A Peek Inside the Earnings4u Managed Malware Distribution Service - An Analysis

Dear blog readers,

I've decided to offer an in-depth inside peek inside the Earnings4u managed malware distribution service circa 2010 with the idea to raise awareness on the ease of use and the actual trend where novice and experienced botnet masters can easily acquire the necessary seed population in terms of purchasing access to malware infected hosts which could be further used to spread their malicious software campaigns including spam and phishing campaigns.

With managed affiliate-network based revenue sharing schemes continuing to proliferate it shouldn't be surprising that more cybercriminals are actually looking for ways to monetize access to their acquired through blackhat SEO including various other rogue and fraudulent techniques traffic including users who would be interested in offering managed and centralized ways for spreading other cybercriminal's malicious releases in a systematic and efficient way leading to today's modern cybercrime ecosystem reality where both novice and experienced cybercriminals rely on rogue and malicious affiliate-network based revenue sharing schemes for both revenue generation and the spreading of malicious software.

Sample screenshots include:

Stay tuned!

A Peek Inside a Russian Web-Based Managed Spam Service - An Analysis

With spam continuing to proliferate globally that also includes the use of spam for serving malicious software largely populating a variety of botnets on a daily basis including the ever-growing use of client-side exploits for the purpose of affecting hundreds of thousands of users on a daily basis I've decided to take a peek inside a Russian-based managed spam service that let's users launch massive and widespread spam campaigns in a DIY (do-it-yourself) fashion.

 Sample screenshots include:

Stay tuned!

Profiling a Russia-Based Bulletproof Hosting Provider - An Analysis

It should be clearly noted that in today's modern cybercrime ecosystem which is largely driven by the existence of bulletproof hosting providers which basically either ignore abuse notifications or on purposely launch rogue and fraudulent online hosting operations using their own resources or in combination with cloud-based service providers who unknowingly participate in such type of fraudulent and rogue bulletproof hosting schemes including actual malicious software spam and botnet C&C hosting we've continuing to observe an increase in the overall volume of these providers where we're also witnessing their use by both novice and experienced cybercriminals where the ultimate goal would be to increase the average time it takes for vendors organizations and researchers to take offline their rogue fraudulent and malicious campaigns.

In this post I'll discuss several of the high-profile bulletproof hosting providers that were active circa 2010 and I'll provide some actionable intelligence on the infrastructure behind them with the idea to assist everyone in their cyber attack and cyber campaign attribution efforts.

• Recommended reading - Historical OSINT - How TROYAK-AS Utillized BGP-Over-VPN To Serve The Avalance Botnet

Sample screenshots include:

Related bulletproof hosting providers that were active back in 2010 include:

hxxp://securehost.com

hxxp://ccihosting.com

hxxp://wrzhost.com

hxxp://underhost.com

hxxp://shinjiru.com

hxxp://offshorehosting.com

hxxp://offshoreracks.com

hxxp://hostimizer.com

hxxp://zentek-international.com

hxxp://anonhoster.com

hxxp://webcare360.com

hxxp://altushost.com

hxxp://anonymoushosting.org

hxxp://nodmca.nl

hxxp://goip.com

hxxp://serverslease.net

hxxp://e-investhost.com

hxxp://eukhost.com

hxxp://adulthosting.com

hxxp://webhostingchoice.com

hxxp://adulthostingservers.com

hxxp://hostsearch.com

hxxp://adult-host.ru

hxxp://layeredlink.ru

hxxp://xlhost.ru

hxxp://park-web.ru

hxxp://web750.com

hxxp://cirtexhosting.com

hxxp://wlw.su

hxxp://warez-host.com

hxxp://abuzhost.ru

hxxp://peterhost.ru

hxxp://fastvps.ru

Stay tuned!

Do You Want to Become Guest Blogger or Post a Guest Post Here?

Dear blog readers,

Are you interested in becoming a Guest Blogger or post a Guest Post on the topic of cybercrime research OSINT threat intelligence gathering malicious software and botnet research including anything related to information security in terms of a Guest Post or to actually becoming a full-time Guest Blogger at my personal blog?

Drop me a line at dancho.danchev@hush.com to discuss.

Stay tuned! 

