Dancho Danchev's Blog - Mind Streams of Information Security Knowledge: Exposing a Compilation of Stolen Credit Cards Selling Domains

Saturday, October 29, 2022

Exposing a Compilation of Stolen Credit Cards Selling Domains - An Analysis

Dear blog readers,

I've decided to share with everyone a currently active portfolio of E-Shops selling access to stolen credit cards including the necessary technical information to assist everyone in their cyber attack and cyber campaign attribution efforts.

Sample screenshot includes:

Sample domains known to have been involved in the campaign include:

hxxp://ccgetmoney.com

hxxp://cvvshop.in

hxxp://cvvshop39.com

hxxp://evilshop.org

hxxp://shopccdumps.com

hxxp://trackgenerator.com

hxxp://validforver.com

hxxp://zunostores.com

hxxp://novlops.com

hxxp://pawnsh0p.com

hxxp://privatecvv.com

hxxp://privateshop1.com

hxxp://privateshop2.com

hxxp://selldumpsshop.com

hxxp://allmybins.com

hxxp://anyccard.com

hxxp://bases-valid.com

hxxp://batch-conf.com

hxxp://yalelodge.com

hxxp://vietnamworm.com

hxxp://freshcvv.com

hxxp://good-cvv.com

hxxp://dumpschecker.com

hxxp://jshop-pro.com

hxxp://dumpscvv2.com

hxxp://trdbz.com

hxxp://cyberxsh0p.net

hxxp://validmarket.biz

hxxp://cvvhack.com

hxxp://bulkcvv.com

Sample personally identifiable email address accounts known to have been involved in the campaign include:

greg2022@mail.ru

philmahre1989@gmail.com

Sample screenshots include:

Sample responding IPs known to have been involved in the campaign include:

hxxp://92.53.77.40

hxxp://92.223.105.218

hxxp://47.254.213.246

hxxp://49.51.135.48

hxxp://78.155.206.161

hxxp://149.129.136.245

hxxp://47.74.235.179

hxxp://92.38.135.246

hxxp://149.129.136.150

hxxp://149.129.225.92

hxxp://37.60.177.31

hxxp://194.87.103.196

hxxp://185.162.131.59

hxxp://149.129.223.249

hxxp://161.117.7.46

hxxp://46.21.248.49

hxxp://47.91.72.137

hxxp://185.185.69.33

hxxp://119.28.41.158

hxxp://85.193.85.119

hxxp://92.53.66.13

hxxp://47.74.176.216

hxxp://95.163.250.153

hxxp://47.74.236.158

hxxp://95.213.252.108

hxxp://49.51.192.130

hxxp://178.154.240.197

hxxp://172.67.144.190

hxxp://27.102.118.142

hxxp://80.87.97.201

hxxp://149.129.219.23

hxxp://185.158.152.31

hxxp://49.51.35.225

hxxp://35.198.119.28

hxxp://108.177.235.227

hxxp://193.187.128.60

hxxp://47.74.186.197

hxxp://92.53.77.90

hxxp://149.129.215.190

hxxp://47.74.137.231

hxxp://45.149.222.144

hxxp://185.167.98.134

hxxp://104.165.20.149

hxxp://47.52.233.0

hxxp://45.34.127.236

hxxp://95.213.252.3

hxxp://143.110.176.81

hxxp://47.88.156.38

hxxp://46.21.249.114

hxxp://159.65.94.111

hxxp://185.223.163.129

hxxp://185.224.212.24

hxxp://185.162.131.61

hxxp://119.28.137.123

hxxp://49.51.85.205

hxxp://194.116.216.254

hxxp://5.188.89.114

hxxp://5.188.89.22

hxxp://194.87.235.166

hxxp://92.38.135.251

hxxp://172.104.104.241

hxxp://95.213.203.64

hxxp://45.63.40.156

hxxp://149.129.216.197

hxxp://47.88.231.35

hxxp://78.155.207.76

hxxp://138.68.70.125

hxxp://185.142.239.239

hxxp://85.119.150.130

Related domains known to have been involved in the campaign include:

hxxp://stdumps.com

hxxp://shopcvvonline.ru

hxxp://golddumps.net

hxxp://hitbtctrading.com

hxxp://try2swipe.shop

hxxp://dumps-cvv.ru

hxxp://dumps-market-cvv.ru

hxxp://carderunion.ru

hxxp://cvv-carder-shop.ru

hxxp://greatdumps.net

hxxp://cvvunion.su

hxxp://dumps55.com

hxxp://okcoin-exchange.com

hxxp://dumpsmall.com

hxxp://vaildcc.su

hxxp://dumpsmall.name

hxxp://cardingmafia.su

hxxp://freshtools.ru

hxxp://http-mshop-metro-cc-ru-shop-authloading.ru

hxxp://cvv-shop.online

hxxp://dumps4free.ru

hxxp://cvvbuyonline.ru

hxxp://n1shop.net

hxxp://cardersvilla.com

hxxp://stdumps.net

hxxp://validcvv.club

hxxp://sellcvv.shop

hxxp://vaultmarket.name

hxxp://swiped1.ru

hxxp://store-best-dump.ru

hxxp://shop-forum-carder.ru

hxxp://carder007.shop

hxxp://crimenetwork.club

hxxp://cvvonlineshops.com

hxxp://verifiedshop.su

hxxp://onlinecvv.ru

hxxp://shalom.pro

hxxp://dump99.com

hxxp://bestcardersforum.ru

hxxp://smartstripe.ru

hxxp://dumps-cvv-market.ru

hxxp://zzxqsc.cn

hxxp://cardingmaestro.com

hxxp://cykkk.com

hxxp://c4rdforallove.com

hxxp://center-vinyl.ru

hxxp://cvvonlineshop.ru

hxxp://cvvshop39.com

hxxp://pack-relocation.com

hxxp://evilshop.org

hxxp://shopccdumps.com

hxxp://trackgenerator.com

hxxp://validforver.com

hxxp://xakerforum.ru

hxxp://legitvendors.su

hxxp://e-obmen.su

hxxp://cardersvilla.ru

hxxp://kimoyo.net

hxxp://prtship-forum.ru

hxxp://ccguru.su

hxxp://dpscc.ru

hxxp://ccgetmoney.com

hxxp://bulkcvv.com

hxxp://cvvshop.in

hxxp://carders-place.com

hxxp://vault-dumps.com

hxxp://cvv2shop.su

hxxp://cproforum.com

hxxp://vppspy.com

hxxp://binswork.biz

hxxp://valid4you.com

hxxp://realjabba.com

hxxp://cardstorm.ru

hxxp://globalccsource.ru

hxxp://ccshoponline.com

hxxp://rafanji.com

hxxp://tonyblack.ru

hxxp://market-dumps-cvv.ru

hxxp://allcarders.info

hxxp://mgmt.niii.in

hxxp://cvvshop39.ru

hxxp://pp24.su

hxxp://approvedcc.com

hxxp://infraud.ws

hxxp://ios.z6xg.cn

hxxp://fraudsmarket.com

hxxp://verifiedcarder.com

hxxp://validfullz.info

hxxp://store-carder-cvv.ru

hxxp://promarket.ws

hxxp://blackamex.ru

hxxp://shopadmin.ru

hxxp://feshop-one.su

hxxp://dumpscheck.ru

hxxp://card-room.cc

hxxp://ccfullz.su

hxxp://dumpschecker.com

hxxp://swipers.ru

hxxp://101blackcard.com

hxxp://stardumps24.ru

hxxp://dumpscvv2.com

hxxp://hackerimpossible.su

hxxp://verifieddumpsshop.ru

hxxp://track2.su

hxxp://worldcvv.com

hxxp://mafiastore.su

hxxp://trdbz.com

hxxp://jnpsgo.bar

hxxp://cyberxsh0p.net

hxxp://vt-professional.com

hxxp://batch-conf.com

hxxp://brocard1.com

hxxp://yalelodge.com

hxxp://verifiedshop.biz

hxxp://vietnamworm.com

hxxp://mymarket.su

hxxp://cc-best.top

hxxp://verifed-cardershop.top

hxxp://fercoamildhubti.cf

hxxp://onlineq-track.top

hxxp://goldplastic.store

hxxp://infraud.name

hxxp://geobiniri.tk

hxxp://kingscard.su

hxxp://validmarket.biz

hxxp://cvvhack.com

hxxp://sellccvs.ru

hxxp://dumpscvvmarket.ru

hxxp://thugcarders.com

hxxp://valid-shop.com

hxxp://shopvl.net

hxxp://ccplaza.club

hxxp://diamonddumps.com

hxxp://lswjsdcf358.com

hxxp://sellz-market.ru

hxxp://approved1.net

hxxp://legitcarders.com

hxxp://darknetw0rk.ru

hxxp://oroboros.su

hxxp://freshstuff.cc

hxxp://bitkonan.net

hxxp://sellz-market.org

hxxp://crimemarket.su

hxxp://myccroom.ru

hxxp://cvv1.me

hxxp://sounic.cc

hxxp://codesellz.com

hxxp://dcshop.su

hxxp://free-cc-dumps.ru

hxxp://brocard2.com

hxxp://zhilem.com

hxxp://pawnsh0p.com

hxxp://kairui999.com

hxxp://privateshop1.com

hxxp://privatecvv.com

hxxp://just-valid.com

hxxp://selldumpsshop.com

hxxp://allmybins.com

hxxp://anyccard.com

hxxp://zunostores.com

hxxp://novlops.com

hxxp://good-cvv.com

hxxp://jshop-pro.com

hxxp://storecardercvv.ru

hxxp://fe-dumps.ru

hxxp://banalitybiz.com

hxxp://privateshop2.com

hxxp://moneyteam24.ru

hxxp://buyvalidcvv.ru

hxxp://bases-valid.com

hxxp://freshcvv.com

hxxp://greatdump.com

hxxp://www.2bcd.su

hxxp://shop-buying-cvv-online.com

hxxp://cvvshopvalid.info

hxxp://realcvvshop.ru

hxxp://wucshop.com

Stay tuned!

Dancho Danchev

Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com

Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

Saturday, October 29, 2022

Exposing a Compilation of Stolen Credit Cards Selling Domains - An Analysis

No comments:

Post a Comment