Hacking - Matrix KB

Ukraine – Kyiv (Kiev) Hack traces

So, I have decided to start documenting my Cyber Security and Digital Forensics skills. This one is going to be a work in progress.

-Clocked in: 15OCT2020-08:00:00PM CST:

A client of mine is using GoDaddy and a SaaS for WordPress and has asked me to secure and monitor the site. For now, the area of focus for this will be just this one site and just this month. I was routinely checking in on the site but also checking to see if our Google Ad Sense to monitorize the site was approved for the site, but this was what I was greeted with. Slightly alarming. But this is what IPS and firewalls are for.

Wordpress Dashboard-15OCT2020

So, you must have some base knowledge if you go down this rabbit hole with me… Tracert, now I like to use Open Visual Trace Route; it is rather slick. Download Visual Trace

Now installing that will not just be a “next-> next->,” but that’s why you have me get involved from the start or when needed, right? Contact me for situations like this… depending on what Operating system (OS) you may have, it might take some complicated steps that I will not cover here to install. You can still use tracert.

But onward, buttercup! There is fun to be had!

Web Application Firewalls, “Blue Team,” “Red Team,” IDS/IDPS/HIDP, SaaS vulnerability scanning, and management have protected them thus far. But wait, we are not done yet.

So, I narrow this threat actor down…

Now, wait… before I go on, remind you it is best when playing “hide and seek” I recommended not to reveal who you are… I use Express VPN, and Nord VPN is good as well; if the attacker is looking for what is coming, it is NOW from a questionable communist location in Hong Kong.

Quick check, who do they think I am coming from now?

That’s right, not from Chicago; WE are the OG Gagsters, right? Al Capone, Andrew Tate, anyone?

Ok, so now let us find out more… Here is where the IP that has been attacking the site is located:

Kiev - Ariel View

Slobozhenyuk Bogdan Yuriyovych is the person who is the legal identity with whom with international law I would go after:

FOP Slobozhenyuk Bogdan Yuriyovich
UA Unit (Uaunit.com)
Addresses: Svitlitsky, bud. 35, no. 9, m.Kiyiv, 04136 
Postal address: Marshal Grechko, bud. 20 V, sq. 58, m.Kiyiv, 04136
Phone: +38 (044) 451 51 07
E-mail: tech. pіdtrimka [email protected]
[email protected]
[email protected]
p / r 26005052626991 in KB PRIVATBANK, m.Kiyiv MFO 320649, ЄDRPOU 3404215492

Now that is the legal entity to where legal documents are signed and who is a legal entity for the shared provider. International Law will need to be concerning Ukraine legislation. A Vikoristannya Zamovnik also has a relation to the physical location below.

The physical address of where the server hacks originate physically is:

Akad. Krymskogo str. 4a, office 339 03680 Kyiv UKRAINE

But along the way, I think I found out where the hacker is logging in from to the DATA CENTER, from his house to this shared provider… Here is his house:

Clocked out 15OCT2020 – 10:07 PM CST


Nord VPN
60% off Nord VPN
Coinbase - Getty Images - 1234552839
Coinbase – Crypto Currency – Sign up with this link and get $10 free?! Buy/sell/exchange crypto, and use their ATM card to access your cash easily!
Chase Sapphire Preferred - Travel Points
NordPass - Password Manager - CJ Banner
https://www.dpbolvw.net/click-100604079-15345170
Binance Cryptowallet - Buy/Sell
Binance Blockchain
Amazon - Daily Deals
Amazon’s Daily Deals!
Your favorite restaurants are delivered to your front door! Grubhub!
Game Fly
Game Fly Video Game Rentals!