Blog

Dear blog readers, In this analysis I’ll provide actionable intelligence on the LabHost phishing as a service cybercrime enterprise. Sample URLs known to have been involved in the campaign include: hxxp://labhost[.]cc hxxp://labhost[.]co hxxp://labhost[.]xyz – Email: zztopd[.]rambler.ru hxxp://labhost[.]ru hxxp://lab-host[.]ru Related domains known to have been registered using zztopd@rambler.ru: hxxp://russiancloud[.]xyz hxxp://onelab[.]xyz hxxp://onebio[.]xyz hxxp://inforussia[.]xyz hxxp://labservice[.]xyz hxxp://labcentral[.]xyz hxxp://gorussian[.]xyz hxxp://ecoserver[.]xyzRead More

Dear blog readers, In the following analysis I’ll offer an URL compilation of fake news sites including additional personally identifiable email address accounts known to have been involved in these campaigns. hxxp://addustuor[.]com hxxp://al-jazirah[.]org hxxp://al-shargh[.]com hxxp://al-watan[.]co hxxp://alarabyia[.]org hxxp://alettehad[.]net hxxp://aliraq-news[.]com hxxp://aljlazeera[.]com hxxp://alryiadh[.]com hxxp://alwatannewspaper[.]net hxxp://bbc-arabic[.]com hxxp://belfercenter[.]net hxxp://bloomberq[.]com hxxp://braekingisraelnews[.]com hxxp://breakingisraelnews[.]net hxxp://brusslestimes[.]com hxxp://budapestbaecon[.]com hxxp://bundesergierung[.]de hxxp://com-news-world[.]site hxxp://com-users[.]info hxxp://dawalhaq[.]com hxxp://daylisabah[.]com hxxp://democraticcoalition[.]net hxxp://elwataannews[.]comRead More

  Dear blog readers, In this analysis I’ll take a look at a recently seized malware crypting as a service domain and will offer additional insights into how the service works. From the press release: “AegisTools.pw is a platform known in the underground economy since 2020 that primarily provided counter antivirus and crypting services –Read More

In this analysis we’ll take a look inside the Redline Stealer’s C&C and IoCs infrastructure obtained using public sources with the idea to enrich the actual domain infrastructure while looking for additional clues for related malicious and fraudulent domain registrations by using WhoisXML API’s vast real-time and historical WHOIS database. Sample domains known to haveRead More

Dear blog readers, In this analysis I’ll offer and provide an in-depth technical overview of the Internet-connected infrastructure behind the Maze Ransomware Group using public sources including the data leak broker who’s responsible for the Sonatrach Data Leak with the idea to assist the appropriate parties researchers and analysts on their way to properly attributeRead More

I’ve recently obtained access to a publicly obtainable set of personally identifiable information belonging to a secondary Breached Forum team members and based on this discovery I’ve decided to dig a little bit deeper and find out related domain name registrations courtesy of the same individuals that are members of the forum on our wayRead More

I’ve decided to take a closer look at the recently seized domain portfolio owned by the infamous Samourai Cryptocurrency Mixer where the actual infrastructure consists of several primary domains and several secondary domains including a vast social media presence including an actual Android application for the cryptocurrency mixing service. Sample description of the service: “SamouraiRead More

The following is a compilation of publicly accessible DDoS booter services URLs. Sample related URLs: hxxp://str3ssed.com hxxp://dream-stresser.su hxxp://zdstresser.net hxxp://darkvr.io hxxp://tresser.io hxxp://xstress.top hxxp://blaststress.ru hxxp://dreams-stresser.co hxxp://dreams-stresser.su hxxp://hatter.cloud hxxp://undisclosed.is hxxp://mythicalstress.xyz hxxp://dragonstresser.net hxxp://inverse.sh hxxp://stresser.zone hxxp://ipstresser.me hxxp://blaze-api.cc hxxp://vacstresser.org hxxp://stressers.io hxxp://stresslab.cc hxxp://stresser.st hxxp://tokenview.life hxxp://stressthem.to hxxp://stresshit.club hxxp://stresser.is hxxp://cyberbooter.net hxxp://stresser.ga hxxp://metastresser.io hxxp://stresser.su hxxp://wrldsecurity.net hxxp://hexstresser.org hxxp://ipstresser.ltd hxxp://urgstresser.com hxxp://cryptostresser.vip hxxp://silentstress.cc hxxp://freestresser.top hxxp://joker.sh hxxp://ddoser.vip hxxp://stresser.website hxxp://liquidsec.spaceRead More

Dear blog readers, In this analysis I’ll discuss and provide actionable intelligence on Wassim Gerges Dahdan’s Advanced Web Tech’s (AWT) Al-Manar Hosting Provider. Name: Khalil Abbas Company: Advanced Web Tech Site URL: hxxp://awt.com.lb Email: webmaster[.]awt.com.lb Phone: 009613481199 Current domain registrations: hxxp://lcg-lb.com Related domain registrations: hxxp://almanartv.news hxxp://fastpublish.net hxxp://app-news.org hxxp://manar.news hxxp://manartv.news hxxp://lcg-lb.com hxxp://awt-lb.com hxxp://awt-lb.org hxxp://awt-lb.net hxxp://dar-almanar.org hxxp://almanar-tv.net hxxp://dar-almanar.netRead More

Dear blog readers, In this analysis I’ll take an in-depth look inside the MOLERaTS cyber threat actor in terms of actionable intelligence and the gang’s online and Internet-connected infrastructure. Related URLs: hxxp://bitly[.]com/1YRoIPX hxxp://mafy[.]2waky[.]com Related known responding IPs: 192[.]52[.]167[.]118 204[.]152[.]203[.]99 192[.]161[.]48[.]59 192[.]52[.]167[.]118 185[.]82[.]202[.]207 173[.]254[.]236[.]130 168[.]235[.]86[.]156 167[.]160[.]36[.]101 107[.]191[.]47[.]42 84[.]200[.]68[.]163 72[.]11[.]148[.]147 23[.]229[.]3[.]70 84[.]200[.]68[.]163 23[.]229[.]3[.]70 204[.]152[.]203[.]99 192[.]52[.]167[.]118 168[.]235[.]86[.]156 167[.]160[.]36[.]101Read More