us-westmail-undeliversystem[.]com

us6-yahoo[.]com

vatlcan[.]com

wordpressjointventure[.]com

ya-support[.]com

yandex-site[.]com

yepost[.]com

Related malicious and fraudulent emails known to have participated in the U[.]S Elections 2016 campaign:

julienobruno@hotmail[.]com

jenna[.]stehr@mail[.]com

s[.]simonis@mail[.]com

domreg@247livesupport[.]biz

kumarhpt@yahoo[.]com

aksnes[.]thomas@yahoo[.]com

yingw90@yahoo[.]com

andre_roy@mail[.]com

myprimaryreger@gmail[.]com

okorsukov@yahoo[.]com

tzubtfpx5@mail[.]ru

annaablony@mail[.]com

jamesyip823@gmail[.]com

tmazaker@gmail[.]com

emmer[.]brown@mail[.]com

qupton@mail[.]com

adel[.]rice@mail[.]com

trainerkart2@gmail[.]com

cowrob@mail[.]com

direct2playstore@gmail[.]com

cffaccll@mail[.]com

drgtradingllc@gmail[.]com

jack2020@outlook[.]com

pdkt00@Safe-mail[.]net

david_thompson62@aol[.]com

distardrupp@gmail[.]com

perplencorp@gmail[.]com

spammer11@superrito[.]com

jilberaner@yahoo[.]de

snowyowl@jpnsec[.]com

asainchuk@gmail[.]com

OKEKECHIDIC@GMAIL[.]COM

abelinmarcel@outlook[.]fr

idesk[.]corp[.]apple[.]com@gmail[.]com

mutantcode@outlook[.]fr

pier@pipimerah[.]com

vrickson@mail[.]com

prabhakar_malreddy@yahoo[.]com

Sample related email known to have participated in the U[.]S Elections 2016 campaign:

jack2020@outlook[.]com

Sample Maltego Graph of a sample malicious and fraudulent domain registrant known to have participated in the U.S Election 2016 campaign:

Sample related domains known to have participated in the U.S Elections 2016 campaign:

support-forum[.]org

oceaninformation[.]org

vodafoneupdate[.]org

succourtion[.]org

eascd[.]org

northropgruman[.]org

apple-iphone-services[.]com

localisation-security-icloud[.]com

applesecurity-supporticloud[.]com

icloud-iphone-services[.]com

icloud-id-localisation[.]com

apple-localisation-id[.]com

identification-icloud-id[.]com

cloud-id-localisation[.]com

support-security-icloud[.]com

identification-apple-id[.]com

localisation-apple-security[.]com

security-icloud-localisation[.]com

dabocom[.]com

quick-exchange[.]com

hygani[.]com

hztx88[.]com

sddqgs[.]net

qufu001[.]com

lutushiqi[.]com

gsctgs[.]com

tazehong[.]com

hthgj[.]com

kvistberga[.]com

bjytj[.]net

cqhuicang[.]com

softbank-tech[.]com

osce-press[.]org

maxidea[.]tw

sdti[.]tw

gmailcom[.]tw

zex[.]tw

gain-paris-notaire[.]fr

loto-fdj[.]fr

client-amzon[.]fr

idse-orange[.]fr

rgraduzkfghgd[.]com

jmhgjqtmhanoncp[.]com

stwdchstclovuzk[.]com

puxqtyrwzuzybgzehc[.]com

maatil[.]com[.]ng

surestbookings[.]com

asatuyouth[.]org[.]ng

hanna[.]ng

hostlink[.]com[.]ng

sirbenlimited[.]com

dce[.]edu[.]ng

eventsms[.]com[.]ng

krsbczmxwdsjwtizmx[.]com

alizirwzyjazurof[.]com

zslipanehule[.]com

cxotonspmjkxw[.]com

wpifmhyjkxyt[.]com

ngvsngpwdidmn[.]com

imperialvillas[.]com[.]ng

lipyhgpofsnifste[.]com

flexceeweb[.]com

fgfcpkdcnebgduls[.]com

shinjiru[.]us

supportchannel[.]net

couponofferte[.]com

psepaperindustrial[.]com

lakws[.]com

perplencorp[.]com

lbchemtrade[.]com

viaggibelli[.]com

liontitco[.]com

svendiamo[.]com

orogenicgroup[.]com

giudeviaggio[.]com

greenskill[.]net

siteseditor[.]net

e-mail-supports[.]com

biplen[.]com

infradesajohor[.]com

dealhot[.]net

suanmin[.]com

on9on9[.]com

accoutns-google[.]com

puroniq[.]com

sinqa[.]com

sadihadi[.]com

mrangkang[.]com

terumbu[.]com

phygitail[.]com

veraniq[.]com

potxr[.]com

icraw[.]com

thearoid[.]com

teempo[.]com

parblue[.]com

mydomainlookup[.]net

adrianvonziegler[.]net

zetindustries[.]com

researchs[.]com[.]ng

joymoontech[.]com

researchmaterials[.]com[.]ng

james823[.]com

oneibeauty[.]net

We’ll continue monitoring the campaign and post updates as soon as new developments take place.

Stay tuned!

Continue reading →

Exposing a Currently Active Domain Portfolio Managed and Operated by Members of the Ashiyane Digital Security Team - An OSINT Analysis

Note: This OSINT analysis has been originally published at my current employer's Web site - https://whoisxmlapi.com where I'm currently acting as a DNS Threat Researcher since January, 2021.

We’ve decided to take a closer look at the current and historical domain portfolio managed and operated by members of Iran’s Ashiyane Digital Security Team using Maltego in combination with WhoisXML API’s integration for the purpose of providing actionable threat intelligence including to assist fellow researchers vendors and organization on their way to track down and monitor the Internet connected infrastructure of key members of Iran’s Ashiyane Digital Security Team for the purpose of monitoring it and attempting to take it offline.

In this article we’ll provide actionable intelligence on some of the currently active domains managed run and operated by Iran’s Ashiyane Digital Security Team with the idea to assist fellow researchers vendors and organizations on their way to track down and monitor the infrastructure managed run and operated by Iran’s Ashiyane Digital Security Team.

A list of currently active domain portfolio known to be managed and operated by members of Iran’s Ashiyane Digital Security Team:

life-guard[.]ir

sepahan-trans[.]ir

kashanit[.]ir

websazangroup[.]ir

namvarnameybastan[.]ir

ashiyane-ads[.]com

tamamkar-chalous[.]ir

padidehafagh[.]com

padideafagh[.]com

bahmanshahreza[.]com

vatanpaydar[.]com

pkpersian[.]net

xn--wgba3di6y7p[.]com

jonoobhost[.]net

mahmoudbahmani[.]ir

piremehr[.]ir

shahrepars[.]ir

3diamond[.]ir

mhdcard[.]com

ashiyanecrm[.]com

tabta2[.]com

ashiyane-bot[.]ir

projejob[.]ir

rizone[.]ir

iedb[.]ir

unmobile[.]ir

razmaraa[.]ir

tabrizigold[.]ir

galleryfirozeh[.]ir

foroozanborj[.]ir

unicornart[.]ir

rahnamayeiran[.]ir

iranhack[.]ir

shomalbeauty[.]ir

andishehig[.]ir

meelk[.]ir

tamamkar-sari[.]ir

namehybastan[.]ir

chemiiran[.]ir

A list of currently active domain portfolio known to have been registered managed and operated by members of Iran’s Ashiyane Digital Security Team:

