U-Markt Peering into the German Cybercriminal Underground
Forward-Looking Threat Research (FTR) Team
A TrendLabsSM Research Paper TREND MICRO LEGAL DISCLAIMER The information provided herein is for general information and educational purposes only. It is not intended and Contents should not be construed to constitute legal advice. The information contained herein may not be applicable to all situations and may not reflect the most current situation. Nothing contained herein should be relied on or acted upon without the benefit of legal advice based on the 4 particular facts and circumstances presented and nothing herein should be construed otherwise. Trend Micro Market landscape reserves the right to modify the contents of this document at any time without prior notice.
Translations of any material into other languages are intended solely as a convenience. Translation accuracy is not guaranteed nor implied. If any questions arise related to the accuracy of a translation, please refer to the original language official version of the document. Any discrepancies or differences created in the translation are not binding and have no legal effect for compliance or enforcement purposes. 13 Although Trend Micro uses reasonable efforts to include accurate and up-to-date information herein, Trend Micro German underground makes no warranties or representations of any kind as to its accuracy, currency, or completeness. You agree market offerings that access to and use of and reliance on this document and the content thereof is at your own risk. Trend Micro disclaims all warranties of any kind, express or implied. Neither Trend Micro nor any party involved in creating, producing, or delivering this document shall be liable for any consequence, loss, or damage, including direct, indirect, special, consequential, loss of business profits, or special damages, whatsoever arising out of access to, use of, or inability to use, or in connection with the use of 20 this document, or any errors or omissions in the content thereof. Use of this information constitutes acceptance for Only in Germany use in an “as is” condition.
36 German and Russian underground overlaps The German cybercriminal underground is well-developed and -managed by cybercriminals even though it remains a small community in number compared with the Russian1 and Brazilian2 underground markets. It may also be the most developed underground within the European Union (EU) despite the existence of a French underground market. The Spanish underground, however, merged with the Latin American market.
In the German underground, we find a mixed bag of cybercriminal products and services that include crimeware, credentials, fake items, and drugs. Interestingly, it has a similar structure to the Deep Web3; it seems to offer as much as possible to stay up. This could be due to some limitations like language barrier and the market’s overall size.
The German underground is indeed a newcomer that offers everything cybercriminals need to start in the cybercrime business. It specifically caters to a regional market, as its offerings (Packstation services; hacked accounts for dropping; German, Austrian, and Swiss credit card and financial account credentials; and malware developed by German coders) would most appeal to German speakers.
This paper focuses on three main areas—the major forums and marketplaces in the German underground, the unique wares only seen in these forums, and how the German compares with the Russian market. It features the product and service offerings in the market so you can better understand its dynamics. We also chose to feature a specific marketplace to clearly show what wares are sold, how much it sells, and how it operates.
Special attention was also paid to wares unique to German forums. These include Packstation services as new dropping means and locally produced crimeware (tools programmed and sold). We also compared the German with the Russian underground, mostly because the latter is the most significant and relevant environment to the former. We looked at connections that German underground players have forged with their Russian counterparts, along with the unsurprising ways they seem to have been collaborating. SECTION 1
Market landscape Market landscape
Market structure
Underground environment The German underground’s infrastructure does not really differ from that of other markets and even typical German forums. We determined German underground forums not only by the language participants used but also based on their targets’ geographical location. Germany as a country is less isolated from the
global business infrastructure than Russia or China4. As such, it is more difficult to identify whether a cyber activity associated with it belongs to the German underground or is more global in nature.
The actual number of German forums and marketplaces is small but the forum user volume is relatively significant and gives a clear idea on ongoing cybercriminal activities. Note that forum user volume is easier to track than actual marketplace activities. We saw 10 major forums and at least two marketplaces that do not only specialize in selling crimeware but also drugs, fakes, and other illegal wares. We found almost 70,000 users registered in German underground forums. At least 20,000 users have posted at least once on a German underground forum, which could indicate room for future growth. We counted the number of active users based on publicly available parsed information.
Research challenges One of the reasons why researchers do not really take a closer look at specific EU countries lies in the scope of underground forums and related activities. English is the main language in the cybercrime scene, much as it is the international means of communication. As such, a wide variety of products are offered on English forums and marketplaces, which makes doing business on a German platform very challenging. Competition comes not only from English marketplaces but also from better-known communities like the Russian underground. German cybercrime business owners and site developers need to create a niche and provide customized content (fraud schemes, drugs, credit cards) that cater to the local market. The German market players’ main focus has been to overcome these challenges in creative ways, providing interesting findings on local cybercriminal activities.
5 | U-Markt: Peering into the German Cybercriminal Underground Underground forums and marketplaces The German underground, much like its foreign counterparts, comprises forums and marketplaces. While forums serve as the main venue for introductions and information exchange, they also serve as the go- to place for special, sometimes customized, items. These marketplaces exclusively function as a place for trading goods like local credit cards, hacked accounts, and fakes. They also serve as cybercriminal wannabes’ first point of entry into the underground.
