{"id":1055560,"date":"2022-01-28T00:04:43","date_gmt":"2022-01-28T05:04:43","guid":{"rendered":"https:\/\/www.euvolution.com\/prometheism-transhumanism-posthumanism\/uncategorized\/exposing-a-currently-active-free-rogue-vpn-domains-portfolio-courtesy-of-the-nsa-an-osint-analysis-security-boulevard\/"},"modified":"2022-01-28T00:04:43","modified_gmt":"2022-01-28T05:04:43","slug":"exposing-a-currently-active-free-rogue-vpn-domains-portfolio-courtesy-of-the-nsa-an-osint-analysis-security-boulevard","status":"publish","type":"post","link":"https:\/\/www.euvolution.com\/prometheism-transhumanism-posthumanism\/nsa-2\/exposing-a-currently-active-free-rogue-vpn-domains-portfolio-courtesy-of-the-nsa-an-osint-analysis-security-boulevard\/","title":{"rendered":"Exposing a Currently Active Free Rogue VPN Domains Portfolio Courtesy of the NSA  An OSINT Analysis &#8211; Security Boulevard"},"content":{"rendered":"<p><p>Note: This OSINT analysis has been originally published at my current employers Web site  <a href=\"https:\/\/whoisxmlapi.comwhere\" rel=\"nofollow\">https:\/\/whoisxmlapi.comwhere<\/a> Im currently acting as a DNS Threat Researcher since January, 2021.<\/p>\n<p>Weve recently came across to a currently active free VPN domains portfolio which based on ourn research and publicly accessible sources appears to be run and operated by the NSA where the ultimate goal would be to trick users into using these rogue and bogus free VPN service providers in particular Iran-based users where the ultimate goal would be to monitor an eavesdrop on their Internet activities and weve decided to take a deeper look inside the Internet-connected infrastructure of these domains and offer practical and relevant threat intelligence and cyber attack attribution details on the true origins of the campaign.<\/p>\n<p>In this case study well offer practical and relevant technical information on the Internet-connected infrastructure of this campaign with the idea to assist the security community on its way to track down and monitor this campaign including to offer actual cyber attack and cyber campaign attribution clues which could come handy to a security researcher or a threat intelligence analyst on their way to track down and monitor the campaign.<\/p>\n<p>Original rogue portfolio of fake VPN service domains courtesy of the NSA:<\/p>\n<p>bluewebx[.]com<\/p>\n<p>bluewebx[.]us<\/p>\n<p>irs1[.]ga<\/p>\n<p>iranianvpn[.]net<\/p>\n<p>IRSV[.]ME<\/p>\n<p>DNSSPEEDY[.]TK<\/p>\n<p>ironvpn[.]tk<\/p>\n<p>ironvpn[.]pw<\/p>\n<p>irgomake[.]win<\/p>\n<p>make-account[.]us<\/p>\n<p>make-account[.]ir<\/p>\n<p>IRANTUNEL[.]COM<\/p>\n<p>JET-VPN[.]COM<\/p>\n<p>newhost[.]ir<\/p>\n<p>homeunix[.]net<\/p>\n<p>vpnmakers[.]com<\/p>\n<p>hidethisip[.]info<\/p>\n<p>uk[.]myfastport[.]com<\/p>\n<p>witopia[.]net<\/p>\n<p>worldserver[.]in<\/p>\n<p>music30ty[.]net<\/p>\n<p>misconfused[.]org<\/p>\n<p>privatetunnel[.]com<\/p>\n<p>aseman-sky[.]in<\/p>\n<p>Related domain registrant email addresses known to have been involved in thecampaign:<\/p>\n<p>[emailprotected][.]com<\/p>\n<p>[emailprotected][.]com<\/p>\n<p>[emailprotected][.]com<\/p>\n<p>[emailprotected][.]com<\/p>\n<p>[emailprotected][.]com<\/p>\n<p>[emailprotected][.]com<\/p>\n<p>[emailprotected][.]com<\/p>\n<p>[emailprotected][.]com<\/p>\n<p>[emailprotected][.]com<\/p>\n<p>[emailprotected][.]com<\/p>\n<p>[emailprotected][.]com<\/p>\n<p>[emailprotected][.]COM<\/p>\n<p>[emailprotected][.]cz<\/p>\n<p>[emailprotected][.]com<\/p>\n<p>[emailprotected][.]com<\/p>\n<p>[emailprotected][.]com<\/p>\n<p>[emailprotected][.]com<\/p>\n<p>[emailprotected][.]com<\/p>\n<p>[emailprotected][.]com<\/p>\n<p>[emailprotected][.]com<\/p>\n<p>[emailprotected][.]com<\/p>\n<p>[emailprotected][.]com<\/p>\n<p>Related domains known to have been involved in the