Detecting Carder-Friendly Forums through IoC Expansion | WhoisXML API

Threat Reports

Detecting Carder-Friendly Forums through IoC Expansion

Unfortunately for credit card holders, some people aren’t averse to using cards they don’t own to get their hearts' desires. And today’s cybercriminals are only too happy to help them out via now-widespread carding forums and communities.

Fortunately for law enforcers and cybersecurity pros, diving deeper into initial lists of indicators of compromise (IoCs) can lead to the discovery of as many potential threat vectors as possible. Our own IoC expansion analysis, for instance, revealed:

  • 45 unredacted registrant email addresses from the IoCs’ historical WHOIS records
  • 14,254 domains that shared the IoCs’ registrant email addresses, 12 of which turned out to be malicious
  • 60 IP addresses that played host to the IoCs
  • 154 domains that shared the IoCs’ IP hosts, one of which was deemed malicious
  • 1,073 domains that shared commons strings found among the IoCs, 12 of which were tagged malicious

Download a sample of the threat research materials now or contact us to access the complete set of research materials.

Try our WhoisXML API for free
Get started