We often find ads for partner sites in the form of banners. German underground marketplaces are sometimes incorporated into or connected to forums. But there are also separate sites that only serve as marketplaces. A distinguishing characteristic between independent marketplaces and those owned by forums is that the latter get heavily advertised via banners.
We found five main forums described in more detail below.
Total Number Marketplace/ number of Active Access Offerings of active Forum registered since users users
Closed forum with Crimeware, Bus1nezz.biz 6,200 2011 1,580 restricted access drugs/narcotics
Security forum with both Hacking tools, Secunet.cc publicly accessible and stolen account 1,800 2013 650 restricted-access areas credentials
Security forum with both Back2hack.cc publicly accessible and Security wares 9,346 2008 1,440 restricted-access areas
Marketplace that Stolen credit requires user registration card and account Not Not German-plaza.cc (username and password 2015 credentials, server available available are required for entry) but access activation is automatic
Crimeware, Crimenetwork.biz Forum with tiered access 64,000 2009 8,000 drugs/narcotics
Table 1: Main forums/marketplaces found in the German underground
6 | U-Markt: Peering into the German Cybercriminal Underground Bus1nezz.biz
Bus1nezz.biz is a closed underground forum with a standard set of offerings that include cybercrime tools and real-world items like drugs and narcotics. It is hosted on CloudFlare, a domain registrar based in China. To date, it has around 6,500 registered users, at least 1,520 of whom are considered active or regularly post on the forum. The forum has been active since 2011 and has since amassed 12,179 topics and 50,986 posts. Some noteworthy bus1nezz.biz content include posts on escrow or “treuhand” services; a “vendor marktplatz”; a “4free area”; a “tool area” where users can buy remote access tools (RATs), crypters, binders, and stealers; and coding, fraud, and hacking areas.
Figure 1: Bus1nezz.biz’s home page with banner ads for vanille.cc (a stolen credit card marketplace) and secureVPN.to (a virtual private network [VPN]) service provider), along with top 20 statistics on the most relevant news and updates
7 | U-Markt: Peering into the German Cybercriminal Underground Figure 2: Sections found in bus1nezz.biz
Secunet.cc Secunet.cc, active since 2013, is a publicly accessible underground forum hosted by OVH, a hosting service provider based in France. It has 2,226 users, 2,432 topics, and 13,381 posts. It poses as a cybersecurity information forum where users can discuss white-hat matters but also serves as a distribution platform for malware or hacked accounts. Users can easily find and download RATs, Trojans, password stealers, and the like or acquire hacked Zalando.de, Deezer Zevera, and other accounts from it. Though it poses as a security board, secunet.cc offers a decent array of cybercriminal desirables.
8 | U-Markt: Peering into the German Cybercriminal Underground Figure 3: Secunet.cc’s home page
Back2hack.cc Like secunet.cc, back2hack.cc also poses as a security board. It has both publicly accessible and restricted-access areas and is hosted on OVH. To date, it has 16,658 registered users, at least 1,440 of whom are considered active; 6,420 topics; and around 41,000 posts.
9 | U-Markt: Peering into the German Cybercriminal Underground Crimenetwork.biz Crimenetwork.biz is the biggest German underground forum with 60,000 registered users. Though not every user is active, its huge user base is enough indication of its size. It gets several thousand visits on a daily basis. It has a more obvious user hierarchy, as evidenced by varying user levels ranging from simple members to escrow agents and vendors.
Figure 4: Crimenetwork.biz’s user levels
Crimenetwork.biz has several affiliate marketplaces like chemical-love.cc that sell drugs. Affiliation, in this context, was determined based on the ads seen in the main forum. As such, crimenetwork.biz most likely also controls and owns chemical-love.cc.
Figure 5: Crimenetwork.biz’s home page
10 | U-Markt: Peering into the German Cybercriminal Underground German-plaza.cc German-plaza.cc is an underground marketplace hosted on CloudFlare. It offers stolen credit cards and accounts (retail and online banking) and is structured like an online shop.
Figure 6: German-plaza.cc offers scanned identification (ID) cards
Banner ads Banner ads are an easy way to promote partner sites (a marketplace run by those behind a certain forum in any community, most notably in the Russian underground). These can help marketplaces widen their client bases.
1. 4.
2. 5.
3. 6.
