NEAR FINAL DRAFT Meta Quarterly Adversarial Threat Report Q2 2023

AUGUST 2023
SECOND QUARTER
DRAFT: Adversarial Threat Report

TABLE OF CONTENTS
Purpose of this report 3
Summary of our findings 4
Türkiye and Iran-based network 6
Türkiye-based network 7
Türkiye-based network 9
China-based network: detailed research & analysis 11
Russia-based network: lookback at Doppelganger’s activity over the last year 20
Policy & enforcement recommendations for raising cross-internet defenses

against domain name abuse 27
Appendix: Threat indicators 31
Q2 2023 ADVERSARIAL THREAT REPORT 2

PURPOSE OF THIS REPORT
Our public threat reporting began about six years ago when we first shared our findings about
coordinated inauthentic behavior (CIB) by a Russian covert influence operation. Since then, we
have expanded our ability to respond to a wider range of adversarial behaviors as global threats
have continued to evolve. To provide a more comprehensive view into the risks we tackle, we’ve
also expanded our regular threat reports to include other emerging threats and our detailed
insights — all in one place, as part of the quarterly reporting series. In addition to sharing our
analysis and threat research, we’re also publishing threat indicators to contribute to the efforts by
the security community to detect and counter malicious activity elsewhere on the internet (See
Appendix).
We expect the make-up of these reports to continue to evolve in response to the changes we see in
the threat environment and as we expand to cover new areas of our Trust & Safety work. This
report is not meant to reflect the entirety of our security enforcements, but to share notable trends
and investigations to help inform our community’s understanding of the evolving threats we see.
We welcome ideas from our peers across the defender community to help make these reports more
informative, and we’ll adjust as we learn from feedback.
For a quantitative view into our Community Standards’ enforcement, including content-based
actions we’ve taken at scale and our broader integrity work, please visit Meta’s Transparency
Center here: https://transparency.fb.com/data/.
What is Coordinated inauthentic behavior (CIB)?
We view CIB as coordinated efforts to manipulate public debate for a strategic goal, in which fake
accounts are central to the operation. In each case, people coordinate with one another and use
fake accounts to mislead others about who they are and what they are doing. When we investigate
and remove these operations, we focus on behavior rather than content — no matter who’s behind
them, what they post or whether they’re foreign or domestic.
Continuous CIB enforcement: We monitor for efforts to come back by networks we previously
removed. Using both automated and manual detection, we continuously remove accounts and
Pages connected to networks we took down in the past. See Section 5 for specific examples of our
work to detect and counter recidivism.

SUMMARY OF OUR FINDINGS
In our Q2 Adversarial Threat report, we’re sharing findings about three separate covert influence
operations that violated our policy against CIB. They originated in Türkiye and Iran. We are also
sharing detailed threat research and analysis about a China-based network that we assess to be
part of the largest cross-platform operation we’ve disrupted to date. And finally, this report
includes new research into the so-called Doppelganger influence operation from Russia that we
first took down in September of 2022.
1. Türkiye and Iran: We removed a network of 22 Facebook accounts, 21 Pages and seven
Instagram accounts in Türkiye and Iran that targeted audiences in Türkiye. We took it down before
it was able to build an audience. The people behind this activity created and operated a network of
websites posing as independent news entities, while apparently relying on unwitting authors to
create content. This campaign attempted to post links to its websites across multiple internet
services including Facebook, Instagram, Twitter, Telegram, LinkedIn and Pinterest. We found this
network as a result of our internal investigation into suspected coordinated inauthentic behavior in
the region, and connected it to the network we took down in 2018.
2. Türkiye: We removed a network of 34 Facebook accounts, 49 Pages, 107 Groups and 12

Instagram accounts in Türkiye that targeted domestic audiences in that country. This campaign
focused on running a dozen off-platform websites posing as independent news media that contain
pay-per-click ads, likely to monetize traffic. The operation tried to amplify these domains across
social media, including Facebook, Instagram, Twitter, and YouTube to make their content appear
more popular than it was. We found this network as a result of our internal investigation into
suspected coordinated inauthentic behavior in the region, and linked it to individuals in Türkiye,
including those associated with Turkuaz Gazetesi, an online news outlet.
3. Türkiye: We removed a network of 60 Facebook accounts, 37 Pages, 2 Groups and 20 Instagram

accounts in Türkiye that targeted domestic audiences in that country. The individuals behind this
operation created fictitious brands that featured distinctive logos, profile photos, visual styles and
hashtags across Facebook, Instagram, Twitter and TikTok. We found this network as a result of our
internal investigation into suspected coordinated inauthentic behavior in the region, and linked it to
four social media agencies: VOMM Creative, Skala Medya, TMSC Media and Bin945 Creative
Works. Our assessment benefited from reviewing public reporting on some of this activity.
4. China: We took down thousands of accounts and Pages that were part of the largest known
cross-platform covert influence operation in the world. It was active on more than 50 platforms and

forums, including Facebook, Instagram, X (formerly Twitter), YouTube, TikTok, Reddit, Pinterest,
Medium, Blogspot, LiveJournal, VKontakte, Vimeo, and dozens of smaller platforms and forums.
This campaign was run by geographically dispersed operators across China who appeared to be
centrally provisioned with internet access and content. It included positive commentary about
China and its province Xinjiang and criticisms of the United States, Western foreign policies, and
critics of the Chinese government including journalists and researchers. Our investigation found
links to individuals associated with Chinese law enforcement. We were also able to link this network
to the so-called “Spamouflage” operation and its many separate clusters of spammy activity that
Meta and our peers have been taking down since 2019.
5. Russia: We’re publishing new threat research into the Russian operation that we first disrupted a
year ago – it mimicked the websites of mainstream news outlets in Europe to post fake articles
about Russia’s war in Ukraine. We shared our detailed threat research far and wide last year –
including attribution to two Russian firms – so that others can take appropriate action too.
Recently, these companies were sanctioned by the EU. Because we know that these deceptive
campaigns are persistent and often try to come back — if not on our platforms, then somewhere
else – our work to counter them goes beyond our initial takedown. Our latest findings show that
this campaign has continued to pursue its single mission – to weaken support for Ukraine against
Russia’s invasion. It has expanded beyond its initial targeting of France, Germany and Ukraine itself
to now also include the US and Israel. Among its most recent domain spoofing targets were the
Washington Post, Fox News, and NATO. We assess this network to be the largest and the most
aggressively persistent Russian-origin operation we’ve taken down since 2017.
Domain registration abuse: Four out of five covert influence operations in this report ran websites
that pose as legitimate news outlets, including one that spoofed mainstream media organizations.
While we continue to block malicious domains engaged in violating activity from being shared on
our services, enforcements on each individual platform can only go so far in disrupting these
internet-wide campaigns while their websites remain live. Transparency and cross-society
responses are critical in tackling these malicious efforts to manipulate public debate, because each
of the tech platforms, researchers, media and government entities, domain registrars and
regulators have a unique but limited view into individual elements of these deceptive campaigns.
We’re sharing our policy and enforcement recommendations for tackling domain registration abuse
across the internet and multiple threat types.

01
Türkiye and Iran
We removed 22 Facebook accounts, 21 Pages and seven Instagram accounts for violating our
policy against coordinated inauthentic behavior. This network originated in Türkiye and Iran and
targeted audiences in Türkiye.
The people behind this activity operated a network of websites posing as independent news
entities where they posted primarily in Turkish about news and current events in the Middle East
region, including supportive commentary about Iran and Palestine; verbatim statements by
Ayatollah Ali Khamenei; and critical commentary about Israel, the United States, the Turkish
government and the Justice and Development Party (AKP) in Türkiye. The operation appeared to
have relied on unwitting authors to create content. This campaign attempted to post links to its
websites across multiple internet services including Facebook, Instagram, Twitter, Telegram,
LinkedIn and Pinterest.
The individuals behind this network used fake accounts – some of which were detected and
removed by our automated systems – to manage Pages, post content, and drive people to their
off-platform domains. We removed them before they were able to build an audience.
We found and removed this network as a result of our internal investigation into suspected
coordinated inauthentic behavior in the region, ahead of the elections in Türkiye. Our investigation
found links between this activity and the network we took down in 2018.
● Presence on Facebook and Instagram: 22 Facebook accounts, 21 Pages, and seven

Instagram accounts
● Followers: About 11,000 accounts followed one or more of these Pages and about 17,000
accounts followed one or more of these Instagram accounts.
● Advertising: About $670 in spending for ads on Facebook, paid for mostly in Turkish lira and
US Dollars

02
Türkiye
We removed 34 Facebook accounts, 49 Pages, 107 Groups and 12 Instagram accounts for
violating our policy against coordinated inauthentic behavior. This activity originated in Türkiye
and targeted domestic audiences in that country.
This campaign focused on running a dozen off-platform websites posing as independent news
media where they posted content in Turkish about current events in the country, including politics,
critical commentary about the opposition, supportive commentary about the AKP, sports,
entertainment, and other non-political topics. These “news” websites appear to contain
pay-per-click ads, likely to monetize traffic. The operation then tried to amplify these domains
across social media, including Facebook, Instagram, Twitter, and YouTube to make their content
appear more popular than it was. The operation appears to have used web tools to automate
posting on their websites and on social media.
The people behind this activity relied on a combination of compromised, duplicate and fake
accounts – some of which were detected and removed by our automated systems – to manage
Pages and Groups, and post and like their own content. Some of these Groups went through
significant name changes over time and appeared to have been acquired from others.
coordinated inauthentic behavior in the region, ahead of the elections in Türkiye. Although this
operation attempted to conceal their identities and coordination, our investigation found links to
individuals in Türkiye, including those associated with Turkuaz Gazetesi, an online news outlet. We
also found links to a cluster of spammy activity we had previously taken action against for violating
our policy against inauthentic behavior by using abusive audience building tactics.
● Presence on Facebook and Instagram: 34 Facebook accounts, 49 Pages, 107 Groups and 12
Instagram accounts

● Followers: About 1.9 million accounts followed one or more of these Pages, around 1 million
accounts joined one or more of these Groups and about 125,000 accounts followed one or
more of these Instagram accounts.
● Advertising: About $21,000 in spending for ads on Facebook, paid for mostly in Turkish lira.

03
Türkiye
We removed 60 Facebook accounts, 37 Pages, 2 Groups and 20 Instagram accounts for violating
our policy against coordinated inauthentic behavior. This activity originated in Türkiye and
targeted domestic audiences in that country.
The people behind this activity used a combination of authentic, duplicate and fake accounts -
some of which were detected and disabled by our automated systems - to admin Pages, post and
like their own content. Likely in an attempt to evade our detection and enforcement, this network
transferred management of its Pages from one fake account to another over time. Some of these
fake accounts used profile photos likely generated using machine learning techniques like
generative adversarial networks (GAN).
The individuals behind this operation created a number of fictitious brands that featured distinctive
logos, profile photos, visual styles and hashtags across Facebook, Instagram, Twitter and TikTok.
They posted primarily in Turkish about politics and current events in Türkiye and the region,
including critical commentary about the opposition, European Union and United States, and
supportive commentary about the AKP and its policies.
coordinated inauthentic behavior in the region, ahead of the elections in Türkiye. Our assessment
benefited from public reporting about a portion of this cross-internet activity. Although the people
behind it attempted to conceal their identities and coordination, our investigation found links to
four social media agencies: VOMM Creative, Skala Medya, TMSC Media and Bin945 Creative
Works.
● Presence on Facebook and Instagram: 60 Facebook accounts, 37 Pages, 2 Groups and 20

Instagram accounts.

● Followers: About 1.3 million accounts followed one or more of these Pages, about 30,000
accounts joined one or more of these Groups, and about 355,000 accounts followed one or
more of these Instagram accounts.
● Advertising: About $667,000 in spending for ads on Facebook, paid for mostly in Turkish lira.

04
China
IN-DEPTH RESEARCH & ANALYSIS

EXECUTIVE SUMMARY
We removed 7,704 Facebook accounts, 954 Pages, 15 Groups and 15 Instagram accounts for
violating our policy against coordinated inauthentic behavior. This network originated in China
and targeted many regions around the world, including Taiwan, the United States, Australia, the
United Kingdom, Japan, and global Chinese-speaking audiences.
We began this investigation after reviewing public reporting about off-platform activity that
targeted a human-rights NGO in late 2022. Following this lead, we were able to uncover a large and
prolific covert influence operation which was active on more than 50 platforms and forums,
including X (formerly Twitter), YouTube, TikTok, Reddit, Pinterest, Medium, Blogspot, LiveJournal,
VKontakte, Vimeo, and dozens of smaller platforms and forums, as well as Facebook and
Instagram.
On our platform, this network was run by geographically dispersed operators across China who
appear to have been centrally provisioned with internet access and content directions. Many of
their accounts were detected and disabled by our automated systems. We assess that this likely led
the people behind it to increasingly shift to posting its content on smaller platforms and then trying
to amplify it on larger services in hopes to maintain persistence. We have not found evidence of this
network getting any substantial engagement among authentic communities on our services. In
fact, one of the key tactics we’ve seen them use was acquiring spammy Pages whose inauthentic
following likely came from fake engagement farms around the world, notably in Vietnam,
Bangladesh and Brazil. This meant that Pages that mainly posted in Chinese and English were
almost exclusively followed by accounts from countries outside of their target regions.

This network typically posted positive commentary about China and its province Xinjiang and
criticisms of the United States, Western foreign policies, and critics of the Chinese government
including journalists and researchers. To illustrate the range of content themes pursued by this
network, we’ve included sample headlines in the Appendix.
While this network’s activity on our platform mainly consisted of spammy sharing of links, in
addition to memes and text posts, our investigation identified notable distinctive errors, behavioral
patterns and operational structure that allowed us to connect it to a number of more complex and
long-running large clusters of activity across the internet. As we worked to understand the full
scope of this activity across the board, we were also able to identify links between this network and
many separate clusters of spammy activity we’ve been detecting and removing under our
Inauthentic Behavior policy since August 2019 which are known in the security community as
“Spamouflage.”1 (For the purposes of this report, we’ll refer to this latest China-based operation as
Spamouflage). Taken together, we assess Spamouflage to be the largest known cross-platform
covert influence operation to date.
Although the people behind this activity tried to conceal their identities and coordination, our
investigation found links to individuals associated with Chinese law enforcement.
TAKEDOWN BY THE NUMBERS
● Presence on Facebook and Instagram: 7,704 Facebook accounts, 954 Pages, 15 Groups and
15 Instagram accounts
● Followers: About 560,000 accounts followed one or more of these Pages, fewer than 10
accounts joined one or more of these Groups and about 870 accounts followed one or more
of these Instagram accounts. We assess that this network’s Pages were likely acquired from
spam operators with built-in inauthentic followers primarily from Vietnam, Bangladesh and
Brazil – none of which we assess to be the targets of this operation.
● Advertising: At least $3,500 in spending for ads related to this operation’s activity on
Facebook, paid for mostly in Chinese yuan, Hong Kong dollars and US dollars.
1
Researchers at Graphika first coined the Spamouflage name for this cross-internet activity in their original
report in 2019: see Ben Nimmo, C. Shawn Eib and L. Tamora, “Spamouflage”, Graphika, September 25, 2019,
https://graphika.com/reports/spamouflage. Members of the research community including the Australian
Strategic Policy Institute, Google’s Threat Analysis Group, and Mandiant have also substantially reported on
aspects of this operation’s wider activity.

KEY TRENDS
1. CENTRALIZED CONTROL, DECENTRALIZED OPERATORS
Our investigation found that the Spamouflage network is run by geographically dispersed
operators across China who appear to be centrally provisioned with internet access and content
directions.
We identified multiple distinct clusters of fake accounts that were run from many different parts of
China. Their behavior suggested that they were operated by groups who may have worked from a
shared location, such as an office. Each cluster worked to a clear shift pattern, with bursts of
activity in the mid-morning and early afternoon, Beijing time, with breaks for lunch and supper, and
then a final burst of activity in the evening.
Image:
Posting times, Monday

through Sunday, time
zone GMT +8
While some of these fake accounts were run from hundreds of miles apart, they repeatedly shared
the same proxy internet infrastructure - often in the United States, likely in an attempt to disguise
their origins.
These clusters of activity also repeatedly shared identical content across many internet platforms –
not just links and articles, but short, “personal” comments as well. These comments were designed

to appear unique and personal, using terms like “I” and “we” and referring to individual experiences
and beliefs. However, hundreds of different accounts made the same “personal” comments on
many different services and websites, indicating that they were likely centrally tasked with posting
these. Occasionally, fake accounts would post a comment together with what appears to have
been a serial number, suggesting that it may have been copy-pasted from a numbered list.
Image
Top to bottom: Identical “personal”

posts on X (aka Twitter), Reddit,
Canadian forum bbs[.]51[.]ca, and
Tumblr.
None of these posts appeared to have

attracted much engagement from real
people.
2. PIVOT TO SMALLER PLATFORMS
When Spamouflage was first uncovered in 2019, it typically focused on Facebook, Twitter and
YouTube. Over time, as platforms began detecting and blocking these spammy efforts, the
operation began pivoting to prioritizing smaller platforms, including local forums in Asia and Africa.

Much of the activity we recently disrupted on Facebook consisted of link shares to articles that the
operation had seeded on other forums.
The websites and forums used by this operation are remarkable for their diversity and geographical
spread: we’ve identified over 50 platforms and forums where we assess this campaign was active.
Beyond posting on Facebook and Instagram, Spamouflage made heavy use of Medium, X (aka
Twitter), Reddit, YouTube, Vimeo and Soundcloud. It ran accounts on Quora - sometimes replying
with pro-China comments to questions that had nothing to do with the topic. It posted hundreds of
cartoons on Pinterest, Pixiv, and art website artstation[.]com.
We also identified likely-Spamouflage accounts on TikTok, Blogspot and LiveJournal, and the
Russian platforms VKontakte and Odnoklassniki. Further afield, we identified likely activity on
Nigerian forum Nairaland[.]com, Indonesian forum kaskus[.]co[.]id, Chinese financial forum
nanyangmoney[.]com and Australian local forum Melbournechinese[.]net.
Image
Clockwise from top left, a video

headlined "敦促蔡英文及其軍政首腦投降
書" (“Urging Tsai Ing-Wen and her
military leaders to surrender”) posted
by likely Spamouflage accounts on
Medium, Quora, Pinterest (linking to a
since-deleted YouTube video) and
Nairaland[.]com (linking to a video on
Odnoklassniki that was still live as of
August 1, 2023).
Note the incongruous reply on Quora

to a completely unrelated question,
and number 20 before the Pinterest
post.
Spamouflage content criticizing Chinese virologist Yan Limeng – a frequent target of the operation
– also appeared on TripAdvisor. Another frequent target of this operation – Chinese-American
journalist Jiayang Fan – appeared to have been mentioned on the forum of Luxembourg newspaper
Luxemburger Wort. Spamouflage also appeared to post in the comments section of the Financial

Times’ Chinese language publication, FTChinese. Some of this content has since been likely deleted
by the admins of these websites.
3. ECHOES OF “SECONDARY INFEKTION”
As we reviewed our findings on tactics, techniques and procedures (TTPs) used by Spamouflage
over the years, we noted some distinct similarities with the Russian network we first exposed in
2019 which was later dubbed “Secondary Infektion”. While the reasons behind these parallels are
unclear, it is possible that CIB operators learn from one another, including as a result of public
reporting about covert influence operations by our industry and security researchers.
First, Spamouflage was the most cross-platform operation we’ve investigated since Secondary
Infektion. And both often planted their content on smaller platforms before attempting to share
links to it on larger ones.
Second, both operations posted content in an unusual range of languages: Secondary Infektion
used at least seven (Russian, English, German, French, Spanish, Swedish, Ukrainian); and
Spamouflage content came primarily in Chinese and English in addition to French, and smaller
volumes in languages including Spanish, Russian, Japanese, Korean, Thai, Indonesian, Filipino,
German, Finnish, Portuguese, and even Latin and Welsh.
Third, Spamouflage, at times, used a very atypical mix of distinct forums that Secondary Infektion
also utilized, which have been rarely or never seen to be used by any other known influence
operations. These include British student forum thestudentroom[.]co[.]uk and blogging platforms
scoop[.]it and cont[.]ws.
Fourth, both operations engaged in very elaborate laundering of narratives. We found an instance
when Spamouflage went through multiple phases in its efforts to ultimately claim that the US was
the origin of COVID-19:
● It first appears to have created and published a 66-page “research paper” on website
zenodo[.]org. The paper was remarkable for its errors, including consistently misspelling the
names of key protagonists.
● Then, Spamouflage posted two distinct videos on YouTube and Vimeo to promote this
“research”.
● Then, it created an article that cited this “research” and embedded these videos to claim
that the US had been “hiding the truth about the origin of the virus from the outside world”.
It planted this article across multiple forums, including LiveJournal, Tumblr and Medium.

