Powered by Blogger.
RSS

Historical OSINT - "I Know Who DDoS-ed Georgia and Bobbear.co.uk Last Summer"

Appreciate my rhetoric. In this post I'll provide actionable intelligence on a key DDoS for hire service that was primarily used in the Russia vs Georgia Cyber Attacks circa 2009 including the DDoS attack against Bobbear.co.uk.

Related actionable intelligence on the campaign:
hxxp://setx.in - Email: info@antiddos.eu - setx.mail@gmail.com - hxxp://httpdoc.info - hxxp://fakamaza.info. The last one with the email address "team@russia-vs-georgia.org" in the WHOIS info.

Related malicious URLs known to have participated in the campaign:
hxxp://cxim.inattack.ru/www7/www/auth.php

Related malicious URLs known to have participated in the campaign:
hxxp://h278666y.net/main/load.exe
hxxp://h278666y.net/www/auth.php

Related malicious MD5s known to have participated in the campaign:
MD5: 34413180d372a9e66d0d59baf0244b8f
MD5: 42e4bbd47d322ec563c86c636c3f10b9
MD5: ed36b42fac65236a868e707ee540c015
MD5: c9fa1c95ab4ec1c1d46abe5445fb41e4

hxxp://cxim.inattack.ru/www3/www/
hxxp://i.clusteron.ru/bstatus.php

Related malicious URLs known to have participated in the campaign:
hxxp://svdrom.cn

Related malicious URLs known to have participated in the campaign:
hxxp://203.117.111.52/www7/www/getcfg.php

Related malicious domains known to have participated in the campaign:
hxxp://cxim.inattack.ru/www2/www/stat.php
hxxp://cxim.inattack.ru/www3/www/stat.php
hxxp://cxim.inattack.ru/www4/www/stat.php
hxxp://cxim.inattack.ru/www5/www/stat.php
hxxp://cxim.inattack.ru/www6/www/stat.php
hxxp://finito.fi.funpic.org/black/stat.php
hxxp://logartos.org/forum/stat.php - 195.24.78.242
hxxp://weberror.cn/be1/stat.php
hxxp://prosto.pizdos.net/_lol/stat.php
hxxp://h278666y.net/www/stat.php - 72.233.60.254

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • RSS

Historical OSINT - Sub7 Crew Releases New Version on 11th Anniversary of The RAT

It's 2010 and I've recently came across to the following announcement at Sub7's Main Forum - the most ubiquitous trojan horse also known as Remote Access Tool circa the 90's on the upcoming release of a new version.

"People can buy unique FUD servers in the shop and custom clients can also be written to help you admin PC's remotely with your own features. These are selling well so be sure to grab your own custom version while we are offering them at this price. Please be advised there is currently a waiting list for this."

Sample detection rate:
borlndmm.dll - Result: 0/42 (0%)
EditServer.exe - Result: 10/42 (23.81%)
Server.exe - Result: 18/41 (43.91%)
- SubSeven.exe - Result: 16/41 (39.03%)

Should The Scene the way we know it re-appear the way we know it? It appears that every then and now a new cybercrime-friendly tool is trying to materialize taking us back to what used to be The Scene circa the 90's.

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • RSS

Historical OSINT - Profiling a Portfolio of Fake Visa Application Scam Domains

It's been a while since I last posted a quality update profiling a versatile currently circulating malicious and fraudulent spam campaign profiling and highlighting the fraudulent and malicious activities of the cybercriminals behind the campaign.

In this post I'll profile a currently circulating Fake Visa Application fraudulent campaign enticing users into submitting their personal details for the purpose of obtaining a fake and rogue visa.

Related emails known to have participated in the campaign:
vizagold2010@mail.ru
qwerty_ok@bigmir.net
vizacom10@bigmir.net
Abrakadabra011@yandex.ua
alexboy40@meta.ua
vizacom09@bigmir.net
bestagancy@rambler.ru
vizagold2010@mail.ru
vizagold2010@gmail.com
vizacom01@ua.fm
Vizacom01@gmail.com
Vizacom01@ukr.net
Vizacom01@qip.ru
visas_com@ukr.net
Visas.com2010@gmail.com
infinite-visas@rambler.ru
unforeseen2010@hotmail.com
shengen_visas@ukr.net
shengenvisas@gmail.com
shengenvisas@rambler.ru
shengenvisas@bigmir.net

Stay tuned for an updated set of malicious and fraudulent Fake Visa Application domain portfolio to be published anytime soon.

