Exposing Currently Active NSO Spyware Domains | WhoisXML API

Threat Reports

Exposing 1,100+ NSO Spyware Group’s Domains, IP Addresses, and MD5 Hashes

The NSO Spyware Group’s spyware dubbed “Pegasus” is known for its ability to be covertly installed on mobile phones running different versions of Android and iOS and spy on their owners’ activities.

Pegasus was created to allow government agencies to monitor possibly illegal activities performed by citizens on their watchlists. Pegasus, however, has been widely criticized for violating people’s right to privacy and potentially targeting journalists and heads of state.1

Given the risks that Pegasus poses, WhoisXML API Security Researcher Dancho Danchev investigated 28 email addresses used by known registrants tied to the NSO Spyware Group. Danchev’s in-depth look also uncovered:

  • 369 connected domains
  • 82 IP addresses
  • 646 MD5 hashes

Anyone, individuals and organizations alike, who do not want to get spied on through Pegasus for privacy and security reasons may want to avoid any form of contact or communication with the IoCs and artifacts featured in the report.

Get access to thousands of digital properties related to the NSO Spyware Group’s Pegasus and learn how to uncover more on your own by downloading the report.

  • [1] https://www.theverge.com/22589942/nso-group-pegasus-project-amnesty-investigation-journalists-activists-targeted
Try our WhoisXML API for free
Get started