Main News

main

How to use AbuseIPDB

Bangaly Koita 8 seconds ago

AbuseIPDB ia a third-party tool that provide a centralize database to report IP addresses that were used to abuse different companies or organizations.

The information about the malicious or suspicious IP addresses are coming from different sources such as Firewall, Proxies, Routers, Honeypots, Sandboxes or any sources use to monitors or detect malicious IP addresses.

The tool is accessible by clicking on the link: https://www.abuseipdb.com

 

Like you see, once the link is opened, 10 menus are available to your view, each of them has a different capability.

The first menu “Home” is the main page, the page contains the search menu to search information about IP addresses, Domain names or Subnets.

Let’s have a look at one example:

 

Like you see, we entered the IP address 117.199.172.28, the IP address was found in the database, which means that it was reported by someone.

Below, we can see that the IP address was reported 3 times of abuse and 24% of confidence.

On the picture, you may observe the details about the IP address such as:

The location, the owner, ASN number, the domain name associated to the IP address and the usage type.

By scrolling down, we may get more information about the entities that reported the IP address.

 

We can see on the picture, the reported name, the time it was reported and the comment about the reason it was reported.

That information helps us have better details about the IP address and make a recommendation to protect our environment.

You can click on WHOIS following with the IP address on the image to get more insight about it.

 

Result after clicking

If you wish to take down the IP address, you can scroll down and click on the button “takedown”

Feel the request form and submit to takedown the IP address.

Example of IP address takedown https://www.abuseipdb.com/blog/kv-solutions-takedown

You can find the recent reported IP address by scrolling at the end of the page

In the second menu “Report IP”

You can report an IP address an account.

On the third menu “Bulk Reported”

If you wish to report a group of IP addresses, a bulk report is possible, more details: https://www.abuseipdb.com/bulk-report

 On the fourth menus “Pricing”, “About”, “FAQ” are information related to the pricing, some details about the tool.

The seventh menuDocumentation”, contains information about how the tool can be integrated with others platforms:

The eighth menu “Statistics” contains information about IP addresses that have been reported. Scroll down to get more details.

The ninth menu “IP Tools” contains information about tools that can be used to perform some troubleshooting or get some details about IP addresses or DNS. Click on each of them to get more information.

Example: Click on the sub menu “Ping IP”

Like you see, the Ping failed on the IP address entered above.

The last menu “Contact”, contains information about how to contact AbuseIPDB team

Feel free to feel the fields to get in touch with the team.

Like you see, AbuseIPDB is very powerful tool, the tool has menus features described above to get more details about IP addresses and DNS or others. The tool should be one of the main tools you use daily if you work in SOC.

You can watch the video version by clicking on the link:

https://www.youtube.com/watch?v=p4JlGWRdXX8

 

Threat Intelligence

top AI-powered threat intelligence platforms

Bangaly Koita 2 days ago

threat intelligence platforms   are designed to help organizations detect, analyze, and respond to cyber threats more effectively.

If you wish to learn more about Cyber Threat Intelligence, feel free to click on: https://www.osintafrica.net/what-is-osint/

Here you have the best Threat Intelligence tools used by most of the organizations:

  1. Recorded Future

Uses AI and machine learning to analyze data from the open web, dark web, and technical sources.

  • Key Features:
    • Real-time threat intelligence
    • Risk scoring for IPs, domains, and vulnerabilities
    • Integrations with SIEMs and SOAR platforms
  1. Anomaly Threat Stream

Aggregates threat data from multiple sources and applies AI to correlate and prioritize threats.

  • Key Features:
    • STIX/TAXII support
    • Threat sharing communities
    • Machine learning-based threat scoring
  1. Mandiant Threat Intelligence (by Google Cloud)

Backed by frontline incident response data and AI-driven analytics.

  • Key Features:
    • Nation-state actor tracking
    • Threat actor profiles
    • Integration with Chronicle and Google Cloud Security

    4. IBM X-Force Exchange 

A collaborative platform for sharing threat intelligence across industries.

  • Key Features:
    • AI-enhanced threat analysis
    • Community-driven threat sharing
    • Integration with IBM QRadar
  1. Palo Alto Networks Cortex XSOAR Threat Intel Management

Combines threat intelligence with automated incident response.