Figure 7: Banners 1 and 2 are animated frames that takes users to chemical-love.cc, the biggest drug marketplace on crimenetwork.biz; banner 3 takes users to Russia’s biggest bulletin board for stolen credit cards, Rescator.CC, access to which is only granted to invitees or referrals; banner 4 takes users to forum sections on dropping and Packstation services; banner 5 takes users to a carding domain; banner 6 takes users to a spamming service provider (1,000 email addresses for €1.50 [US$1.60]*)
______* Currency exchange rate as of 18 November 2015 was used throughout this paper (US$1 = €0.94)
11 | U-Markt: Peering into the German Cybercriminal Underground Restricted-access areas The online black market typically offers tiered access. It has areas that require user credentials so they can go deeper and those that are publicly accessible. Users with substantial skills, connections, or know-how can obtain the highest access level but only after going through a vetting process. Those with low access levels mostly operate in open forums or forum sections with relatively minimal entry barriers.
The underground forums featured here offer varying access levels to sensitive information published by their users. Some (bus1nezz.biz) are by-invitation only and as such require administrator approval. Others only require registration. This is where intraforum dynamics come into play. In some forums, one needs to know other members before getting invited. On back2hack.cc, for instance, users need to make a sound impression and get informally “accepted” before they can see more information. Those who do not make the cut can only access certain areas. Some new registrants make an impression with meaningful posts. These posts increase their ranking in terms of reliability, value, and contribution that in turn gets them access to more relevant forum content.
The Deep Web and .onion mirrors The German underground does not have a clear tiered structure. This makes Deep Web locations more difficult to access. There are, however, forums that can be reached via The Onion Router (TOR). These are .onion mirrors and not separate sites. Several of the featured forums use .onion mirrors for users who put a premium on their anonymity. Those who wish to conceal their illicit activities can also use proxies or anonymized VPNs. Users who do not feel safe accessing forums openly have Deep Web options. They normally do not want to disclose their Internet Protocol (IP) addresses or be tracked by investigators.
Interestingly, the Russian underground does not offer this kind of access layer. Even the most popular Russian underground forums do not use the Deep Web. This could likely be due to stricter law enforcement monitoring in Germany. Using .onion mirrors can slow down transactions but that’s an inconvenience German cybercriminals are willing to accept.
Forum/Marketplace .Onion mirror
Bus1nezz.biz Bizznza4vtgsdrgb.onion
Black2hack.cc Gerpla4igmngtpgw.onion
German-plaza.cc Gerpla4igmngtpgw.onion
Crimenetwork.biz Crimenc5wxi63f4r.onion
Table 2: Featured forums’/marketplaces’ .onion mirror sites
12 | U-Markt: Peering into the German Cybercriminal Underground SECTION 2
German underground market offerings German underground market offerings
The German underground does not have as wide a selection of offerings as the Russian market. In most cases, it isn’t necessary to search for special goods and services in local communities because global (English-speaking) markets have more to offer. But when it comes to customized wares, it is harder to find appropriate equivalents. This is a niche that smaller communities (like the German underground) need to find in order to thrive and stay up.
The German underground is not as strong as the Russian market with regard to crimeware. Its main offerings include fake IDs, stolen credit cards, data dumps, and hacked accounts. But like any other fully functioning underground market, it also offers concealment methods and infrastructure in the form of bulletproof hosting, proxy, and VPN services.
Every cybercriminal scheme in Germany involves monetizing stolen credit cards, dropping, and stealing online account credentials. We saw a new dropping scheme specific to the German environment that does not need actual droppers and uses fake deliveries instead by exploiting the German postal service, Packstation.
BPHSs Bulletproof hosts serve as hideouts for malicious content5 and the foundation of any cybercriminal operation. The same is true in the German underground. Bulletproof hosts are used to store malware components, exploit kits, and the like. They can also serve as botnet command centers; stolen data repositories; and phishing, pornographic, or scam site hosts. Most bulletproof hosting service (BPHS) providers feign legitimacy but allow the conduct of malicious activities and so operate in countries with lax laws to evade litigation. They usually abide by one of three business models:
14 | U-Markt: Peering into the German Cybercriminal Underground • Model 1: Dedicated bulletproof servers: BPHS providers create a convincing business front to evade law enforcement suspicion. They usually cater to customers who need to host content that may be considered illegal in certain countries.
• Model 2: Compromised dedicated servers: BPHS providers choose to compromise dedicated servers and rent these out to parties who wish to host malicious content.
• Model 3: Abused cloud-hosting services: Cybercriminals abuse cloud-hosting services like Amazon Web Services (AWS), Hetzner, OVH, and LeaseWeb to host command-and-control (C&C) servers or drop stolen data, among other malicious purposes. These services are abused without their owners’ knowledge.
BPHS providers in the German underground typically adhere to models 2 and 3 because creating a hosting environment in the face of strict laws is hard to do. None of the German underground forums are hosted in the country or the EU. The featured forums and marketplaces use content proxy services like CloudFlare. To evade local authorities, the forums’ domain names are not registered in Germany or the EU. These mostly use extensions like .cc and are hosted in Asia (Hong Kong or Vietnam).
