How to Add Context with Passive DNS: a hands-on walk through with ZoneCruncher bit.ly/zcpdns Suitable for the curious learner of any skill level. #threathunting #threatintelligence #incidentinvestigation #incidentresponse
ZETAlytics
计算机和网络安全
East Greenwich,RI 221 位关注者
Massive Passive DNS, Low Noise Threat Intel, Enrichment for AI Models. We love Helping Good Guys Stop Bad Guys w pDNS.
关于我们
Zetalytics supports major enterprises to help with a critical layer of network security. Offering unrivaled geographic diversity and exclusive global network visibility in searchable datasets for use by cyber security analysts.
- 网站
-
https://zetalytics.com
ZETAlytics的外部链接
- 所属行业
- 计算机和网络安全
- 规模
- 11-50 人
- 总部
- East Greenwich,RI
- 类型
- 私人持股
- 创立
- 2015
- 领域
- Passive DNS、Low Noise Threat Intel、API Subdomain Enumeration、pDNS、Enrichment for AI models、Enrichment for ML models、High Risk IP Blocklist、DNS traffic analysis、Structured Whois Search、Malware DNS Activity、Malicious domain name data、ZoneCruncher和Maltego Transforms
地点
-
主要
5600 Post Rd. #244
US,RI,East Greenwich
ZETAlytics员工
动态
-
We love it too Gary Warner thanks for your continued support.
I absolutely love ZoneCruncher PassiveDNS from ZETAlytics. Today some film makers were asking me to demonstrate how we find new crypto sites. I went to urlscan.io and pulled a site my team had submitted today (tagged as "CryptoScam") and used their tool to find many sites that were "visually similar." Then I took a random IP address where one of those was hosted and went over to ZoneCruncher. ( the #CryptoScam was on cloudflarewallet[.]com) The IP was 198.12.92 .246. ZoneCruncher had 244 websites that were hosted on that IP, with 46 of them showing a "First Seen" date of today! I used their download tool, deduplicated the results by domain name and copied the "new today" domains to 46 Chrome tabs using CopyAllURLs. I immediately proclaimed that this was a West African criminal IP. They asked how I knew, so we chatted about the "scam supporting" set of websites, including Fake Banks, Fake Shipping Companies, Fake Job Recruitment Sites, Fake Hospitals, and of course many #CryptoInvestmentScam websites that we found there. Uniquely West African combination. The Chinese Organized Crime folks don't do the fake shipping/bank/hospital combo. Just from the "New Today" sites, we had ... Crypto Investment Scams? ========================= zwischain[.]com?? bittripletrust[.]live? apexcapitalsltd[.]comens? avantifinancecorporation[.]com?? capital-lite[.]live?? asset-storm[.]com?? exbury[.]top?? uppacksminesfx[.]com?? flippays[.]xyz <= (thinking robot template)? flippays[.]xyzdashboardpayment?? taxsol[.]ink? Fake Shipping Companies ======================== premiumcargoinc[.]online? timesavercourier[.]com? worldwidefdx[.]online? herofasttrackservices[.]online stepaheadrecruits[.]org <= fake job site? nacionalkcenter[.]online <= fake hospital noblepurity-b[.]com <= fake bank? baistonb[.]com <= future fake bank, showing open directory with a zip of the website advantisbank[.]com <= fake money transfer service wokingcapital[.]com <= fake money transfer service? ? hollywood-globalstarsmgt[.]com <= fake talent management company (claims to manage Keanu Reeves) dridextool[.]com <= login page unsure ?? ggbeautyonlinestore.com[.]ng <= nigerian beauty products site The next step, of course, is to submit the new CryptoScam sites back to URLScan.io and then send the whole list to Derek Smythe at AA419 -- the king of African Scammer researchers!