  • Key Features:
    • Centralized threat feed management
    • AI-based enrichment and deduplication
    • Playbook-driven response
  1. SOCRadar

A cybersecurity platform specializing in Extended Threat Intelligence (XTI), designed to help organizations proactively detect, analyze, and produce a report about cyber threats. It integrates multiple security disciplines such as Threat Intelligence (TI), Digital Risk Protection (DRP), and External Attack Surface Management (EASM) into a unified AI-driven solution.

 

  • Key Features:
  • Modular and Flexible
  • Cyber Threat Intelligence (CTI)
  • MSSP-Ready
  • Dark Web Monitoring
  • Attack Surface Management (ASM)
  • Supply Chain Intelligence
  1. ThreatQuotient

a cybersecurity company that provides a threat intelligence platform designed to help organizations understand and respond to cyber threats more effectively. Its core product, ThreatQ, acts as a central repository and decision support system for threat data, making it actionable for security teams.

  • Key Features:
  • Threat Intelligence Management
  • Security Operations Integration
  • Threat Library
  • ThreatQ Investigations
  • Automation and Customization

 

All those solutions could be a good solution to protect your organization; it depends on your need and the budget.  Having a Cyber Threat Intelligence (CTI) platform in your organization is adding another layer of defense to protect your organization. If you have not implemented yet, feel free to contact us to assist you to implement a solution based on your needs.

Sport website

Top Free sports TVs Streaming online websites

Bangaly Koita 1 week ago

 

Everyone wants to enjoy watching sport such football, Basketball, MMA, BOX, Tennis, Volleyball, Rugby, Cricket and others. Below, you can find the best websites to watch your lovely sport online.

  1. https://livetv.sx/  is a website that offers free live streaming of various sports events, including football, ice hockey, tennis, and basketball. The platform provides users with access to real-time broadcasts, allowing sports enthusiasts to watch their favorite games from anywhere.
  2. https://stream2watch.diy/ is a website that offers free live streaming of various sports events, including NFL, NBA, UFC, boxing, soccer, and more. The platform provides users with access to real-time broadcasts without requiring sign-ups or subscriptions. Users can select their preferred sport, choose the live event they wish to watch, and pick their desired stream quality for seamless HD streaming.
  3. https://v2.sportsurge.net is an unofficial sports streaming website that offers free access to live broadcasts of various sports events, including NFL, NBA, UFC, NHL, soccer, and motorsports. It serves as an updated version of the original Sportsurge platform, aiming to enhance user experience with improved streaming quality, a cleaner interface, and broader device compatibility.
  4. https://crichd.su/   is a website that offers free live streaming of various sports events, including cricket, football, Formula 1, UFC, and more. It provides access to major tournaments such as the Indian Premier League (IPL), Pakistan Super League (PSL), Premier League, UEFA Champions League, and international cricket matches.
  1. https://firstsrows.net/ is a free sports streaming website that offers live broadcasts of various sports events, including football (soccer), NFL, NBA, UFC, MLB, NHL, and more. The platform provides users with access to real-time streams without requiring registration or subscription fees. Users can select their preferred sport and choose from multiple streaming links for each event.
  2. https://vipbox.diy/ is a free sports streaming website that offers live broadcasts of various sporting events, including NFL, NBA, UFC, MLB, soccer, and more. The platform provides users with access to real-time streams without requiring registration or subscription fees. Users can select their preferred sport and choose from multiple streaming links for each event.
  1. https://www.wheresthematch.com/ is the UK's leading live sports TV listings guide, providing comprehensive schedules for televised and officially streamed sports events across various broadcasters. Established in 2007, the platform was created to help sports fans easily find when and where their favorite matches are being broadcast, eliminating the need to search through multiple channels and websites.
  1. https://ftv.bg/en/ is an independent Bulgarian online platform that offers free access to live sports streams, match highlights, news, and statistics. It covers a wide range of sports, including football, basketball, tennis, volleyball, hockey, and boxing. The website provides live broadcasts of major leagues and tournaments, such as the English Premier League, UEFA Champions League, and Bulgaria's Efbet League. Additionally, it features video highlights, live scores, and sports news updates.

users should exercise caution when accessing free streaming sites. Such platforms may expose users to intrusive advertisements, potential malware, and tracking mechanisms. A study highlighted that illegal streaming services often employ deceptive ads and extensive user tracking, posing risks to user privacy and device security.

