Chinese compromise domains ranging from housekeeping and babysitting services to industrial machinery
By Dominic Alvieri
Twitter @AlvieriD
November 16th, 2021
Nearly every day new domains are acquired with company names like Nehe Maternity Matron's Housekeeping, Wengniu Teqi Housekeeping Services, Co., Ltd. and many others.
All are using the same IP Record No of 18dfds740-2. Every domain has a fake company name.
Over 200 domains within a 12 month period all with new fake housekeeping names and all traffic and data heading back to Beijing
Researching this from many different machines and networks surprisingly only a VPN IP from Northern Virginia was blocked on any sites.
The domains are being acquired through multiple registrars and hosted all over the world.
Twitter is a group favorite. Twitter has been banned in China since 2009.
Premium short domain names also include variants of Facebook, Amazon, Netflix and others...
TheStock-Exchange[.]com TwitterPictures[.]com
TwitterPhoto[.]com NikeAirMaxRetail[.]com Wrestlemania2016[.]com UrbanExchangeAZ[.]com
TwitterCar[.]com CongressOnTwitter[.]com
HotmailSetUp[.]com CapiatalOneBank[.]com
Over 200 domains within a 12 month period. They are even using Congress on Twitter dotcom. Many of the hosts and registrars are famous for hosting and deploying malware. The links, files and traffic patterns are discernable. Malspam quickly came to a new research email once registered with one of the shams and traced back to China.
TheStock-Exchange[.]com
The cover for this article is TheStock-Exchange[.]com site which has changed this week from the babysitting/housekeeping platform to a Chinese recruiting agency with several names as well. After several months of searching and countless misdirections the immutable data packets and domain traffic point to Beijing. An office building to be specific. After several contact attempts neither Luminaire, Lightning, any babysitters or communist party agents were available but probably listening. I got hung up on several times. Mention re-education and the call is abruptly over.
The customer service hotline was ice cold. So was everyone else.
Now recruiting in all areas and provinces of China including Xinjiang.
The extensive network and multiple addresses reek of the panda with traces to Beijing. All phone numbers are in Beijing with a call center in Germany another favorite asset. Other fake companies are being utilized in different industries and are following the same modus operandi including an industrial packing company which is active in attempting to sell to United States based companies.
I have not been able to locate any of the non-existent packaging equipment export companies but they do respond. All the files, links and traffic patterns are the same. They will respond for a quote but beware of malspam that will follow.
My favorite name so far is Guangzong Multifunctional Pillow Packaging Machine Factory. It is easy to find the air quality in Guangzong, China. Finding information about the packing company is another story. Shenzhen has no listing either.
Guangzong Multifunctional Pillow Packaging Machine Factory is linked to Beijing
 |
| Air quality in Guangzong is easy to find. |
Hug the Big Panda
None of the industrial packing company names are real or have any listings in any of the major Chinese exporters websites or shipping port transfer agents. One way or another the data points to this one block in Beijing,
Visitors beware there is a bit of a pattern developing.
No comments:
Post a Comment