Bulletproof hosting (BPH) is a collection of service offerings catering to internet-based criminal activity. These businesses often operate in a grey area, attempting to appear legitimate while shielding the illegal activity they host from disruption amid abuse complaints and takedown requests. Providers often foster relationships with authorities in countries prone to corruption or otherwise unconcerned with certain types of illicit activity.
TrendMicro summarized BPH in a great graph covering three different types of BPH providers: those using stolen/compromised assets, those with a short-term lease, and providers leveraging their own data center/co-location.
In this first post in a new series of articles, we'll focus on bulletproof hosting providers with more established infrastructure, including Media Land LLC, one of the most infamous providers in the threat landscape. Our analysis of this infrastructure surfaced thousands of domains linked to threat campaigns of all kinds, showing the ubiquity, and utility, of bulletproof hosting providers.