Profiling Yet Another Currently Active E-Shop for Stolen and Compromised Credit Cards Information - An Analysis

I've recently stumbled upon yet another currently active online E-Shop for stolen and compromised credit cards information and I've decided to provide some actionable intelligence on its online infrastructure including to discuss the possible revenue schemes that could originate from the existence of such E-Shops for stolen credit cards information. 

Sample domain known to have been involved in the campaign:

hxxps://ugmarket.cc

Sample screenshots of the rogue and fraudulent E-Shop for stolen credit cards information:

The possibilities for related fraudulent and malicious online activity that could originate from the existence of such E-Shops for stolen and compromised credit cards information are limitless in the context of having the bad guys steal actual financial amounts directly from the victims or using them in related purchases that also includes the use of money mules to cash out the amounts.

Continue reading →

Profiling a Newly Launched E-Shop for Stolen Credit Cards Data - An Analysis

I've just stumbled upon a newly launched and currently active E-Shop for stolen credit cards information and I've decided to take a deeper look potentially exposing it and offering actionable intelligence on its online infrastructure part of the "Exposing the Market for Stolen Credit Cards Data" blog post series.

Sample domains involved in the campaign include:

hxxp://majorcc.shop/

hxxp://majorcc.store/

hxxp://majorcc.ru

Sample Dark Web Onion known to have been involved in the campaign:

http://xktoxobz3jv6epntuj5ws7nc6zuihfroxziprd5np5xkbby4nzmmmiyd.onion

Sample screenshots of the rogue and fraudulent E-Shop for stolen credit cards information:

\

Based on the actual underground forum market proposition the newly launched vendor appears to have been persistently and systematically supplying newly obtained and stolen credit cards information which in reality means that a lot of people including financial institutions are really affected by this boutique stolen credit cards information E-Shop operation.

Continue reading →

Profiling a Newly Launched Vendor of Fake Personal IDs and Fake Passports - An Analysis

I've just came across to yet another underground market cybercrime proposition this time offering access to rogue and stolen credit cards and fake documents which also includes passports and personal IDs courtesy of a newly emerged online vendor of stolen and compromised personal details information data.

Sample screenshots of the rogue underground market proposition for rogue fake and stolen personal IDs and fake passports:

The primary purpose for coming up with such a service would be to empower novice and experienced cybercriminals with the necessary information to further commit related and relevant cybercrime-friendly activities which also includes the ability to fake or spoof a new identity which could lead to related fraudulent and rogue cybercrime-friendly online schemes.

Continue reading →

Sample Rogue and Stolen Gift Cards Offered for Sale on the Underground Marketplace - An Analysis

I've recently stumbled upon a currently active underground forum market proposition for stolen and fraudulently obtained online E-Shop gift cards and I've decided to share some of the key factor propositions based on the original proposition which I'll profile in this post.

Sample screenshots based on the original underground forum market proposition:

 

The vendor in question is offering a pretty decent inventory of various gift cards from major U.S based E-Shops and online retailers where users can buy them and facilitate additional fraud and fraudulent schemes and mechanisms.

Continue reading →

Happy Birthday!

Happy birthday!

God bless and let's don't forget about the rest!

Stay tuned!

Continue reading →

U.K's National Cyber Security Centre Releases Its Annual Report - An Analysis

U.K's National Cyber Security Centre has just released its 2021 annual report which includes some pretty interesting findings from what appears to be a pretty modern and relevant fraud report infrastructure in the U.K where users can report cyber fraud incidents including actual cybercrime incidents and basically get the necessary assistance where the actual Center is responsible for taking offline the majority of fraudulent campaigns and actually offering the necessary assistance to victims from within the U.K.

Some of the key findings include:

"Our pioneering Active Cyber Defence programme has taken down 2.3 million cyber-enabled commodity campaigns – including 442 phishing campaigns using NHS branding and 80 illegitimate NHS apps hosted and available to download outside of official app stores."

"Our Suspicious Email Reporting Service has received 5.4 million reports from the public of potentially malicious material – leading to the removal of more than 50,500 scams and more than 90,100 malicious URLs."