websazanco[.]ir

rahnamayeiran[.]ir

maz-laa[.]ir

esnikan[.]ir

foroozanborj[.]ir

royall-shop[.]ir

ashiyane[.]ir

chemiiran[.]ir

account-yahoo[.]com

arshiasanat-babol[.]ir

ashiyane-ads[.]com

jahandarco[.]ir

momtazbarbari[.]ir

pouyaandishan-mazand[.]ir

shomalbeauty[.]ir

tractorsazi[.]com

aleyaasin[.]com

farsmarket[.]com

englishdl[.]com

zproje[.]ir

projejob[.]ir

songdownload[.]ir

ashiyanesms[.]com

ihybrid[.]us

drsjalili[.]com

ashiyane[.]org

ashiyanecrm[.]com

ashiyanehost[.]com

ashiyanex[.]com

rasht-samacollege[.]ir

instapacks[.]ir

bahmanshahreza[.]com

shaahreza[.]com

shahrezanews[.]com

taktaweb[.]net

javannovin[.]com

padidehafagh[.]com

padideafagh[.]com

sahebnews[.]com

nasiri[.]info

taktaweb[.]org

bamemar[.]com

talakesht[.]com

sepahan-trans[.]ir

opencart5[.]ir

rasulsh[.]ir

kashanit[.]ir

facebooktu[.]com

life-guard[.]ir

pr0grammers[.]ir

lammer[.]ir

sepahantrans[.]ir

facecode[.]ir

iranhack[.]org

aryanenergy[.]org

khsmt-sabzevar[.]com

orveh[.]com

tipec[.]org

iranhack[.]ir

shantya3d[.]ir

razmaraa[.]ir

soroshland[.]ir

galleryfirozeh[.]ir

unicornart[.]ir

shahrepars[.]ir

3diamond[.]ir

ashiyane-bot[.]ir

mahmoudbahmani[.]ir

piremehr[.]ir

dcligner[.]com

tabta2[.]com

chipiran[.]org

ashiyanebot[.]ir

bnls[.]ir

lamroid[.]com

persiandutyfree[.]com

iran3erver[.]com

hivacom[.]com

irantwitter[.]com

persian-pasargad[.]com

chatafg[.]com

kasraprofile[.]com

gharnict[.]com

minachoob[.]com

gigmeg[.]com

shoka-chat[.]com

serajmehr[.]com

asrarweb[.]com

niazezamuneh[.]com

sana-mobile[.]com

rizone[.]ir

iedb[.]ir

unmobile[.]ir

progmans[.]com

design84u[.]com

istgah-salavati[.]com

iranhack[.]net

shantya3d[.]com

kamelannews[.]com

rangeshab[.]com

dihim[.]com

hdphysics[.]com

cgsolar[.]net

vahidelmi[.]ir

maincoretechnology[.]com

bastanteam[.]com

vvfa[.]com

Irsecteam[.]org

We’ll continue to monitor for new domain registrations courtesy of Iran’s Ashiyane Digital Security Team and we’ll post updates as soon as new developments take place.

Stay tuned!

Continue reading →

Exposing a Currently Active Free Rogue VPN Domains Portfolio Courtesy of the NSA - An OSINT Analysis

Note: This OSINT analysis has been originally published at my current employer's Web site - https://whoisxmlapi.com where I'm currently acting as a DNS Threat Researcher since January, 2021.

We’ve recently came across to a currently active free VPN domains portfolio which based on ourn research and publicly accessible sources appears to be run and operated by the NSA where the ultimate goal would be to trick users into using these rogue and bogus free VPN service providers in particular Iran-based users where the ultimate goal would be to monitor an eavesdrop on their Internet activities and we’ve decided to take a deeper look inside the Internet-connected infrastructure of these domains and offer practical and relevant threat intelligence and cyber attack attribution details on the true origins of the campaign.

In this case study we’ll offer practical and relevant technical information on the Internet-connected infrastructure of this campaign with the idea to assist the security community on its way to track down and monitor this campaign including to offer actual cyber attack and cyber campaign attribution clues which could come handy to a security researcher or a threat intelligence analyst on their way to track down and monitor the campaign.

Original rogue portfolio of fake VPN service domains courtesy of the NSA:

bluewebx[.]com

bluewebx[.]us

irs1[.]ga

iranianvpn[.]net

IRSV[.]ME

DNSSPEEDY[.]TK

ironvpn[.]tk

ironvpn[.]pw

irgomake[.]win

make-account[.]us

make-account[.]ir

IRANTUNEL[.]COM

JET-VPN[.]COM

newhost[.]ir

homeunix[.]net

vpnmakers[.]com

hidethisip[.]info

uk[.]myfastport[.]com

witopia[.]net

worldserver[.]in

music30ty[.]net

misconfused[.]org

privatetunnel[.]com

aseman-sky[.]in

Related domain registrant email addresses known to have been involved in the campaign:

zodaraxe@yandex[.]com

2alfaman@gmail[.]com

rossma@aliyun[.]com

uletmed@gmail[.]com

xy168899@gmail[.]com

baoma123654@gmail[.]com

88guaji@gmail[.]com

deshintawiida@gmail[.]com

2710282345@qq[.]com

youji364558@163[.]com

ngelaa337@gmail[.]com

THEPOUTHOOEB@HOTMAIL[.]COM

michalrestl@email[.]cz

cfwwx2@126[.]com

20702176@qq[.]com

ljytyhdeai@foxmail[.]com

2140426952@qq[.]com

marocsofiane20@gmail[.]com

17891750@qq[.]com

moniqueburorb@yahoo[.]com

rayyxy@163[.]com

chaxun@dispostable[.]com

Related domains known to have been involved in the campaign:

gaysexvideo[.]us

keezmovies[.]us

hitporntube[.]com

enjoyfreesex[.]com

allfreesextube[.]com

thegaytubes[.]com

sextubeshop[.]com

pornfetishexxx[.]com

ebonypornox[.]com

freepornpig[.]com

marriagesextube[.]com

searchporntubes[.]com

suckporntube[.]com

darlingmatures[.]com

pornretrotube[.]com

teensexfusion[.]net

rough18[.]us

teendorf[.]us

1retrotube[.]com

typeteam[.]com

biosextube[.]com

hadcoreporntube[.]com

reporntube[.]com

telltake[.]com

asianprivatetube[.]com

hostednude[.]com

alfaporn[.]com

sexbring[.]com

porntubem[.]com

newerotictube[.]com

firstretrotube[.]com

oralsexlove[.]com

1bdsmtubes[.]com

hairytubeporn[.]com

brunettetubex[.]com

tubelatinaporn[.]com

xxxgaytubes[.]com

analxxxvideo[.]com

analsexytube[.]com

aeroxxxtube[.]com

amateurpornlove[.]com

admingay[.]com

xxxretrotube[.]com

xxxshemaletubes[.]com

hotpornstartube[.]com

firsttrannytube[.]com

erotixtubes[.]com

1pornstartube[.]com

1asiantube[.]com

18mpegs[.]com

maturediva[.]com

elitematures[.]com

vipmatures[.]com

pcsextube[.]com

porn-vote[.]com

pornbrunettes[.]com

maturedtube[.]com

alfatubes[.]com

maturetubesexy[.]com

justhairyporn[.]com

hotblowjobporn[.]com

homemadetubez[.]com

homemadexx[.]com

golesbiansex[.]com

fuck-k[.]com

freebdsmxxx[.]com

emeraldporntube[.]com

dosextube[.]com

bigtitslove[.]com

yoursex[.]sexy

tubez[.]sexy

japaneseporn[.]win

hdfuck[.]me

tubelesbianporn[.]com

vipebonytube[.]com

vipamateurtube[.]com

largematuretube[.]com

latinosextube[.]com

xxxhardest[.]com

tubebigtit[.]com

tubesexa[.]com

realfetishtube[.]com

pornways[.]com

Related domains known to have been involved in the campaign:

qhbzkj[.]cn

mmbrbdf[.]cn

daosidanbao[.]cn

txxutmgs[.]cn

sdhsyl[.]cn

butrxmgp[.]cn

aiin[.]com[.]cn

xuxinwuliu[.]cn

qaqbhvnb[.]cn

hnldfm[.]cn

tjtyfs[.]cn

china-sum[.]com

bjyfjh[.]cn

lianstea[.]cn

shufaxuetang[.]cn

wdjjsc[.]cn

hjstory[.]cn

domcc[.]cn

918mzj[.]com

chninvest[.]cn

jfcng[.]com

nksale[.]cn

davidzhu[.]cn

tswfg[.]cn

realpornmovies[.]xyz

freepornosvideo[.]xyz

xxxpornomovies[.]xyz

sexbring[.]com

discountsale[.]xyz

howmanyweeksinayear[.]net

nutridot[.]xyz

doomyaffiliate[.]com

gacha3[.]online

hollybox[.]store

slimevideoyoutube[.]com

gooogle[.]site

vtrpic[.]com

hg301[.]com

pornvv[.]com

voonage[.]com

pornonada[.]com

uscab[.]com

pornoporntube[.]com

beaces[.]com

spaziotorte[.]com

spermix[.]com

eyew[.]com

pornky[.]com

cosmos-nc[.]com

pornlow[.]com

topbridal[.]com

coolporntube[.]com

pornotubevideos[.]com

freshporntv[.]com

pornushkin[.]com

pornodayiz[.]com

fjser[.]com

egreenfusion[.]com

ahbest[.]net

cvm[.]cn

spccsd[.]com

kozw[.]com

finalyearprojects[.]net

ylciyuiw[.]com

ylcimgsm[.]com

ylcddldz[.]com

ylchzhvb[.]com

rhshh[.]cn

ylcksqag[.]com

coodj[.]com

ylckigoa[.]com

qzguangda[.]com

ylcawqoq[.]com

laohe360[.]net

ylcxzlxd[.]com

miracure-bio[.]com

nmhxt[.]com

bjaiweiyi[.]com

hermankardon[.]com

ybcvideo[.]com

vindowsad[.]net

hpimsummit[.]com

wilmassage[.]com

cpfpz[.]com

gaysexvideo[.]us

keezmovies[.]us

ylcaiyay[.]com

lewan123[.]com

tbtmzk[.]com

haigouusa[.]com

ztmzp[.]com

hacctv[.]com

zuikuho[.]com

enping1[.]com

xgfxw[.]com

xzkywx[.]com

alotof-people[.]com

choreographyourhealth[.]us

acwt[.]us

somethinglovely[.]us

onlinestock-investing[.]us

lionheartgallery[.]us

host4bit[.]us

computerpartsdirect[.]us

sjb152[.]com

sjb513[.]com

sjb073[.]com

sjb458[.]com

sjb632[.]com

sjb272[.]com

sjb190[.]com

bighank[.]com

funskip[.]com

funnyjp[.]com

n6i[.]com

forgoodfuture[.]com

dzhfgj[.]cn

wbag[.]com

ceducation[.]cn

ahound[.]com

kenchu[.]net

bigsaks[.]com

7l0[.]com

psichiomega[.]us

blankparkzoo[.]us

ujdah[.]us

my-ask[.]com

yourtutor[.]us

cbdemon[.]us

anweigps[.]cn

szdjt[.]cn

yooyle[.]com[.]cn

maturediva[.]com

ccy-sj[.]com[.]cn

ntdoc[.]cn

024jk[.]cn

cd8888[.]cn

tlmlj[.]cn

bjostore[.]com

lockhan[.]cn

yangqiu[.]cn

bigaq[.]com

szca[.]org[.]cn

cnturtle[.]com[.]cn

gzycdz[.]cn

pdshdzz[.]cn

zhjzzz[.]cn

szms678[.]com[.]cn

taifengzd[.]com

100airport[.]cn

rtchache[.]com

dtcs[.]com[.]cn

szhychem[.]cn

lqqz[.]net

hyfk[.]net

geoer[.]cn

jjzyhhy[.]cn

goroog[.]cn

ey-x[.]com

yabtsf[.]cn

blzyds[.]cn

dgtdzs[.]cn

118km[.]cn

ad-cct[.]com

52huimin[.]com

zeshangze[.]com

0971jz[.]com

scxzt[.]cn

sjzxwg[.]cn

yhyizhneit[.]com

51hikao[.]com

holomovie[.]xyz

alisale[.]xyz

itangv[.]com

qhlqq[.]com

pdsyicheng[.]com

sjb925[.]com

sjb312[.]com

sjb301[.]com

yun034[.]com

zhc240[.]com

youpindaojia[.]cn

We’ll continue monitoring the campaign and post updates as soon as new developments take place

Stay tuned!

Continue reading →

Exposing a Currently Active List of Iran-Based Hacker and Hacker Team's Handles - An OSINT Analysis

Dear blog readers,

I've decided to share with everyone a currently active list of Iran-based hacker and hacker team's handles which could greatly assist in possible cyber attack attribution campaigns including cyber threat actor attribution campaigns.

Sample currently active Iran-based hacker and hacker team's handles currently used in massive or targeted Web site defacement campaigns:

[7] || Hacked By Reza_Blz |||| Hacked By Reza_Blz||

[8] .:: Hacked By M4st3r_4w4r3 ::.

[9] ...:: Hacked By Wonted ::....

[10] Hacked By Cair3x

[11] =====Hacked By Aref ====

[12] Hacked By alipc1

[13] Hacked By BrainBoy

[14] Hacked By Mr.Bami

[15] Hacked !? /Cyber Terrorist

[16] Hacked By SaMiR

[17] Hacked By Remove !

[18] HaCkEd By ArMaN InvIsIbLe

[19] Hacked by Original-Hackers

[20] Hacked By : MSN-HACKER

[21] [Hacked..By..Number14]

[22] Hacked By: D4rk_Kn1ght U

[23] [ Hacked By Sootak ]

[24] Hacked By Dr.Root

[25] Hacked By Cocain TeaM

[26] Hacked By Tir3x

[27] ..::HACKED BY MsU360::..

[28] >> HaCKed By MoHSenSUnBOY

[29] Hacked By GHOST

[30] Hacked By Dedmaster

[31] Hacked By amob07

[32] *** HACKED BY PUNISHER ***

[33] Hacked by Hellboy Group

[34] Hacked By infohooman

[35] HacKeD By Cair3x

[36] Hacked By H3LL BOY$

[37] HACKED BY PERSIAN DALTONS

[38] Hacked By MuteMove... !!!

[39] HAcKed By Karaji_kt21

[40] HaCKeD By rootqurd

[41] HaCkEd By ArMaN InvIsIbLe

[42] Hacked By Delta

[43] HACKED BY H3X73L

[44] [ Hacked By SHIA ]

[45] Hacked By SaeedSaaDi

[46] Hacked By #RooTer ;)

[47] [ Hacked By OptiShock ]

[48] Hacked By DevilZ TM

[49] Hacked By Busy Hacker

[50] Hacked By T3rr0r

[51] Hacked By nitROJen

[52] .:: HACKED BY ESSAJI ::.

[53] Hacked By : DangerMan

[54] Hacked By Security Team

[55] Hacked By Solt6n

[56] Hacked by R3d ErRor

[57] HacKeD By Cca

[58] Hacked by Arash Cyber

[59] Hacked By Never More !

[60] ||| Hacked by Afghan Hacker |||

[61] Hacked By Sianor

[62] ---==[ Hacked By MoHaMaD VakeR ]==---

[63] Hacked by Msu360

[64] HACKED BY Anti Shakh !

[65] -=: Hacked By kazi_root :=-

[66] Hacked By DevilZ TM

[67] Hacked By SaMiR

[68] Hacked By Dr.Pantagon

[69] hacked by inJenious

[70] Hacked by D3stroyer

[71] ::: Hacked By ArvinHacker :::

[72] Hacked By ShakafTeam

[73] HACKED BY B!0S

[74] Hacked By Tink3r

[75] Hacked By DevilZ TM

[76] HacKeD By Cair3x

[77] Hacked By Cyber Saboteur

[78] HACKED By Shadow.hacker

[79] -=[ HaCked By TBH ]=-

[80] -=: Hacked By two wolfs :=-

[81] << HACKED by Ali.ERROOR >>

[82] XPERSIA(HACKED BY HACKER)

[83] ????? Hacked By AR3S ?????|| HackeD By AR3S ||HACKED BY AR3S

[84] Hacked By ParsiHacker Security Team

[85] ::... This Site Hacked By TerminatoR

[86] [Hacked by Black hat group ]

[87] HaCked By Shishe security team=====

[88] THIS SITE HACKED BY dani.love666

[89] ::. HACKED BY TODAY PROGRAM GROUP .::

[90] .:hack_really:. hacked by firehackers hack_really

[91] -= Hacked By IrIsT Security Team =-

[92] Hacked By Loooooord Hacking Team

[93] HaCkEd By Anti Security Team

[94] .:::: Hacked By IRaNHaCK Security Team ::::.