● Finally, it used accounts on Facebook, X, Quora, Reddit, Google Groups, LiveJournal, Tumblr
and smaller forums to amplify these links.
Notably, unlike Spamouflage, Secondary Infektion was much more careful in its operational
security (OpSec) and avoided re-using the same accounts. Typically, the Russian operation used a
single fake account to post only one article, and then abandoned it - sometimes within minutes of
creating it. Spamouflage, on the other hand, would typically use each fake account to post each
article 5-10 times in a row over a few days. This allowed it to post more, but at the cost of lower
OpSec. Since the operation appeared to have used accounts on many different platforms in the
same way, this meant that any one Spamouflage article could feature hundreds of times across
Medium, Reddit, YouTube, Quora, Pinterest, Tumblr, and smaller platforms.
Image
Posts of a single Spamouflage article by a single Medium

account, February 2023. The same article was posted
repeatedly on other Medium accounts, and also accounts on
Quora, Reddit, and a wide range of blogging platforms.
This pattern of “spraying” the same article across many different platforms and accounts gave
Spamouflage a considerable degree of resilience, because it would require action by many different
platforms to take down its articles for good. However, this may not have been the operators’
intention: they may simply have been trying to achieve a production quota for their campaign.
Notably, the operation’s use of highly distinctive headlines makes it particularly vulnerable to
cross-platform, open-source investigation. Headlines with typos and language mixes, such as
“Rummors and truth of COVID-19” and “棋子or弃子”, or with unique formulations such as “Queen

Elizabeth II Dead or Related to New Prime Minister Truss?” and “Guo Wengui's Lies, Little Ant's
Drugs” represent unique indicators that open-source researchers can use to find additional
connected activity across the internet.
We’ve shared threat indicators with our industry peers and the research community. To enable
further open-source research and illustrate the operation’s scope, we’re publishing a selection of
headlines that we can attribute to this operation with confidence.
4. HIGH VOLUME, LOW REACH
Despite the very large number of accounts and platforms it used, Spamouflage consistently
struggled to reach beyond its own (fake) echo chamber. Many comments on Spamouflage posts
that we have observed came from other Spamouflage accounts trying to make it look like they
were more popular than they were. Only a few instances have been reported when Spamouflage
content on Twitter and YouTube was amplified by real-world influencers, so it is important to keep
reporting and taking action against these attempts while realizing that its overall ability to reach
authentic audiences has been consistently very low.
Image
Top: Operation post on Quora,

alleging a UN vote against the
United States.
Bottom: The only reply.
This is likely in part due to the operation’s poor quality control. As we mentioned earlier, many of
Spamouflage’s accounts and Pages appear to have been purchased from third parties in other
countries, notably Vietnam and Bangladesh. Some of these Pages used to post ads unrelated to
CIB for products like phone cases, lingerie, clothing or children’s accessories, prior to them being
acquired and engaging in Spamouflage-related activity. The operators often appear to have begun
using these accounts and Pages without making any alterations - leading to highly idiosyncratic

behaviors where, for example, a Page that had been posting lingerie ads in Chinese abruptly
switched to English and posted organic content about riots in Kazakhstan.
Similar flaws characterized the operation’s content. A Medium account linked to the operation
posted the same article in Chinese and English criticizing New Yorker journalist Jiayang Fan, but
the Chinese headline was followed by the English text, and vice versa. Operation posts misspelled
key names - “Freud” instead of “Floyd”, “Lv Pin” instead of “Lü Pin” (a Chinese feminist activist).
The operators appear to have auto-translated the captions on their cartoons without proofreading
them, so that an article attacking the “Safeguard Defenders” (a human-rights group) was
accompanied by a cartoon calling them the “Protection guard”.
Image:
Two posts by the same Medium account,

June 11, 2022. The English and Chinese
versions are translations of one another, but
with the headlines attached to the wrong
texts.
In September 2022, Spamouflage accounts were still writing that Speaker Pelosi “will lead a House
delegation to visit Taiwan during a trip to Asia,” even though that trip had taken place a month
before.
Image
Post of a Spamouflage article on Russian platform

Yandex, looking ahead to Pelosi’s visit to Taiwan “in
August 2022”. The post was made on September 17,
2022.

05
Russia
LOOK BACK AT ‘DOPPELGANGER’S ATTEMPTS TO

STAY AFLOAT ACROSS THE INTERNET
EXECUTIVE SUMMARY
Last year, we shared our threat research into the CIB network focused on supporting Russia’s
invasion of Ukraine, dubbed Doppelganger, that operated across the internet, including running a
large network of websites spoofing legitimate news outlets. In December, we attributed it to two
companies in Russia: Structura National Technology and Social Design Agency (Агентство
Социального Проектирования). We banned these firms from our services. They were also later
sanctioned by the EU.
This lookback includes our latest threat research and new analysis of this campaign’s activity
across many services and websites. Having observed its attempts to adapt to detection by
platforms and researchers for about a year, a few big-picture insights stood out to us about
Doppelganger’s approach:
Persistence: We assess this campaign to be the largest and most aggressively persistent covert
influence operation from Russia that we’ve seen since 2017. Since our initial disruption and
continuous scrutiny by platforms and researchers, Doppelganger continued to create new domains
in an attempt to evade detection (see more details on changes in TTPs further down). Given the
nature of this operation and the type of entities behind it, this is expected behavior across our
industry with any CIB network we each take down. In addition to ongoing detection by our
automated systems, our team has been monitoring and taking action against these recidivist
attempts, and sharing findings with our peers and with the public. In total, we’ve blocked over
2,000 of the operation’s domains from being shared on our platform: these are included in the
Appendix to help the researcher community analyze this activity across the internet. We also
blocked tens of thousands of attempts to run fake accounts and Pages on our platforms.

High input – low output: This operation stands out for the sheer wastefulness of its large-scale
efforts. We expect Doppelganger to keep at it with its “smash-and-grab” approach by throwing a
large amount of resources – even if it leads to a very high detection rate and loss of assets, as we
described in September. But it may also indicate a sustained effort aimed at influencing the
ultimate client(s) in addition to the target audiences online. Such behavior is typical for influence
operations for hire run by marketing (and IT) firms like this one. While they can provide plausible
deniability to their customers, they also have an interest in continuing low-efficacy efforts as long
as they keep getting paid. They are also incentivized to exaggerate their own effectiveness,
engaging in client-facing perception hacking to burnish their credentials with those paying them. It
is critical to analyze the impact of these deceptive efforts (or lack of it) based on evidence, not on
the actors’ own claims or their persistence, while continuously strengthening our whole-of-society
defenses across the internet.
Expanding targeting, yet single mission: With Doppelganger focusing on weakening support for
Ukraine against the Russia invasion, this operation appears to be trying to pick off some of
Ukraine’s key international allies over time. Judging by the origin of the organizations that this
operation spoofed, among other factors, this Russian campaign has expanded beyond targeting
France, Germany and Ukraine itself for the first 8+ months to include the US and Israel earlier this
year. While the exact reasoning behind this expansion is unknown, it likely reflects the fluid tasking
of this operation (by its clients) and its single-minded mission.
Domains are all the rage: A large set of websites filled with anti-Ukraine and pro-Russia “news”
stories have been the center of this operation – it is where the firms behind Doppelganger try to
drive people from across the internet (see details on TTPs further down). While we (and other
research teams) have continued to publicize these spoofing domains to enable further research and
enforcement, many of them remain live, actively adding “news” articles. Blocking these domains
from being shared on each individual platform can only go so far to disrupt this internet-wide
campaign while its websites continue operating. See more on Meta’s policy recommendations on
tackling domain registration abuse across many threat types in Section six.
DOPPELGANGER: BACKGROUND
Launched soon after Russia’s full-scale invasion of Ukraine, Doppelganger created a small number
of sophisticated websites that spoofed the appearance of mainstream European news outlets, and
then spammed links to those sites using simple fake accounts on many social media platforms,
including Facebook, Instagram, Telegram, X (formerly Twitter), and even LiveJournal, among

others. In parallel, it created fake petitions, videos, cartoons, and a media “brand” called RRN which
posted original pro-Russian and anti-Ukrainian content in six languages on its own website. We first
reported on RRN in our September 2022 threat report.
LATEST TRENDS
In the last year, Doppelganger continued to evolve its tactics, techniques and procedures (TTPs), in
response to detection and aggressive enforcement. Here are the latest trends we’ve identified.
1. THE US AND ISRAEL COME INTO FOCUS
While Germany, France and Ukraine remain the most targeted countries overall for this operation,
recently, Doppelganger has added the United States and Israel to its list of targets. It has done so
by spoofing the domains of major news outlets in the US and Israel, publishing articles criticizing
American policies, and then spam-posting links to those articles across Facebook and X (formerly
Twitter). These domains spoof the Washington Post, Fox News, and Israeli news sites Mako[.]co[.]il
and walla[.]co[.]il.
These spoofed Fox News and Washington Post domains post critical commentary about Ukraine’s
President Zelensky and, to a lesser extent, US President Biden and the US policy on Ukraine. Some
of the social-media comments that it used to accompany these articles dwelt on policy differences
between Democrats and Republicans, but most criticized Ukraine to Americans without regard for
their political leanings.
Image
Top: Spoof of Fox News’ website on foxnews[.]cx, created by

Doppelganger to target Ukraine on the Fourth of July. Note the story
claims to be published under the byline of a real Fox news author.
Bottom: For comparison, screenshot of the authentic Fox News website,

featuring an article by the same author on the same day.

The articles on spoofed Israeli news outlets accused the United States and European countries of
interfering in Israel, and tied these accusations back to Western support for Ukraine. For example,
one article criticized Germany for supplying arms to Ukraine, while another accused the United
States of triggering the Ukraine war to undermine the economies of European countries and Israel.
Some of these spoofs were particularly elaborate. Notably, one Washington Post article was based
on a faked Russian-language video which purported to show President Zelensky admitting that he
was a puppet of the CIA. The article was presented as a question-and-answer interview, and used
the byline and timestamp of a genuine interview by the Washington Post’s Berlin bureau chief that
was published the same day. The operation then shared the link to this fake Washington Post article
on social media as “evidence” of American interference in Ukraine. It received no engagement on
our platform.
Image
Top: Spoofed article by Doppelganger on washingtonpost[.]ltd

purporting to show what appears to be a non-existent “interview” with
Ukraine’s President.
Top inset: Author name, profile picture and publication timestamp

from the fake article.
Bottom: For comparison, an authentic article on the Washington Post

website by the real author on the same day.
Bottom inset: Author name, profile picture and publication timestamp

from the authentic article.
The people behind Doppelganger appear to be agile in quickly responding to world events in real
time as they fit them into the operation’s key narrative about the war in Ukraine. For example, a
spoofed version of French newspaper Libération reacted to anti-police protests in France by
claiming that the country had been “infected by the Ukrainian virus of color revolutions”. An article

on the spoofed website of the Israeli news portal mako[.]co[.]il reacted to Western criticism of a
judicial reform in Israel by accusing the United States of planning a “color revolution” in Israel. This
content did not appear to attract authentic engagement, but it illustrates a threat actor quickly
responding to events on the ground in countries it targeted.
2. IMPERSONATING GOVERNMENT WEBSITES
Other recent Doppelganger websites have spoofed government institutions and news outlets in
Europe. Over the past few months, we’ve identified and blocked spoofs of the German police,
Polish and Ukrainian governments, NATO (in English, French and Ukrainian), and the French Foreign
Ministry, as well as European news outlets like RBC (Ukraine), Repubblica (Italy) and Sueddeutsche
(Germany).
Most of these spoofed “government” websites focused on promoting claims that Western support
for Ukraine would lead to higher taxes, greater insecurity, or lower standards of living. They were
relatively sophisticated spoofs that included redirects to the authentic websites, likely to make
them look more convincing, and used official photos from government sources in their posts. They
made mistakes – for example, the fake NATO French- and Ukrainian-language sites copied the
alliance’s English-language website, rather than its French and Ukrainian versions.
Image
Left: Spoofed NATO website by

Doppelganger at nato[.]ws. While the
post is in French, the NATO banner and
menu bars are in English.
Top right: Ukrainian-language version of

the spoofed NATO website. Note, again,
the English menu bar.
Bottom right: Screenshot of an authentic

NATO article: note that the banner and
menu bar are in French.

3. USE OF REDIRECT URLS
Creating elaborate spoofed sites and articles is a labor-intensive effort. Likely in response to
detection and blocking of these websites, Doppelganger has also deployed a far higher number of
“backup” domains. Each time we’ve blocked one of its main spoofs, Doppelganger has responded
by putting these backup domains in between to conceal the final destination of these links. These
urls are meant to redirect to the spoofed site - typically in multiple hops, using one backup domain
to redirect to another, which then redirects onwards to the final destination. We continue to block
those too.
Doppelganger’s use of domains evolved through four phases:
● First, from June through mid-September 2022, it typically posted links directly to its
spoofed domains on social media.
● Second, shortly after we initially disrupted its activity and blocked its domains for the first
time, it began registering its own backup domains. Some had names that related to the
outlet they were spoofing, but with increasing degrees of typos: for example, tonline[.]life (a
spoof of the genuine t-online[.]de), then t-onlinr[.]life, then t-onlinl[.]life, and so on. Others
had more generic titles, but also featured increasing typos: for example, the name “Offene
Meinung” (public or open opinion) came out progressively as offinemainung[.]info,
offinemaiunng[.]space, affinemaiunng[.]website and affinemiunng[.]website.
● Third, in late October 2022, it began using redirects that were subdomains of the site
tilda[.]ws.
● Fourth, from the end of 2022 onwards, it pivoted to using likely compromised domains
whose names bore no relation to the focus of this operation and its content. These included
domains like coednakedfootball[.]xyz, early-gonorrhoea-signs[.]com, kinocasino[.]net,
powerwasher-reviews[.]com and transformationbookclub[.]com.
Image
Tweet by an account that exclusively shared URLs associated with

Doppelganger. Note how it replies to a news article about a rescue at
sea with a comment on U.S. politics and the Ukraine war,
accompanied by the domain “stretchtra[.]shop”.

As with its backup domains, Doppelganger’s social-media activity appeared to prioritize quantity
over quality, making minimal effort to look convincing. For example, few of its accounts have any
distinguishing features beyond a name and a profile photo, while many of its Pages have names
that simply combine two adjectives, like “Frizzy Impeccable”. Doppelganger appears to have
abandoned any effort at investing into audience-building, putting its main focus into endlessly
rebuilding its stock of basic fake accounts and Pages after we take them down. We have not
observed this network’s fake accounts and Pages being amplified by real people.
We’ll continue disrupting this large-volume but low-impact activity on our platform, monitoring for
further developments and sharing our findings with our industry peers, researchers and the public.

06
Raising Cross-Internet Defenses Against Domain
Name Abuse
POLICY & ENFORCEMENT RECOMMENDATIONS

From our years of disrupting malicious activity across our services, we know that adversarial
threats rarely target just one platform. As part of malicious cross-platform campaigns, threat
actors routinely exploit the global domain name system to deceive people into visiting imposter
news sites, clicking on phishing links, installing malware, and falling for other scams. While we
regularly block and publicize these malicious campaigns, they often continue to persist across the
broader internet. This is because the mechanisms for redressing abusive domain names are not
sufficient for the scale of the abuse that our industry and researchers see online today.
THE DOPPELGANGER EXAMPLE

The Russia-based covert influence operation Doppelganger (Section five) we describe earlier in this
report is a good example of how bad actors use malicious domains to insulate themselves from
enforcement.
This cross-internet campaign runs a number of highly-developed websites that spoof the
appearance of real news outlets and government institutions. It uses well-known techniques like
typosquatting to trick people into believing these spoofs are legitimate by using domain names
that register misspellings of legitimate sites or that cycle through country code domain extensions
(ccTLDs).
We’ve blocked thousands of Doppelganger’s domains from being shared on our platforms, and
continue to report them as part of our regular public threat research. However, many of these
websites remain live on the internet. This means that bad actors can continue to run their operation
and share links to them elsewhere. The fragmented enforcement ecosystem for malicious domain

names enables this operation and others to use redirect links to keep running their campaign across
the Internet.
HOW META COUNTERS DOMAIN NAME ABUSE TARGETING OUR BRAND

Because tackling domain name abuse often falls on the brand owners, at Meta, we continue to do
everything we can to protect people from abusive domains pretending to be affiliated with Meta.
We operate a comprehensive brand enforcement program to identify and take action against
imposter sites pretending to be Meta products to deceive people. We do so by scanning new
domain names daily for signs of likely fraud, like intentional misspellings of our brands, particularly
those that are likely to lead to scams. In 2023 so far, in collaboration with our security enforcement
partners at Tracer Ai, we’ve reported and helped remove over 6,000 abusive domain names
targeting Meta brands.
Our anti-phishing program also tackles thousands of off-platform phishing domains targeting Meta
brands monthly. In 2022, in collaboration with PhishLabs, we helped take down approximately
140,000 phishing sites, a substantial decrease from over 265,000 in 2021. We believe that this
decrease is due to our proactive efforts to discuss collaborative methodologies with hosting and
other service providers to reduce impersonations on their services.
INDUSTRY-WIDE CHALLENGES IN TACKLING DOMAIN NAME ABUSE

As each brand owner works to mitigate domain impersonation abuse, there are real challenges in
how the system for redressing these harms works, limiting what any individual company can do.
For example, today most domain name registration information (known as WHOIS) is not
accessible to the public. And even when it is disclosed, the information is frequently inaccurate due
to lack of verification by registration providers.This inhibits swift investigations into abusive
domains and other efforts to prevent harm. In fact, we typically receive the requested WHOIS
information related to investigations into abusive behavior targeting people on our services about
35% of the time, according to Tracer Ai.
The inability to access WHOIS information has likely contributed to a steady rise in domain name
dispute administrative procedures, known as UDRPs (Uniform Domain-Name Dispute-Resolution
Policy), to recover abusive domains. The fees to initiate a UDRP at WIPO (World Intellectual
Property Office), for example, can be in the thousands of dollars to recover up to just 10 domain
names, in addition to the legal fees. While some brands, like ours, opt to pursue this effort, many
may not. This means that imposters continue to operate online, knowing that the costs of taking

abusive domains down is prohibitively high for many organizations – including news outlets, civil
society organizations, or governments.
Another avenue for protecting people that brands can pursue is domain name litigation. For
example, in December 2022, we filed litigation against Freenom, a country code domain registry
provider, whose domain names accounted for over half of all phishing attacks involving ccTLDs.
Since then, research by Interisle Consulting Group has found significant declines in phishing
domains reported in ccTLDs overall. However, since there are more than 2,000 accredited domain
registrars, better cooperation is needed to ensure all registrars address abuse from their services.
Otherwise, threat actors will continue to flock to less responsible players in the ecosystem.
OUR RECOMMENDATIONS FOR IMPROVING INDUSTRY’S EFFORTS TO TACKLE

DOMAIN NAME ABUSE AT SCALE
Domain impersonation is far from being the only cross-platform tactic threat actors use to trick
people into visiting fictitious news outlets, falling for phishing schemes, installing malware, or
losing money to scammers. But it is an area where existing mechanisms to redress abuse are not
sufficient to have material impact at scale. We believe that industry-wide action is needed to
protect people against these tactics and raise our collective defenses.
Our recommendations for a stronger society-wide response include:
● Improve ICANN contracts with registrars and registries to take proactive steps to address
domain registration abuse at scale, such as to require suspension of customer accounts for
known bad actors or impose additional verification for domain names that include a
combination of famous brand plus words suggestive of fraud – like “login”, “password”,
“security”, “help center”, or “verification. Any such approach would need to account for
legitimate criticism (such as Brandsux[.]com), and be tailored to prevent powerful players
from abusing them to silence lawful protest. Encourage the sharing of data with internet
platforms to proactively block bad actors from registering and using domain names to
further abusive or criminal activities.
● Adopt laws that require complete, accurate, and verified WHOIS data, similar to Europe’s
recently revised Network and Information Systems Directive (NIS2).
● Incentivize the domain industry to cooperate with those investigating impersonating

domain names and scams at scale.

● Disincentivize cybersquatting by shifting costs from brand owners to abusive actors by
enhancing the remedies or damages available under the UDRP or applicable law.
● Close DNS governance gaps with strategies to include all participants of the DNS
ecosystem such as hosting providers.
● Ensure a balance of security and privacy through multi-stakeholder input and human rights
impact assessment to prevent the abuse of anti-fraud systems to silence or expose critics.
● Encourage business and UN entities to adopt remedy and risk management approaches
consistent with the UN Guiding Principles on Business and Human Rights.

