Zach Edwards
@thezedwards.bsky.social
data supply auditor | privacy & ad tech expert | internet threats
Personal @ victorymedium.com
Sr Threat Analyst @ SilentPush.com
Personal @ victorymedium.com
Sr Threat Analyst @ SilentPush.com
P.S. Silent Push announced we acquired Hyas today 🚀
www.silentpush.com/news/silent-...
www.silentpush.com/news/silent-...
Silent Push Completes Strategic Acquisition of HYAS, Expanding Customer Base and Securing Global Leadership in Preemptive and Proactive Cyber Defense
Acquisition strengthens Silent Push’s capabilities to deliver deeper visibility, stronger intelligence, and enhanced defensive outcomes.
www.silentpush.com
December 15, 2025 at 7:31 PM
P.S. Silent Push announced we acquired Hyas today 🚀
www.silentpush.com/news/silent-...
www.silentpush.com/news/silent-...
Our team will be speaking more about BPH’s in the coming months as we encourage more law enforcement actions and private responses to these growing challenges.
Read our final 2025 White Paper "Shining a Light on the Global Bulletproof Hosting Ecosystem" @ www.silentpush.com/white-papers...
Read our final 2025 White Paper "Shining a Light on the Global Bulletproof Hosting Ecosystem" @ www.silentpush.com/white-papers...
Shining a Light on the Global Bulletproof Hosting Ecosystem
Silent Push developed this white paper on the current state of Bulletproof Hosting and lesser-known technical dynamics we’re observing.
www.silentpush.com
December 15, 2025 at 7:31 PM
Our team will be speaking more about BPH’s in the coming months as we encourage more law enforcement actions and private responses to these growing challenges.
Read our final 2025 White Paper "Shining a Light on the Global Bulletproof Hosting Ecosystem" @ www.silentpush.com/white-papers...
Read our final 2025 White Paper "Shining a Light on the Global Bulletproof Hosting Ecosystem" @ www.silentpush.com/white-papers...
Threat actors love a wild policy NiceNic has which requires 3rd parties to have a “Power of Attorney” over any brands that are mentioned on malicious infrastructure being reported by that 3rd party. So to get a network down that impersonates dozens of brands, it would require dozens of POAs...
December 15, 2025 at 7:31 PM
Threat actors love a wild policy NiceNic has which requires 3rd parties to have a “Power of Attorney” over any brands that are mentioned on malicious infrastructure being reported by that 3rd party. So to get a network down that impersonates dozens of brands, it would require dozens of POAs...
Bulletproof Registrar NiceNic is given some special attention... oh what's that, you've never heard of a Bulletproof Registrar? Well what happens if you combine a BPH + a BPR? ⚖️📴
If you don’t know about NiceNic, you’re way behind the threat actors...
If you don’t know about NiceNic, you’re way behind the threat actors...
December 15, 2025 at 7:31 PM
Bulletproof Registrar NiceNic is given some special attention... oh what's that, you've never heard of a Bulletproof Registrar? Well what happens if you combine a BPH + a BPR? ⚖️📴
If you don’t know about NiceNic, you’re way behind the threat actors...
If you don’t know about NiceNic, you’re way behind the threat actors...
Reminder, CISA + NSA + FBI + DOD + international law enforcement wrote about the threat of Bulletproof Hosting Providers last month and included details about Infrastructure Laundering from FUNNULL in their report:
www.cisa.gov/resources-to...
This is the *newest form of Bulletproof Hosting*
www.cisa.gov/resources-to...
This is the *newest form of Bulletproof Hosting*
Bulletproof Defense: Mitigating Risks From Bulletproof Hosting Providers | CISA
CISA and its partners urge ISPs and network defenders to implement these recommendations to mitigate risks posed by BPH providers.
www.cisa.gov
December 15, 2025 at 7:31 PM
Reminder, CISA + NSA + FBI + DOD + international law enforcement wrote about the threat of Bulletproof Hosting Providers last month and included details about Infrastructure Laundering from FUNNULL in their report:
www.cisa.gov/resources-to...
This is the *newest form of Bulletproof Hosting*
www.cisa.gov/resources-to...
This is the *newest form of Bulletproof Hosting*
FUNNULL is illicitly acquiring IPs and mapping them into their network in order to make their network faster for U.S. victims connecting to their scam websites and likely saving money by doing this.
This is the dance that FUNNULL admins do when they steal western IPs without ramifications.
This is the dance that FUNNULL admins do when they steal western IPs without ramifications.
a man in a blue jacket with stars on it is singing into a microphone at a party .
Alt: lil dicky the rapper is in a blue jacket with stars on it dancing
media.tenor.com
December 15, 2025 at 7:31 PM
FUNNULL is illicitly acquiring IPs and mapping them into their network in order to make their network faster for U.S. victims connecting to their scam websites and likely saving money by doing this.
This is the dance that FUNNULL admins do when they steal western IPs without ramifications.
This is the dance that FUNNULL admins do when they steal western IPs without ramifications.
Infrastructure Laundering from FUNNULL CDN & Triad Nexus is the newest and nastiest form of bulletproof hosting, where this network uses “account mules” to illicitly acquire IPs from major cloud providers like Amazon, Microsoft, Cloudflare and Google...
Real Estate Its Free Real Estate GIF
Alt: Real Estate Its Free Real Estate GIF
media.tenor.com
December 15, 2025 at 7:31 PM
Infrastructure Laundering from FUNNULL CDN & Triad Nexus is the newest and nastiest form of bulletproof hosting, where this network uses “account mules” to illicitly acquire IPs from major cloud providers like Amazon, Microsoft, Cloudflare and Google...