These reasons support why the reselling option is most favored and discussed on forums. Most German underground forum members use Russian- or Ukrainian-controlled BPHSs like 2x4.ru, hosting.ua, infiumhost.ru, anders.ru, and bulletproof-web.ru.
Figure 8: Crimenetwork.biz discussion on hosting a botnet that points users to Russian hosts, infinumhost.ru, bulletproof.web.ru, and the like
German underground forums feature dozens of Russian BPHS resellers. Users can directly contact and them and avail of their services once payment is made. Resellers fulfill more of an advisory function and offer more detailed information via private messaging. They are not the actual BPHS owners but German-speaking resellers who have carved out niches in the local underground community. Most users buy from global players like those in the Russian underground. A few authentic German BPHS providers exist but they face stiff competition from bigger and better-known players. They typically have servers in the Netherlands, which has laxer laws compared with other EU countries, though their service prices and locations largely depend on the risks involved in hosting users’ desired content.
15 | U-Markt: Peering into the German Cybercriminal Underground Figure 9: Crimenetwork.biz BPHS offerings (dedicated-denial-of-service- [DDoS]-protected virtual server hosting, €11+ [US$11.73+], depending on configuration; dedicated server hosting, starting at €55 [US$58.65]; and fast flux services, which are typically used for phishing and spamming, as these use a predefined set of domain names that are periodically rotated to hide C&C server IP addresses)
In the screenshot above, a user offers hosting services in crimenetwork.biz. He also offers support via email and individual consultations to customers in search of specific configurations. He offers a special price for fast flux services, which are typically not offered in the German underground. This indicates that he is still trying to establish himself as a hosting vendor in the market.
16 | U-Markt: Peering into the German Cybercriminal Underground Fake IDs A relatively huge chunk of the German underground caters to producing and selling fake IDs, including passports and driving licenses. Clients in search of such usually need noncontact fake identities to register for Packstation or other similar services. Others are trying to fake their ages or creating new personas. Reselling scanned copies of actual IDs is common. These fakes are used to open bank accounts or obtain additional information for more intricate social engineering scams. Overall, the demand for such items is big in the German underground, as evidenced by the number of sites that advertise them.
Figure 10: Ad for real driving licenses, IDs, and passports from Roy’s documents; IDs can be customized, depending on clients’ specifications
Figure 11: Post that sells scanned ID copies, some of which have been verified with vendors and 60% remain unused (male IDs cost €10 [US$10.66] worth of bitcoins each, female IDs cost €8 [US$8.53] worth of bitcoins each)
17 | U-Markt: Peering into the German Cybercriminal Underground Figure 12: Profile picture of Sandmann, a popular fake ID seller on crimenetwork.biz
Figure 13: Sandmann’s fake ID offerings
18 | U-Markt: Peering into the German Cybercriminal Underground Hacked accounts Though some German underground forum users sell hacked accounts, others give them away for free, something we haven’t seen in the Russian market. These include Sky TV, Netflix, Amazon, and Zalando accounts. Giving these away could be a means to please other community members in hopes of building up one’s reputation or in exchange for connections or help in other areas.
Hacking accounts is after all not hard to do. Usual means to do so include phishing and brute forcing. Users can easily configure a botnet to extract desired information from infected machines. This can be done by infecting browsers, using keyloggers or screenshot capturers, or stealing browser cookies—all basic tasks that can be accomplished with standard cybercrime tools. They can also steal email accounts, which are usually connected to other online accounts, giving them a means to get as much information as they need to further their nefarious causes.
Hacked accounts can be used for dropping or simply sold. Stealing someone’s Amazon or Zalando account not only gives cybercriminals access to the victim’s username and password but also to his credit card and other personal information. The stolen information can then be used for all kinds of fraudulent transactions.
Netflix accounts, which cannot be easily resold because buyers will not be able to use video-on-demand accounts tied to private identifiable IP addresses, are mostly used for dropping or given away for free.
Crypting services Crypting allows cybercriminals to hide their creation’s malicious routines by packing (crypting) a piece of malware using a variety of techniques. Crypting services abound in the German underground.
Figure 14: Post selling HyperText Transfer Protocol (HTTP) and Internet Relay Chat (IRC) bots, RATs, and crypters
19 | U-Markt: Peering into the German Cybercriminal Underground SECTION 3
Only in Germany Only in Germany
Payment, escrow, and dropping services
Treuhand As in most underground environments, escrows (“treuhand” in the German underground) act as middlemen between buyers and sellers. In the underground, there is no legal way to make claims as in the real world. As such, escrows are needed to ensure smooth business transactions. Escrows process transactions for a certain fee, typically 3–15% of the amount that needs to be paid. Upon receiving this fee, escrows hand the payment to the seller and the goods bought to the buyer.