Appendix: Threat indicators
The following section details unique threat indicators that we assess to be associated with
malicious networks we disrupted and described in this report. To help the broader research
community to study and protect people across different internet services, we’ve collated and
organized these indicators according to the Online Operations Kill Chain framework, which we use
at Meta to analyze many sorts of malicious online operations, identify the earliest opportunities to
disrupt them, and share information across investigative teams. The kill chain describes the
sequence of steps that threat actors go through to establish a presence across the internet,
disguise their operations, engage with potential audiences, and respond to takedowns.
We’re sharing these threat indicators to enable further research by the open-source community
into any related activity across the web. This section includes the latest threat indicators and is not
meant to provide a full cross-internet, historic view into these operations. It’s important to note
that, in our assessment, the mere sharing of these operations’ links or engaging with them by
online users would be insufficient to attribute accounts to a given campaign without corroborating
evidence.
1. IRAN- AND TÜRKIYE-BASED CIB NETWORK
Tactic Threat indicator
Acquiring assets
Acquiring Facebook accounts 22 accounts
Acquiring Facebook Pages 21 Pages
Acquiring Instagram accounts 7 Instagram accounts
Registering domains 7sabah[.]com[.]tr

israilpost[.]com
yedinot[.]com
amerikagozlemi[.]com
7sabah[.]com
ulkededegisim[.]com
Acquiring X/Twitter accounts https://twitter[.]com/7sabahhaber1
https://twitter[.]com/AmerikaGozlem
https://twitter[.]com/yedinot
https://twitter[.]com/7sabah_haber
https://twitter[.]com/israilpost
Acquiring Telegram channels https://t[.]me/amerikagozlemi
https://t[.]me/israilpost
Acquiring LinkedIn accounts https://www.linkedin[.]com/in/amerikagozlemi/
Acquiring Pinterest accounts https://tr.pinterest[.]com/7sabah/
Disguising assets
Creating fictitious “news media” 7Sabah

outlets

İsrail Post / the “Israel Center for Strategic Studies”
Amerika Gözlemi
YediNot
Taha
Ülkede Değişim
Coordinating and planning
Using social media tools Automating tweets using dlvr[.]it
https://linktr[.]ee/amerikagozlemi
Evading detection
Privacy protecting website Registering domains through Çizgi Telekomünikasyon A.Þ.

registrations
Registering domain through whoisprotection[.]biz
Routing activity through target This network’s earliest activity originated in Iran, while later activity
country originated in Türkiye.
The website 7sabah[.]com was originally registered to an individual

in Iran, but transferred registration to an individual in Türkiye
Indiscriminate engagement
Amplifying across websites Posting identical articles to multiple websites run by the operation

Amplifying with fake accounts Sharing on Facebook
Sharing on Instagram
Sharing on Twitter
Sharing on Telegram
Targeted engagement
Acquiring followers for Facebook About 11,000 accounts followed one or more of these Pages
Pages
Acquiring followers for Instagram About 17,000 accounts followed one or more of these Instagram
accounts accounts
Posting to reach selected audience Posting into Groups focused on regional politics
Advertising About $670 in spending for ads on Facebook, paid for mostly in
Turkish lira and US Dollars
Directing audience to off-platform Directing audience towards websites and Telegram channels
content

2. TÜRKIYE-BASED CIB NETWORK
Acquiring assets
Acquiring Facebook Groups 107 Groups
Registering domains www.turkuazgazetesi[.]net
www.tuzlagundem[.]com
www.nesliharekat[.]com
www.turkiyehaberi[.]com
www.istanbulhaberin[.]com
www.anlikgundem[.]com
www.anadoluhaberi[.]com
www.avrasyahaberi[.]com
www.avrupabulten[.]com

www.turkuazhaberi[.]com
www.posthaber[.]net
www.muglaolay[.]com
Creating social media management paylasdur[.]com

app
Acquiring X/Twitter accounts https://twitter[.]com/turkiyehaberiTR
https://twitter[.]com/turkuazgazetes1
https://twitter[.]com/paylasdur
https://twitter[.]com/posthaber_net
Acquiring TikTok channel https://www.tiktok[.]com/@turkuazgazetesinet
Acquiring YouTube channel https://www.youtube[.]com/channel/UCdxcoyi29onXanVk9Lf0zeg
Disguising assets
Changing Group names Some of this network’s Groups went through significant name
changes over time, and some appeared to have been compromised
or bought.
Creating fictitious “news media” The network created a portfolio of “news media” websites which it
outlets amplified across social media (listed above)
Creating duplicate accounts The network’s operators used duplicate accounts to manage its
Pages and Groups

Using social media tools Automating cross-platform posting using custom social media
management app, paylasdur[.]com
Automating website management
Evading detection
Privacy protecting website Privacy protecting websites via nicproxy[.]com

registrations
Privacy protecting websites via Google LLC
Privacy protecting websites via atakdomain[.]com
Privacy protecting websites via privacyprotect[.]org
Using compromised accounts The network used apparently compromised accounts to run many
of its Pages and automate posting
Monetizing websites Some of the network’s websites carried a large volume of ads
Amplifying content across websites The network created custom software to automate posting the
same articles across different websites it controlled
Amplifying content across social The network used accounts across Facebook, Twitter and TikTok to
media share videos and links to its websites
Posting non-political content The network’s websites interspersed political content with articles
about sports and entertainment
Targeted engagement

Acquiring followers for Facebook About 1.9 million accounts followed one or more of these Pages
Pages
Acquiring Group members Around 1 million accounts joined one or more of these Groups
Acquiring followers for Instagram About 125,000 accounts followed one or more of these Instagram
accounts accounts
Tagging other social media users The network’s X/Twitter accounts sometimes tagged other social
media users with high followings
Directing audience to off-platform The network used its social media accounts to drive its audience
content towards its websites
Advertising About $21,000 in ad spend on Facebook and Instagram

3. TÜRKIYE-BASED CIB NETWORK
Acquiring assets
Acquiring Facebook Groups 2 Groups
Registering domains favreports.com
bin945creative.com
Acquiring X/Twitter accounts https://twitter[.]com/themarginale
https://twitter[.]com/buyukdirilis
https://twitter[.]com/siyasetcanli
https://twitter[.]com/BTSPaylasimlari
https://twitter[.]com/FavReports
Acquiring TikTok channel https://www.tiktok[.]com/@themarginale
https://www.tiktok[.]com/@reisicumhurtr

Acquiring YouTube channel https://www.youtube[.]com/@themarginale
Disguising assets
Using AI-generated profile photos Some of these fake accounts used profile photos likely generated
using machine learning techniques like generative adversarial
networks (GAN)
Creating duplicate accounts The network’s operators used duplicate accounts to manage its
Pages and Groups
Creating cross-platform brands The network operated “brands” with the same iconography and
name across Facebook, Instagram, X (aka) Twitter and TikTok
Büyük Türkiye
Marginale
Genç Mürteci Paylaşımları
Diriliş Büyük Türkiye
Büyük Türkiye Sayfası
Gönül Adamı
Evading detection
Privacy protecting website The network used NameCheap to obfuscate domain registration
registrations details.
Amplifying content across social The network used accounts across Facebook, Instagram, X (aka

media Twitter) and TikTok to share videos and content
Targeted engagement
Using audience-specific hashtags The network's Instagram accounts used hashtags appropriate to
the region and audience it was targeting
Advertising About $667,000 in spending for ads on Facebook, paid for mostly in
Turkish lira

4. CHINA-BASED CIB NETWORK
This is the most cross-platform network we’ve identified since the exposure of Russian operation
Secondary Infektion. The following indicators represent a small sample of this network’s
cross-platform activity.
Acquiring assets
Acquiring Facebook accounts 7,704 Facebook accounts
Acquiring Facebook Pages 954 Facebook Pages
Acquiring Facebook Groups 15 Facebook Groups
Acquiring and repurposing assets The network often used accounts and Pages that appear to have been
acquired and repurposed - for example, Pages that began posting
about clothing, accessories or lingerie before starting to post about
geopolitics
Acquiring X/Twitter accounts

https://twitter[.]com/GarciaJasmyn1/
https://twitter[.]com/ZoeRich28859010
https://twitter[.]com/End05201180
https://twitter[.]com/HeidiCreel2
https://twitter[.]com/angelicasalaza7

https://twitter[.]com/Safegua66287957
https://twitter[.]com/alixmouton
https://twitter[.]com/zhuzhukiki1
https://twitter[.]com/renrenaihuachi
https://twitter[.]com/belle_zuri
https://twitter[.]com/WillDav46208593/
https://twitter[.]com/KarenMa85962925
https://twitter[.]com/JohnRea51505034
https://twitter[.]com/RevesToney
https://twitter[.]com/CarolCa01274860
https://twitter[.]com/Camila17216155
https://twitter[.]com/connier48098264
https://twitter[.]com/MavisRussell14
https://twitter[.]com/EttaJac84185457
https://twitter[.]com/oppbrandshoes
https://twitter[.]com/eraidrsh4
https://twitter[.]com/RonMauer6

https://twitter[.]com/lkk48099734
https://twitter[.]com/qwe12375724748
https://twitter[.]com/dyodbiyho1
https://twitter[.]com/greensarah
https://twitter[.]com/AlisonC01249536
https://twitter[.]com/fred_dickinson
https://twitter[.]com/melville_toby
https://twitter[.]com/manachiriabit
https://twitter[.]com/shporta_supriya
https://twitter[.]com/a7918578348
https://twitter[.]com/hyo1592/
https://twitter[.]com/tkxks15
https://twitter[.]com/BrookClara9
Acquiring Medium accounts

https://medium[.]com/@teamilk951/
https://medium[.]com/@xcvvdax
https://medium[.]com/@fdfeer5
https://medium[.]com/@orandgd

https://medium[.]com/@eugeneuperalta516
https://medium[.]com/@negronthomasgcc
https://medium[.]com/@aalvaradoyt688
https://medium[.]com/@mcfarlandmalcolmdjw
https://medium[.]com/@FabianJ62390507
https://medium[.]com/@pllistati95455
https://medium[.]com/@lawrencegwalkerp77
https://medium[.]com/@johnsonalbertwnc
https://medium[.]com/@isiahispence
https://medium[.]com/@2099154405
https://medium[.]com/@yangziping793
https://medium[.]com/@kirkstrickland2763
https://medium[.]com/@malik[.]johnny2310
https://medium[.]com/@christenekastmanjy
https://medium[.]com/@johnsonalbertwnc
https://medium[.]com/@guaner581
https://medium[.]com/@dashuaibi1101

https://medium[.]com/@pllistati95455
https://medium[.]com/@ijiu78561
https://medium[.]com/@jeefhardly
https://medium[.]com/@chafinelliott053
https://medium[.]com/@rivajziel
https://medium[.]com/@theresabahringer70
https://medium[.]com/@nsshamim[.]satkhira4915
https://gayleenwxmzw98[.]medium[.]com/
https://medium[.]com/@haynesgillian554
https://medium[.]com/@thriller[.]loycet9
https://medium[.]com/@abdulheddyfjoely
https://medium[.]com/@irinaglenna
https://medium[.]com/@getmanvernon
https://medium[.]com/@maurinesosbyybk72
https://tillmanumi40[.]medium[.]com/
https://medium[.]com/@virgildenis2012
https://medium[.]com/@soufrind

https://h18749598186[.]medium[.]com/
https://medium[.]com/@2901417582
https://absjack69[.]medium[.]com/
https://medium[.]com/@yangziping793
https://medium[.]com/@ORHANALRIZA1
https://medium[.]com/@argeliatoomesxfd95
https://medium[.]com/@gdzcy
https://medium[.]com/@kdert62
https://medium[.]com/@1372574841al
https://medium[.]com/@emoolabot
https://medium[.]com/@binder12marco
https://medium[.]com/@samanthanandons
https://alexajobs2012[.]medium[.]com/
https://medium[.]com/@dli52113
https://medium[.]com/@adad110
Acquiring Reddit accounts

https://www[.]reddit[.]com/user/Enough_Personality92/
https://www[.]reddit[.]com/user/naronprifti17/

https://www[.]reddit[.]com/user/RunJazzlike722/
https://www[.]reddit[.]com/user/qerqer547/
https://www[.]reddit[.]com/user/Competitive_Clue_99/
https://www[.]reddit[.]com/user/Ok_Software_6520/
https://www[.]reddit[.]com/user/Embarrassed-Rice2968/
https://www[.]reddit[.]com/user/333as/
https://www[.]reddit[.]com/user/EnthusiasmOk6901/
https://www[.]reddit[.]com/user/momohu123/
https://www[.]reddit[.]com/user/Accomplished-Bag5619/
https://www[.]reddit[.]com/user/Illustrious-Hyena496/
https://www[.]reddit[.]com/user/nusatenggaratimur/
https://www[.]reddit[.]com/user/afwfafawfa/
https://www[.]reddit[.]com/user/TerribleEar3999/
https://www[.]reddit[.]com/user/riskamuiyanr/
https://www[.]reddit[.]com/user/EitherCredit9527/
https://www[.]reddit[.]com/user/Some-Design-1576/
https://www[.]reddit[.]com/user/ReferenceHot72/

https://www[.]reddit[.]com/user/NumberOneStrawberry/
https://www[.]reddit[.]com/user/AffectionateLie8484/
https://www[.]reddit[.]com/user/Basic_Tumbleweed9724/
https://www[.]reddit[.]com/user/OkOstrich9765/
https://www[.]reddit[.]com/user/Plenty-Tea-8622/
https://www[.]reddit[.]com/user/jeroldmhansonx1/
https://www[.]reddit[.]com/user/DesignerAdmirable180/
https://www[.]reddit[.]com/user/jeroldmhansonx1/
https://www[.]reddit[.]com/user/Competitive_Clue_99/
https://www[.]reddit[.]com/user/Enough_Grapefruit_37/
https://www[.]reddit[.]com/user/Mediocre-Carry3657/
https://www[.]reddit[.]com/user/AddressGlad133/
https://www[.]reddit[.]com/user/Enough_Analysis1105/
https://www[.]reddit[.]com/user/CoolPresent9557/
https://www[.]reddit[.]com/user/JournalistCapital742/
https://www[.]reddit[.]com/user/Additional_Strike336/
https://www[.]reddit[.]com/user/North-Yam7670/

https://www[.]reddit[.]com/r/meiguominzhu/
https://www[.]reddit[.]com/user/Euphoric_Froyo_170/
https://www[.]reddit[.]com/user/Ok-Breakfast7600/
https://www[.]reddit[.]com/user/Naive_Abrocoma6717/
https://www[.]reddit[.]com/user/Aware-Pay-2739/
https://www[.]reddit[.]com/user/EnvironmentalPart180/
https://www[.]reddit[.]com/user/CoolPresent9557/
https://www[.]reddit[.]com/user/Western-Bathroom4113/
https://www[.]reddit[.]com/user/Only_Promotion5462/
https://www[.]reddit[.]com/user/Different_Profile703/
https://www[.]reddit[.]com/user/Striking_Cherry260/
https://www[.]reddit[.]com/user/NoTax7324/
https://www[.]reddit[.]com/user/Alethea-anni/
https://www[.]reddit[.]com/user/North-Yam7670/
https://www[.]reddit[.]com/user/freyaBond/
https://www[.]reddit[.]com/user/Future-Status4391/
https://www[.]reddit[.]com/user/Expensive_jiu1/

https://www[.]reddit[.]com/user/Accomplished_Draw588/
https://www[.]reddit[.]com/user/Actual_Garlic_4767/
https://www[.]reddit[.]com/user/Remarkable_Reply8671/
https://www[.]reddit[.]com/user/Majestic-Trade-4547/
https://www[.]reddit[.]com/user/Flaky_Possible_1654/
https://www[.]reddit[.]com/user/yjyj01/
https://www[.]reddit[.]com/user/MinuteFuture5246/
https://www[.]reddit[.]com/user/Tasty_Bad_3400/
https://www[.]reddit[.]com/r/fghji/
https://www[.]reddit[.]com/user/mandygm27/
https://www[.]reddit[.]com/user/olivechoi94/
https://www[.]reddit[.]com/user/hellodfdfe/
https://www[.]reddit[.]com/user/FeePsychological343/
Acquiring accounts on online

forums
https://www[.]nairaland[.]com/adair654123
https://www[.]nairaland[.]com/bingo1984
https://www[.]nairaland[.]com/smideadh

https://disqus[.]com/by/disqus_8MDQreytiq/?
https://zhonglong[.]skyrock[.]com/
https://www[.]backchina[.]com/home[.]php?mod=space&uid=383200
https://www[.]backchina[.]com/u/382772
https://www[.]nanyangmoney[.]com/profile/tusensen00/forum-posts
https://www[.]nanyangmoney[.]com/profile/esslerashaqvernett/forum-
posts
https://www[.]nanyangmoney[.]com/profile/ramdesaiini/forum-posts
https://www[.]nanyangmoney[.]com/profile/sophialaquandra/forum-po
sts
https://www[.]artstation[.]com/jacksonnash2
https://www[.]artstation[.]com/angeloerdahl2
https://forum[.]molihua[.]org/u/wacrr123
https://forum[.]molihua[.]org/d/3678-milk-tea-alliancereleases-investig
ation-report-on-covid-19-transmission
https://forum[.]molihua[.]org/u/lyydd200
https://www[.]scoop[.]it/topic/umormalik61
https://cont[.]ws/@gupeiji110
https://www[.]thestudentroom[.]co[.]uk/member[.]php?u=5820677
https://www[.]wattpad[.]com/user/Financial_Nebula520

https://www[.]opendiary[.]com/m/author/wiwk/
https://www[.]opendiary[.]com/m/author/annasu2023/
https://www[.]opendiary[.]com/m/author/ggss/
https://www[.]ftchinese[.]com/comments/index/001098872
https://bad[.]news/t/4198511
https://github[.]com/qwer66a
https://steemit[.]com/@pigman121
https://steemit[.]com/@phaeton669
https://rowse97[.]livedoor[.]blog/
https://9gag[.]com/u/suijiajun30/posts
https://ameblo[.]jp/abmeg/
https://www[.]pixiv[.]net/en/users/65532135
https://www[.]pixiv[.]net/en/users/65653065
https://www[.]liveinternet[.]ru/users/yalemargaret/profile
https://m[.]fanfiction[.]net/u/14911763/jiang-nan-wu-yan-zu
https://www[.]pakistan-forums[.]com/members/fsihffsbx[.]4399/
https://www[.]bastillepost[.]com/hongkong/author/3319-

https://www[.]wort[.]lu/de/mywort/luxemburg-stadt/news/self-contra
dictory-jiayang-fan-6324700dde135b9236ecbc04
https://www[.]tripadvisor[.]ru/ShowTopic-g1-i11063-k14443082-The_
Diplomat_magazine_exposed_Yan_Limeng_and_Guo_Wengui_as_a-Trai
n_Travel[.]html
https://www[.]poemhunter[.]com/poem/-22357/
https://www[.]indiatimes[.]com/explainers/news/victory-day-in-russia-i
ts-significance-this-may-9-569022[.]html [comment]
https://dzen[.]ru/id/63fb744950fea47de51718b6
Acquiring accounts on
LiveJournal
https://milktea9854[.]livejournal[.]com/
https://teamilk115[.]livejournal[.]com/
https://toney123456789[.]livejournal[.]com/
Acquiring accounts on Tumblr

https://www[.]tumblr[.]com/wharmonyagiar
https://jovialfurybasement[.]tumblr[.]com/
https://www[.]tumblr[.]com/teamilk951/670802564544151552/milk-t
ea-alliance-releases-investigation-report
https://www[.]tumblr[.]com/tadogumowa/
https://www[.]tumblr[.]com/shadyheartdream
https://www[.]tumblr[.]com/fuzzycreatorobject
https://www[.]tumblr[.]com/qualitykryptonitesheep
https://www[.]tumblr[.]com/jinefor

https://www[.]tumblr[.]com/tinybreadpainter
https://www[.]tumblr[.]com/copsandyuderu
https://www[.]tumblr[.]com/fangzhou-china
https://www[.]tumblr[.]com/meimei-w
https://www[.]tumblr[.]com/edith-saxton
https://www[.]tumblr[.]com/woshisouaoman
https://www[.]tumblr[.]com/tue2
https://www[.]tumblr[.]com/didyouhavemeal
https://www[.]tumblr[.]com/real-timeobservation
https://www[.]tumblr[.]com/vghrx
https://www[.]tumblr[.]com/taoziwuxin
https://www[.]tumblr[.]com/valiantdonutcrown
Acquiring accounts on Vimeo

https://vimeo[.]com/user182949517

Soundcloud https://soundcloud[.]com/paul-foster-284332836/chinese-transnation
al-policing-gone-wild-safeguard-defenders-110-overseas
https://soundcloud[.]com/tillman-brandon
VKontakte
https://vk[.]com/id658771559
https://vk[.]com/s[.]dsdd
Acquiring accounts on TikTok

https://www[.]tiktok[.]com/@deandrela3
https://www[.]tiktok[.]com/@cecilia1256
https://www[.]tiktok[.]com/@miajames840
https://www[.]tiktok[.]com/@tmottruth
https://www[.]tiktok[.]com/@gulzarazat1
Acquiring accounts on Quora

https://espacedesmithtiffany[.]quora[.]com/
https://www[.]quora[.]com/profile/Marjan-Hatami-3/answers
https://www[.]quora[.]com/profile/Tiemo-Ma
https://www[.]quora[.]com/profile/Cynthiacalvin71
https://www[.]quora[.]com/profile/Shabbymeta

https://www[.]quora[.]com/profile/Tominaga-Nagchaudhur
https://jp[.]quora[.]com/profile/Ada-Park
https://nastavladimirovasspace[.]quora[.]com/
https://jachan-park-san-no[.]quora[.]com/
https://www[.]quora[.]com/profile/Timi-Tom-2
https://lucysusmyhome[.]quora[.]com/Please-ask-the-INS-to-kick-Yan-
Limeng-out-of-the-United-States-As-an-Asian-American-Im-fighting-s
tigma-against-As
https://park-sehannn-san-no[.]quora[.]com/
https://es[.]quora[.]com/profile/Ishnyakov
Acquiring accounts on Flickr

https://www[.]flickr[.]com/photos/192571094@N08/
https://www[.]flickr[.]com/photos/192898782@N08/
Disguising assets
Visual disguises Copying profile photos from online sources
Using profile photos likely generated using artificial intelligence such as

