Exposing an Active Rogue VPN Domain Portfolio | WhoisXML API

Security reports

Read other reports

Exposing Hundreds of Rogue VPN Domains Potentially Connected to the NSA

Download PDF

WhoisXML API DNS Threat Researcher Dancho Danchev identified domain intelligence related to several bogus free VPN service providers. Those bogus entities could seemingly be traced back to the National Security Agency (NSA) as part of an effort to monitor the online activities of suspicious Iran-based users. 

Dancho Danchev looked into the domain infrastructure of these cited NSA-initiated VPN services and prepared lists of assets that could help the security community monitor the campaign. Among the critical information included in the report are:

  • 20+ domain names involved in the identified NSA’s fake VPN service campaign
  • 20+ registrant email addresses believed to be involved in the campaign
  • 260+ connected domain names

Monitoring these Internet properties can help security researchers and threat intelligence analysts with domain asset attribution and further studies. Get access to 300+ domain clues related to this potentially rogue VPN service campaign and learn how to uncover more. 

Download the report now.

Download PDF Read other reports
To download the full report in PDF, please fill in the form.
I have read and agree to the Terms of Service and Privacy Policy
Please keep me updated on news, events, and offers.
Try our WhoisXML API for free
Get started
Have questions?

We are here to listen. For a quick response, please select your request type or check our Contact us page for more information. By submitting a request, you agree to our Terms of Service and Privacy Policy.

Or shoot us an email to