[95] This Site Hacked by DiaGraM

[96] .:::: Hacked By IRaNHaCK Security Team ::::.

[97] ????? Hacked By kingback ?????

[98] o--[ Hacked By devilzc0der ]--o

[99] --= Hacked By Hijack Security Team =--

[0] || Hacked By Reza_Blz |||| Hacked By Reza_Blz||

[1] .:: Hacked By M4st3r_4w4r3 ::.

[2] ...:: Hacked By Wonted ::....

[3] Hacked By Cair3x

[4] =====Hacked By Aref ====

[5] Hacked By alipc1

[6] Hacked By BrainBoy

[7] Hacked By Mr.Bami

[8] Hacked By SaMiR

[9] Hacked By Remove !

[10] HaCkEd By ArMaN InvIsIbLe

[11] Hacked by Original-Hackers

[12] Hacked By : MSN-HACKER

[13] [Hacked..By..Number14]

[14] Hacked By: D4rk_Kn1ght U

[15] [ Hacked By Sootak ]

[16] Hacked By Dr.Root

[17] Hacked By Cocain TeaM

[18] Hacked By Tir3x

[19] ..::HACKED BY MsU360::..

[20] >> HaCKed By MoHSenSUnBOY

[21] Hacked By GHOST

[22] Hacked By Dedmaster

[23] Hacked By amob07

[24] *** HACKED BY PUNISHER ***

[25] Hacked by Hellboy Group

[26] Hacked By infohooman

[27] HacKeD By Cair3x

[28] Hacked By H3LL BOY$

[29] HACKED BY PERSIAN DALTONS

[30] Hacked By MuteMove... !!!

[31] HAcKed By Karaji_kt21

[32] HaCKeD By rootqurd

[33] HaCkEd By ArMaN InvIsIbLe

[34] Hacked By Delta

[35] HACKED BY H3X73L

[36] [ Hacked By SHIA ]

[37] Hacked By SaeedSaaDi

[38] Hacked By #RooTer ;)

[39] [ Hacked By OptiShock ]

[40] Hacked By DevilZ TM

[41] Hacked By Busy Hacker

[42] Hacked By T3rr0r

[43] Hacked By nitROJen

[44] .:: HACKED BY ESSAJI ::.

[45] Hacked By : DangerMan

[46] Hacked By Security Team

[47] Hacked By Solt6n

[48] Hacked by R3d ErRor

[49] HacKeD By Cca

[50] Hacked by Arash Cyber

[51] Hacked By Never More !

[52] ||| Hacked by Afghan Hacker |||

[53] Hacked By Sianor

[54] ---==[ Hacked By MoHaMaD VakeR ]==---

[55] Hacked by Msu360

[56] HACKED BY Anti Shakh !

[57] -=: Hacked By kazi_root :=-

[58] Hacked By DevilZ TM

[59] Hacked By SaMiR

[60] Hacked By Dr.Pantagon

[61] hacked by inJenious

[62] Hacked by D3stroyer

[63] ::: Hacked By ArvinHacker :::

[64] Hacked By ShakafTeam

[65] HACKED BY B!0S

[66] Hacked By Tink3r

[67] Hacked By DevilZ TM

[68] HacKeD By Cair3x

[69] Hacked By Cyber Saboteur

[70] HACKED By Shadow.hacker

[71] -=[ HaCked By TBH ]=-

[72] -=: Hacked By two wolfs :=-

[73] << HACKED by Ali.ERROOR >>

[74] XPERSIA(HACKED BY HACKER)

[75] [ Hacked ! ]

[76] Hacked

[77] ????? Hacked By AR3S ?????|| HackeD By AR3S ||HACKED BY AR3S

[78] Hacked

[79] Hacked By ParsiHacker Security Team

[80] ::... This Site Hacked By TerminatoR

[81] [Hacked by Black hat group ]

[82] HaCked By Shishe security team=====

[83] THIS SITE HACKED BY dani.love666

[84] ::. HACKED BY TODAY PROGRAM GROUP .::

[85] .:hack_really:. hacked by firehackers hack_really

[86] -= Hacked By IrIsT Security Team =-

[87] Hacked By Loooooord Hacking Team

[88] HaCkEd By Anti Security Team

[89] .:::: Hacked By IRaNHaCK Security Team ::::.

[90] This Site Hacked by DiaGraM

[91] .:::: Hacked By IRaNHaCK Security Team ::::.

[92] ????? Hacked By kingback ?????

[93] o--[ Hacked By devilzc0der ]--o

[94] --= Hacked By Hijack Security Team =--

[95] [ Hacked By Root Security Team ]

[96] Hacked By Iran Security Team

[97] .:::HACKED BY $py_F!$K3|2:::.

[98] HaCkEd By vahshatestan Security Team

[99] HACKED BY Mr,farshad,and.skote_vahshat

[0] Hacked!

[1] HACKED !

[2] Hacked!

[3] Hacked

[4] [ Hacked ! ]

[5] Hacked

[6] Hacked By Nob0dy

[7] || Hacked By Reza_Blz |||| Hacked By Reza_Blz||

[8] .:: Hacked By M4st3r_4w4r3 ::.

[9] ...:: Hacked By Wonted ::....

[10] Hacked By Cair3x

[11] =====Hacked By Aref ====

[12] Hacked By alipc1

[13] Hacked By BrainBoy

[14] Hacked By Mr.Bami

[15] Hacked !? /Cyber Terrorist

[16] Hacked By SaMiR

[17] Hacked By Remove !

[18] HaCkEd By ArMaN InvIsIbLe

[19] Hacked by Original-Hackers

[20] Hacked By : MSN-HACKER

[21] [Hacked..By..Number14]

[22] Hacked By: D4rk_Kn1ght U

[23] [ Hacked By Sootak ]

[24] Hacked By Dr.Root

[25] Hacked By Cocain TeaM

[26] Hacked By Tir3x

[27] ..::HACKED BY MsU360::..

[28] >> HaCKed By MoHSenSUnBOY

[29] Hacked By GHOST

[30] Hacked By Dedmaster

[31] Hacked By amob07

[32] *** HACKED BY PUNISHER ***

[33] Hacked by Hellboy Group

[34] Hacked By infohooman

[35] HacKeD By Cair3x

[36] Hacked By H3LL BOY$

[37] HACKED BY PERSIAN DALTONS

[38] Hacked By MuteMove... !!!

[39] HAcKed By Karaji_kt21

[40] HaCKeD By rootqurd

[41] HaCkEd By ArMaN InvIsIbLe

[42] Hacked By Delta

[43] HACKED BY H3X73L

[44] [ Hacked By SHIA ]

[45] Hacked By SaeedSaaDi

[46] Hacked By #RooTer ;)

[47] [ Hacked By OptiShock ]

[48] Hacked By DevilZ TM

[49] Hacked By Busy Hacker

[50] Hacked By T3rr0r

[51] Hacked By nitROJen

[52] .:: HACKED BY ESSAJI ::.

[53] Hacked By : DangerMan

[54] Hacked By Security Team

[55] Hacked By Solt6n

[56] Hacked by R3d ErRor

[57] HacKeD By Cca

[58] Hacked by Arash Cyber

[59] Hacked By Never More !

[60] ||| Hacked by Afghan Hacker |||

[61] Hacked By Sianor

[62] ---==[ Hacked By MoHaMaD VakeR ]==---

[63] Hacked by Msu360

[64] HACKED BY Anti Shakh !

