The following is a set of domain name reconnaissance for Conti Ransomware Gang’s related web properties.
Sample domains:
hxxp://aes[.]one – Kirill Borzov – Email: borzoff_k[.]grr[.]la; 89531976767@mail[.]ru
Sample URL: hxxp:/aes[.]one/files/d/e0t/1u4lg8iu6deal10c4k13lei1q7/94290198d07d9e0e/
Related domains:hxxp:/ запчасти71[.]рус – Email: 89531976767[.]mail[.]ru
hxxp:/continews[.]click – 89[.]45[.]4[.]98; 86[.]106[.]20[.]166; 146[.]70[.]71[.]184
Related Conti domains known to have been parked on the same IP (89[.]45[.]4[.]98):
hxxp:/continews[.]club
hxxp:/continews[.]xyz
hxxp:/contirecovery[.]click
hxxp:/contirecovery[.]best – 185[.]14[.]30[.]76
Related Conti domains known to have been parked on the same IP (185[.]14[.]30[.]76):
hxxp:/contirecovery[.]top
hxxp:/contirecovery[.]icu
Related Conti domains known to have been parked on the same IP (185[.]14[.]30[.]76):
hxxp://bet4rate[.]com – Anton Petrov – Email: a[.]lexboesky@gmail[.]com
Related domains known to have been registered using a[.]lexboesky@gmail[.]com include:
hxxp:/bet4rate[.]fr
hxxp:/bet4forum[.]com
hxxp:/nbaforecast[.]com
hxxp:/mlbforecasts[.]com
hxxp:/forecastpackage[.]com
hxxp:/betforrate[.]com
hxxp:/betspackage[.]com
hxxp:/analytics4sport[.]net
hxxp:/analytics4sport[.]org
hxxp:/sport4[.]us
hxxp:/4sport[.]us
hxxp:/bet4rate[.]com
hxxp:/center4sportanalytics[.]com
hxxp:/sport4analysis[.]com
Working spreadsheet:
hxxp:/docs[.]google[.]com/spreadsheets/d/1pI71arcyNDmcCZPfGFDFc0o9GJlrcJOycBWZEyrfjlA/edit
Working Google Drive account:
https://drive[.]usercontent[.]google[.]com/download?id=1TzaiXSmdZpSUvm_quI4DjiedpxAQ05mo
Related domains:
hxxp:/dropfiles[.]me – hxxp:/xchange[.]cash