Sarmenb.com / Korean Escort Directory — OSINT Investigation #002

Investigation Overview

This report documents an OSINT investigation into Sarmenb.com — a single domain that transitioned through four distinct operational phases between 2014 and 2026. Originally a personal portfolio site for US-based web developer Sarmen Boyadjian (legal name: Sarmen Pirageneh), the domain most recently operated as 흥어때 (Heung-eo-ttae), one of the largest Korean illegal escort and sex-industry directories.

All targets were identified through passive enumeration of publicly accessible APIs, exposed WordPress REST endpoints, certificate transparency logs, image metadata (EXIF/XMP), domain registration records, and blockchain transaction history. No unauthorized access was required.

186K+Daily Visitors (peak)

4Operational Phases

27Yhotte Subdomains

2Linked GitHub Accounts

Sarmenb.com / Korean Escort Directory Network

sarmenb.com • yhotte01-10.com • uhere.net • Glendale CA / Dallas TX

Overview

sarmenb.com is a domain that transitioned through four distinct operational phases between 2014 and 2026. Originally a personal portfolio site for web developer Sarmen Boyadjian (legal name: Sarmen Pirageneh), the domain most recently operated as 흥어때 (Heung-eo-ttae), one of the largest Korean illegal escort and sex-industry directories, attracting over 186,000 daily visitors before going offline in early 2026.

Sarmen Pirageneh and Sarmen Boyadjian are confirmed to be the same person through two linked GitHub accounts, shared educational background (Glendale Community College), a 2019 LA County divorce record, and overlapping technical infrastructure.

Subject Identity

Field	Value	Source
Legal Name	Sarmen Pirageneh	Court records, GitHub sarmen22
Professional Name	Sarmen Boyadjian	2018–2019 portfolio
Nationality (assessed)	Iranian-Armenian	Persian-language infrastructure + Armenian names + Glendale diaspora
Email	[email protected]	2019 portfolio
Phone (2018)	1.818.209.3249	2018 portfolio (818 = Glendale area code)
GitHub	github.com/sarmenb (ID: 79001883) • github.com/sarmen22 (ID: 3653647)	API enumeration
Twitter	@sarmendev	GitHub profile
Location (current)	Dallas, Texas	GitHub profile update, Jan 19, 2026
Location (historical)	Glendale / Burbank, CA	Portfolio + court records
Address (historical)	139 N Belmont St, Apt J, Glendale, CA 91206	Public records (ELSA STUDIO entity)
Court Case	BALYANS v. PIRAGENEH (Feb 2019, LA County, default judgment Jul 2019)	UniCourt
Business entities	ELSA STUDIO (Glendale) • AysaSoft (Istanbul) • AYSAList • AYSA International Group	Public records + WHOIS
Google Analytics	G-4ZC7SV3YM4 (aysasoft.com 2021)	Page source

Domain History — Four Phases

Period	Phase	Content
2014–2019	Personal Portfolio	"Sarmen Boyadjian — Full Stack Developer, Glendale CA"
2021	Chinese Industrial Hijack	青州市九巧灌裝機械廠 (Qingzhou filling machine factory, Shandong) — likely domain expiration / SEO farm
2023–2025	Korean Escort Directory	흥어때 — illegal sex-industry listing platform, 186K+ daily visitors
2026	Offline	NXDOMAIN — DNS pulled between Jan and Mar 2026

Escort Directory Scale

At its peak, the Korean escort directory recorded:

186K+Daily Visitors

360KPeak Daily Visitors

5.5MTotal Visitors

9,658Registered Members

The platform used Gnuboard/Young CMS (a Korean PHP-based BBS system) and listed services across all major South Korean cities (Seoul, Busan, Incheon, Daegu, Gwangju) organized into categories including 오피 (OP/room salons), 건마 (massage parlors), 휴게텔 (rest-tel motels), 출장 (outcall/escort), and 구인/구직 (job postings for sex workers).