Recommendations

  • Use a VPN: A Virtual Private Network can help protect your identity and data while streaming.
  • Install Ad-Blockers: These can reduce exposure to intrusive ads and potential malware.
  • Avoid Sharing Personal Information: Refrain from entering sensitive data on the site or associated links.
websites

The top 10 most visited websites in Guinea-Conakry

Bangaly Koita 3 weeks ago

Every internaut browses somewhere online, to know where people browse mostly is not a secret anymore. Below, you can find the most visited websites in Guinea-Conakry

🌍 Top Websites in Guinea – March 2025

Rank Website Monthly Visits Main Traffic Source
1 google.com 5.88 million Direct
2 pariezgdj.live 1.47 million Direct
3 youtube.com 1.2 million Direct
4 chireads.com 1.07 million Direct
5 facebook.com 1.05 million Direct
6 google.fr 899K Direct
7 french-stream.bio 886K Direct
8 mgeko.cc 621K Direct
9 africaguinee.com 577K Direct
10 animekai.to 561K Direct

As you see above, Google is the most visited website followed by pariezgdj.live which is an online betting website

The last one AnimeKai - Watch Free Anime Online, Stream Subbed & Dubbed Anime in HD is an online website to watch anime for free.

Based on the data available, we can evaluate how fast the connectivity all around the world is growing. 

Data protection is crucial at this point.

MTN logo

Million of MTN Group users data available on DarkWeb by unknown threat actor

Bangaly Koita 1 month ago

MTN Group disclosed a data breach. The company is active in many countries such as Ivory Coast, Guinea, Iran, Benin, Liberia, Nigeria, Sudan and the sponsor of the CAF Champions League football competition, Manchester United F.C and others.

The company has million subscribers  and users the data breached could impact have a huge impact if the threat actor starts targeting the users.

The company confirmed from their website that an unknown third-party has claimed to have access data linked to parts of their systems.  The company does not have any information to suggest that customers’ accounts and wallets have been directly compromised.

The following mitigations recommendations have been put into place for the customers to remain vigilant (MTN cybersecurity incident, but critical infrastructure secure | MTN.com):

Keep MTN, MoMo and banking apps and devices updated.

Use strong, unique passwords for accounts and change them regularly.

Be cautious of unexpected messages and do not click on suspicious links.

Do not disclose information such as passwords, PINs and OTP when asked to do so by phone, text message or email.

Where multifactor authentication is available, it should be activated.

The threat actor and the source of the breaches are not disclosed yet.  As a customer, we encourage you to follow the recommendations.

Telegram phishing

Scammers created thousand of fake websites mimicking Telegram

Bangaly Koita 2 months ago

A large phishing campaign against Telegram was detected.

The threat actors created thousand of websites mimicking Telegram.

At the time of writing, thousand of users are impacted.

The impact could lead to data theft such as PII, Financial lost and further.

Most of the phishing domains are hosted under CLOUDFLARENET.

CLOUDFLARE is offering free features such as fastest DNS resolver, Delivery Network (CDN), Free SSL certificate

which makes the service the best choice for threat actors to compromise the user, the user must enter his/her PII as a newly register user. Once done, the data will be sent to the malicious server and stored.

The certificates used on the domains are either from Google Trust Services WE1 or CLOUDFLARE, INC. Cloudflare TLS Issuing ECC CA 1, with the availability time set between 2025–03–20–2025–06–18  which means that the phishing domains might stay longer than expected .

Taking a precaution such as taking down the domains will be the best approach to protect the users.

Some of the Phishing domains:

elegeqwt[.]kim

telegmvev[.]lat

telegtrwe[.]kim

telegcmzb[.]hair

telegzmcb[.]lat

telegzcmz[.]hair

telegqtre[.]monster

telegzmbc[.]icu

telegbzmc[.]lat

telegmexv[.]icu

telegwrte[.]monster

telegwret[.]monster

telegbzmc[.]lat

telegmexv[.]icu

telegwrte[.]monster

telegwret[.]monster

telegrrm[.]fans

telegwrqt[.]monster

telegqtre[.]ren

telegjhgk[.]cam

telegrwtq[.]ren

Recommendations:

The domains should be taken down.

Blocked the domains if visible within your environment.

In case a user clicked on any domain, reset the user’s password.

For those who use Telegram, activate 2FA on Telegram.

Set up a password policy

In case a user entered financial information such Bank account number (Contact your bank and change the information ASAP)

Scan the host to ensure that no malicious payload was downloaded.