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • RSS

Historical OSINT - A Peek Inside The Georgia Government's Web Site Compromise Malware Serving Campaign - 2010

Remember the massive Russia vs Georgia cyber attack circa 2009? It seems that the time has come for me to dig a little bit deeper and provide actionable intelligence on one of the actors that seem to have participated in the campaign including a sample Pro-Georgian type of Cyber Militia that apparently attempted to "risk-forward" the responsibility for waging Cyberwar to third-parties including Russian and Anti-Georgia supporters.

How come? In this post I'll provide actionable intelligence on what appears to be a currently active Brazilian supporter of the Cyber Attacks that took place circa 2009 with the idea to discuss in-depth the tools and motivation for launching the campaign of the cybercriminals behind it.

Sample malicious URL known to have participated in the campaign:
hxxp://geocities.ws/thezart/

It's 2010 and I'm coming across to a malicious and fraudulent file repository that can be best described as a key actor that managed to participate perhaps even orchestrate the Russia vs Georgia cyber attacks circa 2009. Who is this individual? How did he manage to contribute to the Russian vs Georgia cyber attacks? Did he rely on active outsourcing or was he hired to perform the orchestrated DDoS for hire attacks that took place back then? Keep reading.

It appears that a Brazilian user known as The Zart managed to participated in the Russia vs Georgia cyber attacks circa 2009 relying on a variety of tools and techniques known as:

- DNS Amplification Attacks
- Web Site Defacement Tools
- Targeted Spreading of Vulnerable Legitimate Web Sites
- Automated Web-Site Exploitation - Long Tail of The Malicious Web

which basically resulted in a self-mobilized militia that actually participated and launched the Russia vs Georgia cyber attacks circa 2009.

Related posts:
The Russia vs Georgia Cyber Attack
Who's Behind the Georgia Cyber Attacks?
DDoS Attack Graphs from Russia vs Georgia's Cyberattacks
Real-Time OSINT vs Historical OSINT in Russia/Georgia Cyberattacks

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • RSS

Historical OSINT - Profiling a Rogue and Malicious Domain Portfolio of OEM-Pirated Software

In a cybercrime-ecosystem dominated by fraudulent and malicious releases cybercriminals continue relying on fraudulent and potentially-malicious affiliate-based type of revenue-sharing schemes for the purpose of serving fraudulent and malicious software to thousands of unsuspecting users including OEM-powered pirated software to millions of users globally.

In this post I'll profile a currently active fraudulent and malicious domain portfolio of OEM-powered pirated-software serving fraudulent and malicious domains.