BPH’s get online through “peering agreements” w/ other ASNs. In the white paper we’re using the free data from Hurricane Electric to explain why folks really need to be more focused on peering relationships. If you find a BPH, how are they getting online & who are their ASN peers? We need more:
a couple of women standing next to each other with the words peer pressure on the bottom
Alt: a couple of women standing next to each other with the words peer pressure on the bottom
media.tenor.com
December 15, 2025 at 7:31 PM
BPH’s get online through “peering agreements” w/ other ASNs. In the white paper we’re using the free data from Hurricane Electric to explain why folks really need to be more focused on peering relationships. If you find a BPH, how are they getting online & who are their ASN peers? We need more:
You’ll see plenty of references to The Spamhaus Project 💌 , the long-term gold-standard for tracking BPH’s with their Don't Route Or Peer Lists (DROP). We’ve never found a false positive on their list, but we’ve found their drop list does NOT cover all ASNs we consider BPHs. (examples shared!)👀
December 15, 2025 at 7:31 PM
You’ll see plenty of references to The Spamhaus Project 💌 , the long-term gold-standard for tracking BPH’s with their Don't Route Or Peer Lists (DROP). We’ve never found a false positive on their list, but we’ve found their drop list does NOT cover all ASNs we consider BPHs. (examples shared!)👀
This report was a monster to get over the finish line. We “name names” and show how the technical sausage is made.
woody and buzz lightyear from toy story are standing next to each other
Alt: woody and buzz lightyear from toy story are standing next to each other with the text "Criminals, Criminals Everywhere"
media.tenor.com
December 15, 2025 at 7:31 PM
This report was a monster to get over the finish line. We “name names” and show how the technical sausage is made.
Two decades ago, there was really only one BPH – the Russian Business Network (RBN) operated out of Moscow, being the internet honeybadger of crime. But since then this illicit business model has exploded in popularity. We're tracking over 100 ASNs operating as BPH's right now...w/ more every month!
December 15, 2025 at 7:31 PM
Two decades ago, there was really only one BPH – the Russian Business Network (RBN) operated out of Moscow, being the internet honeybadger of crime. But since then this illicit business model has exploded in popularity. We're tracking over 100 ASNs operating as BPH's right now...w/ more every month!
BPH’s host malware delivery infrastructure & C2s, phishing sites & financial fraud campaigns, money laundering infrastructure, websites conducting ad fraud & various types of illicit CPA/locker/redirect campaigns, CSAM, and every other horrible thing you can think of that exists on the internet. 🌩️
December 15, 2025 at 7:31 PM
BPH’s host malware delivery infrastructure & C2s, phishing sites & financial fraud campaigns, money laundering infrastructure, websites conducting ad fraud & various types of illicit CPA/locker/redirect campaigns, CSAM, and every other horrible thing you can think of that exists on the internet. 🌩️
BPH’s are the front door, side door, & the back screen door hanging off the hinges for some of the most serious cybercrime campaigns. These hosting providers *ignore legitimate abuse complaints* which ensures that malicious campaigns, even after they are identified & reported, keep humming along. 🤕
December 15, 2025 at 7:31 PM
BPH’s are the front door, side door, & the back screen door hanging off the hinges for some of the most serious cybercrime campaigns. These hosting providers *ignore legitimate abuse complaints* which ensures that malicious campaigns, even after they are identified & reported, keep humming along. 🤕
Reposted by Zach Edwards
We found the bug in how Vetco generates PDF documents for its customers. Its PDF page was public and was indexed by Google, which is how we found it. Worse, an IDOR bug in the URL meant it was possible for anyone to obtain customer data by changing the customer's unique ID by a single digit. 🤦
Exclusive: Petco takes down Vetco website after exposing customers' personal information
TechCrunch found Petco's veterinary clinics were spilling customers' personal information and medical histories of their pets.
techcrunch.com
December 10, 2025 at 1:49 PM
We found the bug in how Vetco generates PDF documents for its customers. Its PDF page was public and was indexed by Google, which is how we found it. Worse, an IDOR bug in the URL meant it was possible for anyone to obtain customer data by changing the customer's unique ID by a single digit. 🤦
just use TOR Browser if looking for that level of obfuscation imo 🖖
December 4, 2025 at 5:29 PM
just use TOR Browser if looking for that level of obfuscation imo 🖖
This is a really interesting development and if FF is able to grow market share with this feature, it could encourage other browsers to try and find a way to make theirs free too.
All that being said, FF really struggles with *making money* so it does still worry me when they start handing $$ out.
All that being said, FF really struggles with *making money* so it does still worry me when they start handing $$ out.
December 4, 2025 at 4:56 PM
This is a really interesting development and if FF is able to grow market share with this feature, it could encourage other browsers to try and find a way to make theirs free too.
All that being said, FF really struggles with *making money* so it does still worry me when they start handing $$ out.
All that being said, FF really struggles with *making money* so it does still worry me when they start handing $$ out.
Brave browser also doesn't have a free VPN, in-fact I don't know of any credible* browsers with free VPNs built in currently. Even Apple's iCloud Private Relay costs money.
*Opera Browser has a free VPN but the browser is owned by a Chinese consortium and I wouldn't trust it at all.
*Opera Browser has a free VPN but the browser is owned by a Chinese consortium and I wouldn't trust it at all.
December 4, 2025 at 4:56 PM
Brave browser also doesn't have a free VPN, in-fact I don't know of any credible* browsers with free VPNs built in currently. Even Apple's iCloud Private Relay costs money.
*Opera Browser has a free VPN but the browser is owned by a Chinese consortium and I wouldn't trust it at all.
*Opera Browser has a free VPN but the browser is owned by a Chinese consortium and I wouldn't trust it at all.