Bitcoins are the preferred mode of payment in the German underground but some sellers prefer to get paid in vouchers or “gutscheine.” Getting paid in vouchers or online shop gift cards protects both buyers’ and sellers’ anonymity.
Packstation: New dropping means
German underground players have devised an interesting dropping means, one that involves fake deliveries. Most underground markets rely on droppers who cash in stolen credit cards and online accounts. There is no longer a need for droppers in the German underground. Users instead rely on the so-called “Packstation service” that takes advantage of the German postal service. This allows sellers to put goods sold in publicly accessible metal boxes for their buyers to pick up using their pTANs and access cards.
Figure 15: Banner ad for Packstation services
21 | U-Markt: Peering into the German Cybercriminal Underground Figure 16: Packstation metal boxes found on the streets of Germany
Somehow, German cybercriminals have taken advantage of an efficient system for fake deliveries. Packstations allowed for the convenient exchange of goods and payment. Users’ addresses cannot be tracked though they need to apply for the service using a physical (home) address and a mobile phone number (which are easy to fake) so they can receive short messaging service (SMS) notifications along with their pTANs to claim their parcels.
22 | U-Markt: Peering into the German Cybercriminal Underground Figure 17: Post selling Packstation accounts with mobile phone numbers
23 | U-Markt: Peering into the German Cybercriminal Underground Get a bitcoin wallet. Contact the Packstation service provider and Buy whatever you want buy a hacked account. (Note that there are two (without spending types of Packstation accounts—one that is anything) from online bound to a mobile number and email address shops like Amazon or and another that is “clear,” which means you Zalando that allow can use a mobile number of your choice.) Packstation delivery.
Figure 18: How cybercriminals avail of Packstation access
German-plaza.cc Pressure to ensure seamless and quick sales transactions brought about underground marketplaces that are replacing forums. Underground marketplaces are virtual shops of standardized goods—places for buyers and sellers to trade in a clearly regulated fashion. They have standardized procedures and can quickly process payments aided by technically enforced rules, making them more efficient for the exchange of goods and payment than forums. Though trading in forums is much slower, customized items (those that require modification and special pricing) are still exchanged more on them.
The German underground has several marketplaces for goods like drugs and credit cards. Among those we analyzed, german-plaza.cc stood out because it is the only actual marketplace where people can actually buy and sell goods (hacked accounts, traffic, etc.) and it is a purely German development.
Though not yet fully mature, german-plaza.cc has a wide variety of offerings. It has after all only started operating at the start of this year. We expect to see it quickly grow along with others of its kind. Prices are tailored to the German market and are driven by supply. Some product categories only have a handful of offerings. Compared with the Russian underground, it does not offer as many global products. The scarcity in offerings could partly be due to its beginner status. But it could also be due to geographical and language focus. German-plaza.cc, like the German underground, is a place for cybercriminal wannabes on the lookout for German-specific items like stolen Packstation accounts or German credit card credentials.
24 | U-Markt: Peering into the German Cybercriminal Underground Figure 19: German-plaza.cc offers hacked accounts, stolen credit cards, data dumps (probably contain personally identifiable information [PII]), online game license keys, Packstation accounts, root access to servers, vouchers, and VPN services
German-plaza.cc’s Accounts tab features a wide variety of German-specific products. It also offers stolen online banking accounts most likely acquired via phishing. Cybercriminals can choose from an array of accounts according to bank type, balance, or price, depending on what they hope to use the goods for. Information on banks’ online processes and verification systems (using telephone personal identification numbers [PINs]), which cybercriminals may not be familiar with, are also given.
Figure 20: Online banking accounts sold in german-plaza.cc
25 | U-Markt: Peering into the German Cybercriminal Underground Figure 21: Online banking account information available in german-plaza.cc
26 | U-Markt: Peering into the German Cybercriminal Underground German-plaza.cc sells hacked online bank accounts for at least €10 (US$10.66), depending on their available balances and the amount of information (owner’s personal information and telephone PIN) tied to them. One account, for instance, costs €2,750 (US$2,932.33). This could be because of its high balance (€7,500–8,000 or US$7,997.25–8,530.40) and the fact that it comes with a telephone PIN and owner’s personal information. Knowing this information is crucial, especially since banks are alerted when huge sums of money are moved from one account to another. If that happens, the cybercriminals will need to provide the right information should they receive a phone call from the bank.
Figure 22: Details on an online banking account sold for €2,750 (US$2,932.33) on german-plaza.cc
27 | U-Markt: Peering into the German Cybercriminal Underground Some online banking accounts also come with telephone support. This means that buyers will take care of all verification calls from banks.
Figure 23: Ad for professional telephone support for bank verification calls on german-plaza.cc
Credit cards and PII dumps are pretty standard items in underground marketplaces. German-plaza.cc offers credit card packages that include owners’ addresses, card expiration dates, and so on. Knowing this information is critical for those who wish to use stolen cards to make online purchases or clone cards for physical use (in actual stores and establishments).