Recommended reading:

Cyber Threats Facing U.K's Internet-Connected Infrastructure - An OSINT Analysis

Continue reading →

Exposing Aleksandr Zhukov from the Media Methane Rogue Fraudulent and Malicious Advertising Enterprise - An OSINT Analysis

Following the recent revelations and actual U.S DoJ bust and lawsuit against Aleksandr Zhukov from Media Methane responsible for the MethBrowser ad-fraud scheme I've decided to take a little bit deeper look inside its online infrastructure and actually elaborate more on the fraudulent practices applied by the group including to offer practical and relevant actionable intelligence in terms of exposing the group's online infrastructure.

In this post I'll discuss the group's online infrastructure and elaborate more on some of the key individuals behind the gang with the idea to empower the security community and U.S Law Enforcement with the necessary data and information to track down and prosecute the cybercriminals behind these campaigns.

Rogue Company Name: Media Methane

Rogue Company Product: MethBrowser

Rogue online infrastructure provider:

host1plus / DIGITAL ENERGY TECHNOLOGIES

inetnum: 179.61.128/17

inetnum: 181.41.192/19

inetnum: 181.214/15

inetnum: 191.96/16

inetnum: 191.101/16

Speed Home Internet LTD

US online LTD

Dallas online LTD

Home Internet Orang LTD

ATOL Intertnet

CH wireless

SecureShield LLC

HomeChicago Int

AmOL wireless Net

Verison Home Provider LTD

Rogue netblocks known to have been involved in the campaign:

45.33.224.0/20

45.43.128.0/21

45.43.136.0/22

45.43.140.0/23

45.43.144.0/20

45.43.160.0/19

64.137.0.0/20

64.137.16.0/21

64.137.24.0/22

64.137.30.0/23

64.137.32.0/20

64.137.48.0/21

64.137.60.0/22

64.137.64.0/18

104.143.224.0/19

104.222.160.0/19

104.233.0.0/18

104.238.0.0/19

104.239.0.0/19

104.239.32.0/20

104.239.48.0/21

104.239.56.0/23

104.239.60.0/22

104.239.64.0/18

104.243.192.0/20

104.248.0.0/16

104.249.0.0/18

104.250.192.0/19

160.184.0.0/16

161.8.128.0/17

165.52.0.0/14

168.211.0.0/16

179.61.129.0/24

179.61.137.0/24

179.61.196.0/24

179.61.202.0/24

179.61.208.0/24

179.61.216.0/24

179.61.218.0/23

179.61.229.0/24

179.61.230.0/23

179.61.233.0/24

179.61.234.0/23

179.61.237.0/24

179.61.239.0/24

179.61.242.0/24

181.41.199.0/24

181.41.200.0/24

181.41.202.0/24

181.41.204.0/24

181.41.206.0/23

181.41.208.0/24

181.41.213.0/24

181.41.215.0/24

181.41.216.0/24

181.41.218.0/24

181.214.5.0/24

181.214.7.0/24

181.214.9.0/24

181.214.11.0/24

181.214.13.0/24

181.214.15.0/24

181.214.17.0/24

181.214.19.0/24

181.214.21.0/24

181.214.23.0/24

181.214.25.0/24

181.214.27.0/24

181.214.29.0/24

181.214.31.0/24

181.214.39.0/24

181.214.41.0/24

181.214.43.0/24

181.214.45.0/24

181.214.47.0/24

181.214.49.0/24

181.214.57.0/24

181.214.71.0/24

181.214.72.0/21

181.214.80.0/21

181.214.88.0/23

181.214.94.0/23

181.214.96.0/19

181.214.160.0/21

181.214.168.0/22

181.214.172.0/23

181.214.175.0/24

181.214.176.0/20

181.214.192.0/21

181.214.200.0/22

181.214.214.0/23

181.214.216.0/21

181.214.224.0/20

181.214.240.0/22

181.215.5.0/24

181.215.7.0/24

181.215.9.0/24

181.215.11.0/24

181.215.13.0/24

181.215.15.0/24

181.215.17.0/24

181.215.19.0/24

181.215.21.0/24

181.215.23.0/24

181.215.25.0/24

181.215.27.0/24

181.215.29.0/24

181.215.31.0/24

181.215.33.0/24

181.215.35.0/24

181.215.37.0/24

181.215.39.0/24

181.215.41.0/24

181.215.43.0/24

181.215.45.0/24

181.215.47.0/24

181.215.50.0/23

181.215.52.0/22

181.215.56.0/21

181.215.64.0/20

181.215.80.0/21

188.42.0.0/21

191.96.0.0/24

191.96.16.0/24

191.96.18.0/24

191.96.21.0/24

191.96.23.0/24

191.96.29.0/24

191.96.30.0/24

191.96.39.0/24

191.96.40.0/23

191.96.43.0/24

191.96.44.0/22

191.96.50.0/23

191.96.52.0/22

191.96.56.0/22

191.96.60.0/23

191.96.62.0/24

191.96.69.0/24

191.96.70.0/23

191.96.72.0/23

191.96.74.0/24

191.96.76.0/22

191.96.80.0/21

191.96.88.0/22

191.96.92.0/24

191.96.94.0/24

191.96.96.0/23

191.96.108.0/23

191.96.110.0/24

191.96.113.0/24

191.96.114.0/24

191.96.116.0/23

191.96.119.0/24

191.96.120.0/23

191.96.122.0/24

191.96.124.0/22

191.96.133.0/24

191.96.134.0/24

191.96.138.0/24

191.96.140.0/24

191.96.145.0/24

191.96.148.0/24

191.96.150.0/24

191.96.152.0/21

191.96.160.0/22

191.96.164.0/24

191.96.168.0/24

191.96.170.0/24

191.96.172.0/24

191.96.174.0/24

191.96.177.0/24

191.96.178.0/23

191.96.182.0/24

191.96.185.0/24

191.96.186.0/23

191.96.189.0/24

191.96.190.0/24

191.96.193.0/24

191.96.194.0/24

191.96.196.0/22

191.96.200.0/23

191.96.203.0/24

191.96.210.0/24

191.96.212.0/23

191.96.214.0/24

191.96.221.0/24

191.96.222.0/23

191.96.226.0/23

191.96.232.0/24

191.96.234.0/23

191.96.236.0/23

191.96.239.0/24

191.96.244.0/24

191.96.246.0/24

191.101.25.0/24

191.101.36.0/22

191.101.40.0/21

191.101.128.0/22

191.101.132.0/23

191.101.134.0/24

191.101.146.0/23

191.101.148.0/23

191.101.176.0/23

191.101.182.0/24

191.101.184.0/22

191.101.188.0/23

191.101.192.0/22

191.101.196.0/23

191.101.204.0/22

191.101.216.0/22

191.101.220.0/24

191.101.222.0/23

196.62.0.0/16

204.52.96.0/20

204.52.112.0/22

204.52.116.0/23

204.52.120.0/23

204.52.122.0/24

204.52.124.0/22

206.124.104.0/21

209.192.128.0/19

216.173.64.0/18

Rogue domains known to have been involved in the campaign:

adzos.com

clickandia.com

webvideocore.com

clickservers.net

clickmediallc.net

mobapptrack.com

rtbclick.net

xmlsearchresult.com

Sample personal email address accounts known to have been involved in the campaign:

adw0rd.yandex.ru@gmail.com

clickandia@yahoo.com

Rogue Facebook profiles belonging to company employees include:

https://www.facebook.com/oleksandr.beletskyi

https://www.facebook.com/rowan.villaluz

Stay tuned!

Continue reading →

Microsoft Releases Its MSRC Researcher Recognition Program Award Winners - An Analysis

Microsoft has recently released its MSRC Researcher Recognition Program Award Winners that basically covers several key areas of vulnerability research categories that are basically targeting a variety of Microsoft-based online platforms products and services where the researchers directly contribute with their knowledge and know-how for the purpose of sharing actionable intelligence and actual PoC (Proof of  Concept) code that's basically capable of exploiting various vulnerabilities in various Microsoft products and services and actually earn a reward.

 

These internal bug-bounty and actual public and private sector including crowd-sourced vulnerability and research based programs actually help Microsoft on its way to secure its products and services while the company publicly offers researcher and contributor recognition which can greatly contribute to a researcher's portfolio of research services and actually help the company secure its products and services.

