Phishing the Sanctioned · Operation Map

Scroll to zoom · Drag to pan · Hover for details
Operator core · kit + AS57724 DDoS-Guard nodes
AS59692 IQWeb fronting · co-located vertical
OFAC catalyst · CT detection method
Iranian sanctioned subset
PhishDestroy (prior per-domain coverage)
Observed / high confidence
Inference (medium)
Caveated / weak
Certificate Transparency brand-token detection, free reverse-IP enumeration (VirusTotal / OTX / HackerTarget), BGP origin-AS (bgp.he.net), and kit fingerprinting · attribution by IP/AS + kit, not naming grammar · indicators defanged · CrimsonVector 2026