Related domains known to have participated in the campaign:
hxxp://store-software-7.com - Email: altsrv@gmail.com
hxxp://oem-store-software-7.com - Email: altsrv@gmail.com
hxxp://store-digital-software-7.com - Email: altsrv@gmail.com
hxxp://oem-digital-software-7.com - Email: altsrv@gmail.com
hxxp://shop-digital-software-7.com - Email: altsrv@gmail.com
hxxp://buy-shop-software-7.com - Email: altsrv@gmail.com
hxxp://buyshop-software-7.com - Email: altsrv@gmail.com
hxxp://store-buy-software-7.com - Email: altsrv@gmail.com
hxxp://digital-shopsoftware-7.com - Email: altsrv@gmail.com
hxxp://buy-shopsoftware-7.com - Email: altsrv@gmail.com
hxxp://digitalbuysoftware-7.com - Email: altsrv@gmail.com
hxxp://software-digital-store-7.com - Email: altsrv@gmail.com
hxxp://buy-shop-digital-7.com - Email: altsrv@gmail.com
hxxp://buyshop-digital-7.com - Email: altsrv@gmail.com
hxxp://buy-soft-digital-7.com - Email: altsrv@gmail.com
hxxp://soft-buy-digital-7.com - Email: altsrv@gmail.com
hxxp://softbuy-digital-7.com - Email: altsrv@gmail.com
hxxp://softwaredigital-7.com - Email: altsrv@gmail.com
hxxp://buy-softdigital-7.com - Email: altsrv@gmail.com
hxxp://softbuydigital-7.com - Email: altsrv@gmail.com
hxxp://storesoftware-oem-7.com - Email: altsrv@gmail.com
hxxp://digitalsoftware-oem-7.com - Email: altsrv@gmail.com
hxxp://store-oem-7.com - Email: altsrv@gmail.com
hxxp://soft-buy-oem-7.com - Email: altsrv@gmail.com
hxxp://digital-storeoem-7.com - Email: altsrv@gmail.com
hxxp://digitaloem-7.com - Email: altsrv@gmail.com
hxxp://digital-buyoem-7.com - Email: altsrv@gmail.com
hxxp://digitalbuy-shop-7.com - Email: altsrv@gmail.com
hxxp://buyoem-soft-7.com - Email: altsrv@gmail.com
hxxp://digital-buy-soft-7.com - Email: altsrv@gmail.com
hxxp://digitalbuy-soft-7.com - Email: altsrv@gmail.com
hxxp://digital-buysoft-7.com - Email: altsrv@gmail.com
hxxp://digitalbuysoft-7.com - Email: altsrv@gmail.com
hxxp://shopsoftware-buy-7.com - Email: altsrv@gmail.com
hxxp://software-store-buy-7.com - Email: altsrv@gmail.com
hxxp://digitalshop-buy-7.com - Email: altsrv@gmail.com
hxxp://digital-soft-buy-7.com - Email: altsrv@gmail.com
hxxp://digitalsoft-buy-7.com - Email: altsrv@gmail.com
hxxp://software-digitalbuy-7.com - Email: altsrv@gmail.com
hxxp://oem-digitalbuy-7.com - Email: altsrv@gmail.com
hxxp://softdigitalbuy-7.com - Email: altsrv@gmail.com
hxxp://digital-softbuy-7.com - Email: altsrv@gmail.com
hxxp://digitalsoftbuy-7.com - Email: altsrv@gmail.com
hxxp://digitaltributary.com - Email: altsrv@gmail.com
hxxp://oemstore-software-7.ru - Email: mikepanin1990@gmail.com
hxxp://digital-buy-software-7.ru - Email: mikepanin1990@gmail.com
hxxp://shop-buy-software-7.ru - Email: mikepanin1990@gmail.com
hxxp://buydigitalsoftware-7.ru - Email: mikepanin1990@gmail.com
hxxp://digital-buysoftware-7.ru - Email: mikepanin1990@gmail.com
hxxp://buysoftware-store-7.ru - Email: mikepanin1990@gmail.com
hxxp://software-buy-store-7.ru - Email: mikepanin1990@gmail.com
hxxp://buysoftwarestore-7.ru - Email: mikepanin1990@gmail.com
hxxp://oem-digitalstore-7.ru - Email: mikepanin1990@gmail.com
hxxp://software-oemstore-7.ru - Email: mikepanin1990@gmail.com
hxxp://store-digital-7.ru - Email: mikepanin1990@gmail.com
hxxp://storeoem-digital-7.ru - Email: mikepanin1990@gmail.com
hxxp://oembuy-digital-7.ru - Email: mikepanin1990@gmail.com
hxxp://shop-softwaredigital-7.ru - Email: mikepanin1990@gmail.com
hxxp://softwarebuydigital-7.ru - Email: mikepanin1990@gmail.com
hxxp://store-software-oem-7.ru - Email: mikepanin1990@gmail.com
hxxp://buy-software-oem-7.ru - Email: mikepanin1990@gmail.com
hxxp://software-digital-oem-7.ru - Email: mikepanin1990@gmail.com
hxxp://storedigital-oem-7.ru - Email: mikepanin1990@gmail.com
hxxp://softwareoem-7.ru - Email: mikepanin1990@gmail.com
hxxp://digitalsoftwareoem-7.ru - Email: mikepanin1990@gmail.com
hxxp://softwarestoreoem-7.ru - Email: mikepanin1990@gmail.com
hxxp://buysoftwareshop-7.ru - Email: mikepanin1990@gmail.com
hxxp://software-digitalshop-7.ru - Email: mikepanin1990@gmail.com

With software piracy continuing to increase and proliferate it shouldn't be surprising that rogue and fraudulent affiliate-based type of networks will continue to make impact globally potentially exposing millions of user to a variety of risks including malicious software.

Stay tuned for an updated set of fraudulent and malicious piracy-themed portfolio of domains to be published anytime soon.

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • RSS

Historical OSINT - Profiling a Typosquatted Facebook and Twitter Impersonating Fraudulent and Malicious Domains Portfolio

With cybercriminals continuing to populate the cybercrime ecosystem with hundreds of malicious released including a variety of typosquatted domains it shouldn't be surprising that hundreds of thousands of users continue falling victim to fraudulent and malicious malware and exploits serving schemes.

In this post I'll profile a currently active fraudulent and malicious typosquatted domain portfolio successfully impersonating Facebook and Twitter for the purpose of enticing users into interacting with the rogue and malicious domains.