ConnectWise

Malicious ConnectWise Control application downloaded in the wild

Bangaly Koita 3 months ago

ConnectWise ScreenConnect is a self-hosted remote desktop software application. The tool is used by thousand of people, Companies, businesses around the world.

As a well-known tool, abusing it, could help the threat actor to compromised many systems and organization by gaining unauthorized access to the computer or environment.

The malicious application is called ConnectWise Control 23.2.9.8466. Quite similar to the naming convention used by ConnectWise ScreenConnect application.

The malicious tool is available from the website krscreenconnect[.]com.

At the time of writing, the tool been downloaded by many users and organizations.

The domain name is quite new:

The domain is newly created:

Dates 50 days old

Created on 2025–01–26

Expires on 2026–01–26

Updated on 2025–01–26

Hosted on dedicated server with the IP address 192.159.99.10.

The application is available to download after connecting to the website via the link: hxxps://krscreenconnect[.]com/bin/support.client.exe?i&e=Support&y=Guest&r.

To fully investigate the application, we used couple of tools such as app any run, Virus total, urlscan, Domaintools, Censys.

First of all, we wanted to have the hash of the executable file “support.client.exe” or see what is behind the URL. To achieve that, we used: Search — urlscan.io

we got the following details:

A second technic we used was to run the URL via VirusTotal to get the Hash:

We got the same hash as we got from URLSCAN:

As you may know, Censys ( Censys Search will end on March 31, 2025) is one of the best tool to get more details about an IP address. Using Censys, we got:

192.159.99.10 — Host Summary — Censys

The unique IP 192.159.99.10 link to the domain in question:

On the port HTTP 443, a romote access ConnectWise Control 23.2.9.8466 is available.

We decided to run the executable file through app any run to be able to analyse it in the sandbox: https://app.any.run/browses/78c73b3d-b38e-48cd-813e-9d4b1883cb0c

After running the executable file, we found out that the file is digitally signed by ConnectWise LLC since 2023. Which look strange but possible.

While analysing the executable file, we found one interesintg indicator

The file name : C:\Users\jmorgan\Source\cwcontrol\Misc\Bootstrapper\Release\ClickOnceRunner.pdb

following the ImportsHash: 7631a79a9071099fa4803e1c4c5df207

We found out that the Hash of the file is quite famous through Google search:

By checking the information from: MalwareBazaar | SHA256 d4b396874b63841713f83aecb7b3bf6e19b068f246c950cbdbb08bdafb394763 (ConnectWise)

We found very interesting details

The information found is the confirmation that the executable file is digitally signed by Connectwise, LLC.

To finalize our investigation, we checked the payload after execution

If you are already familiar with malware analysis, you may notice some suspicious functions used such as :

LoadLibraryA

GetCurrentProcess

TerminateProcess

CreateFileW

GetProcAddress

HeapAlloc

WriteFile

ExitProcess

HeapReAllo

The functions are usually used for code injection to hide the executable file from the EDR or Anti-Virus engine.

We can already limit here our investigation and come to the conclusion that the file is a malware and you should not run it.

The usage of the digitally signed certificate from is out of scope (if you want to know ask them ahhh).

We found many others malicious executable files using the signed certificate from the company: MalwareBazaar | Browse malware samples.

Which means that you should always check any application signed by this organization.

If you already notice such activity within your organization, the following measure should be taken as fast as possible:

Change the user password.

Re-image the host impacted.

Perform the full analyze on the host to detect any C2 or Persistency or privilege escalation method used.

Block the URL or domain.

Block the IOCs Hash.

Tesla phishing

Tesla website impersonated by threat actors

Bangaly Koita 3 months ago

We have detected several websites impersonating Tesla’s company. The activity could lead to data leak, lost of revenues, lost of clients.

The threats actors created several websites as they are from Tesla. The websites are are offering Logistics for World's Multinational Companies.

At the time of writing, many companies of third parties might be felt into this malicious activity.

We have provided full investigation of the websites created, you can enjoy with the full details below.

The threats actors created some domains with the keyword “elonmusk”, “tesla” to trick the users as the website is coming from Telsa.