28 | U-Markt: Peering into the German Cybercriminal Underground Figure 24: Credit card information sold in german-plaza.cc
Online game license keys and account information are also sold in german-plaza.cc. Users can also purchase Packstation access on the site. Stolen and fake vouchers for Amazon and similar online shops are also sold. These can be used to buy something on the real sites or as payment for goods bought. Vouchers are easy to phish and are quite in demand.
Root access to servers is obtained by buying credentials. These servers can be used to proxy Web traffic and set up sites to host malicious content. Prices are dependent on supply.
Figure 25: Root access options include those for Simple Mail Transfer Protocol Secure (SMTPS), Remote Desktop Protocol (RDP), and Secure Shell (SSH) servers
VPN access is also offered. VPNs provide cybercriminals anonymity. Besides concealing their IP addresses, VPNs ensure that no personal information is tied to VPN services.
29 | U-Markt: Peering into the German Cybercriminal Underground Malware made in Germany Trojans, exploit kits, and other core crimeware can be seen in the German underground but these do not make the market unique. What we would like to focus more on are locally developed tools. It is interesting to note that some German cybercriminals develop Web applications for money. One coder, in particular, has been praised by many users for his skill and delivering what was promised.
Figure 26: Banner ad for coding on demand
Figure 27: Praise for coding on demand who produced a fully functional phishing script with anti-blacklisting feature
30 | U-Markt: Peering into the German Cybercriminal Underground Sphinx, Cube, and Triple CCC We also saw a few tools that were advertised first on German underground forums.
Sphinx and Cube Though Sphinx and Cube can be found in Russian forums, they were first advertised in German forums, leading us to think they were developed by Germans or at least people who were active in the German underground.
Sphinx6, a ZeuS variant, is written in C++. Its authors designed it to operate in TOR, making it immune to sinkholing, blacklisting, or tracking.
Figure 28: Crimenetwork.biz ad for Sphinx
31 | U-Markt: Peering into the German Cybercriminal Underground Figure 29: Sphinx’s configuration panel
Figure 30: Sphinx’s active bot statistics panel
32 | U-Markt: Peering into the German Cybercriminal Underground Cube, meanwhile, is a tool that cybercriminals can use to recover files from infected machines that are part of a botnet. It has ties to the site, nodistribute.com, which anonymously scans malware against the most popular antivirus products.
Figure 31: Cube’s control panel
Figure 32: Cube boasts of working on all of the platforms mentioned in its properties panel
33 | U-Markt: Peering into the German Cybercriminal Underground Figure 33: Ad for Cube Recovery 4.1 for €3 (US$3.20) worth of bitcoins on crimenetwork.biz
Triple CCC Triple CCC, a German product, has a malware and C&C component. It is basically a Trojan that steals passwords from infected machines. It infects machines when a link embedded in an email is clicked or via an exploit. It can steal passwords from a lot of software, along with browsers, messengers, and File
Transfer Protocol (FTP) servers. It can also steal Microsoft™ Windows® license keys along with credentials to download managers. It is sold for 25 BTC in the German underground.
34 | U-Markt: Peering into the German Cybercriminal Underground Figure 34: Platforms and software that Triple CCC can steal from
Figure 35: Triple CCC’s control panel
35 | U-Markt: Peering into the German Cybercriminal Underground SECTION 3
German and Russian underground overlaps German and Russian underground overlaps German and Russian underground forums are littered with carding service banner ads. These are usual Russian underground offerings that are heavily advertised in German forums. Rescator.cm, one of Russia’s biggest stolen credit card marketplaces, and SecureVPN.to also figure in the German underground. We can assume that German cybercriminals often visit the Russian underground to learn from their big brothers. It is also safe to assume that collaboration between German and Russian underground market players happens.
Overlapping profiles We came across one particular cybercriminal that sells wares on both the German and Russian underground markets. One of his primary offerings is Loki Bot, a well-known botnet framework sold on various forums. It was first sold in the Russian underground forum, “Damage Lab,” then made its way into the German underground’s crimenetwork.biz. Its owner is also a very active seller of stolen credentials in several Russian underground forums.
Figure 36: Ad for Loki Bot found in Russian underground forums
37 | U-Markt: Peering into the German Cybercriminal Underground We have seen other users figure in both underground markets as well. We cross-checked several thousand nicknames obtained from German forums against those from Russian underground forums and saw overlaps. Around 300 users actively operated in both communities. This led us to believe that substantial collaboration between German and Russian cybercriminals occurs, an almost natural development because cybercrime knows no borders. Note though that our comparison was just based on the language the cybercriminals used. We did not compare the German user list with those from other markets (China, Brazil, Japan, and North America) because we believe the Russian underground is still the most seasoned to date.