Related domains known to have participated in the campaign:
hxxp://sm-url.info
hxxp://sm-urls.info
hxxp://smurls.info
hxxp://smirl.info
hxxp://smalladdr.info
hxxp://sm-irl.info
hxxp://tnylnk.info
hxxp://tnysite.info
hxxp://smalink.info
hxxp://profilelink.info
hxxp://muypix.info
hxxp://profilehoster.info
hxxp://quiklynk.info
hxxp://tnyur.info
hxxp://skurls.info
hxxp://smrls.info
hxxp://smulrs.info
hxxp://snurls.info
hxxp://link-out.info
hxxp://make-small.info
hxxp://make-tiny.info
hxxp://makesmall.info
hxxp://maketiny.info
hxxp://maketny.info
hxxp://mehprofile.info
hxxp://muhprofile.info
hxxp://quickprofile.info
hxxp://quiklink.info
hxxp://quikprofile.info
hxxp://small-url.info
hxxp://smalllink.info
hxxp://tinyout.info
hxxp://go-out.info
hxxp://out-link.info
hxxp://tny-url.info
hxxp://posta-link.info
hxxp://tiny-out.info
hxxp://private-pics.info
hxxp://private-pix.info
hxxp://coool-pics.info
hxxp://sxypics.info
hxxp://sxypix.info
hxxp://my-link-out.info
hxxp://my-lynk.info
hxxp://go-to-my-pix.info
hxxp://my-profile-lnk.info
hxxp://smaller-link.info
hxxp://smaller-urls.info
hxxp://pics-url.info
hxxp://pix-url.info
hxxp://quick-pix.info
hxxp://quick-profile.info
hxxp://pics-links.info
hxxp://pix-links.info
hxxp://check-my-pics.info
hxxp://check-my-profile.info
hxxp://check-my-link.info
hxxp://click-links.info
hxxp://my-photo-profile.info
hxxp://photo-profile.info
hxxp://my-video-profile.info
hxxp://video-profile.info
hxxp://hotvideoprofile.info
hxxp://my-videos-profile.info
hxxp://myphotoprofile.info
hxxp://mypictureprofile.info
hxxp://mysexyphotos.info
hxxp://mysexypix.info
hxxp://mysexyvideos.info
hxxp://mysexyvids.info
hxxp://mysxyphotos.info
hxxp://mysxypics.info
hxxp://mysxypictures.info
hxxp://mysxyprofile.info
hxxp://mysxyvideos.info
hxxp://mysxyvids.info
hxxp://myvideoprofile.info
hxxp://myvideosprofile.info
hxxp://profile-link.info
hxxp://sxyprofiles.info
hxxp://myhotphotos.info
hxxp://myhotpictures.info
hxxp://myhotprofile.info
hxxp://myhotvideos.info
hxxp://myhotvids.info
hxxp://my-photos-r-cool.info
hxxp://my-profile-page.info
hxxp://my-cool-profile.info
hxxp://my-photo-spot.info
hxxp://my-profile-spot.info
hxxp://my-video-spot.info
hxxp://myphotopages.info
hxxp://myprofilepages.info
hxxp://photo-pages.info
hxxp://profile-pages.info
hxxp://videoz-profile.info
hxxp://myphoto-gallery.info
hxxp://myphoto-spot.info
hxxp://myvideo-spot.info
hxxp://myvideospot.info
hxxp://show-my-pictures.info
hxxp://show-my-videos.info
hxxp://show-my-vids.info
hxxp://show-off-pics.info
hxxp://show-off-vids.info
hxxp://show-your-photos.info
hxxp://check-my-page.info
hxxp://show-my-picx.info
hxxp://show-my-vidds.info
hxxp://my-profile-site.info
hxxp://profile-sites.info
hxxp://profile-space.info
hxxp://view-my-profile.info
hxxp://view-profile.info
hxxp://profile-link2.info
hxxp://profile-link3.info
hxxp://profile-link4.info
hxxp://profile-link5.info
hxxp://profile-link6.info
hxxp://profile-link7.info
hxxp://profile-link8.info
hxxp://twitpic-1.info
hxxp://twitpic-2.info
hxxp://twitpic-3.info
hxxp://twitpic-4.info
hxxp://my-pictures-domain.info
hxxp://photo-profile-sites.info
hxxp://picture-profile-site.info
hxxp://picture-profile-sites.info
hxxp://picture-profiles.info
hxxp://video-profile-site.info
hxxp://video-profile-sites.info