Dancho Danchev's Vlog - Psychedelic Reality Session - YouTube Video - An Analysis

Dear blog readers,

I've decided to share with everyone one of my most recent YouTube videos which is basically a "Psychedelic Reality" short mix with the idea to say big thanks to everyone for following me and that I'll continue to post high-quality research and posts here.

Enjoy!

Stay tuned!

Dancho Danchev - Official Come Back - YouTube Video - An Analysis

Dear blog readers,

I've decided to share with everyone an official Come Back video with the idea to signal the fact that I'm indeed back online doing research and that I wanted to say big thanks to everyone for following me.

Enjoy!

Stay tuned!

Dancho Danchev SecondEye Solutions - YouTube Maltego Demonstration - An Analysis

Dear blog readers,

I've decided to share with everyone my SecondEye Solutions Maltego training video with everyone with the idea to assist everyone in their cyber attack and cyber campaign attribution efforts.

Enjoy!

Stay tuned!

Dancho Danchev InFraud Organization - YouTube Maltego Demonstration - An Analysis

Dear blog readers,

I've decided to share with everyone my InFraud organization analysis Maltego training video with the idea to assist everyone in their cyber attack and cyber campaign attribution efforts.

Enjoy!

Stay tuned!

Dancho Danchev Speaks! - YouTube Video Presentation - An Analysis

Dear blog readers,

I've decided to share with everyone my "Dancho Danchev - Speaks!" introduction video where I did my best to elaborate more on my experience and expertise in the field throughout the years.

Enjoy! 

Stay tuned!

Dancho Danchev's "Exposing the Koobface Botnet" - YouTube Video Presentation - An Analysis

Dear blog readers,

I've decided to share with everyone my Keynote at CyberCamp 2016 on tracking down and monitoring the Koobface botnet.

Go through the related posts here. 

Enjoy!

Stay tuned!

Thank You For Following Me!

Dear blog readers,

I wanted to take the time and effort and say big thanks to everyone who's been following my work throughout the years and continues to do so. Full video here. My RSS feed here.

Stay tuned!

Exposing A E-Shop for Selling Access to Compromised PCs - An Analysis

NOTE:

I took these screenshots in 2009.

Dear blog readers,

I've decided to share with everyone some screenshots of a E-Shop for selling access to compromised PCs.

Largely thanks to a variety of built-in botnet management and control features today's modern botnet masters are fully capable of renting or offering access to malware-infected hosts which could be used for a variety of purposes which include the hosting of rogue and malicious content including the actual use of these hosts to further spread malicious software largely thanks to a variety of segmentation features currently available in a variety of high-profile malicious software and botnet releases.

Sample screenshots include:

Stay tuned!

Exposing a Compilation of Stolen Credit Cards Selling Domains - An Analysis

Dear blog readers,

I've decided to share with everyone a currently active portfolio of E-Shops selling access to stolen credit cards including the necessary technical information to assist everyone in their cyber attack and cyber campaign attribution efforts. 

Sample screenshot includes:

Sample domains known to have been involved in the campaign include:

hxxp://ccgetmoney.com

hxxp://cvvshop.in

hxxp://cvvshop39.com

hxxp://evilshop.org

hxxp://shopccdumps.com

hxxp://trackgenerator.com

hxxp://validforver.com

hxxp://zunostores.com

hxxp://novlops.com

hxxp://pawnsh0p.com

hxxp://privatecvv.com

hxxp://privateshop1.com

hxxp://privateshop2.com

hxxp://selldumpsshop.com

hxxp://allmybins.com

hxxp://anyccard.com

hxxp://bases-valid.com

hxxp://batch-conf.com

hxxp://yalelodge.com

hxxp://vietnamworm.com

hxxp://freshcvv.com

hxxp://good-cvv.com

hxxp://dumpschecker.com

hxxp://jshop-pro.com

hxxp://dumpscvv2.com

hxxp://trdbz.com

hxxp://cyberxsh0p.net

hxxp://validmarket.biz

hxxp://cvvhack.com

hxxp://bulkcvv.com

Sample personally identifiable email address accounts known to have been involved in the campaign include:

greg2022@mail.ru

philmahre1989@gmail.com

Sample screenshots include:

Sample responding IPs known to have been involved in the campaign include:

hxxp://92.53.77.40

hxxp://92.223.105.218

hxxp://47.254.213.246

hxxp://49.51.135.48

hxxp://78.155.206.161

hxxp://149.129.136.245

hxxp://47.74.235.179

hxxp://92.38.135.246

hxxp://149.129.136.150

hxxp://149.129.225.92

hxxp://37.60.177.31

hxxp://194.87.103.196

hxxp://185.162.131.59

hxxp://149.129.223.249

hxxp://161.117.7.46

hxxp://46.21.248.49

hxxp://47.91.72.137

hxxp://185.185.69.33

hxxp://119.28.41.158

hxxp://85.193.85.119

hxxp://92.53.66.13

hxxp://47.74.176.216

hxxp://95.163.250.153

hxxp://47.74.236.158

hxxp://95.213.252.108

hxxp://49.51.192.130

hxxp://178.154.240.197

hxxp://172.67.144.190

hxxp://27.102.118.142

hxxp://80.87.97.201

hxxp://149.129.219.23

hxxp://185.158.152.31

hxxp://49.51.35.225

hxxp://35.198.119.28

hxxp://108.177.235.227

hxxp://193.187.128.60

hxxp://47.74.186.197

hxxp://92.53.77.90

hxxp://149.129.215.190

hxxp://47.74.137.231

hxxp://45.149.222.144

hxxp://185.167.98.134

hxxp://104.165.20.149

hxxp://47.52.233.0

hxxp://45.34.127.236

hxxp://95.213.252.3

hxxp://143.110.176.81

hxxp://47.88.156.38

hxxp://46.21.249.114

hxxp://159.65.94.111

hxxp://185.223.163.129

hxxp://185.224.212.24

hxxp://185.162.131.61

hxxp://119.28.137.123

hxxp://49.51.85.205

hxxp://194.116.216.254

hxxp://5.188.89.114

hxxp://5.188.89.22

hxxp://194.87.235.166

hxxp://92.38.135.251

hxxp://172.104.104.241

hxxp://95.213.203.64

hxxp://45.63.40.156

hxxp://149.129.216.197

hxxp://47.88.231.35

hxxp://78.155.207.76

hxxp://138.68.70.125

hxxp://185.142.239.239

hxxp://85.119.150.130

Related domains known to have been involved in the campaign include:

hxxp://stdumps.com

hxxp://shopcvvonline.ru

hxxp://golddumps.net

hxxp://hitbtctrading.com

hxxp://try2swipe.shop

hxxp://dumps-cvv.ru

hxxp://dumps-market-cvv.ru

hxxp://carderunion.ru

hxxp://cvv-carder-shop.ru

hxxp://greatdumps.net

hxxp://cvvunion.su

hxxp://dumps55.com

hxxp://okcoin-exchange.com

hxxp://dumpsmall.com

hxxp://vaildcc.su

hxxp://dumpsmall.name

hxxp://cardingmafia.su

hxxp://freshtools.ru

hxxp://http-mshop-metro-cc-ru-shop-authloading.ru

hxxp://cvv-shop.online

hxxp://dumps4free.ru

hxxp://cvvbuyonline.ru

hxxp://n1shop.net

hxxp://cardersvilla.com

hxxp://stdumps.net

hxxp://validcvv.club

hxxp://sellcvv.shop

hxxp://vaultmarket.name

hxxp://swiped1.ru

hxxp://store-best-dump.ru

hxxp://shop-forum-carder.ru

hxxp://carder007.shop

hxxp://crimenetwork.club

hxxp://cvvonlineshops.com

hxxp://verifiedshop.su

hxxp://onlinecvv.ru

hxxp://shalom.pro

hxxp://dump99.com

hxxp://bestcardersforum.ru

hxxp://smartstripe.ru

hxxp://dumps-cvv-market.ru

hxxp://zzxqsc.cn

hxxp://cardingmaestro.com

hxxp://cykkk.com

hxxp://c4rdforallove.com

hxxp://center-vinyl.ru

hxxp://cvvonlineshop.ru

hxxp://cvvshop39.com

hxxp://pack-relocation.com

hxxp://evilshop.org

hxxp://shopccdumps.com

hxxp://trackgenerator.com

hxxp://validforver.com

hxxp://xakerforum.ru

hxxp://legitvendors.su

hxxp://e-obmen.su

hxxp://cardersvilla.ru

hxxp://kimoyo.net

hxxp://prtship-forum.ru

hxxp://ccguru.su

hxxp://dpscc.ru

hxxp://ccgetmoney.com

hxxp://bulkcvv.com

hxxp://cvvshop.in

hxxp://carders-place.com

hxxp://vault-dumps.com

hxxp://cvv2shop.su

hxxp://cproforum.com

hxxp://vppspy.com

hxxp://binswork.biz

hxxp://valid4you.com

hxxp://realjabba.com

hxxp://cardstorm.ru

hxxp://globalccsource.ru

hxxp://ccshoponline.com

hxxp://rafanji.com

hxxp://tonyblack.ru

hxxp://market-dumps-cvv.ru

hxxp://allcarders.info

hxxp://mgmt.niii.in

hxxp://cvvshop39.ru

hxxp://pp24.su

hxxp://approvedcc.com

hxxp://infraud.ws

hxxp://ios.z6xg.cn

hxxp://fraudsmarket.com

hxxp://verifiedcarder.com

hxxp://validfullz.info

hxxp://store-carder-cvv.ru

hxxp://promarket.ws

hxxp://blackamex.ru

hxxp://shopadmin.ru

hxxp://feshop-one.su

hxxp://dumpscheck.ru

hxxp://card-room.cc

hxxp://ccfullz.su

hxxp://dumpschecker.com

hxxp://swipers.ru

hxxp://101blackcard.com

hxxp://stardumps24.ru

hxxp://dumpscvv2.com

hxxp://hackerimpossible.su

hxxp://verifieddumpsshop.ru

hxxp://track2.su

hxxp://worldcvv.com

hxxp://mafiastore.su

hxxp://trdbz.com

hxxp://jnpsgo.bar

hxxp://cyberxsh0p.net

hxxp://vt-professional.com

hxxp://batch-conf.com

hxxp://brocard1.com

hxxp://yalelodge.com

hxxp://verifiedshop.biz

hxxp://vietnamworm.com

hxxp://mymarket.su

hxxp://cc-best.top

hxxp://verifed-cardershop.top

hxxp://fercoamildhubti.cf

hxxp://onlineq-track.top

hxxp://goldplastic.store

hxxp://infraud.name

hxxp://geobiniri.tk

hxxp://kingscard.su

hxxp://validmarket.biz

hxxp://cvvhack.com

hxxp://sellccvs.ru

hxxp://dumpscvvmarket.ru

hxxp://thugcarders.com

hxxp://valid-shop.com

hxxp://shopvl.net

hxxp://ccplaza.club

hxxp://diamonddumps.com

hxxp://lswjsdcf358.com

hxxp://sellz-market.ru

hxxp://approved1.net

hxxp://legitcarders.com

hxxp://darknetw0rk.ru

hxxp://oroboros.su

hxxp://freshstuff.cc

hxxp://bitkonan.net

hxxp://sellz-market.org

hxxp://crimemarket.su

hxxp://myccroom.ru

hxxp://cvv1.me

hxxp://sounic.cc

hxxp://codesellz.com

hxxp://dcshop.su

hxxp://free-cc-dumps.ru

hxxp://brocard2.com

hxxp://zhilem.com

hxxp://pawnsh0p.com

hxxp://kairui999.com

hxxp://privateshop1.com

hxxp://privatecvv.com

hxxp://just-valid.com

hxxp://selldumpsshop.com

hxxp://allmybins.com

hxxp://anyccard.com

hxxp://zunostores.com

hxxp://novlops.com

hxxp://good-cvv.com

hxxp://jshop-pro.com

hxxp://storecardercvv.ru

hxxp://fe-dumps.ru

hxxp://banalitybiz.com

hxxp://privateshop2.com

hxxp://moneyteam24.ru

hxxp://buyvalidcvv.ru

hxxp://bases-valid.com

hxxp://freshcvv.com

hxxp://greatdump.com

hxxp://www.2bcd.su

hxxp://shop-buying-cvv-online.com

hxxp://cvvshopvalid.info

hxxp://realcvvshop.ru

hxxp://wucshop.com

Stay tuned!