Hacking - Matrix KB

Ukraine – Kyiv (Kiev) Hack traces

So, I have decided to start documenting my Cyber Security and Digital Forensics skills. This one is going to be a work in progress.

-Clocked in: 15OCT2020-08:00:00PM CST:

A client of mine is using GoDaddy and a SaaS for WordPress and has asked me to secure and monitor the site. For now, the area of focus for this will be just this one site and just this month. I was routinely checking in on the site but also checking to see if our Google Ad Sense to monitorize the site was approved for the site, but this was what I was greeted with. Slightly alarming.

Wordpress Dashboard-15OCT2020

So, you have to have some base knowledge if you are going to go down this rabbit hole with me… Tracert, now I like to use Open Visual Trace Route; it is rather slick. Download Visual Trace

Now installing that will not just be a “next->next->”, but that’s why you have me get involved from the start or when needed, right? Contact me for situations like this… But onward, buttercup!

Web Application Firewalls, “Blue Team”, “Red Team”, IDS/IDPS/HIDP, SaaS vulnerability scanning, and management have protected them thus far. But wait, we are not done yet.

So, I narrow this threat actor down…

No, wait… before I go on, remind you, it is best when playing hide and seek to not reveal who you are… I use Express VPN; if the attacker is looking for what is coming, it is NOW from a communistic state, China.

Quick check, who do they think I am coming from now?

That’s right, not from Chicago; we are the OG Gagsters, right? Al Capone, anyone?

Ok, so now let us find out more… Here is where the IP that has been attacking the site is located:

Kiev - Ariel View

Slobozhenyuk Bogdan Yuriyovych is the person who is the legal identity with whom with international law I would go after:

FOP Slobozhenyuk Bogdan Yuriyovich
UA Unit (Uaunit.com)
Addresses: Svitlitsky, bud. 35, no. 9, m.Kiyiv, 04136 
Postal address: Marshal Grechko, bud. 20 V, sq. 58, m.Kiyiv, 04136
Phone: +38 (044) 451 51 07
E-mail: tech. pіdtrimka support@uaunit.com
sales@uaunit.com
boss@uaunit.com
p / r 26005052626991 in KB PRIVATBANK, m.Kiyiv MFO 320649, ЄDRPOU 3404215492

Now that is the legal entity to where legal documents are signed and who is a legal entity for the shared provider. International Law will need to be with regard to Ukraine legislation. A Vikoristannya Zamovnik also has a relation to the physical location below.

The physical address of where the server hacks originate physically is:

Akad. Krymskogo str. 4a, office 339 03680 Kyiv UKRAINE

But along the way, I think I found out where the hacker is logging in from to the DATA CENTER, from his house to this shared provider… Here is his house:

Clocked out 15OCT2020 – 10:07 PM CST