hxxp://myprofile-site.info
hxxp://photo-gallery-sites.info
hxxp://photogallery-site.info
hxxp://photogallery-sites.info
hxxp://theprofileiste.info
hxxp://photo-galleries-1.info
hxxp://photo-galleries-10.info
hxxp://photo-galleries-2.info
hxxp://photo-galleries-3.info
hxxp://photo-galleries-4.info
hxxp://photo-galleries-5.info
hxxp://photo-galleries-6.info
hxxp://photo-galleries-7.info
hxxp://photo-galleries-8.info
hxxp://photo-galleries-9.info
hxxp://unrated-profiles-1.info
hxxp://unrated-profiles-10.info
hxxp://unrated-profiles-2.info
hxxp://unrated-profiles-3.info
hxxp://unrated-profiles-4.info
hxxp://unrated-profiles-5.info
hxxp://unrated-profiles-6.info
hxxp://unrated-profiles-7.info
hxxp://unrated-profiles-8.info
hxxp://unrated-profiles-9.info
hxxp://unrated-profile-1.info
hxxp://unrated-profile-10.info
hxxp://unrated-profile-2.info
hxxp://unrated-profile-3.info
hxxp://unrated-profile-4.info
hxxp://unrated-profile-5.info
hxxp://unrated-profile-6.info
hxxp://unrated-profile-7.info
hxxp://unrated-profile-8.info
hxxp://unrated-profile-9.info
hxxp://r-rated-photos-1.info
hxxp://r-rated-photos-10.info
hxxp://r-rated-photos-2.info
hxxp://r-rated-photos-3.info
hxxp://r-rated-photos-4.info
hxxp://r-rated-photos-5.info
hxxp://r-rated-photos-7.info
hxxp://r-rated-photos-8.info
hxxp://r-rated-photos-9.info
hxxp://r-rated-profile-1.info
hxxp://r-rated-profile-10.info
hxxp://r-rated-profile-2.info
hxxp://r-rated-profile-3.info
hxxp://r-rated-profile-4.info
hxxp://r-rated-profile-5.info
hxxp://r-rated-profile-6.info
hxxp://r-rated-profile-7.info
hxxp://r-rated-profile-8.info
hxxp://r-rated-profile-9.info
hxxp://unrated-gallery-1.info
hxxp://unrated-gallery-10.info
hxxp://unrated-gallery-2.info
hxxp://unrated-gallery-3.info
hxxp://unrated-gallery-4.info
hxxp://unrated-gallery-5.info
hxxp://unrated-gallery-6.info
hxxp://unrated-gallery-7.info
hxxp://unrated-gallery-8.info
hxxp://unrated-gallery-9.info
hxxp://profile-unrated-1.info
hxxp://profile-unrated-10.info
hxxp://profile-unrated-2.info
hxxp://profile-unrated-3.info
hxxp://profile-unrated-4.info
hxxp://profile-unrated-5.info
hxxp://profile-unrated-6.info
hxxp://profile-unrated-7.info
hxxp://profile-unrated-8.info
hxxp://profile-unrated-9.info
hxxp://iprosa.com
hxxp://sm-urls.com
hxxp://snkirl.com
hxxp://tnulk.com
hxxp://smulx.com
hxxp://tnysnorl.com
hxxp://supalnk.com
hxxp://tnyweb.com
hxxp://smlnk.com
hxxp://profilehoster.com
hxxp://make-small.com
hxxp://my-link-out.com
hxxp://url-out.com
hxxp://profile-out.com
hxxp://tiny-out.com
hxxp://posta-link.com
hxxp://coool-pics.com
hxxp://twitpics-1.com
hxxp://twitpics-4.com
hxxp://twitpics-2.com
hxxp://twitpics-3.com
hxxp://profile-video-gallery.com
hxxp://fb-photo-gallery.com
hxxp://fb-gallery.com
hxxp://profile-photo-gallery.com
hxxp://profilegallerysite.com
hxxp://profilepicturesite.com
hxxp://my-profile-gallery.com
hxxp://profile-gallery.com
hxxp://profile-galleries.com
hxxp://her-profile-pictures.com
hxxp://her-picture-sites.com
hxxp://her-photo-site.com
hxxp://gallery-link.com
hxxp://her-photo-sites.com
hxxp://her-profile-photos.com
hxxp://her-profile-out.com
hxxp://her-profiles.com
hxxp://her-picture-site.com
hxxp://photosites-now.com
hxxp://photos-for-fb.com
hxxp://photosforfb.com
hxxp://photo-galleries-onilne.com