[65] -=: Hacked By kazi_root :=-

[66] Hacked By DevilZ TM

[67] Hacked By SaMiR

[68] Hacked By Dr.Pantagon

[69] hacked by inJenious

[70] Hacked by D3stroyer

[71] ::: Hacked By ArvinHacker :::

[72] Hacked By ShakafTeam

[73] HACKED BY B!0S

[74] Hacked By Tink3r

[75] Hacked By DevilZ TM

[76] HacKeD By Cair3x

[77] Hacked By Cyber Saboteur

[78] HACKED By Shadow.hacker

[79] -=[ HaCked By TBH ]=-

[80] -=: Hacked By two wolfs :=-

[81] << HACKED by Ali.ERROOR >>

[82] XPERSIA(HACKED BY HACKER)

[83] ????? Hacked By AR3S ?????|| HackeD By AR3S ||HACKED BY AR3S

[84] Hacked By ParsiHacker Security Team

[85] ::... This Site Hacked By TerminatoR

[86] [Hacked by Black hat group ]

[87] HaCked By Shishe security team=====

[88] THIS SITE HACKED BY dani.love666

[89] ::. HACKED BY TODAY PROGRAM GROUP .::

[90] .:hack_really:. hacked by firehackers hack_really

[91] -= Hacked By IrIsT Security Team =-

[92] Hacked By Loooooord Hacking Team

[93] HaCkEd By Anti Security Team

[94] .:::: Hacked By IRaNHaCK Security Team ::::.

[95] This Site Hacked by DiaGraM

[96] .:::: Hacked By IRaNHaCK Security Team ::::.

[97] ????? Hacked By kingback ?????

[98] o--[ Hacked By devilzc0der ]--o

[99] --= Hacked By Hijack Security Team =--

[6] Hacked By Nob0dy

[7] || Hacked By Reza_Blz |||| Hacked By Reza_Blz||

[8] .:: Hacked By M4st3r_4w4r3 ::.

[9] ...:: Hacked By Wonted ::....

[10] Hacked By Cair3x

[11] =====Hacked By Aref ====

[12] Hacked By alipc1

[13] Hacked By BrainBoy

[14] Hacked By Mr.Bami

[15] Hacked !? /Cyber Terrorist

[16] Hacked By SaMiR

[17] Hacked By Remove !

[18] HaCkEd By ArMaN InvIsIbLe

[19] Hacked by Original-Hackers

[20] Hacked By : MSN-HACKER

[21] [Hacked..By..Number14]

[22] Hacked By: D4rk_Kn1ght U

[23] [ Hacked By Sootak ]

[24] Hacked By Dr.Root

[25] Hacked By Cocain TeaM

[26] Hacked By Tir3x

[27] ..::HACKED BY MsU360::..

[28] >> HaCKed By MoHSenSUnBOY

[29] Hacked By GHOST

[30] Hacked By Dedmaster

[31] Hacked By amob07

[32] *** HACKED BY PUNISHER ***

[33] Hacked by Hellboy Group

[34] Hacked By infohooman

[35] HacKeD By Cair3x

[36] Hacked By H3LL BOY$

[37] HACKED BY PERSIAN DALTONS

[38] Hacked By MuteMove... !!!

[39] HAcKed By Karaji_kt21

[40] HaCKeD By rootqurd

[41] HaCkEd By ArMaN InvIsIbLe

[42] Hacked By Delta

[43] HACKED BY H3X73L

[44] [ Hacked By SHIA ]

[45] Hacked By SaeedSaaDi

[46] Hacked By #RooTer ;)

[47] [ Hacked By OptiShock ]

[48] Hacked By DevilZ TM

[49] Hacked By Busy Hacker

[50] Hacked By T3rr0r

[51] Hacked By nitROJen

[52] .:: HACKED BY ESSAJI ::.

[53] Hacked By : DangerMan

[54] Hacked By Security Team

[55] Hacked By Solt6n

[56] Hacked by R3d ErRor

[57] HacKeD By Cca

[58] Hacked by Arash Cyber

[59] Hacked By Never More !

[60] ||| Hacked by Afghan Hacker |||

[61] Hacked By Sianor

[62] ---==[ Hacked By MoHaMaD VakeR ]==---

[63] Hacked by Msu360

[64] HACKED BY Anti Shakh !

[65] -=: Hacked By kazi_root :=-

[66] Hacked By DevilZ TM

[67] Hacked By SaMiR

[68] Hacked By Dr.Pantagon

[69] hacked by inJenious

[70] Hacked by D3stroyer

[71] ::: Hacked By ArvinHacker :::

[72] Hacked By ShakafTeam

[73] HACKED BY B!0S

[74] Hacked By Tink3r

[75] Hacked By DevilZ TM

[76] HacKeD By Cair3x

[77] Hacked By Cyber Saboteur

[78] HACKED By Shadow.hacker

[79] -=[ HaCked By TBH ]=-

[80] -=: Hacked By two wolfs :=-

[81] << HACKED by Ali.ERROOR >>

[82] XPERSIA(HACKED BY HACKER)

[83] ????? Hacked By AR3S ?????|| HackeD By AR3S ||HACKED BY AR3S

[84] Hacked By ParsiHacker Security Team

[85] ::... This Site Hacked By TerminatoR

[86] [Hacked by Black hat group ]

[87] HaCked By Shishe security team=====

[88] THIS SITE HACKED BY dani.love666

[89] ::. HACKED BY TODAY PROGRAM GROUP .::

[90] .:hack_really:. hacked by firehackers hack_really

[91] -= Hacked By IrIsT Security Team =-

[92] Hacked By Loooooord Hacking Team

[93] HaCkEd By Anti Security Team

[94] .:::: Hacked By IRaNHaCK Security Team ::::.

[95] This Site Hacked by DiaGraM

[96] .:::: Hacked By IRaNHaCK Security Team ::::.

[97] ????? Hacked By kingback ?????

[98] o--[ Hacked By devilzc0der ]--o

[99] --= Hacked By Hijack Security Team =--

[0] || Hacked By Reza_Blz |||| Hacked By Reza_Blz||

[1] .:: Hacked By M4st3r_4w4r3 ::.

[2] ...:: Hacked By Wonted ::....

[3] Hacked By Cair3x

[4] =====Hacked By Aref ====

[5] Hacked By alipc1

[6] Hacked By BrainBoy

[7] Hacked By Mr.Bami

[8] Hacked By SaMiR

[9] Hacked By Remove !

[10] HaCkEd By ArMaN InvIsIbLe

[11] Hacked by Original-Hackers

[12] Hacked By : MSN-HACKER

[13] [Hacked..By..Number14]

[14] Hacked By: D4rk_Kn1ght U

[15] [ Hacked By Sootak ]

[16] Hacked By Dr.Root

[17] Hacked By Cocain TeaM

[18] Hacked By Tir3x

[19] ..::HACKED BY MsU360::..

[20] >> HaCKed By MoHSenSUnBOY

[21] Hacked By GHOST

[22] Hacked By Dedmaster

[23] Hacked By amob07

[24] *** HACKED BY PUNISHER ***

[25] Hacked by Hellboy Group

[26] Hacked By infohooman

[27] HacKeD By Cair3x

[28] Hacked By H3LL BOY$

[29] HACKED BY PERSIAN DALTONS

[30] Hacked By MuteMove... !!!

[31] HAcKed By Karaji_kt21

[32] HaCKeD By rootqurd

[33] HaCkEd By ArMaN InvIsIbLe

[34] Hacked By Delta

[35] HACKED BY H3X73L

[36] [ Hacked By SHIA ]

[37] Hacked By SaeedSaaDi

[38] Hacked By #RooTer ;)

[39] [ Hacked By OptiShock ]

[40] Hacked By DevilZ TM

[41] Hacked By Busy Hacker

[42] Hacked By T3rr0r

[43] Hacked By nitROJen

[44] .:: HACKED BY ESSAJI ::.

[45] Hacked By : DangerMan

[46] Hacked By Security Team

[47] Hacked By Solt6n

[48] Hacked by R3d ErRor

[49] HacKeD By Cca

[50] Hacked by Arash Cyber

[51] Hacked By Never More !

