Thursday, May 1, 2025
HomeBotnetNew Research Uncovered Dark Internet Service Providers Used For Hacking

New Research Uncovered Dark Internet Service Providers Used For Hacking

Published on

SIEM as a Service

Follow Us on Google News

Bulletproof hosting services, a type of dark internet service provider, offer infrastructure to cybercriminals, facilitating malicious activities like malware distribution, hacking attacks, fraudulent websites, and spam. 

These services evade legal scrutiny, posing a significant challenge to global cybersecurity. Understanding and identifying bulletproof hosting networks is crucial for cybersecurity researchers, law enforcement agencies, and enterprises. 

By recognizing these services, researchers can uncover potential sources of malicious activities, law enforcement can target the root of cybercrime, and enterprises can develop more robust security strategies to protect against emerging threats.

- Advertisement - Google News
The tweet of cybersecurity researcher “Fox_threatintel”

Cybersecurity researcher “Fox_threatintel” identified three IP addresses (185.215.113.25, 185.215.113.9, and 185.215.113.67) associated with Redline C2 infrastructure.

2024 MITRE ATT&CK Evaluation Results for SMEs & MSPs -> Download Free Guide

These IP addresses, hosted by ELITETEAM, a bulletproof hosting service provider, operate within a network segment known for its lax regulation and association with malicious activities. 

Bulletproof hosting services, often located in countries with weak legal enforcement, enable cybercriminals to evade detection and perpetrate various illegal activities, including malware distribution, phishing, and ransomware attacks.

WHOIS Information Diagram of AS51381

Cybercriminals are able to carry out their malicious activities without fear of repercussions when they use bulletproof hosting services like ELITETEAM. 

The services offer highly concealed and anti-censorship hosting, enabling cybercriminals to evade law enforcement and carry out large-scale phishing attacks, web application attacks, ransomware propagation, and botnet support. 

By hosting malicious infrastructure, these services contribute to the spread of cybercrime, disrupting businesses, compromising sensitive data, and undermining global cybersecurity efforts.

2021 Phishing Market Rankings

An investigation into network segment 185.215.113.0/24, suspected to be bulletproof hosting, revealed several indicators. All 256 IPs were flagged malicious by VirusTotal and ThreatFox identified malware families like Amadey and RedLine. 

ZoomEye identified common open ports for remote access, web services, email, and potential command-and-control, while analysis of SSL certificates and JARM values pointed to a high degree of customization within the network segment. 

Afterwards, the investigation was broadened to include IP addresses that were connected to one another based on shared SSL certificate fingerprints and distinctive HTTP content. 

 ZoomEye Search Schematic Diagram

This expansion identified potentially associated IPs in different ASNs and suggested 185.208.158.0/24 as another bulletproof hosting network due to shared AS location, route relationships, SSL certificate overlap, and a high percentage of malicious IPs identified by VirusTotal.

A cybersecurity researcher identified three Redline C2 IP addresses within a bulletproof hosting network and revealed that this network, along with the associated network segment 185.208.158.0/24, is likely controlled by a single hacker group. 

The shared SSL certificate fingerprints, the overlapping timelines of malicious activity, and the geographical proximity all contribute to its support. 

The bulletproof hosting provider, ELITETEAM, based in the Seychelles, is known for facilitating cybercrime operations, making this network a hub for malicious activities.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free

Aman Mishra
Aman Mishra
Aman Mishra is a Security and privacy Reporter covering various data breach, cyber crime, malware, & vulnerability.

Latest articles

Netgear EX6200 Flaw Enables Remote Access and Data Theft

Security researchers have disclosed three critical vulnerabilities in the Netgear EX6200 Wi-Fi range extender...

Tesla Model 3 VCSEC Vulnerability Lets Hackers Run Arbitrary Code

A high security flaw in Tesla’s Model 3 vehicles, disclosed at the 2025 Pwn2Own...

Quantum Computing and Cybersecurity – What CISOs Need to Know Now

As quantum computing transitions from theoretical research to practical application, Chief Information Security Officers...

Apache ActiveMQ Vulnerability Lets Remote Hackers Execute Arbitrary Code

A high vulnerability in Apache ActiveMQ’s .NET Message Service (NMS) library has been uncovered,...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Cybercriminals Selling Sophisticated HiddenMiner Malware on Dark Web Forums

Cybercriminals have begun openly marketing a powerful new variant of the HiddenMiner malware on...

New Rust-Based Botnet Hijacks Routers to Inject Remote Commands

A new malware named "RustoBot" has been discovered exploiting vulnerabilities in various router models...

FBI Alerts Public to Scammers Posing as IC3 Officials in Fraud Scheme

The Federal Bureau of Investigation (FBI) has issued a warning regarding an emerging scam...