Stay tuned for an updated set of typosquatted malicious and fraudulent domains impersonating popular brands to be published anytime soon.

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • RSS

Historical OSINT - Able Express Courier Service Re-Shipping Mule Recruitment Scam Spotted in the Wild

I've recently intercepted a currently circulating malicious and fraudulent spam campaign successfully impersonating "Able Express Courier Service" to utilize a re-shipping mule recruitment scam potentially targeting tens of thousands of unsuspecting users globally.

Sample malicious URL known to have participated in the campaign:
hxxp://ablecs.biz - 104.31.82.184 - Email: phyllisjhurst@grr.la

Sample Mailing Address:
PO Box 34459
Bartlett, TN 38184-0459
United States
+1 (888) 597-5808

The service is positioning itself as "Able Express Courier Service has been providing forwarding services for more than three years now. Our staff consists of experienced professionals who regularly get certified and verified for competency. Over the years, Test Compant inc has delivered packages to a variety of places and gained many major business partners all around the world."

Sample Screenshots of the Malicious and Fraudulent Service:








Stay tuned for an additional set of details regarding re-shipping money mule recruitment scams to be publishe anytime soon.

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • RSS

Historical OSINT - Global Postal Express Re-Shipping Mule Recruitment Scam Spotted in the Wild

Continuing the series of post detailing the activities of currently circulating malicious and fraudulent spam campaigns successfully targeting potential money mule recruiters I've recently came across to Global Postal Express which basically:

"We Provide best in service global logistics through our people by building lasting relationships with the commitment to prioritize our customer needs to generate financial results. Be the leader in the development of integrated logistics strategies by offering the highest levels of quality, reliability and exceptional customer service while strategically growing nationally and internationally."

Sample malicious URL known to have participated in the campaign:
hxxp://globalpostalexpress.net - Email: globalpostalexpressinc@gmail.com

Sample Mailing Address:
2549 Harris Ave, Sacramento,CA 95838, U.S.A
+1 (719) 838 2416

Sample Screenshots of the Service in Action:





Sample Screenshots of the Related Malicious Domains Known to Have Participated in the Campaign:




Related malicious URLs known to have to participated in the campaign:
hxxp://www.marannata.com
hxxp://wellburton.com
hxxp://stecoexpress.com
hxxp://mag-trading.com

Stay tuned for an additional set of details regarding re-shipping money mule recruitment domain portfolios anytime soon.

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • RSS

Historical OSINT - Re-Shipping Money Mule Recruitment "Your Shipping Panel LLC" Scam Domain Portfolio Spotted in the Wild

The time has come to profile a recently intercepted and currently active malicious and fraudulent re-shipping money mule recruitment fraudulent campaign successfully enticing users into interacting with the rogue and bogus content potentially risk-forwarding the risk of the fraudulent transaction to the unsuspecting user.

Sample malicious URL:
hxxp://yourshippingpanel.com

Sample Mailing Address:
One World Trade Center, New York, NY, 10007, USA
+1 (606) 879-0046

Sample Company Description:
"Your Shipping Panel LLC" is successfully positioning the company "Founded in 1995, is a package delivery company with services to Eastern Europe as well as to all the countries of the former Soviet Union. Over the years, Your Shipping Panel LLC has grown into an industry leader by focusing on the goal of connecting customers in the United States with their families, friends and businesses in Eastern Europe. This also includes e-commerce between those countries. Today, Your Shipping Panel LLC has become a dominant force in package delivery with services to Ukraine, Russia, Belarus, Moldova, Uzbekistan, Kazakhstan, Kyrgyzstan, Georgia, Azerbaijan and Armenia. Our specialized transportation and logistics services to those countries lead the way as the most recognized brand in North America."

Sample Screenshots of The Related Web Sites Known to Have Been Involved in the Campaign:




Related domains known to have participated in the campaign:
hxxp://meestshipping.com
hxxp://www.bellwordcourier.site
hxxp://unitedmorganexpresslogistics.com
hxxp://fastexmega-delivery.com
hxxp://supremelight-globaldelivery.com
hxxp://mngcargocourier.com
hxxp://fastex-uk.com
hxxp://bequem-gh.com
hxxp://diamonddeliverys.com
hxxp://leadasialogistic.com
hxxp://diplomatcourierservices.com
hxxp://solacec.com

Stay tuned for an additional portfolio of re-shipping money mule recruitment scam domains to be published anytime soon.

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • RSS