campaign:<\/p>\n<p>gaysexvideo[.]us<\/p>\n<p>keezmovies[.]us<\/p>\n<p>hitporntube[.]com<\/p>\n<p>enjoyfreesex[.]com<\/p>\n<p>allfreesextube[.]com<\/p>\n<p>thegaytubes[.]com<\/p>\n<p>sextubeshop[.]com<\/p>\n<p>pornfetishexxx[.]com<\/p>\n<p>ebonypornox[.]com<\/p>\n<p>freepornpig[.]com<\/p>\n<p>marriagesextube[.]com<\/p>\n<p>searchporntubes[.]com<\/p>\n<p>suckporntube[.]com<\/p>\n<p>darlingmatures[.]com<\/p>\n<p>pornretrotube[.]com<\/p>\n<p>teensexfusion[.]net<\/p>\n<p>rough18[.]us<\/p>\n<p>teendorf[.]us<\/p>\n<p>1retrotube[.]com<\/p>\n<p>typeteam[.]com<\/p>\n<p>biosextube[.]com<\/p>\n<p>hadcoreporntube[.]com<\/p>\n<p>reporntube[.]com<\/p>\n<p>telltake[.]com<\/p>\n<p>asianprivatetube[.]com<\/p>\n<p>hostednude[.]com<\/p>\n<p>alfaporn[.]com<\/p>\n<p>sexbring[.]com<\/p>\n<p>porntubem[.]com<\/p>\n<p>newerotictube[.]com<\/p>\n<p>firstretrotube[.]com<\/p>\n<p>oralsexlove[.]com<\/p>\n<p>1bdsmtubes[.]com<\/p>\n<p>hairytubeporn[.]com<\/p>\n<p>brunettetubex[.]com<\/p>\n<p>tubelatinaporn[.]com<\/p>\n<p>xxxgaytubes[.]com<\/p>\n<p>analxxxvideo[.]com<\/p>\n<p>analsexytube[.]com<\/p>\n<p>aeroxxxtube[.]com<\/p>\n<p>amateurpornlove[.]com<\/p>\n<p>admingay[.]com<\/p>\n<p>xxxretrotube[.]com<\/p>\n<p>xxxshemaletubes[.]com<\/p>\n<p>hotpornstartube[.]com<\/p>\n<p>firsttrannytube[.]com<\/p>\n<p>erotixtubes[.]com<\/p>\n<p>1pornstartube[.]com<\/p>\n<p><!-- Auto Generated --><\/p>\n<p>Visit link:<br \/>\n<a target=\"_blank\" href=\"https:\/\/securityboulevard.com\/2022\/01\/exposing-a-currently-active-free-rogue-vpn-domains-portfolio-courtesy-of-the-nsa-an-osint-analysis\/\" title=\"Exposing a Currently Active Free Rogue VPN Domains Portfolio Courtesy of the NSA  An OSINT Analysis - Security Boulevard\" rel=\"noopener\">Exposing a Currently Active Free Rogue VPN Domains Portfolio Courtesy of the NSA  An OSINT Analysis - Security Boulevard<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p> Note: This OSINT analysis has been originally published at my current employers Web site <a href=\"https:\/\/whoisxmlapi.comwhere\" rel=\"nofollow\">https:\/\/whoisxmlapi.comwhere<\/a> Im currently acting as a DNS Threat Researcher since January, 2021.  <a href=\"https:\/\/www.euvolution.com\/prometheism-transhumanism-posthumanism\/nsa-2\/exposing-a-currently-active-free-rogue-vpn-domains-portfolio-courtesy-of-the-nsa-an-osint-analysis-security-boulevard\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":9,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[94881],"tags":[],"class_list":["post-1055560","post","type-post","status-publish","format-standard","hentry","category-nsa-2"],"_links":{"self":[{"href":"https:\/\/www.euvolution.com\/prometheism-transhumanism-posthumanism\/wp-json\/wp\/v2\/posts\/1055560"}],"collection":[{"href":"https:\/\/www.euvolution.com\/prometheism-transhumanism-posthumanism\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.euvolution.com\/prometheism-transhumanism-posthumanism\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.euvolution.com\/prometheism-transhumanism-posthumanism\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/www.euvolution.com\/prometheism-transhumanism-posthumanism\/wp-json\/wp\/v2\/comments?post=1055560"}],"version-history":[{"count":0,"href":"https:\/\/www.euvolution.com\/prometheism-transhumanism-posthumanism\/wp-json\/wp\/v2\/posts\/1055560\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.euvolution.com\/prometheism-transhumanism-posthumanism\/wp-json\/wp\/v2\/media?parent=1055560"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.euvolution.com\/prometheism-transhumanism-posthumanism\/wp-json\/wp\/v2\/categories?post=1055560"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.euvolution.com\/prometheism-transhumanism-posthumanism\/wp-json\/wp\/v2\/tags?post=1055560"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}