-
ZETAlytics转发了
Intelligence for Good continues to share domains that need to be taken down. Each of these domains is actively being used to steal funds from our elders and neighbors via fraudulent #CryptoInvestmentScams. For each of the #TwentyTargets we provide the #Registrar, the #HostingCompany, and screen shots proving the #FalseClaims they are making about the investments. Things such as 20% earnings every 24 hours, or 8% earnings every day for 5 days, or 300% earnings in 96 hours. In the most extreme cases, some sites are promising 20% HOURLY earnings if you commit to a 31 day contract! (What is that, something like 14,880% interest before compounding?) Turns out it is ILLEGAL to make fraudulent and false statements to convince someone to make an investment. Who knew? Well, we did ... and the SEC did ... but apparently the people who sell domains and host them don't really care about such things. Let's help them care? Who can you share this information with that can help us remove domain names from the Internet? With your help, we've terminated HUNDREDS of domains. But there are thousands more to go. We need to find mechanisms to convince #ICANN #Registrars that registering criminal domains is a bad idea. Ideas welcome!
-
ZETAlytics转发了
Last week at #RSA someone suggested to me that the #OpioidSales portion of the #TwentyTargets project was a distraction to "the real problem." May I respectfully disagree. More than 100,000 people in the USA will die this year after consuming a #FatalOverdose of #Opioids or #Fentanyl-tainted drugs, often without realizing the drug they bought online contained any Fentanyl. For me, it is personal. My daughter, Kyriae, died at age 19 while using #heroin. We've been involved in the fight for a long time at UAB, where I partner with Elizabeth Gardner to fight online drug sales. I don't talk about my daughter's role in my motivation very often, though the guys from BBC Click got my story out of me when they came to Birmingham to film "Can Tech Solve the Opioid Crisis?" (Shortened URL to that episode: hxxps://bit[.]ly/UABClick = https://bit.ly/UABClick) UAB won't stop fighting. #IntelligenceForGood won't stop fighting. But we need your help. Can you help us terminate these domains? We have other problems in this area we'll be tackling soon, driven by availability of funds for more research analysts. Will you join us? For now, HELP US KILL THESE DOMAINS! Talk to Registrars. Talk to Hosters. Talk to #ICANN. Talk to your legislators. Share this deck. Why are these sites allowed to stay online when their very presence is a felony? Because online drug sales have #NoNaturalPredator. Until they met us. We hope that "Us" includes You! Welcome to the team.
-
ZETAlytics转发了
In Week 17 of the #TwentyTargets for Takedown: Opioid Edition, we've emphasized some of the websites that are advertising not only opioids, but Fentanyl. About half of this week's websites are offering #Fentanyl for sale. Pay attention to ChemicalFrog in particular, who is offering fentanyl precursors being sold from China. Intelligence for Good continues to expand our network and we're hearing some great ideas. Here is one question for this week. In traditional cybercrime, if a #REGISTRAR fails to take action on illegal activity, it is possible to appeal to the #REGISTRY, who can kill the domain any way. Could I get an introduction to someone who could guide us through that process?