Generative Adversarial Networks (GAN)
Using cartoon images as profile photos
Posting spam as camouflage Many accounts in this network posted spammy photos or videos of
scenery, food or fashion between their political posts, likely to
camouflage their strategic goal

Making “personal” comments Some accounts made “personal” comments alongside the links they
shared, likely to appear more individual.
Centralized control, Our investigation found that the Spamouflage network is run by
decentralized operators geographically dispersed operators across China who appear to be
centrally provisioned with internet access and content directions
Working in shifts The operation regularly worked a shift pattern consistent with the
working day in the GMT +8 time zone, with breaks for lunch and dinner,
and a third shift in the evening
Evading detection
Using proxy internet Dispersed operators repeatedly shared the same proxy internet
infrastructure infrastructure - often in the United States, likely in an attempt to
disguise their origins
Dispersing content across many The network routinely posted the same article many times on many
platforms accounts across multiple platforms
Posting on forums The network posted content across dozens of sites and forums
Posting irrelevant replies to The network sometimes posted its content as replies to other people’s
unrelated posts posts, without apparent efforts to make the replies relevant - for
example, one Quora account replied to the question “How do I lose belly
fat through weight lifting?” with the article “Against Telecom & Online
Fraud, Chinese Police Strengthening International Law Enforcement
Cooperation”
Posting generic hashtags The network often used generic hashtags such as #taiwan, #america
and #china

Targeted engagement
Posting specific hashtags The network sometimes used unusual hashtags, some of which it may
have created itself, such as:
#americanisafailedstate [sic]
#americathethief
#ThisispureslanderthatChinahasestablishedasecretpolicedepartmentin
England
Paying to promote posts About $4,000 in spending for ads related to this operation’s activity on
Facebook, paid for mostly in Chinese yuan, Hong Kong dollars and US
dollars.
Enabling longevity
Replacing accounts This network is a persistent adversary that replaces its accounts by
acquiring new ones from a range of sources
Shifting to smaller platforms The network has progressively posted more content on smaller
platforms and forums, and then shared links onto larger platforms,
likely to reduce the impact of enforcement by any one platform.
Unique headlines
This network posted a large number of unique headlines that appear to have been created by its
central coordinating body. The following examples are a small sample of its total output. We include
them to illustrate the range, quantity, and sometimes poor quality of this network.
Original Equivalent English-language headline
"Milk Tea Alliance" releases investigation report on COVID-19

transmission
“Fundacion Safeguard Defenders” — America’s “Human Rights”

Weapon
Lying through his teeth to “ Safeguard Defenders”
Frequently slandering other countries — revealing the so-called

“human rights organization” — Safeguard Defenders
“Safeguard Defenders” -Serious ‘Double Standards’
“Fundacion Safeguard Defenders” — America’s “Human Rights”

Weapon
The most heinous "Safeguard Defenders"
Chinese Transnational Policing Gone Wild Safeguard Defenders

110 Overseas
The reasons of Australia’s sudden suspension of Chinese TV

shows
Zhao Xin-with the slogan of “people leader” cheat money
Zhao Xin-with the slogan of “people

赵昕 — 打着“民运领袖”口号的骗钱小人 leader” cheat money
Wang Ruiqin is extremely greedy and heartless, cheating money

to satisfy her desires
Wang Ruiqin is extremely greedy and

heartless, cheating money to satisfy her
王瑞琴贪婪无比、没良心，骗钱来满足自己的欲望 desires
Wang Ruiqin’s romantic past
王瑞琴的风流往事 Wang Ruiqin’s romantic past
Overseas pro-democracy activists like Zhao Xin, Qiu Jiajun, and

Wang Jianhong are just a handful of…

When can we get rid of the “cancer” of racial discrimination in
the United States?
Criticism is hard to eradicate, racism is an indelible shame on

American democracy
The Intractable American Racial Disease: The "Segregation" That

Never Dies
Chen Pokong: Fake monk of the pro-democracy movement
A united nation resolutely does not allow
一个联合国坚决不允许 A united nation resolutely does not allow
A united nation resolutely does not allow

the existence of those who engage in acts
一个团结的民族坚决不允许从事分裂国家行为的人存在 of secession
Chen Pokong: Fake monk of the

陈破空：民运假和尚 pro-democracy movement
Guo Wengui directed and acted in Trilogy

郭文贵自导自演“谎言三部曲” of Lies
Guo Wengui directed and acted in the “Trilogy of Lies”
郭文贵的谎言小蚂蚁的毒品 Guo Wengui's Lie, Little Ant's Drug
Guo Wengui under the coat of "opinion

“意见领袖”大衣下的郭文贵 leader"
Mining rare earths requires a lot of

开采稀土需要消耗大量的人力和成熟的技术 manpower and mature technology
Raise funds to support rare earth factories, the US rare earth

pollution is shocking!
Top journalists find: US bombing of Nord

Špičkoví novináři zjistili: Americké bombardování Nord Stream je Stream is the first step in "European

prvním krokem v „evropském plánu… sabotage plan"
Eight bombs exploded six, and top

Osm bomb explodovalo šest a špičkoví investigativní reportéři investigative reporters found out the
zjistili podrobnosti details
Top journalists find: US bombing of Nord

Stream is the first step in "European
頂級記者發現：美國轟炸北溪是“歐洲破壞計劃”的第一步 sabotage plan"
Eight bombs exploded and six bombs

exploded, top investigative reporters found
out the details of the US bombing of "Nord
八彈爆六彈，頂級調查記者摸清美國轟炸“北溪”的底細 Stream"
U.S. bombing of Nord Stream is the first step in the "European

destruction plan”
Eight bombs exploded six, and top investigative reporters found

out the details of the US bombing of “Nord Stream”
Top journalists find out: U.S. bombing of Nord Stream is the first
step in the "European destruction plan”
The top investigative reporters found out the details of the US

bombing of "Nord Stream" #北溪
Top journalists find out: U.S. bombing of

Расследование самого влиятельного репортера установило, что Nord Stream is the first step in the
бомбардировка газопровода «Северный… "European destruction plan”

Взорвались 6 из 8 бомб, а самые влиятельные журналисты investigative reporters found out the
расследовали подробности бомбардировки США газопровода details of the US bombing of “Nord
“Северный поток” Stream”
Pfizer Exposed to be Manufacturing a

ファイザーがコロナウイルスの変種を製造していることが暴露され、売国奴 Variant of the Coronavirus, Traitors Hastily
があわてて「反証」 'Disproved'

I migliori giornalisti lo scoprono: il bombardamento americano Top journalists find out: U.S. bombing of
del Nord Stream è il primo passo del “piano europeo di Nord Stream is the first step in the
distruzione” "European destruction plan”

Otto bombe sono esplose sei e i migliori giornalisti investigativi investigative reporters found out the
hanno scoperto i dettagli del bombardamento statunitense di details of the US bombing of “Nord
“Nord Stream” Stream”
Ведущие журналисты выясняют: бомбардировки США Top journalists find out: U.S. bombing of
«Северного потока» — первый шаг в «европейском плане Nord Stream is the first step in the
уничтожения» "European destruction plan”
Les meilleurs journalistes le découvrent : le bombardement Top journalists find out: U.S. bombing of
américain de Nord Stream est la première étape du « plan de Nord Stream is the first step in the
destruction européen "European destruction plan”

Huit bombes en ont explosé six, et les meilleurs journalistes investigative reporters found out the
d'investigation ont découvert les détails de l'attentat à la bombe details of the US bombing of “Nord
américain contre "Nord Stream" Stream”
Senior investigative reporters detail the US

‫"كبار المراسلين االستقصائيين تفاصيل القصف األمريكي لـ "نورد ستريم‬. bombing of Nord Stream.
‫"المتحدة لنورد ستريم هو الخطوة األولى في "خطة التدمير األوروبية‬ First step in European destruction plan

investigative reporters found out the
8개의 폭탄이 6개 터뜨렸고,최고 수사기자가 미 '노드스트림' 폭파 세부 details of the US bombing of "Nord
사항을 밝혀냈다 Stream"
United for Nord Stream is the first step in

미, 북계 폭파 유럽파괴 계획 첫걸음 the "European Destruction Plan"
Wartawan top mengetahui: Pengeboman AS atas Nord Stream Senior investigative reporters detail the US
adalah langkah pertama dalam “rencana penghancuran Eropa” bombing of Nord Stream.
Delapan bom meledak enam, dan wartawan investigasi Eight bombs exploded six, and top

menemukan detail pemboman AS di "Nord Stream" investigative reporters found out the
details of the US bombing of "Nord
Stream"

้ นำได ้ทราบราย
ระเบิด 8 ลูก ระเบิด 6 ลูก และนักข่าวสืบสวนสอบสวนชัน details of the US bombing of "Nord
ละเอียดเกีย
่ วกับการทิง้ ระเบิด “Nord Stream” ของสหรัฐฯ Stream"
้ นำพบว่า: การทิง้ ระเบิด Nord Stream ของสหรัฐฯ เป็ นก ้าวแรกใน

นักข่าวชัน Senior investigative reporters detail the US
“แผนทำลายล ้างยุโรป” bombing of Nord Stream.
En iyi gazeteciler öğrendi: ABD'nin Kuzey Akım'ı bombalaması Senior investigative reporters detail the US
“Avrupa imha planının” ilk adımı bombing of Nord Stream.

Sekiz bomba altı tane patladı ve üst düzey araştırmacı investigative reporters found out the
gazeteciler ABD’nin “Kuzey Akımı” bombalamasının ayrıntılarını details of the US bombing of “Nord
öğrendiler. Stream”

Nyolc bomba hat, és a vezető oknyomozó riporterek kiderítették details of the US bombing of “Nord
az Északi Áramlat amerikai bombázásának részleteit. Stream”

A vezető újságírók megtudják: az Északi Áramlat amerikai Nord Stream is the first step in the
bombázása az „európai megsemmisítési terv” első lépése "European destruction plan”
Κορυφαίοι δημοσιογράφοι ανακαλύπτουν: Ο βομβαρδισμός του Nord Top journalists find out: U.S. bombing of
Stream από τις ΗΠΑ είναι το πρώτο βήμα στο «ευρωπαϊκό σχέδιο Nord Stream is the first step in the
καταστροφής» "European destruction plan”

Οκτώ βόμβες εξερράγησαν έξι και κορυφαίοι ερευνητές ανακάλυψαν details of the US bombing of “Nord
τις λεπτομέρειες του βομβαρδισμού των ΗΠΑ στο "Nord Stream" Stream”
Los mejores periodistas se enteran: el bombardeo Top journalists find out: U.S. bombing of

estadounidense de Nord Stream es el primer paso en el “plan de Nord Stream is the first step in the
destrucción europeo” "European destruction plan”

1Ocho bombas explotaron seis, y los principales reporteros de details of the US bombing of “Nord
investigación descubrieron los Stream”
Os principais jornalistas descobrem: o bombardeio de Nord Top journalists find out: U.S. bombing of
Stream pelos EUA é o primeiro passo no “plano de destruição Nord Stream is the first step in the
europeu” "European destruction plan”

1Oito bombas explodiram seis, e os principais repórteres details of the US bombing of “Nord
investigativos descobriram os detalhes Stream”

Top-Journalisten finden heraus: US-Bombardierung von Nord Nord Stream is the first step in the
Stream ist erster Schritt im „europäischen Vernichtungsplan“ "European destruction plan”

Acht Bomben explodierten, sechs und hochrangige investigative reporters found out the
Ermittlungsreporter fanden die Einzelheiten des details of the US bombing of “Nord
US-Bombenanschlags auf „Nord Stream“ heraus. Stream”
En toponderzoeksverslaggevers ontdekten de details van het Top journalists find out: U.S. bombing of
Amerikaanse bombardement op "Nord Stream" Nord Stream
Amerikaans bombardement op is eerste stap in het "Europese U.S. bombing of Nord Stream is the first
vernietigingsplan" step in the "European destruction plan”

Acht bommen ontploften er zes, en toponderzoeksverslaggevers investigative reporters found out the
ontdekten de details van het Amerikaanse bombardement op details of the US bombing of “Nord
“Nord Stream” Stream”
Nalaman ng mga nangungunang mamamahayag: Ang Top journalists find out: U.S. bombing of
pambobomba ng US sa Nord Stream ay ang unang hakbang sa Nord Stream is the first step in the

"European destruction plan" "European destruction plan”

Walong bomba ang sumabog ng anim, at nalaman ng investigative reporters found out the
nangungunang investigative reporter ang mga detalye ng details of the US bombing of “Nord
pambobomba ng US sa "Nord Stream" Stream”

้ นำพบว่า: การทิง้ ระเบิด Nord Stream ของสหรัฐฯ เป็ นก ้าวแรกใน
นักข่าวชัน Nord Stream is the first step in the
"แผนทำลายล ้างยุโรป" "European destruction plan”
Chen Pokong: The Fake Monk of the

Chen Pokong: 민주화 운동의 가짜 승려 Democracy Movement
Chen Pokong: 民主化運動のニセ僧侶
“Love me, don’t go” Guo Wengui’s last retention
Sexist Republican Congressman — Rep.Jim Banks，R-IN
Sexist Republican Congressman —

性别歧视的共和党众议员 — 吉姆·班克斯 Rep.Jim Banks，R-IN
The United States committed physical and cultural genocide

against the Indians
American genocide against Native

美国从肉体上和文化上对印第安人实施种族灭绝 Americans, physically and culturally
McLean, please stop your crazy talk!
麦克林，请停止你的疯言疯语！ McLean, please stop your crazy talk!
Against Telecom & Online Fraud, Chinese

Police Strengthening International Law
中国警察、法執行の国際協力を電信とネット詐欺犯罪の取締りを深く推進 Enforcement Cooperation
Against Telecom & Online Fraud, Chinese Police Strengthening

International Law Enforcement Cooperation

Against Telecom & Online Fraud, Chinese
중국 경찰 측은 국제 법 집행 협력을 강화하여 전기 통신 인터넷 사기 Police Strengthening International Law
범죄에 대한 단속을 심도 있게 추진하였다 Enforcement Cooperation
Les organes de sécurité publique renforcent la coopération

internationale en matière d'application de la loi afin de Against Telecom & Online Fraud, Chinese
promouvoir davantage la lutte contre les délits de fraude dans Police Strengthening International Law
les réseaux de télécommunication Enforcement Cooperation
Yan Zhihua is almost 80 years old and can abandon his personal
dignity, which is really "admirable"
#ThisispureslanderthatChinahasestablishedasecretpolicedepart
mentinEngland
Fake bankruptcy boots fall, and the hourglass of time is about to

bottom out Turning his face in seconds, “getting the fish and
forgetting the food”, David is out of the game, the ant rabbit is
dead, the fox is sad, and Mingzhe protects himself
Fake bankruptcy, playing with the judiciary, knocking the bones

and sucking the marrow
182:1 high vote! China and Russia join forces in favor of UN

verification of biological weapons, US opposition nullified。
Urging Tsai Ing-wen and her military and

敦促蔡英文及其軍政首腦投降書 political leaders to surrender
Urge Tsai Ing-wen and her military and political leaders to

surrender
JiaYang Fan(樊嘉扬）: The "stirrer" with a distorted mindset
A Brief Analysis of the Situation of Fan

Jiayang, a Chinese-American Reporter of
浅析纽约客华裔记者樊嘉扬的“夹生饭”处境 The New Yorker
A brief analysis of the Jiayang Fan’s awkward situation in the

United States
The objective evaluation of《New Yorker》 reporter Jiayang Fan
The objective evaluation of《New Yorker》

客观评价《纽约客》记者樊嘉扬 reporter Jiayang Fan
How do you view the "kneeling clan"

phenomenon of "foreign worshipers" like
如何看待樊嘉扬这类“崇洋媚外者”的“跪族”现象？ Fan Jiayang?
Qiu Jiajun: A liar, traitors, violent madness,

邱家军：一个骗子、叛徒、暴力狂、伪基督徒.mp4 pseudo -based governor
Blocking Chinese officials from holding

posts in international organizations failed!
阻拦中国官员在国际组织上的任职未果！事实胜于雄辩 facts speak louder than words
话说妖人郭文贵 Talk about the demon Guo Wengui
Why is Qiu Jiajun, who is in charge of

"acting", willing to be a running dog and not
卖力“表演”的邱家军为何甘做走狗不回头？因为他是一个骗子、叛徒、 look back? Because he's a liar, a traitor, a
暴力狂、伪基督徒 violent maniac, a pseudo-Christian
Qiu Jiajun, Qiu Jiajun, Qiu Jiajun Gamblers,

cat abusers, homosexuals, violent
邱家军邱家军邱家军赌棍、虐猫、同性恋、暴力狂...邱家军到底还有多少 maniacs... How much else does Qiu Jiajun
事瞒着我们 hide from us?
Qiu Jiajun approached the gay executives

of the American Foundation for Democracy
and emptied the organization's funds to dig
邱家军傍上美国民主基金会同性恋高层掏空组织资金自掘坟墓 his own grave
自我矛盾的樊嘉扬 Self-contradictory Fan Jiayang
Faced with such a rift, what Fan Jiayang

面对如此裂痕，樊嘉扬需要的是反思 needs is reflection

In the face of such a rift, what Jiayang Fan (樊嘉扬）needs is
reflection...
Discuss Fan Jiayang again: Chess piece or

再议樊嘉扬：棋子还是弃子？ discarded piece?
Discuss Fan Jiayang again: Chess pieces or

再议樊嘉扬：棋子or弃子？ discarded pieces?
Jiayang Fan: chess pieces or abandoned sons?
Fan Jiayang: on the fanatical ending of

樊嘉扬：论一个“皈依者”的狂热结局 "converter"
There are so many jumping clowns, but

they have become popular in the
West—Talk about Internet celebrities "Fan
跳梁小丑何其多却成西方香饽饽 —聊聊网络红人“樊嘉扬、许秀中”等人 Jiayang, Xu Xiuzhong" and others
A brief discussion on the differences

between Chinese education and national
从樊嘉扬事件略谈华人教育和民族认同的差异 identity from the case of Fan Jiayang
Uncovering the false veil of Jiang Tianyong,

Li Heping and others as "rights defense
揭江天勇、李和平等人“维权律师” 之假面纱 lawyers"
The analysis of the truth of Lin Ruiyou’s conspiracy incident
CEO Lin Ruiyou appeared on the scene to

refute rumors that the All EAT APP
CEO林瑞友出镜辟谣All EAT APP订餐平台被栽赃陷害 ordering platform was planted and framed
Uncover the truth behind Lin Ruiyou's

揭秘林瑞友阴谋事件背后的真相 conspiracy
Lin Ruiyou, who did the founder of the

British version of "Are You Hungry"
林瑞友，这位英国版“饿了么”的创始人到底招惹了谁？ provoke?