[52] ||| Hacked by Afghan Hacker |||

[53] Hacked By Sianor

[54] ---==[ Hacked By MoHaMaD VakeR ]==---

[55] Hacked by Msu360

[56] HACKED BY Anti Shakh !

[57] -=: Hacked By kazi_root :=-

[58] Hacked By DevilZ TM

[59] Hacked By SaMiR

[60] Hacked By Dr.Pantagon

[61] hacked by inJenious

[62] Hacked by D3stroyer

[63] ::: Hacked By ArvinHacker :::

[64] Hacked By ShakafTeam

[65] HACKED BY B!0S

[66] Hacked By Tink3r

[67] Hacked By DevilZ TM

[68] HacKeD By Cair3x

[69] Hacked By Cyber Saboteur

[70] HACKED By Shadow.hacker

[71] -=[ HaCked By TBH ]=-

[72] -=: Hacked By two wolfs :=-

[73] << HACKED by Ali.ERROOR >>

[74] XPERSIA(HACKED BY HACKER)

[75] [ Hacked ! ]

[76] Hacked

[77] ????? Hacked By AR3S ?????|| HackeD By AR3S ||HACKED BY AR3S

[78] Hacked

[79] Hacked By ParsiHacker Security Team

[80] ::... This Site Hacked By TerminatoR

[81] [Hacked by Black hat group ]

[82] HaCked By Shishe security team=====

[83] THIS SITE HACKED BY dani.love666

[84] ::. HACKED BY TODAY PROGRAM GROUP .::

[85] .:hack_really:. hacked by firehackers hack_really

[86] -= Hacked By IrIsT Security Team =-

[87] Hacked By Loooooord Hacking Team

[88] HaCkEd By Anti Security Team

[89] .:::: Hacked By IRaNHaCK Security Team ::::.

[90] This Site Hacked by DiaGraM

[91] .:::: Hacked By IRaNHaCK Security Team ::::.

[92] ????? Hacked By kingback ?????

[93] o--[ Hacked By devilzc0der ]--o

[94] --= Hacked By Hijack Security Team =--

[95] [ Hacked By Root Security Team ]

[96] Hacked By Iran Security Team

[97] .:::HACKED BY $py_F!$K3|2:::.

[98] HaCkEd By vahshatestan Security Team

[99] HACKED BY Mr,farshad,and.skote_vahshat

[0] Hacked By Cocain TeaM

[1] Vvolf Hackerz Team

[2] Ashiyane Digital Security Team

[3] Hacked By Security Team

[4] Hacked By ParsiHacker Security Team

[5] HaCked By Shishe security team=====

[6] -= Hacked By IrIsT Security Team =-

[7] Hacked By Loooooord Hacking Team

[8] HaCkEd By Anti Security Team

[9] .:::: Hacked By IRaNHaCK Security Team ::::.

[10] .:::: Hacked By IRaNHaCK Security Team ::::.

[11] --= Hacked By Hijack Security Team =--

[12] [ Hacked By Root Security Team ]

[13] Hacked By Iran Security Team

[14] Defaced By Irazic Hacking Team

[15] HaCkEd By vahshatestan Security Team

[16] Hacked By ZaHackers Security Team

[17] .:: ----~~~D E L T A ,,, HACKING ,,, TEAM~~~ ---- ::

[18] Hacked By Ashiyane Digital Security Team - farbodmahini

[19] Defaced By RMA Digital Security Team

[20] Hacked By Scary Boys Digital Hacking Team

[21] Hacked By Black Fox Security Team

[22] ---= Hacked By Iranian DataCoders Security Team =---

[23] Hacked By Ashiyane Digital Security Team

[24] ::: Hacked By East Hackers Digital Security Team :::

[25] Delta-Hacker Security Team : Home Page

[26] Hacked By Ashiyane Digital Security Team

[27] [ Hacked By Iran Black Hats Team ]

[28] hacked by Esfahan Digital Security Team.!!!

[29] H4cKeD By Sahel-soft Security Team

[30] Hacked by Mohammad {2M Team(The ROCK)}

[31] Hacked By Parshan Digital Security Team

[32] [ Hacked By Iran Black Hats Team ]

[33] Hacked By Delta hacking Digital Security TEAM..........

[34] Hacked By Ashiyane Digital Security Team

[35] ????? Iranian South Coders Security Team ?????

[36] Hacked BY HashoR - Ashiyane Digital Security Team

[37] Hacked By Ramian Digital Security Team

[38] HACKED BY IHZ-TEAM ( Invisible Hackers Zone )

[39] Hacked By Ashiyane Digital Security Team

[40] Hacked By Scary Boys Digital Hacking Team

[41] ---= Hacked By Iranian DataCoders Security Team =---

[42] ---= Hacked By Iranian DataCoders Security Team =---

[43] Hacked by golpayegan Hacking Team --mortal_error----

[44] HACKED BY Iran Black Hats Team

[45] This Site Hacked By ParsiHacker Team ! ?

[46] Hacked By Tr0y Digital Security TeaM

[47] ++ Hacked By P30Hack Digital Hacking Team ++

[48] Hacked By ShakafTeam

[49] ..::~ This Site Hacked by Iranian DataCoders Security Team ~::..

[50] This Site Hacked by ART@N DiGiTal Security TeaM

[51] [----> This Site Is Hacked By : Digital West Asia Security Team <----

[52] ????? .::MaHDi PaTrioT-=- Hacked BY Ashiyane Digital Security Team::. ?????

[53] Hacked By G0D-0F-W4R Digital Security TeaM

[54] This site hacked by Iranian Datacoders Security team

[55] Hacked By IRAN-BABOL-HACKERS-SECURITY-TEAM ~ Popo WAS HERE !~

[56] This Web Site Hacked By ku4ng Hacking Team

[57] Hacked By Delta

[58] [----> This Site Is Hacked By : Digital West Asia Security Team <----] ???? | ???? | ????| ????|

[59] Home Page

[60] Hacked By 0261 Under Earth

[61] [ Hacked ! ]

[62] Hacked By Cyber Saboteur

[63] Hacked By amob07

[64] [ Hacked By SHIA ]

[65] YahooSwatTeam.jpg

[66] YahooSwatTeam2.gif

[67]

[68] Defaced By Lord Nemesis

[69] Hacked by D3stroyer

[70] Index of /

[71] \..Crack3R../

[72] iranash.jpg

[73] You Have Been Hacked By UfS

[74] ::: Hacked By ArvinHacker :::

[75] << HACKED by Ali.ERROOR >>

[76] Hacked By GHOST

[77] HacKeD By Cair3x

[78] By -Sun Army-

[79] __Hacked By __WANTED__

[80] [ L0v3-H4cking-w4s-Here ] { Hacked }H4cked By:Love Hacking

[81] Hacked By Sianor

[82] Hacked by Msu360

[83] -[ Defaced By ExeCutiveIM Group & BioS ]-Defaced By ExecutiveIM Group & BioS

[84] Local index - HTTrack Website CopierLocal index - HTTrack

[85] Annoncer

[86] Hacked By Remove !

[87] HAcKed By Karaji_kt21

[88] ~ This Site Hacked By Crazy LoveR ~

[89] Hacked by Arash Cyber

[90] Index of /

[91] Index of /ID Maker

[92] Index of /

[93]

[94] Hacked !

Stay tuned!

Continue reading →

Exposing a Currently Active List of Iran-Based Hacker and Hacker Team's Handles - An OSINT Analysis - Part Two

Continue reading →

Who Wants to Support My Work Commercially?

Folks,

Who wants to dive deep into some of my latest commercially available research and stay on the top of their OSINT/cybercrime research and threat intelligence gathering game that also includes their team and organization?

