Yet Another Currently Active E-Shop for Stolen Credit Cards Information Spotted in the Wild - An Analysis

I've just stumbled upon yet another currently active E-Shop for stolen and compromised credit cards information and I've decided to share additional actionable intelligence on its online infrastructure including to discuss the possible fraudulent and malicious schemes that could originate based on the existence of such E-Shops for stolen and compromised credit cards information.

Sample domains known to have been involved in the campaign:

https://rescator.cn

https://rescator.sh

\

Sample Dark Web Onion known to have been involved in the campaign:

http://rescatorfof3pwgux4olwxxcd22yjtuj72kmdltyr6tsr6jfohpnhead.onion

Sample screenshots from the rogue and fraudulent E-Shop for stolen credit cards information:

The E-Shop for stolen credit cards information is courtesy of one of the infamous cybercrime-friendly forum communities known as - hxxps://lampeduza.cm.

Continue reading →

Profiling Yet Another Currently Active E-Shop for Stolen and Compromised Credit Cards Information - An Analysis

I've recently stumbled upon yet another currently active online E-Shop for stolen and compromised credit cards information and I've decided to provide some actionable intelligence on its online infrastructure including to discuss the possible revenue schemes that could originate from the existence of such E-Shops for stolen credit cards information. 

Sample domain known to have been involved in the campaign:

hxxps://ugmarket.cc

Sample screenshots of the rogue and fraudulent E-Shop for stolen credit cards information:

The possibilities for related fraudulent and malicious online activity that could originate from the existence of such E-Shops for stolen and compromised credit cards information are limitless in the context of having the bad guys steal actual financial amounts directly from the victims or using them in related purchases that also includes the use of money mules to cash out the amounts.

Continue reading →

Profiling a Newly Launched E-Shop for Stolen Credit Cards Data - An Analysis

I've just stumbled upon a newly launched and currently active E-Shop for stolen credit cards information and I've decided to take a deeper look potentially exposing it and offering actionable intelligence on its online infrastructure part of the "Exposing the Market for Stolen Credit Cards Data" blog post series.

Sample domains involved in the campaign include:

hxxp://majorcc.shop/

hxxp://majorcc.store/

hxxp://majorcc.ru

Sample Dark Web Onion known to have been involved in the campaign:

http://xktoxobz3jv6epntuj5ws7nc6zuihfroxziprd5np5xkbby4nzmmmiyd.onion

Sample screenshots of the rogue and fraudulent E-Shop for stolen credit cards information:

\

Based on the actual underground forum market proposition the newly launched vendor appears to have been persistently and systematically supplying newly obtained and stolen credit cards information which in reality means that a lot of people including financial institutions are really affected by this boutique stolen credit cards information E-Shop operation.

Continue reading →

Profiling a Newly Launched Vendor of Fake Personal IDs and Fake Passports - An Analysis

I've just came across to yet another underground market cybercrime proposition this time offering access to rogue and stolen credit cards and fake documents which also includes passports and personal IDs courtesy of a newly emerged online vendor of stolen and compromised personal details information data.

Sample screenshots of the rogue underground market proposition for rogue fake and stolen personal IDs and fake passports:

The primary purpose for coming up with such a service would be to empower novice and experienced cybercriminals with the necessary information to further commit related and relevant cybercrime-friendly activities which also includes the ability to fake or spoof a new identity which could lead to related fraudulent and rogue cybercrime-friendly online schemes.

Continue reading →

Sample Rogue and Stolen Gift Cards Offered for Sale on the Underground Marketplace - An Analysis

I've recently stumbled upon a currently active underground forum market proposition for stolen and fraudulently obtained online E-Shop gift cards and I've decided to share some of the key factor propositions based on the original proposition which I'll profile in this post.

Sample screenshots based on the original underground forum market proposition:

 

The vendor in question is offering a pretty decent inventory of various gift cards from major U.S based E-Shops and online retailers where users can buy them and facilitate additional fraud and fraudulent schemes and mechanisms.

Continue reading →

Happy Birthday!

Happy birthday!

God bless and let's don't forget about the rest!

Stay tuned!