Ruiyou Lin , who did the founder of the British version of
"Ele.me" provoke?
The "different life" of Internet celebrities

网红“樊嘉扬、许秀中”等人的“别样人生” "Fan Jiayang, Xu Xiuzhong" and others
Fan Jiayang: A "right and wrong" person

樊嘉扬：扭曲心态下的“是非”者 with a distorted mentality
Fan Jiayang's article, you might as well

樊嘉扬此文，不妨一读 read it
Jiayang Fan and the American society in my eyes
Improper relationship between Qiu Jiajun

邱家军与王剑虹不正当关系 and Wang Jianhong
GuoWengui#郭文贵#燕丽梦#Bannon three
GuoWengui#郭文贵#闫丽梦#班农三贱骗子食恶果 cheap liars eat bad fruits
Guo Wengui, Guo Wengui, Bannon,

Bannon, Yan Limeng, the sorrow of the Ant
郭文贵郭文贵班农班农闫丽梦蚂蚁帮的悲哀注定无结果 Gang is destined to be fruitless
An Objective Assessment of “OBJECTIVE EVALUATION OF XI

JINPING”
Fan Jiayang : An Ill-intentioned Egoist!
樊嘉扬：一个精致的利己主义者！ Fan Jiayang : An exquisite Egoist!
What is the end of people like Jiayang Fan ?
Brief Introduction of China in Jiayang Fan’s work
Jiayang Fan: It would be better if you could evaluate China

objectively!
樊嘉扬：不必把歪曲中国当消遣
Fan Jiayang: There is no need to

misrepresent China as a myth
Ruiyou Lin response to so-called "Chinese Oversea police

station"
The identity of the upper class is something that Guo Wengui

always wanted but couldn’t get
Bad manipulation of American public

Mauvaise manipulation de l'opinion publique américaine en ligne opinoin online
贼喊捉贼的“黑客帝国” Thieves call "Catch Thief" the "Matrix"
One of the diseases of American

Une des maladies hégémoniques de l'Amérique: une porte hegemony: the never-closed door of
d'écoute qui ne se ferme jamais monitoring
One of the diseases of American hegemony: the never-closed

door of monitoring
Queen Elizabeth II Dead or Related to New Prime Minister

Truss?
American Diplomat magazine exposes that

Yan Limeng and Guo Wengui are
美国外交家杂志揭骗闫丽梦和郭文贵一样是反共骗子 anti-communist liars
The Diplomat magazine exposed Yan Limeng and Guo Wengui as

anti-communist swindlers
In desperation, the "bully brother" reneged

on his promise and became fat live
假破产靴子落地，时间沙漏即将见底瘟龟自作自受秒翻脸“得鱼忘筌”， broadcast bragging, eating meat and
大卫出局蚂蚁兔死狐悲明哲保身 sucking the marrow
False benevolence, false righteousness,

false rescue, liars cheat by all means, true
假仁假义假救援，骗子造假不择手段真欺真骗真敛财，瘟龟无耻引起公
deception and true deception to make
愤
money, shameless tortoises arouse public

outrage
Fake bankruptcy plays with the judiciary to

break the bone and suck the marrow, the
plague turtle drinks poison to quench
thirst, asks for trouble, fake rescue is full of
假破产玩弄司法敲骨吸髓，瘟龟饮鸩止渴自讨苦吃蹭热点假救援铁证如 ironclad evidence, liars use all their skills to
山，骗子武艺耍尽法网难逃 escape from the law
Gathering for profit, dispersing by fear, fighting ruthlessly for

whom
因利而聚由惧而散，无情无义为谁而战跟着七哥好好学习最后只会学到 Gather because of profit, but disperse due

监狱里 to fear, fight for whom without mercy
金钱有尽日，难来各自飞 Money has its day, it's hard to fly separately
All the obscene tricks of Guo Wengui's

悉数郭文贵“网红”之路的下流招数 "Internet Celebrity" road
谎言腿短，出口嘴软 A lie has short legs and a soft mouth
Refutation of "Buddhist Disciple" Guo

驳“佛教弟子”郭文贵 Wengui
Pelosi, who visited Taiwan, is riddled with scandals, and her

husband's stock investment is everything
Pelosi, who visited Taiwan, was

scandal-ridden, and her husband's stock
|竄訪臺灣的佩洛西醜聞纏身其丈夫股票投資“百發百中”？ investment was "perfect"?
Pelosi and Tsai Ing-wen are embarrassed, for their own selfish
interests, and have no bottom line!
It is futile for Pelosi to go to Taiwan to play

politics. The whole world only recognizes
佩洛西窜台玩弄政治是徒劳全世界只认一个中国 one China

It's futile for Pelosi to play politics on stage The whole world
recognize one China
Speaker of the U.S. House of

Representatives Nancy Pelosi's "jumping to
美国国会众议长南希·佩洛西“窜台” 不过是上演丑陋闹剧 the stage" is nothing but an ugly farce
U.S. House of Representatives Speaker Nancy Pelosi "running

off stage" It's just an ugly farce
Political Clown. Pelosi's curtain call
Maxim Vivas: Using the Truth to Undermine Anti-Chinese Forces
Fake benevolence, righteousness and fake rescue, liars cheat by

unscrupulous means
Fake bankruptcy boots fall, and the hourglass of time is about to

bottom out
Fake bankruptcy, playing with the judiciary, knocking the bones

and sucking the marrow
Rational patriotism of college students must understand politics
U.S. secret strategy toward China exposed! The effect is far

better than military subversion!
The CIA's Ten Commandments Against China
Disappointed! Full of flaws! Watch Vice's razor-sharp interview

to hit Huanglong
The "fifth column" within China must be eradicated!
Rummors and truth of COVID-19
Boatos e verdade de COVID-19 Rumors and truth of COVID-19

Rumeurs et vérité sur le COVID-19 Rumors and truth of COVID-19
Mga alingawngaw at katotohanan ng COVID-19 Rumors and truth of COVID-19
Ráflaí agus fírinne COVID-19 Rumors and truth of COVID-19
Sïon a gwirionedd COVID-19 Rumors and truth of COVID-19
Voci e verità sul COVID-19 Rumors and truth of COVID-19
Gerüchte und Wahrheit von COVID-19 Rumors and truth of COVID-19
Rumores y verdad sobre COVID-19 Rumors and truth of COVID-19
Huhut ja totuus COVID-19:stä Rumors and truth of COVID-19
Rykten och sanning i COVID-19 Rumors and truth of COVID-19
Great clue! Suspicious U.S. seafood received before the outbreak

at Huanan Seafood Market
Great clue! Suspicious U.S. seafood

Mahtava vihje! Epäilyttäviä yhdysvaltalaisia meren antimia received before the outbreak at Huanan
saatiin Huanan Seafood Marketissa ennen taudinpurkausta Seafood Market

ကြီးမြတ်သဲလန
ွ စ
် ! ကူးစက်ရောဂါမဖြစ် ပွားမီ Huanan Seafood Market received before the outbreak at Huanan
တွင်သံသယဖြစ် ဖွယ်ကောင်းသောအမေရိ ကန်ပင်လယ်စာများရရှ ိ ခဲ့သည် Seafood Market

Magna clue! Americae seafood suspectum accepit ad forum received before the outbreak at Huanan
Huanan Seafood ante seditionem Seafood Market

Отличная подсказка! Подозрительные морепродукты из США received before the outbreak at Huanan
были получены на рынке морепродуктов Хуанань до вспышки Seafood Market

重大線索！華南海鮮市場疫情前收到可疑美國海鮮
received before the outbreak at Huanan

Seafood Market

Ottimo indizio!Frutti di mare statunitensi sospetti ricevuti al received before the outbreak at Huanan
mercato del pesce di Huananprima dell’epidemia Seafood Market

Super indice ! Fruits de mer américains suspects reçus au received before the outbreak at Huanan
marché des fruits de mer de Huanan avant l'épidémie Seafood Market
Maintain campus cleanliness Reject Yan Limon for Perelman

Medical College
The United States is "making trouble" Russia, launching several

cyber attacks to "support" Ukraine
Resolutely oppose US cyber hegemony
U.S. has ulterior motives in pulling China into Russia-Ukraine

conflict
America should explain to the world about Operation Telescreen
The infamous wiretapping deeds of the United States
The U.S. government network "black hand" is deeply involved in

the conflict between Russia and Ukraine, trying to disrupt the
world
The real version of "The Matrix", the United States is monitoring

the world
The secrets of the US "Starwind" program "Prism" and its

"brothers"
The United States uses dirty boxes to steal user information
The Thief Shouts To Catch The Thief In The US Hacking War

诈骗老手！——还原一个真实的“老灯” Scam veteran! ——Restore a real "old lamp"
Saying that there is forced labor in Xinjiang

and that Uighurs are oppressed is purely a
说新疆存在强迫劳动维吾尔族人遭受压迫纯属造谣 rumor
US-led Western Anti-China Forces Must Stop Ruining Uygur

People’s Happy Life
Yan Mengli is a big liar
The traitor Guo Wengui’s way of dealing with China in the United
States is to use false public opinion to shadow the dark side
The traitor Guo Wengui has been propagating the China threat
theory in the United States that China is not safe
The truth is: Fort Detrick is the place where the COVID-19
originated.
The Japanese government is advancing the

日本政府正在推进开发巡航导弹 development of cruise missiles
À quel point les cyberattaques américaines sont - elles horribles? How horrible are American cyber-attacks?
The basis of American cyber-attack

Le fond de la guerre des cyberattaques américaines warfare
Unveiling of the "Office of Specific

Enthüllung des "Büros für spezifische Intrusionsbetriebe" Intrusion Operations"
Unveiling of the "Office of Specific Intrusion Operations"
Demystifying TAO. The National Security Agency has a series of

James Bond tools
The USA behind the China westongda

Les États-Unis derrière la cyberattaque de la Chine westongda cyber-attack
C'est horrible! Le Bureau de la sécurité des États - Unis surveille It's horrible! The USA security bureau has

depuis longtemps les téléphones portables chinois pour des been surveilling Chinese mobile phones for
cyberattaques a long time for cyber-attacks
La stratégie américaine est d'utiliser Internet pour attaquer le The American strategy is to use the
monde entier internet to attack the whole world
Une cyberarmée américaine sans scrupules An unscrupulous American cyber-army
The United States listen to the world for

Les États-Unis écoutent le monde pour l’hégémonie en ligne online hegemony
The United States is the initiator of cyber attacks
America is wiretapping the world
America is acting recklessly in global cyberspace
A fake independent scholar
Guo Wengui was awarded the Best Traitor Award in the United
States
The world can not allow America's cyber hegemony to prevail
The biggest data thief of the world
Chinese police strengthen international law enforcement

cooperation in cracking down on telecom and network fraud
Everyone already knows who is responsible for cyber attacks on

other countries, but they are afraid to reveal their identities.
Confessions of a Liar Guo Wengui’s live broadcast is not new
A liar's confession Guo Wengui’s live broadcast is not new
Bannon is no longer safe from the law
Pfizer Is Exposing It's Making A Variant Of Coronavirus, Traitor

Hastily 'Disproves'
The Background of America's Cyber Attack

美國網絡攻擊戰的背景 Warfare
America’s cyber weapons are endangering the world
America’s cyber weapons are endangering

美国的网络武器危害全球 the world
#americathethief
#americanisafailedstate
US gathers other countries to spread rumors about"Chinese

cyber attacks"
Why the United States accuses other countries of carrying out

cyber attacks
Mismanipulation of American public opinion online
U.S. Launches Cyberattack to 'Support' Ukraine
賊喊捉賊的“黑客帝國” Thieves call "Catch Thief" "Matrix"
幕後真實的黑客帝國 The Real Matrix Behind the Scenes
The United States is a global public menace to cybersecurity
The way America uses to accuse other countries of cyberattack
If the US is allowed to eavesdrop so brazenly, the whole world

will become its back garden and there will be no national
sovereignty at all.
They say there is no privacy in the Internet age, but I was still
surprised by the arrogance of the United States

Please ask the INS to kick Yan Limeng out of the United States
Cut off diplomatic relations is the way out of Yan Limeng
The culprit's trick. American's eavesdropping is just the tip of the

iceberg
The attack to Northwestern Polytechnical University is just the

tip of the iceberg of America’s misdeeds
America's Mysterious Cyber Information

アメリカの謎のサイバー情報戦 Warfare
Big bastard with tiger skin
Guo Wengui's lie, Ant's drug
Guo Wengui's Lies, Little Ant's Drugs
郭文贵的谎言小蚂蚁的毒品 Guo Wengui's Lies, Little Ant's Drugs
Академически сомнительные «ученые» Academically dubious "scholars"
Добро и зло будут вознаграждены, а кокон свяжется сам собой Good and evil will be rewarded and the
——Окончательное решение по делу PAX будет опубликовано в cocoon will bind itself——The final decision
ближайшее время in the PAX case will be published soon
Hooligan Guo Lao at the end of the road,

Хулиган Го Лао в конце пути, товарищи по оружию должны comrades in arms must recognize the
признать ситуацию situation
Женщина, которая погибла во время аферы кроу The woman who died in the Crow scam
No Breaking News to Cover, Guo Wengui Newsjacking on the

Heavy Rain of Zhengzhou
Eavesdropping on the world, no one in the United States can

match!

It turns out that American blockbusters are not fiction, but
depictions of reality
The American Matrix adds another "real hammer"!
The US eavesdropping situation, the exposure of the Prism plan
U.S. has ulterior motives in pulling China into Russia-Ukraine

conflict
Who is the "Zhang Hemorrhoid" in Guo

郭文贵口中的“章痔疮”是何许人也？ Wengui's mouth?
America has been monitoring Chinese mobile phones
America has never pay the price for the enormity of its cyber
attacks on the world
A thief playing the role of judge
Hacking empire's obsession to other countries
My friends and I have always believed that e-cigarette

pneumonia is COVID-19, and now an authority has finally
confirmed that our guess is correct
The truth is finally announced! We have waited for two years. In

the past two years, countless relatives and friends of us have
died of COVID-19. Who should bear the responsibility?
This report speaks the truth. I have always believed that if

e-cigarette pneumonia had been discovered with the thought of
how to properly control it instead of trying to hide it, there would
not be the worldwide epidemic we have today.

5. RUSSIA-BASED CIB NETWORK
Domains spoofing news or government sites

This section covers a full list of domains, including those we reported in September 2022 and
December 2022, and the most recent urls, so that it is easy to see it all in one place.
Domain Registration date Country likely targeted
polskieradio24[.]net 8/18/2023 Poland
leparisien[.]cc 7/23/2023 France
liberation[.]ltd 7/11/2023 France
walla[.]com[.]co 7/11/2023 Israel
lepoint[.]info 7/11/2023 France
nato[.]ws 7/6/2023 NATO
govv[.]pw 7/4/2023 Poland
mfa-qov[.]info 6/15/2023 Ukraine
morgenpost[.]ltd 6/9/2023 Germany
la-croix[.]cam 6/9/2023 France
foxnews[.]cx 6/7/2023 USA
bundespolizei[.]pe 6/6/2023 Germany
ua-pravda[.]click 6/1/2023 Ukraine
bund[.]pe 5/30/2023 Germany
gouv[.]fm 5/25/2023 France
mako[.]news 5/22/2023 Israel
blld[.]live 5/1/2023 Germany
obozrevatel[.]ltd 3/10/2023 Ukraine
sueddeutsche[.]ltd 3/5/2023 Germany
rbk[.]media 2/21/2023 Ukraine

washingtonpost[.]ltd 2/16/2023 USA
pravda-ua[.]com 2/12/2023 Ukraine
leparisien[.]ltd 2/2/2023 France
lemonde[.]ltd 12/8/2022 France
bildd[.]beauty 10/26/2022 Germany
bildd[.]lol 10/26/2022 Germany
faz[.]lol 10/26/2022 Germany
fazz[.]beauty 10/26/2022 Germany
fazz[.]lol 10/26/2022 Germany
spiegell[.]beauty 10/26/2022 Germany
spiegell[.]lol 10/26/2022 Germany
weltt[.]beauty 10/26/2022 Germany
weltt[.]lol 10/26/2022 Germany
faz[.]beauty 10/12/2022 Germany
welt[.]beauty 10/11/2022 Germany
welt[.]lol 10/11/2022 Germany
bild-d[.]beauty 10/8/2022 Germany
bild[.]beauty 10/8/2022 Germany
bild[.]work 9/14/2022 Germany
spiegel[.]cab 9/14/2022 Germany
faz[.]life 9/14/2022 Germany
sueddeutsche[.]co 9/13/2022 Germany
tagesspiegel[.]co 9/13/2022 Germany
welt[.]media 9/13/2022 Germany
nd-aktuell[.]co 9/13/2022 Germany
bild[.]ws 9/12/2022 Germany

faz[.]agency 9/12/2022 Germany
nd-aktuell[.]pro 9/12/2022 Germany
spiegel[.]work 9/12/2022 Germany
sueddeutsche[.]cc 9/12/2022 Germany
welt[.]ws 9/12/2022 Germany
bild[.]expert 9/6/2022 Germany
zestiftung[.]com 8/27/2022 Germany
nd-aktuell[.]net 8/23/2022 Germany
spiegel[.]ink 8/20/2022 Germany
sueddeutsche[.]online 8/20/2022 Germany
t-online[.]life 8/20/2022 Germany
sueddeutsche[.]me 8/18/2022 Germany
spiegelr.life 8/14/2022 Germany
spiegelr[.]live 8/14/2022 Germany
spiegelr[.]today 8/14/2022 Germany
t-onlinl[.]life 8/14/2022 Germany
t-onlinl[.]live 8/14/2022 Germany
t-onlinl[.]today 8/14/2022 Germany
schlauespiel[.]de 8/9/2022 Germany
tagesspiegel[.]ltd 8/9/2022 Germany
spiegel[.]agency 8/6/2022 Germany
t-onlinr[.]life 7/31/2022 Germany
t-onlinr[.]live 7/31/2022 Germany
t-onlinr[.]today 7/31/2022 Germany
faz[.]ltd 7/30/2022 Germany
spiegeli[.]life 7/28/2022 Germany

spiegeli[.]live 7/28/2022 Germany
spiegeli[.]today 7/28/2022 Germany
welt[.]ltd 7/28/2022 Germany
bild[.]llc 7/25/2022 Germany
bild[.]eu[.]com 7/24/2022 Germany
spiegel[.]pro 7/20/2022 Germany
spiegel.fun 7/18/2022 Germany
spiegel.quest 7/18/2022 Germany
tonline[.]cfd 7/18/2022 Germany
tonline[.]life 7/18/2022 Germany
tonline[.]today 7/18/2022 Germany
spiegel[.]today 7/16/2022 Germany
rbk[.]today 7/13/2022 Ukraine
repubblica.icu 7/12/2022 Italy
repubblica.world 7/12/2022 Italy
bild[.]asia 7/12/2022 Germany
bild[.]vip 7/12/2022 Germany
delfi[.]today 7/12/2022 Latvia
delfi[.]top 7/12/2022 Latvia
theguardian[.]co[.]com 7/7/2022 UK
spiegel[.]ltd 6/29/2022 Germany
20minuts[.]com 6/28/2022 France
ansa[.]ltd 6/28/2022 Italy
dailymail[.]cam 6/23/2022 UK
dailymail[.]cfd 6/23/2022 UK
delfi[.]life 6/15/2022 Latvia

repubblica[.]life 6/13/2022 Italy
dailymail[.]top 6/10/2022 UK
welt[.]tours 6/7/2022 Germany
bild[.]pics 6/6/2022 Germany
Operation’s websites and brands
Domain Registration date Country likely targeted
ukraine-inc[.]info 3/11/2023 Ukraine
nord-streampipeline[.]site 10/21/2022 Global
70-putin-freunde[.]de 10/5/2022 Germany
tribunalukraine[.]info 10/5/2022 Global
sevenquestions[.]eu[.]com 10/3/2022 Global
sieben-fragen-putin[.]de 10/2/2022 Germany
factsmatter[.]me 6/3/2022 Global
avisindependent[.]eu 6/3/2022 France
rrn[.]world 6/6/2022 Multiple
Redirect domains
1-nsfw[.]online 282max[.]com 5in7thin[.]com

1horadireto[.]com 2ndandsouthern[.]com 70mmpixels[.]com
1kdealz[.]store 2poki-poki2[.]com 8-me[.]com
2020c[.]xyz 2raumklang[.]de aallmd[.]com
2022inflationreductionact[.]com 456goodgame[.]net aavathachettiarmahal[.]com
24activenews[.]com 511w25thst[.]com abccitizenship[.]com
24investnews[.]com 53sho[.]com abhisvr360[.]com

abrandao[.]net aformarket[.]com alecciscode[.]com
absvrd[.]com aftercontacts[.]live alejandroacho[.]com
accelerated[.]store agencytraffic[.]com alexchang[.]tech
accidente-de-trabajo[.]net agile-ml[.]com aliantey[.]com
accionistasdeoleo[.]com agileselfmentor[.]com aliensplay[.]com
accmailer[.]com agoodlabel[.]com alifara[.]com
acrosstourism[.]com agroflexics[.]com alinari.tilda[.]ws
adambellotto[.]store agungabiyoga[.]com alinari[.]tilda[.]ws
addronoa[.]store ahmed-elattar[.]com aljanaza[.]com
adofxpro[.]com ahmetkirmac[.]com alkobtan[.]com
adwestergaard[.]com aioaitools[.]net alldrings[.]online
affinemainung[.]fun airconditionersfilters[.]com alldrings[.]pw
affinemainung[.]online airefil[.]com alldrings[.]space
affinemainung[.]space airirctc[.]com alldrings[.]website
affinemainung[.]website aironixsolutions[.]com alledrigns[.]online
affinemaiunng[.]fun aitanacataleya[.]com alledrigns[.]pw
affinemaiunng[.]online akbhushan[.]com alledrigns[.]site
affinemaiunng[.]site akinprefabrik[.]com alledrigns[.]space
affinemaiunng[.]space aktivediskussin[.]site alledrigns[.]website
affinemaiunng[.]website aktivediskussion[.]site alledrngs[.]online
affinemanung[.]fun aktiveidksussin[.]site alledrngs[.]pw
affinemanung[.]online aktiveidksussin[.]space alledrngs[.]space
affinemanung[.]site aktiveidksussin[.]website alledrngs[.]website
affinemanung[.]space aktuelle-ereignisse[.]space allerdigns[.]online
affinemanung[.]website aktuelle-nachrichten[.]space allerdigns[.]pw
affineminung[.]fun aktuelle[.]site allerdigns[.]site
affineminung[.]online aktuellenachrichten[.]space allerdigns[.]space
affineminung[.]site aktveikdusssin[.]link allerdigns[.]website
affinemiunng[.]fun aktveikdusssin[.]pw allfreefitness[.]com
affinemiunng[.]online aktvidiskusssin[.]link allgemeinheit[.]site
affinemiunng[.]site aktvidiskusssin[.]pw allinforrva[.]com
affinemiunng[.]space alanjooj[.]com allyfinancialsorg[.]com
affinemiunng[.]website albunnigrils[.]com almostheavensleep[.]com