Check out my latest project here where I'm currently doing my best to guarantee and deliver approximately 12 unique articles and OSINT research and analysis on a daily basis including the following currently active portfolio of research which I made available online exclusively for commercial purposes and to further empower you and your team and organization:

• A Compilation of Currently Active and Related Scams Scammer Email Addresses – An OSINT Analysis
• A Compilation of Currently Active Cyber Jihad Themed Personal Email Addresses – An OSINT Analysis
• A Compilation of Currently Active Full Offline Copies of Cybercrime-Friendly Forum Communities – Direct Technical Collection Download -[RAR]
• A Compilation of Personally Identifiable Information on Various Iran-based Hacker Groups and Lone Hacker Teams – Direct Technical Collection Download – [RAR]
• A Koobface Botnet Themed Infographic Courtesy of my Keynote at CyberCamp – A Photo
• Advanced Bulletproof Malicious Infrastructure Investigation – WhoisXML API Analysis
• Advanced Mapping and Reconnaissance of Botnet Command and Control Infrastructure using Hostinger’s Legitimate Infrastructure – WhoisXML API Analysis
• Advanced Mapping and Reconnaissance of the Emotet Botnet – WhoisXML API Analysis
• Assessing The Computer Network Operation (CNO) Capabilities of the Islamic Republic of Iran – Free Research Report
• Astalavista Security Newsletter - 2003-2006 - Full Offline Reading Copy
• Compilations of Personally Identifiable Information Including XMPP/Jabber and Personal Emails Belonging to Cybercriminals and Malicious Threat Actors Internationally – An OSINT Analysis
• Cyber Intelligence – Personal Memoir – Dancho Danchev – – Download Free Copy Today!
• Cybercriminals Impersonate Legitimate Security Researcher Launch a Typosquatting C&C Server Campaign – WhoisXML API Analysis
• Dancho Danchev – Cyber Intelligence – Personal Memoir – Direct Download Copy Available
• Dancho Danchev’s “A Qualitative and Technical Collection OSINT-Enriched Analysis of the Iranian Hacking Scene Through the Prism of the Infamous Ashiyane Digital Security Team” Report – [PDF]
• Dancho Danchev’s “Assessing The Computer Network Operation (CNO) Capabilities of the Islamic Republic of Iran” Report – [PDF]
• Dancho Danchev’s “Astalavista Security Group – Investment Proposal” Presentation – A Photos Compilation
• Dancho Danchev’s “Building and Implementing a Successful Information Security Policy” White Paper – [PDF]
• Dancho Danchev’s “Cyber Jihad vs Cyberterrorim – Separating Hype from Reality” Presentation – [PDF]
• Dancho Danchev’s “Cyber Jihad vs Cyberterrorism – Separating Hype from Reality – A Photos Compilation
• Dancho Danchev’s “Exposing Koobface – The World’s Largest Botnet” Presentation – A Photos Compilation
• Dancho Danchev’s “Exposing Koobface – The World’s Largest Botnet” Presentation – [PDF]
• Dancho Danchev’s “Exposing the Dynamic Money Mule Recruitment Ecosystem” Presentation – A Photos Compilation
• Dancho Danchev’s “Exposing the Dynamic Money Mule Recruitment Ecosystem” Presentation – [PDF]
• Dancho Danchev’s “Intell on the Criminal Underground – Who’s Who in Cybercrime for ” Presentation – [PDF]
• Dancho Danchev’s “Intell on the Criminal Underground – Who’s Who in Cybercrime for ?” – A Photos Compilation
• Dancho Danchev’s – Cybercrime Forum Data Set – Free Direct Technical Collection Download Available – GB – [RAR]
• Dancho Danchev’s Blog – Full Offline Copy Available – Volume – [PDF]
• Dancho Danchev’s Blog – Full Offline Copy Available – Volume – [PDF]
• Dancho Danchev’s Blog – Full Offline Copy Available – Volume – [PDF]
• Dancho Danchev’s Blog – Full Offline Copy Available – Volume – [PDF]
• Dancho Danchev’s Blog – Full Offline Copy Available – Volume – [PDF]
• Dancho Danchev’s Blog – Full Offline Copy Available – Volume – [PDF]
• Dancho Danchev’s Blog – Full Offline Copy Available – Volume – [PDF]
• Dancho Danchev’s Blog – Full Offline Copy Available – Volume – [PDF]
• Dancho Danchev’s Blog – Full Offline Copy Available – Volume – [PDF]
• Dancho Danchev’s Blog – Full Offline Copy Available – Volume – [PDF]
• Dancho Danchev’s Blog – Full Offline Copy Available – Volume – [PDF]
• Dancho Danchev’s Blog – Full Offline Copy Available – Volume – [PDF]
• Dancho Danchev’s Blog – Full Offline Copy Available – Volume – [PDF]
• Dancho Danchev’s Blog – Full Offline Copy Available – Volume – [PDF]
• Dancho Danchev’s Comeback Livestream Today – Join me on Facebook Live!
• Dancho Danchev’s CV – Direct Download Copy Available
• Dancho Danchev’s Cybercrime Forum Data Set for – Upcoming Direct Technical Collection Download Available
• Dancho Danchev’s Primary Contact Points for this Project – Email/XMPP/Jabber/OMEMO and PGP Key Accounts
• Dancho Danchev’s Privacy and Security Research Compilation – Medium Account Research Compilation – [PDF]
• Dancho Danchev’s Private Party Videos – Direct Video Download Available
• Dancho Danchev’s Private Party Videos – Part Three – Direct Video Download Available
• Dancho Danchev’s Private Party Videos – Part Two – Direct Video Download Available
• Dancho Danchev’s Random Conference and Event Photos – A Compilation
• Dancho Danchev’s Random Personal Photos and Research Photos Compilation – A Compilation
• Dancho Danchev’s Research for Unit-.org – Direct Download Copy Available
• Dancho Danchev’s Research for Webroot – Direct Download Copy Available
• Dancho Danchev’s RSA Europe Conference Event Photos – A Photos Compilation
• Dancho Danchev’s Security Articles and Research for ZDNet’s Zero Day Blog – Full Offline Copy Available – [PDF]
• Dancho Danchev’s Security/OSINT/Cybercrime Research and Threat Intelligence Gathering Research Compilations – [PDF]
• Dancho Danchev’s Twitter Archive – Direct Download – [ZIP]
• Dancho Danchev’s Upcoming Cybercrime Research OSINT and Threat Intelligence Gathering E-Book Titles – Sample E-Book Covers
• Dancho Danchev’s Video Keynote Presentation – “Exposing Koobface – The World’s Largest Botnet” – Video Download Available
• Dancho Danchev’s Random Personal Photos and Research Photos Compilation – Part Three – A Compilation
• Dancho Danchev’s Random Personal Photos and Research Photos Compilation – Part Two – A Compilation
• Exposing A Virus Coding Group – An OSINT Analysis
• Exposing a Boutique Fraudulent and Rogue Cybercrime-Friendly Forum Community – WhoisXML API Analysis
• Exposing a Currently Active “Jabber ZeuS” also known as “Aqua ZeuS” Gang Personal Email Portfolio – An OSINT Analysis
• Exposing a Currently Active CoolWebSearch Rogue and Malicious Domains Portfolio – An OSINT Analysis
• Exposing a Currently Active CoolWebSearch Rogue and Malicious Domains Portfolio – Part Two – An OSINT Analysis
• Exposing a Currently Active CoolWebSearch Rogue and Malicious Domains Portfolio – Part Four – An OSINT Analysis
• Exposing a Currently Active CoolWebSearch Rogue and Malicious Domains Portfolio – Part Three – An OSINT Analysis
• Exposing a Currently Active CoolWebSearch Rogue and Malicious IPs Portfolio – An OSINT Analysis
• Exposing a Currently Active CoolWebSearch Rogue and Malicious IPs Portfolio – Part Two – An OSINT Analysis
• Exposing a Currently Active Cyber Jihad Domain Portfolio – An OSINT Analysis
• Exposing a Currently Active Cyber Jihad Domains Portfolio – WhoisXML API Analysis
• Exposing a Currently Active Cyber Jihad Social Media Twitter Accounts – An OSINT Analysis
• Exposing a Currently Active Domain Portfolio Belonging to Iran’s Mabna Hackers – An OSINT Analysis