A wildcard SSL certificate (*.sarmenb.com) was issued January 5, 2026, indicating active infrastructure expansion was planned. The domain went NXDOMAIN within weeks, suggesting an abrupt shutdown — possibly voluntary, possibly enforcement-triggered.

Domain Rotation Network

sarmenb.com was not an isolated site. Certificate transparency logs and Wayback Machine metadata reveal it operated as an alias domain within a broader rotation network:

yhotte01–04.com — first batch, now expired (Nov–Dec 2024)
yhotte05–10.com — second batch, parked (Feb 2025)
uhere.net — active as of investigation date (Cloudflare, Oct 2023)
newstar03.com — ghost domain referenced in site meta tags, never deployed

yhotte04.com operated 27 subdomains including kefu (Chinese-language customer service), jira, bugtracker, adminth, b2b, and devel — indicating a professional operational structure. Ten Telegram accounts (@YHnori_01 through @YHnori_10) match the domain numbering pattern.

AysaSoft Company — Turkish Origin, Persian Pivot

The subject's company AysaSoft (Aysa Soft Bilişim Teknolojileri) was founded in Istanbul in 2014 as a Microsoft .NET / SharePoint consultancy. By 2021, aysasoft.com had been re-registered under "AYSA International Group" (California) and pivoted to a Persian-language (lang="fa") Angular SPA — the strongest indicator of Pirageneh's Iranian heritage. The domain currently hosts active certificates for bmmarket.aysasoft.com, api.aysasoft.com, and mail.aysasoft.com.

A Google Search Console verification token (zrAHfwKs71s3RX4P0P3P57hJbc0CxYfq7m3kp385PwQ) found in sarmenb.com metadata is also present in yhotte03.com metadata — a direct technical link confirming the subject's connection to the yhotte domain network.

Open Questions

The following remain unresolved and are left for follow-up investigation or law enforcement inquiry:

Whether the Korean escort directory was actively operated by Pirageneh or the domain was sold/hijacked after its 2021 Chinese phase
Identity of Korean business partners or operators within the yhotte network
Whether the January–March 2026 shutdown was voluntary or triggered by law enforcement
Current status of uhere.net and the operational network
The Facebook photo ID fragment (564174_2809407884551_1423162769_n) as a potential account resolution vector

Raw Data & File Drop

All collected data — API responses, HTML snapshots, image files with metadata, JSON exports, and compiled intelligence reports — is archived on ODINT's data server and available for journalists, researchers, law enforcement, and civil society organizations.

Sarmenb.com / Korean Escort Directory — Files

Sarmenb — Full Intelligence Report — Subject identity (dual names), domain history, escort network scale, yhotte rotation network

Download

Sarmenb — Technical Infrastructure Dump — Certificate transparency data, subdomains, Wayback CDX index, AysaSoft timeline

Download

Yhotte Network Infrastructure Report — yhotte04.com subdomains (27), domain rotation analysis, uhere.net current operation

Download

Identity Reports — Executive summary, identity profile, domain timeline, escort network infrastructure, company history, evidence inventory

Browse

Portfolio Images — 2018 profile photo, 2014 Facebook photo, GitHub avatars (sarmenb + sarmen22)

Browse

Wayback Machine Snapshots — Portfolio (2014–2019), Chinese phase (2021), Korean escort directory (2024–2025), AysaSoft evolution

Browse All

OSINT Methodology & Ethics

All information in this report was obtained through passive open-source intelligence (OSINT) techniques: enumeration of publicly accessible APIs, analysis of publicly cached web pages, certificate transparency logs, domain registration records, blockchain explorers, image metadata extraction from publicly distributed files, and cross-referencing of publicly indexed social media accounts and court records.

ODINT operates under its published Ethics Policy. Investigations are conducted in the public interest and in support of transparency, counter-extremism research, and the protection of vulnerable communities. Information identifying individuals is published in accordance with ODINT's editorial standards and applicable public interest exemptions.

Report finalized: May 2026. Investigation data collected: February–March 2026. Investigation finalized. Raw data available on ODINT Data Server.