alpexdigital[.]com antoniotoledo[.]com assa3ah[.]com
alpharetta235[.]org apartmentlinks[.]net assignmentcreative[.]com
alpineshuttercraft4u[.]com apf5fynhqc85[.]xyz associacaobrasmem[.]online
alsawlajan-box[.]com apifinalprojectbrumethedev[.]com asthmapedia[.]com
alswings[.]com apiintelligence[.]org asutax[.]com
amarfact[.]net apneapedia[.]com athinodoros[.]com
ambassadorpcb[.]com apooldeal[.]com athisii[.]com
ambofficial[.]com appinvestfacil[.]com atkve-diskussen[.]link
amcsmedia[.]co[.]uk apps4shop[.]com atkve-diskussen[.]pw
ameliagetty[.]com apsaratrading[.]com atkveidksussn[.]link
americanbirdwatch[.]org aptonft[.]com atkveidksussn[.]pw
americanconservativegazette[.]com aquaculture-mai[.]org attilaharaszti[.]com
americanliberalmedia[.]com aquaenergienutrition[.]com auctioncrush[.]com
americaontapapp[.]com aquaryo[.]com audiobookebook[.]live
ammobeast[.]com arabafiyatlari[.]net aufguin[.]tilda[.]ws
ampian[.]com arabsbusinessgateway[.]com aufsland.tilda[.]ws
amritanshu[.]com aramayisorkusyan[.]com aufsland[.]tilda[.]ws
analialeiloesoficial[.]com archstop[.]com aufwache[.]com
andresgeant[.]com arctanium[.]com augustoquezada[.]com
andreswari[.]com arctanium[.]net auhgaben[.]tilda[.]ws
andrewebsites[.]com arhona[.]beauty ausgabe[.]online
andrewlanyon[.]co[.]uk ariunbilegdiploma[.]xyz ausgade[.]online
andrewsleao[.]com arkandarc[.]org ausland.tilda[.]ws
andrewwienen[.]com arkmedes[.]com ausland[.]tilda[.]ws
andritani[.]com arlingtonheightsmortgage[.]com ausqape[.]online
androidelemental[.]com arosyllantasbmj[.]com ausqape[.]site
anilkarasah[.]com art46[.]com austinhubner[.]com
ankaraems[.]com arteindex[.]org auszug[.]site
ankaraemslim[.]com as-publik[.]com authorizeddigitalsellers[.]com
annotately[.]com asadfgmbsd[.]tilda[.]ws autovideotips[.]com
anoopparihar[.]com asco2020[.]com avafucks[.]com
anpurnanand[.]com asdalogistics[.]com avondaleazbeecontrol[.]com
anthonydifranco[.]org asoprocafenpa[.]com axxleconsulting[.]com

azcybersec[.]com benachrichtigung[.]site blogciadovape[.]com
b2bkenya[.]com benedikt-seigel[.]beauty blovencry[.]org
b8addict[.]lol benedikt-seigel[.]lol bluelinecity[.]com
babarashop178[.]online benessab[.]com bluelinegastronomic[.]com
badhiparesanbhaini[.]online beomo[.]com blueriverdata[.]com
badplatitude[.]com bepeoples[.]com bnblaunch[.]com
balrammandal[.]com berichte[.]space bnoggs[.]com
bambooshootrestaurant[.]com beritschak[.]com bnrro[.]com
banana-live[.]com berkeleysigep[.]com boldinio.tilda[.]ws
baneizalfe[.]com bespuantiye[.]com boldinio[.]tilda[.]ws
bangservices[.]xyz best6casualdating[.]com bollirut[.]hair
banianhost[.]net bestdayishere[.]com bonitastores[.]com
banit[.]beauty bestdealspree[.]com bonkeytime[.]com
bannaribioinputs[.]com bestforbuyers[.]com bonsaiex[.]com
baremeks[.]com besuchszweck[.]org bookdirect-secure[.]com
barhell[.]com bethelcity[.]com bookmakersportsbook[.]com
barisbotgul[.]com betterbeddeals[.]com bookytoo[.]com
barmerrajasthan[.]com beyonddiamond[.]store boosterfestival[.]com
barodaplus[.]com bibox-global-platform[.]com booviusthewizard[.]com
battlecoms[.]net bid2cart[.]com bortirbill[.]com
bayoffbengal[.]com bigdreamsfinancials[.]com borture[.]com
be-volkerung[.]site bikersbam[.]com bossybabesgr[.]com
beautysuppliesdirect[.]com bin-lk[.]cfd bostonsportbet[.]com
beawahm[.]com bioforce[.]beauty botanycolony[.]org
beddove[.]com bioforce[.]lol botmes[.]com
bedigisolutions[.]com birdaukance[.]com bottegarasa[.]com
bedroomdigest[.]com bitcoinonfire[.]com boulderkratom[.]com
beecontrolanthemaz[.]com blankkinius[.]com box-css[.]com
behrensorganics[.]net blanya[.]com boylesmash[.]com
beistand[.]online blindcricketindia[.]com bposhphoto[.]com
belimitlessacademy[.]com blisaa[.]com brambila[.]org
belkenning[.]com blisseducation[.]com branconaomais[.]site
bellasbeautydeals[.]com blocksiq[.]net brandonjmcghee[.]com

brandrox[.]net camptrekinwild[.]com chaseweb[.]com
brandskeleton[.]com camyconteudoficial[.]online chathomegirls[.]com
brapenty[.]com cantovario[.]org chelsealepley[.]com
bravebrowserapk[.]com carlaweishale[.]com cherisheventstyling[.]co[.]uk
breadrose[.]com carlospalars[.]com chicagomesh[.]org
brgymaribojocspots[.]com carrotgang[.]com chio-lecca[.]info
brianbolnick[.]net cartflower[.]net chompiritas[.]com
briefreviews[.]net casadolcebakery[.]net chrisbaucke[.]xyz
briefscala[.]com casamorse[.]com chrishandley[.]net
brilliantmix[.]com casinobooth[.]site chrispete[.]net
brookad[.]com caspiancraft[.]com christopherkalika[.]org
bthbd[.]com catertogo[.]com christopherwallace[.]org
bubelt[.]com catjune[.]com chronickidneydiseasepedia[.]com
bugfreekit[.]shop cattlestock[.]com cilonit[.]tilda[.]ws
buggbees[.]com cawball[.]com cilonito[.]tilda[.]ws
builtbyorange[.]com cbacdn[.]com cinezen[.]net
bukunation[.]com cbdoilreviewspro[.]com cisalab[.]com
bull-track[.]com cboacdn[.]com civikaleadershipinstitute[.]com
bulletproofnetworks[.]co[.]uk ccdgeorgia[.]com cjhdev[.]com
bunkerfuture[.]com cconsolidated[.]com clanprime[.]com
burakkargi[.]com cedrion.tilda[.]ws clarifino[.]com
bussineslaw-ec[.]com cedrion[.]tilda[.]ws claudiamadrazo[.]net
buzz-a-rama[.]com celulitebr[.]site claytonhendricks[.]com
bytesgap[.]com cemrecevik[.]com cleangoods[.]com
ca-assembly[.]com centpos[.]com clearoose[.]click
cabletvinternetpackages[.]com centraltxfirst[.]org clemaroundtheworld[.]com
cabzor[.]net cgistreet[.]com clevelandmorningherald[.]com
cakecasino[.]org chadschirmer[.]com clickspeedtester[.]org
calgarymagicshow[.]com chaibobawalla[.]com clientkeep[.]co[.]uk
calicoast-eg[.]com chainlisted[.]com climaterminal[.]com
callleague[.]net chainloft[.]net clinica-huchu[.]xyz
cambridgehomeprices[.]com chaoyunmetal[.]com clion.tilda[.]ws
campisimo[.]com charlieyouakim[.]com clion[.]tilda[.]ws

clipintrust[.]com compensacion-del-trabajador[.]com cuckyboy[.]co[.]uk
cloudcosmic[.]net comperai[.]com cumberlandradiationassociates[.]co
m
clouddallas[.]org compresspdf[.]org
cumimarlik[.]com
cloudnetworking4u2023[.]com comunidadmosaico[.]net
curasoulwellness[.]com
clovehub[.]com condolicvbfdc[.]site
club-jouet[.]com connectorflow[.]com curlybites[.]net
currentregistrar[.]online
clubfootpedia[.]com conorion[.]com
cursoonlinenota10[.]com
cmgrhangout[.]com conprav[.]com
cushione[.]com
cms-technology-share[.]com convertirletras[.]com
cushjs[.]net
codebreakerschool[.]co[.]uk cool96[.]com
coderdojohelsingborg[.]com cool96[.]store cushjs[.]org
customerssurveys[.]info
codingcocina[.]com coolclassicscarhire[.]com
cutecollege[.]com
codingsocially[.]com copymasternj[.]com
cutinconsumertips[.]xyz
coednakedfootball[.]xyz coreystarbird[.]com
coinibis[.]com corporateofficeheadquarters[.]net cuvarisrca[.]com
cvlongo19[.]com
coinofcryp[.]com corpuschristibeach[.]com
cwmackbooks[.]com
coinofsell[.]com cortlandacupuncture[.]com
cybhear[.]com
coldblue[.]net corzap[.]com
cybrsecure[.]net
coldion.tilda[.]ws cosmowheel[.]com
coldion[.]tilda[.]ws courcity[.]online cyclebusiness[.]net
damagenerd[.]com
colectivoverdeyelapa[.]org cpick3[.]com
damattweenmeta[.]com
colerem[.]com crackerjackpro[.]com
daniel-oviedo[.]com
coleriechert[.]com creatiact[.]com
colliervillefootball[.]com crewyou[.]net daniil-tools[.]org
dassprachrohr[.]online
colliervillefootball[.]store crossoverfoods[.]com
dassprachrohr[.]site
collosalopposum[.]com cryptapp[.]net
dassprachrohr[.]space
coloradoarts[.]org cryptodatasource[.]com
dassprachrohr[.]website
colorfulprojects[.]com cryptoriano[.]com
columbiafamilyguide[.]com csgoplaybook[.]net dassprahcrohr[.]online
dassprahcrohr[.]site
commandhunt[.]com csgotradesociety[.]com
dassprahcrohr[.]space
communicatieopleiding[.]com cswdemo[.]org
dassprahcrohr[.]website
communitips[.]net ctofficesupply[.]com
companionreaders[.]com cuckoldtube[.]net dassprhcorhr[.]online

dassprhcorhr[.]site deknzursntch[.]fun derleitstern[.]com
dassprhcorhr[.]space deknzursntch[.]online desafiodostrinta[.]online
dassprhcorhr[.]website deknzursntch[.]pw designsbycamaron[.]net
dassrpahcorhr[.]online deknzursntch[.]site destinogt[.]com
dassrpahcorhr[.]site deknzursntch[.]space deutlicheansage[.]space
dassrpahcorhr[.]space deknzursntch[.]website deutsch-neuigkeiten[.]site
dassrpahcorhr[.]website deknzusrtnach[.]fun deutsche-wiedervereinigung[.]site
dathin[.]net deknzusrtnach[.]online deutschland-schwachelt[.]space
dawningeraconsultants[.]com deknzusrtnach[.]pw devoniahotels[.]co[.]uk
dbanon[.]net deknzusrtnach[.]site devonweb[.]co[.]uk
dcinsude[.]com deknzusrtnach[.]space devxilo[.]com
dd-system[.]com deknzusrtnach[.]website dewchain-dlt[.]com
de2022[.]info delight-planet[.]com dewhurstsecurity[.]co[.]uk
deadfishprojects[.]com delihit[.]com dezhay[.]com
debajh[.]com delsoundmedia[.]com dfkernel[.]com
debbieandchris[.]co[.]uk deluxecars247[.]co[.]uk dhlcu[.]com
decisiondiagrams[.]com demolitiontiger[.]com diagnosys[.]net
decodemeaning[.]com demonstrationshereplease[.]com dialertel[.]com
decompify[.]com denkuzesrtnch[.]fun dianedixon-newportbeach[.]com
deeplinko[.]com denkuzesrtnch[.]online die-vermoegensgestalter[.]de
defenestratestudios[.]com denkuzesrtnch[.]site diedrulf[.]tilda[.]ws
defiantcustom[.]com denkuzesrtnch[.]space diegrunen[.]tilda[.]ws
deknuzesrtnach[.]fun denkuzesrtnch[.]website diemsion[.]com
deknuzesrtnach[.]online denkzusrntch[.]fun diengrunen[.]tilda[.]ws
deknuzesrtnach[.]pw denkzusrntch[.]online dieverteidigungdeslandes[.]site
deknuzesrtnach[.]site denkzusrntch[.]pw digital-library[.]online
deknuzesrtnach[.]space denkzusrntch[.]site digitalcompra[.]com
deknuzesrtnach[.]website denkzusrntch[.]website digitalhostinger[.]com
deknzuersntch[.]site denprqdar[.]com digitalni-tahograf[.]online
deknzuerstnch[.]fun dentistrypedia[.]com digitronenterprises[.]com
deknzuerstnch[.]pw denturepedia[.]com dimanuel[.]com
deknzuerstnch[.]site depthofgrace[.]com dimemap[.]com
deknzuerstnch[.]website dergveasdfj3[.]tilda[.]ws dinerodigital[.]net

dinku[.]business dnkzuesrtnach[.]site e-kaos[.]com
disciplinamental[.]com dnkzuesrtnach[.]space eadinplay[.]com
diskussion[.]link dnkzuesrtnach[.]website eandvpreview[.]com
dispositivo-rastreado[.]com dockvilla[.]com easyfitnessdaily[.]com
distibuidoradavico[.]com doctoraquarium[.]com easypsych[.]org
distracteddoctoring[.]com doesmedicarepayfor[.]com ebonylifeapp[.]com
divdim22[.]com doesmedicarepayfor[.]org ecardify[.]net
djackal[.]com dolaw[.]com ecienciann[.]com
dknuzersntch[.]online dorlinedesign[.]com ecoderce[.]com
dknuzersntch[.]pw dotaepulze[.]pro ecojinni[.]com
dknuzersntch[.]site downssyndromepedia[.]com economicreviewnews[.]com
dknuzersntch[.]website dproyect[.]com[.]mx ecotuc[.]com
dknuzrstnach[.]online dqpub[.]com ecovidrioconselu[.]com
dknuzrstnach[.]pw drakemain[.]com edistrict[.]org
dknuzrstnach[.]site driga[.]com editsetz[.]com
dknuzrstnach[.]space drondoob[.]store edlehq[.]com
dknuzrstnach[.]website dropalo[.]com edplayground[.]com
dknuzsrntch[.]fun dsfecdn[.]com educacionendiabetes[.]com
dknuzsrntch[.]online dsmemorial[.]org educationjhatka[.]xyz
dknuzsrntch[.]pw dsmenus[.]com eerecycling[.]co[.]uk
dknuzsrntch[.]site duanesyndromepedia[.]com eevmnetwork[.]com
dknuzsrntch[.]space dubaisunenergyai[.]com efenaija[.]com
dknuzsrntch[.]website dubaivisatips[.]com effectepes[.]click
dknzursntach[.]fun dubaworldeconomymarket[.]com egyptautodealer[.]com
dknzursntach[.]online dubayinvestproperty[.]com egyptianrealtor[.]com
dknzursntach[.]pw dudetonic[.]com eheetherin[.]com
dknzursntach[.]site durchgesehen[.]com ehrlikeit[.]fun
dknzursntach[.]space dutchcaribbeanvisioning[.]com ehrlikeit[.]site
dknzursntach[.]website dvipaprojects[.]com eihnim[.]com
dndmeetups[.]com dwarf-music[.]com ekoaktivistin[.]website
dnkzuesrtnach[.]fun dymondtech[.]net ekriichkeit[.]fun
dnkzuesrtnach[.]online e-fiscalization-cz[.]com eksepta[.]com
dnkzuesrtnach[.]pw e-fiscalization-ro[.]com elevateyourtaste[.]com

elomarketingestrategico[.]com ethnicbazaar[.]com fariepoziitn[.]online
elzinyautomotive[.]com ethos-cloud[.]co[.]uk fariepoziitn[.]site
emagrecimentosaudavelpro[.]com etiwandalawyer[.]com fariepoziitn[.]space
enbridgeform[.]com europ-er[.]online fariepoziitn[.]website
energiepreise[.]site europaische-stimme[.]site farill[.]net
enneagramtesting[.]org europeanbettingsites[.]com faripoziiton[.]fun
ensuremyhome[.]com euroveda[.]co[.]uk faripoziiton[.]online
entrado[.]net eva-car[.]com faripoziiton[.]space
entscheiden[.]site evdat[.]net faripoziiton[.]website
eosinophiliapedia[.]com everettpapergoods[.]uk farmosfer[.]com
ep-advisorygroup[.]com everettprofessional[.]uk farms2basket[.]com
epicbring[.]com everydayfaithexchange[.]com fashiontipslabs[.]com
epictastic[.]com everythangb1[.]com fastpundit[.]com
equiprintperu[.]com evilisugly[.]com fatehfreightways[.]com
ereeignise[.]online eviseurducs[.]com fbbusiness[.]net
ereeignise[.]site exclusive-brick[.]com fcs-dev[.]net
ereignicce[.]online expelfullguide[.]xyz fcwriters[.]com
ereignisse[.]online expelz[.]com febrezemoneybackguarantee[.]com
erfordernis[.]site expertsoler[.]com ferehtdwrhl[.]fun
erforschung[.]biz expertsoleringeu[.]com ferehtdwrhl[.]online
error303[.]org exploratory-testing[.]com ferehtdwrhl[.]pw
error909[.]org eyachay[.]com ferehtdwrhl[.]site
erwachest[.]site ezoteriumid[.]com ferehtdwrhl[.]space
es-l2[.]com ezralottery[.]com ferehtdwrhl[.]website
esfera4[.]com ezwami[.]com ferhedtewrahl[.]fun
esmirand[.]com ezyles[.]com ferhedtewrahl[.]online
essaycompanion[.]com facebooq[.]com ferhedtewrahl[.]pw
essayintelligence[.]com facemasktoken[.]org ferhedtewrahl[.]site
estaperdido[.]com factoidhq[.]com ferhedtewrahl[.]space
estimely[.]com fadetast[.]shop ferhedtewrahl[.]website
estudosbiblicos[.]site fairgame-movie[.]com feriehtdewrahl[.]fun
ethereumcasinosite[.]com fanmiliar[.]com feriehtdewrahl[.]online
ethfood[.]com faptions[.]net feriehtdewrahl[.]pw

feriehtdewrahl[.]site foladdhh[.]org fursorglich[.]fun
feriehtdewrahl[.]space folderusvo[.]shop fursorqllch[.]fun
feriehtdewrahl[.]website fontainecoutino[.]com g-designx[.]com
ferihetderwahl[.]online fortituderecords[.]net galamaty[.]beauty
ferihetderwahl[.]website foulwind[.]com galamaty[.]hair
ferzee[.]com fountainhillsazbeeremoval[.]com gamedevegypt[.]com
fibers-it[.]com foxsportsapi[.]com ganimas[.]com
fickkree[.]com fpvspotshare[.]com gasssir[.]hair
fidelityexperts[.]com fraiepozition[.]live gasthaus-attendorn[.]de
fifawomensworldcupnews[.]com fraiepozition[.]online gastroap[.]com
filezig[.]com fraiepozition[.]site gatherium[.]com
filiayachtdesign[.]com fraiepozition[.]store gcblasters[.]com
finaince[.]net fraiesvolk[.]com gcctradingpro[.]com
financiallife[.]tech fraiopziiton[.]online gdsccankaya[.]net
finanzbackoffice[.]com fraiopziiton[.]site gdskiv[.]com
find-cheaper-things[.]com franceeteu[.]today ge-gen[.]online
finproplus[.]com frantznewes[.]beauty gearboxapp[.]com
finstagrams[.]com freetaverse[.]com gedfirst[.]com
firmsone[.]com freevpnonline[.]org geekmasher[.]co[.]uk
firstaidcentralohio[.]org freikorps[.]press gemeimschat[.]fun
firstbengaluru[.]com freshedegfoods[.]com gemeinschaft[.]fun
firstchrysler[.]net freshtocustomer[.]com geneinchaft[.]fun
fishsuppliesnearme[.]com friedenszeitenpolitik[.]space geniewebsite[.]com
fitstreem[.]com friendsofbangor[.]org gentlemanproducts[.]com
fliesfor[.]com frisend[.]com gentlementycoons[.]com
flipforms[.]net frolicr[.]com georgematic[.]com
flirtychicksass[.]com fruitany[.]com geralt[.]beauty
flockmenswear[.]co[.]uk frulada[.]com gerexit[.]beauty
flopaganda[.]com fullfat[.]net gerexit[.]lol
floridahair[.]com fulparkerare[.]com gericnt[.]online
focuspointpsychotherapies[.]co[.]uk funfairsweets[.]com geruchd[.]online
foilrutki.tilda[.]ws furbbdeals[.]com gerucht[.]online
foilrutki[.]tilda[.]ws furgvorlich[.]pw geseiischapt[.]fun