Continue reading →

U.K's National Cyber Security Centre Releases Its Annual Report - An Analysis

U.K's National Cyber Security Centre has just released its 2021 annual report which includes some pretty interesting findings from what appears to be a pretty modern and relevant fraud report infrastructure in the U.K where users can report cyber fraud incidents including actual cybercrime incidents and basically get the necessary assistance where the actual Center is responsible for taking offline the majority of fraudulent campaigns and actually offering the necessary assistance to victims from within the U.K.

Some of the key findings include:

"Our pioneering Active Cyber Defence programme has taken down 2.3 million cyber-enabled commodity campaigns – including 442 phishing campaigns using NHS branding and 80 illegitimate NHS apps hosted and available to download outside of official app stores."

"Our Suspicious Email Reporting Service has received 5.4 million reports from the public of potentially malicious material – leading to the removal of more than 50,500 scams and more than 90,100 malicious URLs."

Recommended reading:

Cyber Threats Facing U.K's Internet-Connected Infrastructure - An OSINT Analysis

Continue reading →

Exposing Aleksandr Zhukov from the Media Methane Rogue Fraudulent and Malicious Advertising Enterprise - An OSINT Analysis

Following the recent revelations and actual U.S DoJ bust and lawsuit against Aleksandr Zhukov from Media Methane responsible for the MethBrowser ad-fraud scheme I've decided to take a little bit deeper look inside its online infrastructure and actually elaborate more on the fraudulent practices applied by the group including to offer practical and relevant actionable intelligence in terms of exposing the group's online infrastructure.

In this post I'll discuss the group's online infrastructure and elaborate more on some of the key individuals behind the gang with the idea to empower the security community and U.S Law Enforcement with the necessary data and information to track down and prosecute the cybercriminals behind these campaigns.

Rogue Company Name: Media Methane

Rogue Company Product: MethBrowser

Rogue online infrastructure provider:

host1plus / DIGITAL ENERGY TECHNOLOGIES

inetnum: 179.61.128/17

inetnum: 181.41.192/19

inetnum: 181.214/15

inetnum: 191.96/16

inetnum: 191.101/16

Speed Home Internet LTD

US online LTD

Dallas online LTD

Home Internet Orang LTD

ATOL Intertnet

CH wireless

SecureShield LLC

HomeChicago Int

AmOL wireless Net

Verison Home Provider LTD

Rogue netblocks known to have been involved in the campaign:

45.33.224.0/20

45.43.128.0/21

45.43.136.0/22

45.43.140.0/23

45.43.144.0/20

45.43.160.0/19

64.137.0.0/20

64.137.16.0/21

64.137.24.0/22

64.137.30.0/23

64.137.32.0/20

64.137.48.0/21

64.137.60.0/22

64.137.64.0/18

104.143.224.0/19

104.222.160.0/19

104.233.0.0/18

104.238.0.0/19

104.239.0.0/19

104.239.32.0/20

104.239.48.0/21

104.239.56.0/23

104.239.60.0/22

104.239.64.0/18

104.243.192.0/20

104.248.0.0/16

104.249.0.0/18

104.250.192.0/19

160.184.0.0/16

161.8.128.0/17

165.52.0.0/14

168.211.0.0/16

179.61.129.0/24

179.61.137.0/24

179.61.196.0/24

179.61.202.0/24

179.61.208.0/24

179.61.216.0/24

179.61.218.0/23

179.61.229.0/24

179.61.230.0/23

179.61.233.0/24

179.61.234.0/23

179.61.237.0/24

179.61.239.0/24

179.61.242.0/24

181.41.199.0/24

181.41.200.0/24

181.41.202.0/24

181.41.204.0/24

181.41.206.0/23

181.41.208.0/24

181.41.213.0/24

181.41.215.0/24

181.41.216.0/24

181.41.218.0/24

181.214.5.0/24

181.214.7.0/24

181.214.9.0/24

181.214.11.0/24

181.214.13.0/24

181.214.15.0/24

181.214.17.0/24

181.214.19.0/24

181.214.21.0/24

181.214.23.0/24

181.214.25.0/24

181.214.27.0/24

181.214.29.0/24

181.214.31.0/24

181.214.39.0/24

181.214.41.0/24

181.214.43.0/24

181.214.45.0/24

181.214.47.0/24

181.214.49.0/24

181.214.57.0/24

181.214.71.0/24

181.214.72.0/21

181.214.80.0/21

181.214.88.0/23

181.214.94.0/23

181.214.96.0/19

181.214.160.0/21

181.214.168.0/22

181.214.172.0/23

181.214.175.0/24

181.214.176.0/20

181.214.192.0/21

181.214.200.0/22

181.214.214.0/23

181.214.216.0/21

181.214.224.0/20

181.214.240.0/22

181.215.5.0/24

181.215.7.0/24

181.215.9.0/24

181.215.11.0/24

181.215.13.0/24

181.215.15.0/24

181.215.17.0/24

181.215.19.0/24

181.215.21.0/24

181.215.23.0/24

181.215.25.0/24

181.215.27.0/24

181.215.29.0/24

181.215.31.0/24

181.215.33.0/24

181.215.35.0/24

181.215.37.0/24

181.215.39.0/24

181.215.41.0/24

181.215.43.0/24

181.215.45.0/24

181.215.47.0/24

181.215.50.0/23

181.215.52.0/22

181.215.56.0/21

181.215.64.0/20

181.215.80.0/21

188.42.0.0/21

191.96.0.0/24

191.96.16.0/24

191.96.18.0/24

191.96.21.0/24

191.96.23.0/24

191.96.29.0/24

191.96.30.0/24

191.96.39.0/24

191.96.40.0/23

191.96.43.0/24

191.96.44.0/22

191.96.50.0/23

191.96.52.0/22

191.96.56.0/22

191.96.60.0/23

191.96.62.0/24

191.96.69.0/24

191.96.70.0/23

191.96.72.0/23

191.96.74.0/24

191.96.76.0/22

191.96.80.0/21

191.96.88.0/22

191.96.92.0/24

191.96.94.0/24

191.96.96.0/23

191.96.108.0/23

191.96.110.0/24

191.96.113.0/24

191.96.114.0/24

191.96.116.0/23

191.96.119.0/24

191.96.120.0/23

191.96.122.0/24

191.96.124.0/22

191.96.133.0/24

191.96.134.0/24

191.96.138.0/24

191.96.140.0/24

191.96.145.0/24

191.96.148.0/24

191.96.150.0/24

191.96.152.0/21

191.96.160.0/22

191.96.164.0/24

191.96.168.0/24

191.96.170.0/24

191.96.172.0/24

191.96.174.0/24

191.96.177.0/24

191.96.178.0/23

191.96.182.0/24

191.96.185.0/24

191.96.186.0/23

191.96.189.0/24

191.96.190.0/24

191.96.193.0/24

191.96.194.0/24

191.96.196.0/22

191.96.200.0/23

191.96.203.0/24

191.96.210.0/24

191.96.212.0/23

191.96.214.0/24

191.96.221.0/24

191.96.222.0/23

191.96.226.0/23

191.96.232.0/24

191.96.234.0/23

191.96.236.0/23

191.96.239.0/24

191.96.244.0/24

191.96.246.0/24

191.101.25.0/24

191.101.36.0/22

191.101.40.0/21

191.101.128.0/22

191.101.132.0/23

191.101.134.0/24

191.101.146.0/23

191.101.148.0/23

191.101.176.0/23

191.101.182.0/24

191.101.184.0/22

191.101.188.0/23

191.101.192.0/22

191.101.196.0/23

191.101.204.0/22

191.101.216.0/22

191.101.220.0/24

191.101.222.0/23

196.62.0.0/16

204.52.96.0/20

204.52.112.0/22

204.52.116.0/23

204.52.120.0/23

204.52.122.0/24

204.52.124.0/22

206.124.104.0/21

209.192.128.0/19

216.173.64.0/18

Rogue domains known to have been involved in the campaign:

adzos.com

clickandia.com

webvideocore.com

clickservers.net

clickmediallc.net

mobapptrack.com

rtbclick.net

xmlsearchresult.com

Sample personal email address accounts known to have been involved in the campaign:

adw0rd.yandex.ru@gmail.com

clickandia@yahoo.com

Rogue Facebook profiles belonging to company employees include:

https://www.facebook.com/oleksandr.beletskyi

https://www.facebook.com/rowan.villaluz

Stay tuned!

Continue reading →