Threat Intelligence

Exposing Rogue Free VPN Users – An OSINT Analysis

According to recent research conducted by DNS Threat Researcher Dancho Danchev, the National Security Agency (NSA) seemingly runs a free VPN domain portfolio to lure malicious users and learn more about their Internet activities.

What Are the Internet Domains Connected to the Conficker Botnet?

Conficker gained prominence back in 2008, when it was then considered possibly the most widespread worm affecting millions of Windows computers worldwide. For several years, the worm, also known as "Downup," "Downadup," "Downad," or "Kido," was the top malware infector.

Investigation of an Iranian Misinformation Network: Are Some IRGC Domains Still Up?

June 2021 saw the U.S. Department of Justice (DOJ) shutting down and seizing several websites believed to be involved in misinformation campaigns. These websites published news-related content and seemingly had connections to Irani governmental entities. In fact, some of them were found to be the property of the Iranian Islamic Radio and Television Union (IRTVU).

Could the LGBTQ Community Be a Target of Internet Threat Actors?

Pride month is celebrated worldwide. While it's meant to be a time of celebration for members of the LGBTQ community and their families and supporters, its popularity has also made it a possible target of cyber threats. In this post, we look at potentially dangerous Internet properties that have been registered both recently and over the years.

Uncovering Office 365-Related Artifacts with IP and Domain Intelligence

While Office 365 is one of the most prevalent office suites out in the market today, its users can't rest easy. Cybercriminals and threat actors will always find ways to abuse the most popular brands in various ways.

The Joe Biden-Kamala Harris Tandem’s Effects on Domain and Subdomain Registrations

It has been months after Joe Biden and Kamala Harris took office as president and vice president of the U.S., respectively. And since that time, they were naturally featured in most news outlets. What we wanted to know, though, is how all the attention has been affecting the domain registration world.

Zero-Trust Implementation Using WHOIS, IP, and DNS Data

The U.S. government released the Executive Order on Improving the Nation's Cybersecurity in May 2021, highlighting the rationale of a zero-trust security approach. While the order only covers the government's digital infrastructure, this initiative could also serve as a catalyst for more robust global cybersecurity.

Analyzing Recently Discovered Windows 11-Themed Assets

The release of a new application or operating system (OS) is typically greeted by enthusiasm, diverse opinions, and potential threats. Windows 11's case is no different as we identified various assets that could be misused on the Internet.

Liberty Front Press Network: An IoC Enrichment & Threat Intelligence Analysis

Liberty Front Press is a fake news network that has been operating since Trump's administration and was said to be designed to leverage liberal resentment against the former U.S. president while promoting pro-Iranian foreign policy narratives via social media.

Are There More Properties Connected to the Pareto Botnet?

The Pareto botnet, known for using almost a million infected Android devices to spoof people seemingly watching ads on smart TVs, was reportedly taken down recently through the collaboration of industry players, notably Roku and Google.