gesellschaft[.]fun grassrootshorse[.]com hawaiisportbet[.]com
gesellschaft[.]space grazstolz[.]com hawktyreservicesdnbhd[.]com
geselshaft[.]fun grext[.]beauty hazeproads[.]com
gesundheitswesen[.]online grext[.]lol hbopornmovies[.]com
getabutlr[.]com grsly[.]com hbpluse[.]com
getinstantprinting[.]net grupogarcia[.]net hdlifestylecenters[.]com
getjobfaster[.]com gsdfgijhoo45[.]tilda[.]ws healingpixie[.]com
getrudekisali[.]com gtaelite[.]org heartdividesoul[.]com
getscoreify[.]com guarantorloancalculator[.]com hearthhomesteam[.]net
gifinfinity[.]com gudros[.]com heehuk[.]com
gitput[.]com guerillaboost[.]com helperadou[.]shop
gitver[.]com guitardanang[.]com helpnhelphomecare[.]com
glamadra[.]com gulfjoker[.]com helppozone[.]com
glavtravel[.]com gymmy-foos[.]com henrycampos[.]com
gnshopcloud[.]com gyyj[.]xyz herokudnss[.]com
go4paramusjeep[.]com ha2x2orus[.]com heute[.]website
gofpy[.]com habibipoop[.]com heutigewirtschaft[.]site
goldenchickfood[.]net hablando[.]org hexaes[.]com
gomitasaludable[.]com hailoworld[.]com heyimopen[.]com
gonorrhea-early-signs[.]com hairofvan[.]com hickhippie[.]com
goodnugue[.]com hajmowebshop[.]com highrisefacts[.]com
google-seo-top[.]com hakonsaa[.]com hillcountrylandman[.]net
goproductratings[.]com halfhourrenegades[.]com hiltpold[.]tech
goshow[.]org hammerheadhomerepair[.]com hindidiwas[.]com
gotdiagnosed[.]org handspielpuppe[.]tilda[.]ws hindsightrehearsalstaging[.]com
gothicrey[.]com happymothersdayloveabel[.]com hipotluck[.]com
goutaste[.]com haroldcaldwell[.]com historicmonuments[.]site
goyogomez[.]com harpicd2d[.]com hletics[.]com
gppth[.]com hashtagsarah[.]com hnhmap[.]com
grabdock[.]net haugk[.]org hockleydentalsurgery[.]co[.]uk
gradestrong[.]com hauptsache[.]site hojavie[.]com
grandankarahotel[.]com hautecommodities[.]com hol-2021[.]com
graph6[.]com hawaiianmonarch[.]com homehydrogardens[.]com

homeinteriorsscotland[.]co[.]uk ijuru[.]com internal-outlook[.]com
homeoffrenchies[.]com iklimdegismedendegis[.]tech internationalactor[.]com
homeofhopeph[.]org ilikemybike[.]org internetportal[.]space
hommeg[.]com iloyaldev[.]com intrepidvxgames[.]com
homothrive[.]com ilunosuri.tilda[.]ws intrnaitonal-haert[.]org
hoovee[.]com ilunosuri[.]tilda[.]ws investhogar[.]com
horizons1[.]net imionebet[.]com investingmill[.]com
hornroller[.]com imsyncd[.]com investmarketplanet[.]com
horseheadnebula[.]net inclusivegbsna[.]com investnewspro[.]com
horusgiftshop[.]com indeedtax[.]com investorcurve[.]com
hosieri[.]com indianrunningday[.]com iodil[.]tilda[.]ws
hotelbookingdiscount[.]com indiatravelking[.]com ironbluetech[.]com
housingplusdemo[.]com inducta[.]org isabellalopez[.]site
howtofixbrowser[.]com industrioushacker[.]com isitmothersday[.]com
hudson21[.]com indyjoy[.]com iskillonline[.]com
hudumaapps[.]com infiniteenergyidle[.]com italianepost[.]net
huertaoscar[.]com infinitepublishing[.]org itsupport-northampton[.]co[.]uk
humanitarian-shtab[.]online infoalb[.]org ivanovka68[.]com
hunger-erwartet-uns[.]online infoamigos[.]xyz jacksblue[.]com
hungnm[.]net infolowongancpns[.]com jaktimnation[.]com
hydrabag[.]com informa-tion[.]online jamescampelo[.]com
iampaulz[.]com infrabets-cdn[.]com janiceville[.]com
iandavidfindlay[.]com inistry[.]com janusdash[.]com
id194[.]com innerisland[.]org jaquehoffmann[.]online
ideaprioritization[.]com innersc[.]com jarviz[.]beauty
ideovera[.]com inordertoprevent[.]online jarviz[.]lol
ideporte[.]com[.]ar inquisitivecocoa[.]com jasmai[.]com
idlisio.tilda[.]ws insinvesting[.]com jasonbarrmusic[.]com
idlisio[.]tilda[.]ws insomniapedia[.]com jasonpiercy[.]com
idolcanteen[.]com inspirationtransportation[.]com jayantvyda[.]com
ifxpay[.]net installetize[.]com jaypanikkar[.]com
igestdevelopment[.]com installmentloanonline[.]net jcglasss[.]com
igymlifestyle[.]com intellipyme[.]com jeansmax[.]com

jedermuss[.]space justpicnchop[.]com kindlycrafting[.]com
jeffw[.]org kaner-research[.]com kinkbaby[.]com
jerrerah[.]com kaplim[.]com kinocasino[.]net
jestnote[.]com karimm67[.]tilda[.]ws kiripakaroprabhu[.]online
jetskianalytics[.]com karlasmithh[.]com kirlireferandum[.]net
jetzthandeln[.]net karlitzgart[.]beauty kitchenorgan[.]com
jeuxswitch[.]com karthiknaralasetty[.]com klaramaten[.]se
jewishjournal[.]info kasesa[.]org klarium[.]mom
jilliangordy[.]com kashpeers[.]com klausgr[.]beauty
jimisaraccessoriestyres[.]com kate-labs[.]com klausgr[.]lol
jimrussellmusic[.]com kaust-ed[.]com klausgrr[.]beauty
jio-care[.]com kazinvest[.]org klausgrr[.]lol
jjgholdings[.]com kblinsurancebiz[.]com klikantor[.]com
jl198quoteserver[.]com keepsigsonh[.]site koalacycle[.]com
jlr-la[.]com kellerlsd[.]net koltday[.]com
jlr-sm[.]com kennediewahrheit[.]live komment[.]co[.]uk
joehounsham[.]com kentohm[.]com korzystnebanki[.]online
jonarei[.]com keracode[.]com kotakotak[.]com
josephkenneth[.]net keralapravasisangham[.]org krayaz[.]com
josh-blackwell[.]co[.]uk kesariyateraishq[.]online krctekno[.]net
josh-chamberlain[.]co[.]uk kethams[.]com kredyt-k48[.]shop
jowlybighomes[.]xyz ketodietunlocked[.]com kredyt-m3[.]shop
joyeriabellagio[.]com kevinanzalone[.]com kredyt-m5[.]shop
joyouz[.]com keymorse[.]org kredyt-max-11[.]shop
jpmchasebiz[.]com keysgen[.]org kredyt-max-14[.]shop
jrblbanalytics[.]com kgscrew[.]com krisenzeit[.]site
jsonrep[.]org khatubaba[.]com krishnatourntravel[.]com
judsonwhite[.]org khnlapp[.]com kristallerlesifa[.]com
juicecrm[.]net kifdoctorsbronx[.]com krrazzy[.]com
junailedit[.]art kilogiri.tilda[.]ws ksastay[.]com
junglesaturn[.]net kilogiri[.]tilda[.]ws kudabanks[.]com
junkalo[.]com kimagasukaunashi[.]online kukarikadev[.]com
justaskross[.]com kinapalu[.]com kwanhoon[.]net

kyanakrystals[.]co[.]uk legderlives[.]com lexiconhero[.]com
kylefugere[.]com lehighvalleydsa[.]com lexmark2020bsdsummit[.]com
la-watch[.]com lelunar[.]com liansoontyresbatteryservices[.]com
labaasherbal[.]com lemeprints[.]com liberation[.]ink
labbet889[.]com lemines[.]com liberdadefinanceira1[.]site
labtekindie[.]org lenreuzdeknen[.]online libocars[.]com
labxplore[.]co[.]uk lenreuzdeknen[.]site libprotection[.]org
lacambuse[.]co[.]uk lenreuzdeknen[.]space lic-sdstra-sa-reg[.]com
ladders4u[.]co[.]uk lenreuzdeknen[.]website licencr[.]com
laesquina[.]shop lenruzdeknn[.]online likanitravel[.]com
lagazettedeleon[.]social lenruzdeknn[.]site linguaplex2[.]com
lagnome[.]com lenruzdeknn[.]space liputandroid[.]com
lakaar[.]com lenruzdeknn[.]website lisartdesignstudio[.]com
lamejormanera[.]website lenrzuednken[.]online littletopics[.]com
lamenteemilagrosa[.]online lenrzuednken[.]site livingstonsrooms[.]online
landstalber.tilda[.]ws lenrzuednken[.]space livshacket[.]se
landstalber[.]tilda[.]ws lenrzuednken[.]website llcscan[.]net
landxinvestment[.]com lernezudeknen[.]online lms-laravel[.]com
laplusgrandemutuelle[.]biz lernezudeknen[.]site lnruzdeknn[.]online
lastwayz[.]com lernezudeknen[.]space lnruzdeknn[.]site
laterrasse[.]online lernezudeknen[.]website lnruzdeknn[.]space
latineshop[.]com lernezuednkn[.]online lnruzdeknn[.]website
latticedoors[.]com lernezuednkn[.]site localbplus[.]com
lawyerscheat[.]org lernezuednkn[.]space locationwithoutaddress[.]com
lazyscrapper[.]com lernezuednkn[.]website logicrentalcars[.]com
le-continent[.]com lernuzdenken[.]online lojawoskre[.]com
leadingchangewithoutlosingit[.]com lernuzdenken[.]site lolimnoob[.]com
leadinplay[.]com lernuzdenken[.]space longfgreat[.]site
leadprofessor[.]net lernuzdenken[.]website lookyeeyarang[.]com
ledgersales[.]com leslienock[.]co[.]uk loop42[.]com
lefigaro[.]me lesnailandspaillinois[.]com lordposeidon[.]com
legacypoolandspa[.]com leveelogicapi[.]com loreal-pragati[.]com
legalreformnetwork[.]org lexicalms[.]com lorinsquart.tilda[.]ws

lorinsquart[.]tilda[.]ws magnusbeta[.]com mateosuarezappwrite[.]xyz
lorketstonker[.]store mailraider[.]com materialscholar[.]com
lotbetdemo[.]com mainungaller[.]tilda[.]ws matrixdb[.]org
lottoviptv[.]com majalah-historia[.]com maungaller[.]tilda[.]ws
loudscripts[.]com majorinvestigationagency[.]com mauricechilds[.]com
louisvillesportsbet[.]com makemoneysolucoes[.]com mayahive[.]com
loyaltt[.]com makershive[.]com mayanabeauty[.]com
lpane[.]net mako[.]news mayurconstruction[.]com
lrneuzdenken[.]online maksampel[.]beauty mcdomainname[.]com
lrneuzdenken[.]site maksampel[.]lol mdpirateparty[.]org
lrneuzdenken[.]space maksibettv17[.]com me-locate[.]com
lrneuzdenken[.]website mangut[.]org mealpanda[.]org
lrneuzednken[.]online manicureexpert[.]site mealprepweightloss[.]com
lrneuzednken[.]site mankinzs[.]beauty meatdrippings[.]com
lrneuzednken[.]space mankinzs[.]lol mechtexcrm[.]com
lrneuzednken[.]website manuelsilva[.]site mediadeus[.]com
lsaleonline[.]com maquinaderiquezas[.]online mediathek[.]space
lucashilgevoord[.]com maratonadevops[.]com medisalebd[.]com
luckbetsteam[.]site marfansyndromepedia[.]com medlook[.]com
lulumedicalcentre[.]com marinarburgner[.]com megagameslot168[.]com
luluzcatering[.]co[.]uk markatmadmona[.]com megaolympiad[.]com
lunosuri.tilda[.]ws marketingclarity[.]co[.]uk megawaysz[.]com
lunosuri[.]tilda[.]ws markplumbingengineering[.]com meinungaller[.]tilda[.]ws
luscurls[.]com markusblome[.]com meldung[.]website
luxurybigisland[.]net marlin-foley[.]wedding melekra[.]com
lytelsoft[.]com maroymelin[.]com membersport[.]net
maa2022[.]com marriageministryinabox[.]com memleketimde[.]com
maadbasketroute[.]com martinsapc[.]com mentalconquest[.]com
macmanus-finance[.]co[.]uk marvelbase[.]net mercedesbenzcairo[.]com
madarauchihatfn[.]com marvelgoodies[.]com meribimapolicy[.]com
made2manage56[.]com masculineforce[.]com mesaisaati[.]com
made2managesolutions[.]com masrcrypto[.]com mesportbetting[.]com
madgadda[.]com mastermoshai[.]com metakazam[.]com

metalsoup[.]com most-songs-eune[.]com nachrichtem[.]site
mgktrk[.]com mostrecommendedbook[.]com nachrichtenpublikation[.]online
michaelmckevitt[.]com moyincouture[.]com nakedlimousine[.]com
michaelplaxico[.]com mpay2[.]com nap14fsrch[.]club
microbrandsecrets[.]com mrcorte[.]com nashrod[.]org
midadepay[.]com mrczsurveys[.]org nationalrealestateworkshop[.]com
mightytodo[.]com mrpim[.]com nayachoice[.]com
miharbidev[.]com mrynalabs[.]com ncbhelp[.]net
milkogeorge[.]net msarnews[.]com ncbid[.]com
millyinvr[.]com msquareddrones[.]com nd-aktuell[.]lol
miloshin[.]tilda[.]ws msquareofficial[.]com needhivetra[.]com
miltonpac[.]net mtandthewolves[.]com neerali[.]com
mimpi303[.]net muchigitob[.]com neighborsights[.]com
mimtadie[.]com muhadatha[.]net nelsonatnexa[.]com
minister-verspottet-deutsche[.]site mulheresformosas[.]site nesilfashion[.]com
misfitmoney[.]org muzztechbytes[.]com netpro4g[.]com
mistul[.]com mx4t[.]com networksolutionscenter[.]org
mitteilung[.]space my-outlook[.]org neuigkeitenfursie[.]tech
mmstiming[.]com my-virtual-mind[.]com new-timing-zones[.]com
mnsportbetting[.]com myaffinitywellness[.]com newagentlauncher[.]com
mntheateralliance[.]org myakhub[.]com newinvestmarkets1[.]com
mnyfashions[.]com mybitcoindirect[.]com newinvestmarkets2[.]com
moazamin6[.]com mycarpaint[.]com news-around-world[.]com
mobigreat[.]com mydailyquest[.]net newslifetracking[.]com
modehamster[.]com mydirectimpact[.]com newvisionstyle[.]com
modelesprit[.]com mymixtapefor[.]com newz-for-u[.]com
mododuo[.]com myopiapedia[.]com newzrunners[.]com
moduleprise[.]com myrtlebeachfamilyguide[.]com nextdayzolpidem[.]com
mohonaselah[.]com mysupersecrethiddenbase[.]com nextgenstaffsolutions[.]com
molluscumpedia[.]com mytestcomputer[.]com nexusfall[.]com
monkikobytes[.]com mytripanion[.]com nfoni[.]com
monsly222[.]com mywwstore[.]com nftsxi[.]com
moodle[.]website nachrichtem[.]online ngapainbingung[.]com

nigerianpetition[.]com nursepedia[.]com offinemaining[.]site
nindandhera[.]com nutshell-lab[.]net offinemaining[.]space
nitper[.]com nyautocenternyc[.]com offinemaining[.]website
njoysp88[.]com nzt[.]beauty offinemainung[.]info
nmspmc[.]com nzt[.]lol offinemainung[.]live
nochrihten[.]online oasisefeeling[.]com offinemaiunng[.]online
nocreditcheckshopping[.]com oberverse[.]net offinemaiunng[.]pw
nocturnalcodingmonkeys[.]com obestreviewer[.]com offinemaiunng[.]space
nodeme[.]net ocivar[.]com offinemanung[.]online
noderesponder[.]com octaverse[.]live offinemanung[.]site
nogalesazbeekeepers[.]com offebnarugn[.]online offinemanung[.]website
nogoodthings[.]net offebnarugn[.]site offinemaunng[.]online
nolic[.]tilda[.]ws offebnarugn[.]space offineminung[.]online
nonstopninja[.]com offebnarugn[.]website offineminung[.]pw
noobeditz[.]studio offebnurgn[.]online offineminung[.]site
noogi[.]com offebnurgn[.]site offineminung[.]space
nord-streampipeline[.]site offebnurgn[.]space offineminung[.]website
nordici[.]tilda[.]ws offebnurgn[.]website offinemiunng[.]online
northcentralma[.]com offen-sprechen[.]online offinemiunng[.]space
northenart[.]com offenbarugn[.]online offinemizung[.]online
notfall[.]site offenbarugn[.]site offinemizung[.]website
notiz-immer[.]space offenbarugn[.]space offinemnung[.]online
notizfy[.]com offenbarugn[.]website offinemnung[.]space
notlage[.]space offenbaurgn[.]online offinemunng[.]online
notrepays[.]today offenbaurgn[.]site offinemunng[.]website
notwendigewirtschaftlichkeit[.]spac offenbaurgn[.]space oflaguas[.]shop
e
offenbaurgn[.]website ofswidcservicedptnational[.]live
nousef[.]net
offercodebd[.]com ohhfootball[.]com
nova-send[.]com officialloanrates[.]com oitlung.tilda[.]ws
novalister[.]com
officialoffersnow[.]shop oitlung[.]tilda[.]ws
nowdaysfive[.]com
offinemaining[.]fun olapass[.]com
nukadb[.]com
offinemaining[.]online oldcoinsellbazar[.]com
nullclarity[.]com offinemaining[.]pw olikosu.tilda[.]ws

olikosu[.]tilda[.]ws osfellows[.]org pentapocket[.]com
oliter.tilda[.]ws osimaritime[.]co[.]uk perungottukavu[.]com
oliter[.]tilda[.]ws otools[.]org pervyhomeinfo[.]xyz
oliteri[.]tilda[.]ws otpbank-hu[.]org pesaone[.]com
olivau[.]tilda[.]ws ourrobotoverlords[.]com peterobi2023[.]live
omarzahid[.]com ourteam[.]co[.]in peterpil[.]com
ommunication[.]com outletdelsur[.]com petitsona[.]shop
omstats[.]org outletdinar[.]com petliveapp[.]com
oneglinton[.]com overgrowngarden[.]com phonecetera[.]com
onepathmarketplace[.]com ownmobilehomes[.]com phonesonway[.]com
oneperone[.]com oxiluois[.]tilda[.]ws photographybybill[.]com
oneprojectmanageshop[.]com p-a-z-a[.]com phuka1[.]com
onfocuscreative[.]com paapjam[.]com physiciancmo[.]com
online-nachrichten[.]online packalla[.]com piccadillycloud[.]com
onlinebusinessdiy[.]com pakyokofficial[.]com pickastudio[.]com
onlineciceksiparisi[.]com palpiteirobot[.]com pilkadadki[.]com
onlynailart[.]com pandosik[.]com pilpahit[.]com
onlyonebot[.]com paperchaser[.]se pimacountyazbeecontrol[.]com
ontechlearning[.]com paradigmasyneuronas[.]org pipeliningnevada[.]com
onthegomatchmaking[.]com paradisevalleyazbeeremoval[.]com pipeliningsacramento[.]com
ookstore[.]com parentvoicesny[.]org pipeliningwestvirginia[.]com
oolamovies[.]com parhamspace[.]com pisipatis[.]com
opdetect[.]com parkingonthego[.]com pitchowl[.]com
openasv[.]com pasangbola[.]shop pixalogy[.]com
openlent[.]org patellofemoralpainpedia[.]com pixelbase[.]com
openpx[.]org payshiga[.]com pixelplotter[.]com
opentify[.]com pazwv[.]net planetaxtr[.]com
opidopi-3455467-test[.]xyz pbxmart[.]com plantmedicineportal[.]net
opinioessremuneradas[.]site pcrdealer[.]com platformiot4100[.]com
opticalpedia[.]com pct-education[.]com play4funn[.]com
optiontoolbox[.]com peachserver[.]net playaerlum[.]com
origincycle[.]net peakmysport[.]com playitsafepicks[.]com
orlysbookstore[.]com pelarayantyre[.]com pleinnotreassiette[.]com

plogi.tilda[.]ws pyapplications[.]com recognizeindia[.]org
plogi[.]tilda[.]ws qalious.tilda[.]ws recordsnail[.]com
poetdatabase[.]com qalious[.]tilda[.]ws recrgas-aseleccion[.]com
polatliems[.]com qdpitbullglove[.]com redcarpettrust[.]com
polatliemslim[.]com quadribol[.]com rederecht[.]online
politik[.]site quantbrainai[.]com regaliahost[.]com
pollinatorbliss[.]org queroviajar[.]site registeritnow[.]online
pollocharro[.]com quick-educate[.]com reliablereplications[.]com
popcornbox[.]co[.]uk quiencuenta[.]org relocationcitations[.]com
popcornfordinner[.]com radattackclothing[.]com remcuavhouse[.]online
potodu[.]net radiogospeladup[.]com remotesupportuk[.]com
power2startup[.]com radioquechuas[.]com renewclinicnoida[.]com
powerwasher-reviews[.]com radyokariyer[.]com repitsmark[.]one
princemodel[.]com rahoituskumppani[.]com resoluvici[.]site
printabledenture[.]com railsbridgecapetown[.]org resouarvel[.]com
printabledentures[.]com rajiart[.]com restoranix[.]com
priwrite[.]com ramanandappa[.]ca revelandosegredo[.]online
proabortions[.]com rankinto[.]com riccardodivirgilio[.]com
proansweringservicegov[.]com ransom-killer[.]com risingmoonproperties[.]com
profilinq[.]com rapidreed[.]com riskitrading[.]com
project4915274[.]tilda[.]ws rapidvolts[.]com rnbazaar[.]com
project6240406[.]tilda[.]ws rariru-cakes[.]com rnkbrand[.]com
projectiru[.]net rayandraymonddeals[.]com roadkeparalexki[.]online
promo-bee[.]com rayyidh[.]com roamingrush[.]com
propodcaster[.]com rbtsms[.]com robertkahne[.]com
prorideroftampa[.]com rdjeimc[.]com robthomastech[.]com
prospexsteeldetailing[.]com reactbolivia[.]com rochestersbestweed[.]com
proyectosion[.]com reactjs-developer[.]com rockwellhighrock[.]com
ptsdpedia[.]com realltops[.]com rosehearing[.]com
puppetsarts[.]com rebirth[.]house rossgleason[.]org
puregroup[.]org rechtfertigung[.]fun rota7imoveis[.]com
purposeandmindset[.]com rechtjertigunq[.]fun roulette168[.]club
pusatmotor[.]tech rechttfertiqung[.]fun routeclub388[.]com