 

The company is prone to make an additional impact by publicly promoting the MSRC Researcher Recognition Program Award Winners including its active collaboration with TrendMicro's Zero Day Initiative.

 

The more the marrier.

 

Continue reading →

A Profile of a Bulgarian Kidnapper – Pavlin Georgiev (Павлин Георгиев/Васил Моев Гачевски/Явор Колев) – An Elaboration on Dancho Danchev’s Disappearance circa 2010 – An Analysis

Dear blog readers,

I've decided to let everyone know that following a successful kidnapping attempt and home molestation attempt which was successful using doctors and local police officers from the Bulgaria city of Troyan using corruption where I've lost approximately $85,000 due to home molestation and illegal doctor interference I'm about to submit an official complaint to Bulgaria's Ministry of Interior citing possible police officer crime and home molestation and illegal kidnapping attempt which was illegal and was using my stolen ID from my place where I was dragged out of my place with force by three local police officers from the Bulgaria town of Troyan following a visit and a knock on my door by two unknown people the previous day where one on them showed me a copy of his ID and the other was waiting for him in my a place.

 

Sample personally identifiable information regarding these individuals including primary contact points in case someone is concerned about my whereabouts include:

hxxp://troyan-police.com
hxxp://mbal-troyan.com
hxxp://central-hotel.com/en
hxxp://universalstroi.com

 

Personal names of Local Law Enforcement Officers from the town of Troyan, Bulgaria responsible for my illegal arrest home molestation stolen ID and holding me hostage including the loss of $85,000 five years later due to home molestation include:

 

Марин Моев Маринов
Павлин Стоянов Георгиев
Красимир Михов Колев
Тихомир Найденов Славков
Стефан Иванов Милев
Анатоли Пламенов Трифонов
Станимир Цочев Инковски
Иван Недялков Иванов
Мирослав Стойков Михайлов
Васил Моев Гачевски
Божидар Банков Петров
Веско Цветанов Минков
Момчил Стефанов Цочев
Минко Стоянов Минков
Георги Митков Илиев

Sample personally identifiable information regarding these individuals including primary contact points in case someone is concerned about my whereabouts include:

 

https://www.facebook.com/nesho.sheygunov
hxxp://www.facebook.com/hristo.radionov
hxxp://www.facebook.com/ivodivo
hxxp://www.facebook.com/dobrin.danchev
hxxp://www.sibir.bg/parachut
http://otkrovenia.com/bg/profile/innadancheva

 

Primary contact points in case someone is concerned about my well being and whereabouts include:

Troyan Police - Email: police_troyan@abv.bg
Troyan Hospital - Email: mbal_troyan@abv.bg
Lovech Psychiatry Clinic - Email: dpblovech@abv.bg
Troyan Municipality - Email: mail@troyan.bg

Primary contact points in case someone is concerned about my well being and whereabouts include:

Email: dans@dans.bg
Telefon za korupciq na slujiteli na MVR - 02 / 982 22 22
GDBOP - Signal za korupciq i izpirane na pari - gdbop@mvr.bg
Nachalnik RPU Troyan - rutr.lo@mvr.bg
Troyan Police - Email: police_troyan@abv.bg
Troyan Hospital - Email: mbal_troyan@abv.bg
Lovech Psychiatry Clinic - Email: dpblovech@abv.bg
Troyan Municipality - Email: mail@troyan.bg

Personal names of Local Law Enforcement Officers from the town of Troyan, Bulgaria responsible for my illegal arrest home molestation stolen ID and holding me hostage including the loss of $85,000 five years later due to home molestation include:

Радостина Петкова
Милен Мешевоян
Петър Банчев
Стела Севданскан
Полина Стойкова
Гадьо Миревски
Галя Иванова
Валентин Петков
Иво Божинов
Петко Колев
Александър Костов

Венцислав Дочев
Димитър Банчев
Деян Димитров
Милен Бочев
Веско Минков
Васил Гачевски
Милко Стайков

Момчил Цочев
Иван Бочев
Симеон Чавдаров

Илиян Миревски
Павлин Георгиев
Станимир Пенков
Петко Петров
Владислав Краев

Петранка Марковска

 Stay tuned!

Continue reading →