Sunday, October 21, 2018

Historical OSINT - Yet Another Massive Blackhat SEO Campaign Spotted in the Wild

It's 2010 and I've recently stumbled upon yet another diverse portfolio of blackhat SEO domains this time serving rogue security software also known as scareware to unsuspecting users with the cybercriminals behind the campaign successfully earning fraudulent revenue in the process of monetizing access to malware-infected hosts largely relying on the utilization of an affiliate-network based type of revenue sharing scheme.

In this post I'll profile the infrastructure behind the campaign and provide actionable intelligence on the infrastructure behind it.

Related malicious domains known to have participated in the campaign:
hxxp://arnalduatis.com
hxxp://batistaluciano.com
hxxp://bethemedia.net
hxxp://bride-beautiful.com
hxxp://burgessandsons.com
hxxp://carolinacane.com
hxxp://caulfieldband.com
hxxp://improvenewark.com
hxxp://marsmellow.info
hxxp://noodlesonline.com
hxxp://queenslumber.com
hxxp://thesolidwoodflooringcompany.com
hxxp://wirelessexpertise.com
hxxp://bigbangexpress.com
hxxp://bioresonantie.net
hxxp://clubipg.com
hxxp://djdior.com
hxxp://djektoyz.com
hxxp://getraenkepool.com
hxxp://hartmanpescar.com
hxxp://hetkaashuis.com
hxxp://menno.info
hxxp://pianoaccompanistcompetition.com
hxxp://soundwitness.org
hxxp:/strijkvrij.com