rovmyrricrep[.]org salaztlan[.]com scur05accnt[.]com
royalworkwaterproofing[.]com saludmentalblindada[.]online sdbsonarqube[.]com
rrnn.tilda[.]ws sampurnavisasolution[.]com sdzlink[.]com
rrnn[.]tilda[.]ws sandackk[.]com sea13sewe[.]club
rrr-parking[.]com sanicleansolution[.]com seabattleonline[.]com
rrrright[.]com sanktionspolitik[.]space sebastiancastillo[.]cl
rrussianews[.]com saolwebdesign[.]com secctrl[.]com
rtpidplay[.]net saqimtiaz[.]com seckinyayinevi[.]com
rtpmasterbet138[.]xyz sarehtest[.]xyz securemailpath[.]com
rudequacker[.]com sarkarikhabren[.]com seed-to-stem[.]com
runnerbuyus[.]com sarkarr[.]com seekgodforthecity[.]org
runoutsoftware[.]com sarynaa[.]com sefllearnguides[.]com
ruralisim[.]com sarziv[.]com seimenses-energy[.]com
ruskaa[.]com sathyainsurance[.]com selebqueen[.]com
rvlivingfacts[.]com satunity[.]com selfiehomes[.]com
rvsalescalifornia[.]com saudepelvica[.]online selfiemask[.]info
rworldmart[.]com savelives[.]org seligstreetteam[.]de
rzservers[.]sbs savemoneyinbitcoin[.]com sellthisgiftcard[.]com
s-list[.]com savingbrew[.]com sendamailer[.]com
sa855[.]net sazoom[.]com sendungen-deutschland[.]space
sabafile[.]com sbstlatam[.]com sensomart[.]com
sabcsisonke[.]net scandinaviapaper[.]com seolayer[.]net
sabung2022[.]com schaufel[.]site seonibusiness[.]com
safedatesites[.]com schlauespiel[.]autos sepitouzi[.]com
saferlandings[.]com schlauespiel[.]beauty sequilhoslucrativos[.]site
safgodsihhn6[.]tilda[.]ws schlauespiel[.]lol servicecuza[.]com
saharc[.]com schoolbasedmentoring[.]com sesjaswiateczna[.]com
saiba-mais[.]net schoolofedutainment[.]com sevenquestions[.]eu[.]com
saibaopreco[.]com schwachedeutschland[.]space seventstartsecurities[.]com
sakal24[.]com sclearene[.]click sexwalababa[.]com
sakanacollagen-x10[.]com scoopofhappy[.]com seymencinal[.]net
salaera[.]com scott-and-jennifer[.]com sflone[.]com
salawahada[.]com scpgargaar[.]org sgraneudin[.]com

sh-drive[.]com slavsilver[.]com sos-kng-bei[.]net
shairachmani[.]com sleepingbagsandtents[.]com soulsignshop[.]com
share-bet[.]com slotpto[.]com sowcesourcetips[.]xyz
shared-document[.]online slotxoth191[.]net sparcliff[.]com
shelterregistry[.]net slsurveysltd[.]com spearcastle[.]com
sheyimagines[.]com sluttytent[.]com specsdekho[.]com
shieldgr[.]com sma-rt[.]net speczon[.]com
shieldmyip[.]com smartnews-agency[.]org speracam[.]site
shiftees[.]net smartvell[.]com sperhcn[.]link
shimmy1996[.]net smchemist[.]com sperhcn[.]pw
shintoshinjuarez[.]com smileshq[.]com spoiletonlivre[.]com
shivaexim[.]com smileyenglish[.]com sportfinests[.]com
shoesdepot[.]net smithyhammer[.]com sportscharge[.]com
shopnguyenthan[.]com smlinnovations[.]com sportswebplus[.]net
short-new[.]online smoaty[.]com sprechechn[.]link
shoulderpainpedia[.]com smolderingboot[.]com sprechechn[.]pw
sichgewohnen[.]site snapstreamdb[.]org sprechen[.]link
siemprecorp[.]com snuslager[.]com sprechen[.]pw
sighsystem[.]com sobasic[.]co[.]uk spycatstudio[.]com
sigortaguvencem[.]com soc-lifestorage[.]org squadrestore[.]com
silverhouseproperties[.]com soccerdealsonline[.]com sri2022cs[.]com
silverstorm[.]digital sociemy[.]com srilankaceylontea[.]com
simplehealthmedical[.]com soderemynd[.]com sroutines[.]com
simracingninja[.]com sofarsz[.]com sstartambola[.]com
singlarealtors[.]com solesclean[.]com stall14[.]com
singleandsmashingit[.]com solochochos[.]com starswriters[.]com
sirenconcept[.]com solveitet[.]com stasgames[.]com
site-tape[.]com sombraverde[.]org statusonz[.]com
siteseooptimizer[.]com someradamsnwa[.]com steelsurfer[.]com
sixsharp[.]com sonahit[.]org stephanhdesign[.]com
siyabongamjali[.]com sonar21[.]com stepslayer[.]com
sky955[.]com sone-app[.]com stestevobi[.]com
skyopen[.]org sonusdigitalassets[.]com stevefonyostory[.]com

stickerheld[.]com sw-stores[.]com techandmorellc[.]com
stimmt[.]tilda[.]ws swaptrading[.]website techembassy[.]com
stimne[.]online swatchesvaraint[.]com techepedia[.]com
stinme[.]online swaysmedia[.]com teekers[.]net
stjosephaffordablehousing[.]com sweetie2020[.]com teje[.]xyz
stockbrokersinlondon[.]com sweetsart[.]co[.]uk teknokentler[.]com
stocknewsfeed[.]com swiftdawn[.]com teknolojivegirisimzirvesi[.]com
stocks-advisor[.]com sxcladies[.]com telegramm[.]tech
stonks4u[.]com syarikatsoonfatttyres[.]com ten-nine[.]co[.]uk
streetuard[.]com syntistnetwork[.]com tenh365[.]com
stresspedia[.]com system-terra[.]com teoexams[.]org
stretchythread[.]com t1dmatters[.]org termet[.]store
stroubya[.]com taapi[.]net texarkanagunswap[.]com
stryvecdn[.]co[.]uk tabayn[.]com texassportsevents[.]com
studeostreams[.]com taboduloman[.]com theacademicarchitect[.]com
stylestrom[.]com tabularius[.]org thebettersideofworse[.]com
stylivia[.]com tagesordnung[.]website theboysleaderboards[.]com
subtleradio[.]live tagitter[.]com thecellforce[.]net
successhack[.]site tailbonepainpedia[.]com thechangemakerformula[.]com
sultanssecret[.]com talkcaregiver[.]com thecirchotelhollywood[.]com
sumagoolplay[.]com talkfamilydoc[.]com thecitibanks[.]com
sumamfungos[.]site tamadonenovin[.]org thecodeofeli[.]com
sumcoinmining[.]org tapferkeit[.]online thedatespot[.]co[.]uk
sunhingfoodsinc[.]com tapferkeit[.]org thedoglifemedia[.]com
sunny2songs[.]com taskmotive[.]com theevolutioncrm[.]com
sunquantenergy[.]com taufikyaacob[.]com thefoodsafetyresource[.]com
supego[.]com taxbyjain[.]com thefudlist[.]com
supplementempire[.]com tbdemos[.]org thegamelauncher[.]com
supportctzhealth[.]com teacherexoticcars[.]com thegamesrow[.]com
surprizbox[.]com teachingsciences[.]com theglazier[.]net
survivalsamson[.]com teamjamil[.]com thegrenfellarchive[.]org
suryamangala[.]com teamvatar[.]com thegxg[.]com
svengerd[.]com teatrapp[.]live thehackermarketplace[.]com

thehomedashboard[.]com tigerfaction[.]net travelkingcoin[.]com
thejantzes[.]com timeyourteam[.]com travoyageplanners[.]com
thejedrock[.]com tinkokomarket[.]com trekparadise[.]com
thelegalreformnetwork[.]org tinybookshelf[.]com trendingsnews[.]com
theliberal[.]net tiplec-lacnyx[.]com tribunalukraine[.]info
thelshospital[.]com tivesrecruitment[.]co[.]uk tribunat[.]net
thelucidplanet[.]net tixpos[.]com trilliondollarworld[.]com
thelucycode[.]com tobytortoise[.]com tripleplay-arg1[.]com
themathinator[.]com todyiplmatch[.]com tripminia[.]com
theomanadventure[.]com tokwi[.]com trofy[.]com
thepopularlibertarian[.]com toollu[.]com tropical-leisure[.]com
theprototypebuilder[.]com topinfopack[.]com trulyscrumptiouscakesbylynne[.]co[.
]uk
therealboujeebaby[.]com toplifestylecompany[.]com
trust-universal[.]com
theryanwalls[.]com topsnoep[.]com
thesafetydetective[.]com toptancidirekt[.]com trustedgenerics[.]com
trw-apply[.]com
thesapphireretreat[.]co[.]uk toptandirekt[.]com
ttardis[.]com
thesaviourdoge[.]com torquewire[.]com
tudivisa[.]net
thesmoothiediet[.]site torrentforge[.]com
tujom[.]com
thetaxproacademy[.]com tortasanvic[.]com
thetradingteacher[.]com tourismcircles[.]com tulasv[.]com
tvoslobet[.]com
thevinohead[.]com towismosp[.]com
tweetactor[.]net
thewoodroffearms[.]co[.]uk towlion[.]com
twentyfivesquares[.]com
thewoolwichpharmacy[.]co[.]uk toybethdev[.]net
thingrem[.]com tr3c3[.]com twistandloft[.]com
txan2[.]com
thinks360[.]com trackerid[.]live
tydallock[.]com
thisismyaishirt[.]com tradefy[.]network
tydallock[.]net
thisismybestwork[.]com tradelink247[.]com
tymamnopop[.]shop
thoklo[.]com trademarketingpartners[.]com
thotstocks[.]com transcom-hvac[.]com u5axnzv4ng[.]xyz
uamain-new[.]website
threemosaic[.]co[.]uk transformationbookclub[.]com
uanewskiyv[.]tilda[.]ws
tiagoads[.]com traspasos123[.]com
uaprodject[.]tilda[.]ws
ticketing-smwentum-prod[.]xyz travary[.]com
tiepthilienket[.]com travelfixes[.]com uberlink[.]tech

udemixcr[.]com utangnation[.]com viloid[.]tilda[.]ws
ufa246v2[.]com utechseminar[.]com vincemagno[.]com
ufauld.tilda[.]ws uwese[.]com vineo[.]tilda[.]ws
ufauld[.]tilda[.]ws va-h[.]com vineol[.]tilda[.]ws
ugyfelszolglat[.]com vacationistspots[.]com vinnydsdeli[.]com
uk365news[.]com vacationpleasures[.]com vinorski.tilda[.]ws
ukbusinesstarterkit[.]com vaius[.]net vinorski[.]tilda[.]ws
ultrawides[.]com valaak[.]com virginiarecklesslawyer[.]com
underwatercool[.]com valiantgrading[.]com virtualwarfare[.]xyz
undyingland[.]org valyaiken[.]com visibleside[.]com
unendlichkeit[.]pro varvayanni-ouzo[.]com visitmadhesh[.]org
unexploard[.]com vegamovie[.]xyz visualbenefit[.]com
unexts[.]com veloreviews[.]com vitalfitjo[.]com
unian[.]org ventriya[.]com vitalvengeance[.]com
unilor[.]tilda[.]ws venusyarktrust[.]online vivalifestyleandtravel[.]com
unilory[.]tilda[.]ws veranstaltungen[.]site vlogmeditech[.]com
unionq.tilda[.]ws verbetemode[.]com volkb[.]com
unionq[.]tilda[.]ws verbule[.]com volmetvoordeel[.]com
unityisamustconvention[.]com vertexfloat[.]com votan2[.]com
unleet[.]com verticalformulaquant[.]com vscode-web[.]co[.]uk
unserdeutschland[.]site vetepalapinga[.]com vullyblues[.]com
unserenach-richten[.]site veterancodeschool[.]com w3buck[.]com
unserepolitik[.]space vicmico[.]com wacker-coatings[.]com
unserezukunft[.]tilda[.]ws victoromano[.]com wafistore[.]com
unternehmensnachrichten[.]space viecelidev[.]com wafwot[.]com
unterst-tzung[.]online vielno.tilda[.]ws wahrheidindenaugen[.]site
unzasu[.]com vielno[.]tilda[.]ws wahrheitindenaugen[.]pw
urbantacticalarg[.]com viewedout[.]com wahrheitindenaugen[.]site
urbles[.]org vikia[.]org wahrheitndanuegn[.]site
us-places[.]com vikingburgers[.]co[.]uk wahrheitndanuegn[.]space
usatechtutors[.]com villadevendome[.]com wahrheitndanuegn[.]website
usfirstdefense[.]com villagesofparkwood[.]com waittimesapp[.]com
usmanbaloch[.]com viloid.tilda[.]ws wallmize[.]com

wandernmail[.]com weekendwanderers[.]co[.]uk wisconsinhfma[.]org
wanikmalfitri[.]xyz wellnesscenterma[.]com wisdombukhosi[.]wiki
waqexpay[.]com wellsenterprisescrypto[.]xyz wisedt[.]org
warhehit[.]fun wengfooktyresbatteries[.]com wizardchamber[.]com
warhehit[.]online werdunstorker[.]fun womanlifefreedom[.]global
warhehit[.]pw werdunstorker[.]online wordpressblockchain[.]com
warhehit[.]site werdunstorker[.]pw workartideas[.]com
warhehit[.]space werdunstorker[.]site workoutbuddy[.]tech
warhehit[.]website werdunstorker[.]space workshopdesignstudio[.]org
warhheiiptdaunegn[.]link werdunstorker[.]website wortorscpa[.]com
warhheiiptdaunegn[.]pw werflights[.]co[.]uk woxoi[.]com
warhheintbaunegn[.]link westlaketyresdnbhd[.]com wppicks[.]com
warhheintbaunegn[.]pw wetookthefork[.]com wrhheit[.]fun
warhheintdaunegn[.]link wfssinc[.]net wrhheit[.]online
warhheintdaunegn[.]pw wheremuchisgiven[.]org wrhheit[.]pw
warhheit[.]fun whiteandco[.]realestate wrhheit[.]site
warhheit[.]online whrheit[.]fun wrhheit[.]space
warhheit[.]pw whrheit[.]online wrhheit[.]website
warhheit[.]site whrheit[.]pw wryan[.]net
warhheit[.]space whrheit[.]site wtfist[.]com
warhheit[.]website whrheit[.]space wunkit[.]com
warhhetidneanugen[.]space whrheit[.]website wyres[.]org
warhhetidneanugen[.]top whyabike[.]net xbyjvqz[.]com
warhhetidneanugen[.]website whydidntibuy[.]com xdesignzmart[.]com
waterrocketgame[.]net wid-get[.]site xerodermapigmentosumpedia[.]com
wausolutionsltd[.]co[.]uk william-vegas[.]website xexchainge[.]com
wbcdr[.]com wilneti.tilda[.]ws xfusion-agency[.]com
wdigital[.]store wilneti[.]tilda[.]ws xgiftcardbalance[.]info
webscreencasts[.]com wilopez[.]com xhumadoc[.]com
webseoengine[.]com winter-is-comming[.]de xlsmoney[.]com
websitec[.]net wirtschaft[.]website xminr[.]com
wediscusspets[.]com wirtschaftsbeobachter[.]online xn--9dbnm8a[.]howtofixbrowser[.]c
weedjunkie[.]com wirtschaftskanal[.]space om

xn--icrosoft-g89c[.]com ykp88[.]com zerodaisies[.]com
xpertopinion[.]store ypostpay[.]com ziloid[.]tilda[.]ws
xpresscrypto[.]com yuouzzzz[.]com ziloidi[.]tilda[.]ws
xrcol[.]com z-wash[.]com zinizoom[.]co[.]uk
xuechunxu[.]com zalxon[.]com zipgab[.]com
yachtscloser[.]com zamzamwa[.]com zuasf-gksa[.]com
yakudtriad[.]com zbscoin[.]com zuhoren[.]org
yared[.]net zeitzuentscheiden[.]net zygonxpertnews[.]xyz
yawdt[.]com zeitzusehen[.]pw
ydnah[.]com zemverse[.]com
yevledenov[.]com zenquickcash[.]net

NEAR FINAL DRAFT Meta Quarterly Adversarial Threat Report Q2 2023

Uploaded by

Copyright:

Available Formats

NEAR FINAL DRAFT Meta Quarterly Adversarial Threat Report Q2 2023

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

NEAR FINAL DRAFT Meta Quarterly Adversarial Threat Report Q2 2023

Uploaded by

Copyright:

Available Formats

AUGUST 2023

DRAFT: Adversarial Threat Report

Purpose of this report 3

Summary of our findings 4

Türkiye and Iran-based network 6

China-based network: detailed research & analysis 11

Russia-based network: lookback at Doppelganger’s activity over the last year 20

Policy & enforcement recommendations for raising cross-internet defenses

Appendix: Threat indicators 31

Q2 2023 ADVERSARIAL THREAT REPORT 2

What is Coordinated inauthentic behavior (CIB)?

Q2 2023 ADVERSARIAL THREAT REPORT 3

2. Türkiye: We removed a network of 34 Facebook accounts, 49 Pages, 107 Groups and 12

3. Türkiye: We removed a network of 60 Facebook accounts, 37 Pages, 2 Groups and 20 Instagram

Q2 2023 ADVERSARIAL THREAT REPORT 4

Q2 2023 ADVERSARIAL THREAT REPORT 5

● Presence on Facebook and Instagram: 22 Facebook accounts, 21 Pages, and seven

Q2 2023 ADVERSARIAL THREAT REPORT 6

Q2 2023 ADVERSARIAL THREAT REPORT 7

Q2 2023 ADVERSARIAL THREAT REPORT 8

● Presence on Facebook and Instagram: 60 Facebook accounts, 37 Pages, 2 Groups and 20

Q2 2023 ADVERSARIAL THREAT REPORT 9

Q2 2023 ADVERSARIAL THREAT REPORT 10

IN-DEPTH RESEARCH & ANALYSIS

Q2 2023 ADVERSARIAL THREAT REPORT 11

TAKEDOWN BY THE NUMBERS

Q2 2023 ADVERSARIAL THREAT REPORT 12

1. CENTRALIZED CONTROL, DECENTRALIZED OPERATORS

Posting times, Monday

Q2 2023 ADVERSARIAL THREAT REPORT 13

Top to bottom: Identical “personal”

None of these posts appeared to have

2. PIVOT TO SMALLER PLATFORMS

Q2 2023 ADVERSARIAL THREAT REPORT 14

Clockwise from top left, a video

Note the incongruous reply on Quora

Q2 2023 ADVERSARIAL THREAT REPORT 15

3. ECHOES OF “SECONDARY INFEKTION”

Q2 2023 ADVERSARIAL THREAT REPORT 16

Posts of a single Spamouflage article by a single Medium

Q2 2023 ADVERSARIAL THREAT REPORT 17

4. HIGH VOLUME, LOW REACH

Top: Operation post on Quora,

Bottom: The only reply.

Q2 2023 ADVERSARIAL THREAT REPORT 18

Two posts by the same Medium account,

Post of a Spamouflage article on Russian platform

Q2 2023 ADVERSARIAL THREAT REPORT 19

LOOK BACK AT ‘DOPPELGANGER’S ATTEMPTS TO

Q2 2023 ADVERSARIAL THREAT REPORT 20

Q2 2023 ADVERSARIAL THREAT REPORT 21

1. THE US AND ISRAEL COME INTO FOCUS

Top: Spoof of Fox News’ website on foxnews[.]cx, created by

Bottom: For comparison, screenshot of the authentic Fox News website,

Q2 2023 ADVERSARIAL THREAT REPORT 22

Top: Spoofed article by Doppelganger on washingtonpost[.]ltd

Top inset: Author name, profile picture and publication timestamp

Bottom: For comparison, an authentic article on the Washington Post

Bottom inset: Author name, profile picture and publication timestamp