Shared resources and parallel sites We stumbled across a German site that sells stolen credit cards (centralshop.cn), which looked very similar to a carding site in the Russian underground (gocvv.cc). This prompted us to further investigate if they were connected to each other. As it turns out, they shared a database and application framework, which again suggests German-Russian underground collaboration.
Figure 37: Centralshop.cn’s (left) and gocvv.cc’s (right) home pages
Figure 38: Gocvv.cc’s (Russia, left), centralshop.cn’s (Germany, middle), and 2force.cn’s (Russia, right) log-in screens
38 | U-Markt: Peering into the German Cybercriminal Underground Further research revealed that all three marketplaces—gocvv.cc, centralshop.cn, and 2force.cn—are partner sites. They use the same credit card database and graphical user interface (GUI) with slightly altered designs and content to fit their clients’ needs (mostly dependent on the language used). Each site takes care of its own domain registration despite using the same database and GUI. Each site also takes care of its own promotions mostly via banner ads.
Cross-market advertising Anonymous file sharing is common in German underground bulletin boards. It allows users to upload and share files (usually copyright protected) with others. Vanille.cc is an example of such a service that is heavily advertised on German underground forums. It is owned and maintained by a member of the Russian underground but heavily used in the German market. As such, it could be a product of German- Russian underground collaboration.
The German underground is a small but mature-enough ecosystem that caters to the basic needs of local cybercriminals. It has dynamic ties to other underground markets, particularly Russia’s. We looked at the market’s general setup, components, and offerings. We specifically analyzed wares unique to the German underground like hacked Packstation accounts and marketplaces that catered to the customized needs of its local clientele.
We found that seasoned cybercriminals looked at offers in bigger markets like the Russian underground while those who are just starting out and need customized wares go to niche market’s like the German underground. We specifically looked at german-plaza.cc and saw that it is a growing marketplace that is positioning itself as a trading ground for all sorts of crimeware. Though the German underground is still young, its malware coders are skilled, even offering coding services on demand.
In many ways, German and Russian cybercriminals collaborate with one another. We even determined quite a number of users who operate in both environments. This connection was made even more visible by partner sites that not only look like each other but also offer the same wares (using the same database) even if they use different domains. This isn’t surprising though given the borderless nature of the cybercriminal underground.
39 | U-Markt: Peering into the German Cybercriminal Underground Appendix
User Guide for “Packstation”**
Step 1: Bitcoins Bitcoins are ubiquitous in the scene and have taken the place as an anonymous means of payment after the bust of Liberty Reserve.
Bitcoins can be purchased in different ways, I recommend Virwox.com. There you can easily buy bitcoins via direct transaction, credit card, PayPal, Paysafecard, Ukash Skrill (Moneybookers), and Neteller.
Since you still require a wallet before you can send/receive bitcoins you should definitely register on Blockchain.info Register, where you can receive/send bitcoins—it’s a very reliable service!
Depositing at VirWoX!
Once you have deposited money, it will show on your account balance, and you can acquire bitcoins. For that go first to EUR/SLL to purchase Second Life currency, then you can convert the currency into bitcoin under the category BTC/SLL.
Now you can cash out your bitcoin; for that create a new address in your Blockchain.info Wallet, select “cash out” at Virwox.com and include that address and the number of bitcoins that you want to send. The first deposit Virwox.com will take 48 hours since the payment will be checked manually in order to uncover fraud, all further payments will then be transferred instantly (at least with me).
Step 2: Sellers of Packstation accounts, Gold cards, and credit cards Rippers are everywhere, ripping in the scene has become a new business model—whether it’s €5 or €15 it doesn’t matter, the main thing is money without any service in return!
I offer you a small list of retailers, very thrustworthy sellers!
Packstation
Ohman on crimenetwork.biz
Packstation without number and with email access—€20 (€15 if action takes place—bulk discount)
Packstation with number and email access—€2 (minimum purchase of 10)
ICQ Number: XXXXX
______** The contents of this section have been loosely translated from the original text in German.
40 | U-Markt: Peering into the German Cybercriminal Underground Gold card
Wax on crimenetwork.biz
Wax is one of the few Gold card sellers, whose Gold cards also are really gold, not white blanks!
Gold card—€7 bitcoin, with TID €3 surcharge
If you buy a Packstation with Ohman, you can receive the Gold card at Wax.de for €5 instead of €7.
Credit cards
I have seen a lot of CC-sellers come and go, the quality really varies and often you get quantity instead of quality for the price BUT there is one person/shop that really stands out because he offers really good quality
Razzia.biz
Classic random €4
High-Limit random €8
Classic fullz €30
High-Limit fullz €50
It’s not one of those disgusting sahnescript shops where you have to contact “Live Support” just to cash- in bitcoin; Razzia.biz really gets you your good instantly.