• Exposing a Currently Active Domain Portfolio Managed and Operated by Members of the Ashiyane Digital Security Team – WhoisXML API Analysis
• Exposing a Currently Active Domain Portfolio of Currently Active High-Profile Cybercriminals Internationally – WhoisXML API Analysis
• Exposing A Currently Active Domain Portfolio of Cybercrime Friendly Forum Communities – An OSINT Analysis
• Exposing A Currently Active Domain Portfolio of Cybercrime Friendly Forum Communities – Part Two – An OSINT Analysis
• Exposing A Currently Active Domain Portfolio of Cybercrime Friendly Forum Communities – Part Three – An OSINT Analysis
• Exposing a Currently Active Domain Portfolio of Tech Support Scam Domains – An OSINT Analysis
• Exposing a Currently Active Free Rogue VPN Domains Portfolio Courtesy of the NSA – WhoisXML API Analysis
• Exposing a Currently Active Iran-Based Lone Hacker and Hacker Group’s Personal Web Sites Full Offline Copies – Direct Technical Collection Download – [RAR]
• Exposing a Currently Active Kaseya Ransomware Domains Portfolio – WhoisXML API Analysis
• Exposing a Currently Active Koobface Botnet C&C Server Domains Portfolio – Historical OSINT
• Exposing a Currently Active List of Iran-Based Hacker and Hacker Team’s Handles – An OSINT Analysis
• Exposing a Currently Active List of Iran-Based Hacker and Hacker Team’s Handles – Part Two – An OSINT Analysis
• Exposing a Currently Active List of Iran-Based Hacker and Hacker Team’s Handles – Part Three – An OSINT Analysis
• Exposing a Currently Active List of Iran-Based Hacker and Hacker Team’s Handles – Part Two – An OSINT Analysis
• Exposing a Currently Active Money Mule Recruitment Domain Registrant Portfolio – Historical OSINT
• Exposing a Currently Active NSO Spyware Group’s Domain Portfolio – WhoisXML API Analysis
• Exposing a Currently Active Portfolio of Personal Web Sites Belonging to Iran-Based Hackers and Hacking Teams and Groups – An OSINT Analysis
• Exposing a Currently Active Portfolio of Personal Web Sites Belonging to Iran-Based Hackers and Hacking Teams and Groups – Part Two – An OSINT Analysis
• Exposing a Currently Active Portfolio of Ransomware-Themed Protonmail Personal Email Address Accounts – An OSINT Analysis
• Exposing a Currently Active Portfolio of RAT (Remote Access Tool) C&C Server IPs and Domains – An OSINT Analysis
• Exposing a Currently Active Rock Phish Domain Portfolio – Historical OSINT
• Exposing a Currently Active SolarWinds Rogue and Malicious C&C Domains Portfolio – An OSINT Analysis
• Exposing a Currently Active WannaCry Ransomware Domains Portfolio – WhoisXML API Analysis
• Exposing a Personal Photo Portfolio of Iran Hack Security Team – An OSINT Analysis
• Exposing A Personal Photos Portfolio of Ashiyane Digital Security Group Team Members – An OSINT Analysis
• Exposing a Personal Ransomware-Themed Email Address Portfolio – An OSINT Analysis
• Exposing a Personal Ransomware-Themed Email Address Portfolio – Part Two – An OSINT Analysis
• Exposing a Portfolio of Ashiyane Digital Security Team Hacking Tools – Direct Technical Collection Download – [RAR]
• Exposing a Portfolio of Personal Photos of Iran-Based Hacker and Hacker Teams and Groups – An OSINT Analysis
• Exposing a Rogue Domain Portfolio of Fake News Sites – WhoisXML API Analysis
• Exposing Bulgarian Cyber Army Hacking Group – An OSINT Analysis
• Exposing HackPhreak Hacking Group – An OSINT Analysis
• Exposing Personally Identifiable Information on Ashiyane Digital Security Group Team Members – An OSINT Analysis
• Exposing Random Koobface Botnet Related Screenshots – An OSINT Analysis
• Exposing Team Code Zero Hacking Group – An OSINT Analysis
• From the “Definitely Busted” Department – A Compilation of Personally Identifiable Information on Various Cyber Threat Actors Internationally – An OSINT Analysis – [PDF]
• Introducing Astalavista.box.sk’s “Threat Crawler” Project – Earn Cryptocurrency for Catching the Bad Guys – Hardware Version Available
• Introducing Dancho Danchevs’s “Blog” Android Mobile Application – Google Play Version Available
• Malware – Future Trends – Research Paper – Copy
• Person on the U.S Secret Service Most Wanted Cybercriminals Identified Runs a Black Energy DDoS Botnet – WhoisXML API
• Profiling a Currently Active CoolWebSearch Domains Portfolio – WhoisXML API Analysis
• Profiling a Currently Active Domain Portfolio of Fake Job Proposition and Pharmaceutical Scam Domains – An OSINT Analysis
• Profiling a Currently Active Domain Portfolio of Pay-Per-Install Rogue and Fraudulent Affiliate Network Domains – An OSINT Analysis
• Profiling a Currently Active Personal Email Address Portfolio of Members of Iran’s Ashiyane Digital Security Team – An OSINT Analysis
• Profiling a Currently Active Personal Email Addresses Portfolio Operated by Cybercriminals Internationally – An OSINT Analysis
• Profiling a Currently Active Portfolio of Rogue and Malicious Domains – An OSINT Analysis
• Profiling a Currently Active Portfolio of Scareware and Malicious Domain Registrants – Historical OSINT
• Profiling a Currently Active Portfolio of Scareware Domains – Historical OSINT
• Profiling a Currently Active Portfolio of Spam Domains that Hit ZDNet.com Circa – An OSINT Analysis
• Profiling a Currently Active Scareware Domains Portfolio – An OSINT Analysis
• Profiling a Money Mule Recruitment Registrant Emails Portfolio – WhoisXML API Analysis
• Profiling a Portfolio of Cybercriminal Email Addresses – WhoisXML API Analysis
• Profiling a Portfolio of Personal Photos Courtesy of Koobface Botnet Master Anton Korotchenko – An OSINT Analysis
• Profiling a Portfolio of Personal Photos of Behrooz Kamalian Team Member of Ashiyane Digital Security Team – An OSINT Analysis
• Profiling a Portfolio of Personally Identifiable OSINT Artifacts from Law Enforcement and OSINT Operation “Uncle George” – An OSINT Analysis
• Profiling a Rogue Fast-Flux Botnet Infrastructure Currently Hosting Multiple Online Cybercrime Enterprises – WhoisXML API Analysis
• Profiling Iran’s Hacking Scene Using Maltego – A Practical Case Study and a Qualitative Approach – An Analysis
• Profiling Russia’s U.S Election Interference – WhoisXML API Analysis
• Profiling the “Jabber ZeuS” Rogue Botnet Enterprise – WhoisXML API Analysis
• Profiling the Emotet Botnet C&C Infrastructure – An OSINT Analysis
• Profiling the Internet Connected Infrastructure of the Individuals on the U.S Sanctions List – WhoisXML API Analysis
• Profiling the Liberty Front Press Network Online – WhoisXML API Analysis
• Profiling the U.S Election Interference – An OSINT Analysis
• Random Photos from the “Lab” Circa up to Present Day – A Compilation
• Sample Random Cybercrime Ecosystem Screenshots – A Compilation of Images – Direct Technical Collection Download – An Analysis
• Sample Random Cybercrime Ecosystem Screenshots – A Compilation of , Images – An Analysis
• Sample Random Cybercrime Ecosystem Screenshots – A Compilation of , Images – An Analysis
• Sample Random Cybercrime Ecosystem Screenshots – A Compilation of Images – An Analysis
• Security Researchers Targeted in Spear Phishing Campaign – WhoisXML API Analysis
• Shots from the Wild West – Random Cybercrime Ecosystem Screenshots – An OSINT Analysis – Part Three
• The Pareto Botnet – Advanced Cross-Platform Android Malware Using Amazon AWS Spotted in the Wild – WhoisXML API Analysis
• Who’s Behind the Conficker Botnet? – WhoisXML API Analysis
• Who’s on Twitter?

 Stay tuned!

Continue reading →