Behind the NULLED.IO hack
Several days ago the public became aware of an attack on a popular hacking website nulled.io. Hackers managed to obtain database dump and published it on the Internet. Unfortunately, the database was modified, and a lot of interesting tables (such as forum posts) were missing in the dump. However, the leaked information is still valuable, because it contains email addresses of website visitors, their hashed passwords, IP addresses, etc.
We have decided to make a small analysis of this information to determine who was using nulled.io. Here are our findings:
Total active members of the community (who published more than 3 posts in form): 145 096
Below is a table of 10 most popular domains for email addresses (72% of all emails):
| Domain | Accounts |
| gmail.com | 66875 |
| hotmail.com | 19052 |
| yahoo.com | 7476 |
| outlook.com | 3375 |
| naver.com | 1491 |
| live.com | 1417 |
| wp.pl | 1258 |
| qq.com | 1190 |
| web.de | 1144 |
| mail.ru | 1062 |
Distribution by domains:
| Popular domains | 104340 |
| Corp. websites | 2130 |
| Other websites | 38626 |
In total, the website was visited by 240 people with Czech emails.
| seznam.cz | 168 |
| email.cz | 30 |
| centrum.cz | 24 |
| post.cz | 4 |
| outlook.cz | 3 |
| volny.cz | 3 |
| docmail.cz | 1 |
| tiscali.cz | 1 |
| opengate.cz | 1 |
| atlas.cz | 1 |
| spalex.cz | 1 |
| wellmax-soft.cz | 1 |
| sps.hranet.cz | 1 |
| hotmail.cz | 1 |
Latest Posts
Iranian hackers exploit RMM tools to deliver malware
One of the aspects of MuddyWater's strategy involves exploiting Atera's free trial offers.
Ongoing malware campaign targets multiple industries, distributes infostealers
The campaign leverages a CDN cache domain as a download server, hosting malicious HTA files and payloads.
US charges four Iranian hackers for cyber intrusions
The group targeted both both government and private entities.
| 24 Apr, 2024