SEBIN VENEZUELA SERVERS
IP: 221.182.23.37
DNS (Domain Name System) Servers:
● ns1.dnsv3.com
○ IP: 36.155.149.203
○ Location: China Mobile Communications Corporation
(CMNET-JIANGSU-AP), China
○ Description: This is one of the authoritative name servers
for the domain, which translates domain names
to IP addresses.
● ns2.dnsv3.com
○ IP: 1.12.0.28
○ Location: Tencent Building, Kejizhongyi Avenue
(TENCENT-NET-AP-CN), China
○ Description: Another authoritative name server. Tencent is
one of the largest technology companies in China, owning
many network infrastructures.
2. MX (Mail Exchange) Records
● Description: MX records indicate where the domain’s
emails are directed to. Without further details in the information you
provide, it seems that specific mail server entries are missing here.
3. TXT Records
● Value: “4yhz7w2gjkgw2ft2r3ll9926vgtbgcd2”
● Description: TXT records are primarily used to
store verification information, domain authentication, and
security settings such as SPF (Sender Policy Framework).
The value provided may be a token used for some
type of domain validation or authentication. 4. SPF Record
● Description: SPF is a policy that specifies which mail servers are authorized to send mail on behalf of the domain.
No specific details about SPF settings are provided in
this information, but this record is important to prevent email spoofing.
5. A (Host) Records
● sja.3304399.net
○ IP: 115.182.52.51
○ Location: Beijing Dian-Xin-Tong Network Technologies Co., Ltd.
(DXTNET), China
○ Description: The A record maps hostnames to IP addresses. This specific record is associated with a network in Beijing.
The IP 115.182.52.51 belongs to the infrastructure of DXTNET,
an internet service provider in China.
Technical Report
During the analysis of the server on port 443 (commonly used for HTTPS traffic), the presence of the nginx service was identified, a popular web server known for its high efficiency in connection management. However, access to the resource was denied, throwing an HTTP 403 Forbidden error, indicating that the server is blocking access to the requested content, probably due to permission settings, access lists, or protection against unauthorized IPs.
The server presents an SSL certificate that, upon inspection, shows key characteristics for securing communications. This certificate has a unique serial number
(0e:7e:72:67:89:bd:6c
…) and has been issued by DigiCert Inc, a trusted certificate authority, with validity
between August 22, 2024 and November 15, 2024.
The certificate belongs to an entity in China, specifically a technology
organization whose encoding in the Subject field appears to contain non-standard
or UTF-8-encoded characters (such as \xE7\xA6\x8F\xE5\xBB\xBA\xE7\x9C\x81), suggesting that the
organization’s name is difficult to directly interpret without proper
decoding. Additionally, the use of the 2048-bit RSA public key is
noted, which provides a high level of security for encrypting communication. Certificate Extensions:
● Key Usage: The certificate is configured for Digital Signatures and Key Encryption, allowing the server to establish secure connections using SSL/TLS.
Subject Alternative Name (SAN): The list of domains in the certificate includes a number of
subdomains linked to various Internet services and content distribution
networks (CDNs), such as chinanetcenter.com, meituan.net, 4399.cn, among others. This type of
architecture distributes content to users efficiently, reducing latency and
improving overall performance.
Identifying Secret Communication Technology
One aspect that may raise suspicions about secret communication
technology is the number of subdomains linked to multiple platforms and the
provenance of the certificate, especially the use of a massive CDN network that
covers a large number of services and domains of Chinese origin. The domain chinanetcenter.com is
operated by a content distribution network (CDN) that could be used to hide
traffic or encrypt communications under the guise of seemingly legitimate
connections. Furthermore, the configuration and extensions of the certificate, along with the use of a 2048-bit RSA key and the coverage of various domains, could be indicative of the implementation of mechanisms to hide sensitive or encrypted communications between different nodes, making it difficult for unauthorized parties to identify or monitor them. This analysis suggests that this type of infrastructure could be enabled to carry out secure and potentially covert communications, since the use of a distributed CDN network can be leveraged to mask critical information flows, preventing easy detection of out-of-the-ordinary communications.
SEBIN functions as the intelligence and counterintelligence arm of Venezuela’s government, tasked with surveillance, internal security, and neutralizing perceived threats to the regime. Under Nicolás Maduro, SEBIN has evolved into a tool for suppressing dissent, maintaining control over the populace, and intimidating political opponents. Reports detail the agency’s involvement in abductions, torture, extrajudicial detentions, and violent crackdowns on opposition figures and protesters.
Evidence shows SEBIN’s ties to Chinese technology and telecommunications entities, most notably through its digital infrastructure. Data indicates that SEBIN’s DNS servers operate through Tencent-linked channels, a significant Chinese tech conglomerate with close ties to the Chinese government. Tencent’s technologies are frequently employed for censorship, surveillance, and data collection, aligning with the strategies used by the Chinese Communist Party (CCP) for internal and external intelligence activities. This server configuration facilitates real-time data interception, suggesting active coordination with Chinese entities to enhance SEBIN’s surveillance capabilities.
China’s support for SEBIN is part of a broader Sino-Venezuelan partnership aimed at reinforcing the Maduro regime. This relationship includes technology transfers, communications infrastructure support, and broader cybersecurity measures, all backed by CCP-aligned enterprises. Beijing’s assistance extends Venezuela’s capacity for domestic surveillance and bolsters SEBIN’s effectiveness in controlling communications and intelligence operations. The Chinese government gains valuable geopolitical influence in Latin America through these arrangements, contributing to its broader objective of expanding authoritarian governance models globally.