-
ZETAlytics转发了
This has been an emotional week for the #TwentyTargets project. Watch for a blog post soon with more details, but the facts go something like this. We learned of a #CryptoInvestmentScam and found that it used a very common template. We learned that it was stealing a lot of money and a large group of sites were all linked. We watched it steal $7 Million in two weeks. We notified the Registrar and they told us we had provided "insufficient evidence." Over the weekend it stole another $1 million. We sent more data to the Registrar. "Insufficient evidence." The FBI's IC3.gov just released their 2023 Elder Fraud report. Our elders lost $3.4 Billion in 2023. Crypto Investment Scams were the number one category of loss. It wasn't just our elders, of course, but this age bracket lost MORE per capita than any other age. Check out the IC3 Elder Fraud Report here: https://lnkd.in/em8j9gFv How can you help us convince the Registrars that hosting websites that destroy the hopes and dreams of our elders by breaking their hearts and stealing their money. We ask everyone to consider, will you help us? Thank you, Intelligence for Good #CryptoScams #CryptoInvestmentScams #InvestmentScams #ElderFraud #IntelligenceForGood urlscan.io ZETAlytics
-
ZETAlytics转发了
Some interesting updates in this week's #TwentyTargets for Takedown: Cryptoscams from Intelligence for Good and the UAB Computer Forensics Research Lab. It seems that someone may be DDOSing our CryptoScammers. The last thing I do each week before posting our Twenty Targets is that I review the sites myself to ensure they are still live. This week we did have two NXDomains, but more interestingly there were five sites giving them error "Too many connections." When someone is using the minimal/cheapest hosting package, they sometimes exceed their allotted bandwidth that accompanies that hosting. So while technically the site hasn't been dehosted or deregistered, some of these sites do seem to be unreachable due to exceeding their hosting bandwidth. Is that a good thing? or a bad thing? If it is exceeded because so many investors are flocking to the site, I would call that a Bad Thing. But if, on the other hand, someone is intentionally flooding them with traffic until their hosting allotment is exceeded ... hmmm... I am never in favor of DDOS because there are so many possible collateral damage victims. I can't say I will cry that the sites are unreachable though. In other news, I had two additional sites that my analysts assure me are reachable that I could not reach. This weekend I upgraded my home internet to Spectrum 1Gbps. (We have limited choices in my neighborhood, but that is still a 20x speed increase for me on download speeds, though upload still sucks.) I was pleased to find that Spectrum was blocking two of this week's #TwentyTargets with a message reading: Suspicious Site Blocked This site was blocked because it may contain unsafe content that can harm your device or compromise your personal info. We left those two sites in the deck as well, as they are not "dead" but I'm very happy that Spectrum is beginning to block some of these sites! (Does anyone know how we could get the whole list to them?)
-
Passive DNS used to help take down drug trafficking to help the fight against the Opioid Epidemic. Great work Gary Warner
In 2023, the DEA says they seized 74 million counterfeit pills containing #fentanyl. While some cross the border via traffickers, others are ordered from a website and shipped through the US Postal Service. These drugs don't require "The Dark Web" -- they can be found with a simple search on your favorite search engine, as we demonstrate every week. This is what the #OpioidCrisis is about. Easy access to fatal drugs. These drugs kill people. Please help Intelligence for Good take the websites down. Deregister the domains. Dehost them. Take a minute to review the websites in the attached document and complain to their Registrar or their Hosting Company. Let them know that this is not acceptable. Thanks for your help!
-
Gary Warner has always had such a great perspective and truly puts our data to great use.
This is Week 15 of the #TwentyTargets for Takedown project sponsored by Intelligence for Good. The analysts at UAB's Computer Forensics Research Lab have put together these decks each week, sharing 300+ #CryptoScam websites. Each of these is an #InvestmentScam where false and misleading claims are made to investors promising them impossible returns. Many of these websites are linked to #RomanceScams and #HumanTrafficking as we've been hearing about from Erin West and #OperationShamrock. This is the Number One financial crime in America today, according to the FBI's IC3.gov, according to the Federal Trade Commission #FTC, and according to the Financial Crimes Enforcement Network #FinCEN. While IC3 says our elders lost more than $3 Billion last year, FinCen suggests it may have been $16 Billion. What can we do to help? We can take down the domains that are stealing this money from our friends, our parents, and others. (See FinCEN's report: https://lnkd.in/e8nA8NRe ) Please share this information with your elected officials, but also complain to the Registrars and the Hosting Companies that allow this illegal activity on their platforms. These 300 are a start. As we learn how to convince Registrars and Hosting Companies to take these domains down, we can share the larger lists to helpful organizations. We're sharing them now on URLScan.io, where you can find our list of more than 10,000 such domains by searching for: task.tags:CryptoScam or clicking this URL: https://lnkd.in/evtfz7q2 #PigButchering #CryptoScams #InvestmentScams