  1. elonmuskdelivery[.]com

Dates 17 days old

Created on 2025–02–17

Expires on 2026–02–17

Updated on 2025–02–26

2. tesladeliveryservice[.]online

Dates 7 days old

Created on 2025–02–27

Expires on 2026–02–27

Updated on 2025–02–28

3. TeslaDeliveryCorp[.]icu

Dates 5 days old

Created on 2025–03–01

Expires on 2026–03–01

Updated on 2025–03–01

The domains are on CLOUDFLARE.COM.

4. TesLadt[.]com

55 days old

Created on 2025–01–11

Expires on 2026–01–11

Updated on 2025–01–11

The domains are newly created and do not belong to Tesla Organization.

The websites contains the Tesla logo used to trick the users to trust the websites which could be considered as Trademarks issue.

Tesla has his own website for delivery services which can be found at https://www.tesla.com/support/taking-delivery.

At the end, we may conclude tat the websites are not trusted and they should be taken over.

Google call

Google Meet typosquat by threat actors

Bangaly Koita 4 months ago

Google Meet is an application used by million of people around the globe. The application is used by Companies, Schools, Universities, Governments, people and others.

As such a big platform, the impact of impersonation could be very devastating.

We found many domains impersonating Google Meet to trick the users to enter their credentials or to download the fake Google Meet to compromise their system.

The fake Google Meet contains the link or pop up to download the Google Meet application or Extension in the browser. By installing the fake Google Meet, the user will install a malicious payload that will be executed to compromise the system.

At the time of writing, many Companies, Schools, Universities, Governments, others are already compromised.

The impact can lead to data theft or even ransomware.

Please follow our recommendations:

Check your environment to detect the malicious domains:

google-meet-account[.]com

google-meetings[.]com

accountmeet-google[.]com

meet.gooqle-view. [.]com

meet.google[.]com

Blocked all those domains

Provide user awareness and training to the user

Bookmark the correct URL Google Meet for yours users (https://workspace.google.com/products/meet/)

In case you see such domain within your organization perform a full investigation on the host that was in touch with one of the domain by scanning the host and searching for any persistency behavior or C2 activity.

Change the user impacted credentials and re-image the host.

OSINT

What is OSINT ?

Bangaly Koita 4 months ago

OSINT means Open-Source Intelligence. It is a set of tools that are available for everyone and everywhere.

OSINT is used in many different areas such as:

  • Cyber Threat Intelligence
  • Human Intelligence
  • Political Intelligence
  • Journalist Intelligence
  • And others.

OSINT allows to collect any type of data available online and analyze it. The OSINT cycle is:

  • Data collection
  • Data Analysis
  • Report (Documentation and Recommendations)

The OSINT Report depends on which area you are using OSINT. For example in Cyber Threat Intelligence (Why do we need a Cyber Threat Intelligence? - osintafrica), OSINT report can be writing following one of the models CYBER KILL CHAIN or The Diamond Model of Intrusion Analysis, more details about the models can be found here Three attacks frameworks that Cyber Security members should know osintafrica. 

OSINT framework tools are available and easy to find online.

Some of them are:

OSINT Framework

Tools - Start.me

My OSINT Training's Tools

Advantages of using OSINT:

OSINT has many advantages such as many applications are free and accessible online, data available anywhere but the most important for us, are the following:

  • Detect Threats
  • Vulnerabilities
  • Information lookup
  • Data breached identification

Anything that has advantages, has inconveniences as well.

OSINT does have some.

OSINT Inconveniences:

Data can be query by anyone online

PII data accessible online

Vulnerability and threats are identifiable online

Data breached data are accessible on different platform (Dark Web, Hacking forum , OSINT tools and others ..).

OSINT tools can be vectors of attack.

The privacy concerning OSINT , the privacy concerns is quite similar to GDPR regulation requirements, such as collecting only information related to your investigation, having authorization to collect the data (PII or IP) and others.

OSINT is very useful, like said before, the tools are available for anyone to use. You can start using it by looking up some information related to your self. Do not forget about Privacy related to OSINT.

You may have missed

main

How to use AbuseIPDB

Bangaly Koita 8 seconds ago
Threat Intelligence

top AI-powered threat intelligence platforms

Bangaly Koita 2 days ago
Sport website

Top Free sports TVs Streaming online websites

Bangaly Koita 1 week ago
websites

The top 10 most visited websites in Guinea-Conakry

Bangaly Koita 3 weeks ago
MTN logo

Million of MTN Group users data available on DarkWeb by unknown threat actor

Bangaly Koita 1 month ago