You select your products, add your ICQ number to (you receive the product via ICQ but also locally on the site) do the captcha and buy it. Then a window with a bitcoin wallet and the number of bitcoins appears; transfer it via Blockchain.info and select “Paid” with Razzia.biz, then the script checks if your bitcoins have arrived—two confirmations are required!
Step 3: What is the difference between Packstation packages? Packstation with number and email access—a cost of ~€5.
Here within the panel of DHL a cell phone number has already been saved, this number is important for the mTAN (similar to online banking)—the mTAN is required in order to to pick up the package from the Packstation.
It is possible to change that telephone number via support using SE (social engineering), loss of cell phone’s, a new contract mobile phone with a number etc.
41 | U-Markt: Peering into the German Cybercriminal Underground Packstation WITHOUT number and email access—a cost of ~€20–25.
Here you can simply enter the number of your anonymous SIM card (Anosims.biz offers these)—quickly before dropping—and so you can drop your packages without having to be in contact with DHL employees.
Step 4: Ordering—Which other shops offer delivery? There is a plethora of stores that deliver to Packstations, ideally one should not directly opt for the large providers such as Media Markt, Saturn, or the like.
For example Zalando delivers to Packstations, just like some smaller stores.
The best course of action is to opt for shops that nobody knows well, obviousy it is not easy to find such shops but from time to time you will find some just with a little help from Google.
Hall of fame: Active undeground forum usernames The following nicknames were used by active German-speaking forum users featured in this research paper.
Secunet.cc
__fastcall allinkl BlackHook dbmm feVer Halux -Trust- AllRemebers bladerone deco FIN4LShare HansPeter ::1 AltF4 Bloodman Dedhorse firecrash Harry !5K0RP!X Ambutaga BlueEyes deluxeBro fish3r Häuptling !mperiaL .Tobi aminakojim boing727 Demair Fl00der Hawk .True AmmarShaarawi bommel derHaxxxxxxxxxxxxxxxxx0 Fl0ckz hb0EHuuV [slash anarchy Boom DerAusländer Flame0 HCPHLS #Supreme AnD Born2Hack dermitdembuch flashbang He4dPh0n3z |9. Andrej Bossgen DerWilleGottes Fleischpeitsche Hedrek $hamerock anni86 Brabusv12 DeSSo flownn HikaKin 0ct0r Anonymous Brokolie devilmk Found57 Hoax-TX 0ushn 0x0 anox112 BuntspechT Digitaltourist FoX Holi 0x105734 Ansgard bursali Domenic FR3DDY holomaster 0x2A Ar3s c0d3x double_check Framerater horstewald 11kk11 asddsa c1ph3r Dox Fraudfeindlich Hugo12 12qw ASFD0815 C1T dr.bob frechdax hurr_durr 1337-LeakeD asmhax c3bob Dr.Falkenhorst Fred_durst ic3 1337esel Aurus Caudex Dr.Security Froist Ice 1337Tr4der 13HansWurst37 avitamin CentOs DR.zydz Fruity icemanns 2nd LevelPadrino B r ! X x CEOmAdDiN Drohne g-suz idontfeelanything 313373 b0kerst3l ch3m Dsystem gatgat iDope 3dacx b0ss1337 chabamaba Dynamoking gehaxelt illusi0n 3piC B1nary ChEeTaH easy GeizerDarkICE ImNichts 3xploit B2H chick0n easyamigo GenetiC IMPEGA 404 B3ND3R Chrystal Echo88 GhostPlug Imperial 4c!D B3ND3RZ cl91091 ef-JaY ghosty iNCEPTiON 6RbK9 b3nua comic eflo317 god Installous 753951 B3RbY conrado EinstiegsGamer gohan InternetFreak A!rmax B4nQQer737 cooky1 Eiswürfel Gottberg iPwn A25414N B4sh CoolFrog EL!T3 GP120 Isabella09 Aaron baba1 Corono ELIT3 Graf c0x J_Bunny Absuro backpackhacker cr3w61 Elite Soldier Graxl J0hn.X3r Ac4nth bananabob Cr4ck3r Eliteterror grokis jarbukk Acanth barreta crimetology Elvis gutzuu jebiga30 AccessRaider bbking CTU emmi H0RR0R Jerrycan Acetabs ben Cube EmnmJack H4CK00R JiigSaw acidraining berlin21 Curuba EmoCore1990 H4CK3R JLine aClude Bewiz Cyber Tjak EmX h4x0r joeroot Acsiii bezen CyberEnte EssHaa habanero Johannes Acymacy Bierdeckel CyberSpy exo2 hachol Jolyna aducator Bison D0b Extasy hackoliu Jonas AEQUITAS BitCode d3mux Extasy8 hacktainer JPK agwawgawg Bitschi da_vinci Eye Hades Julieh AirSys bl0wf1sh dagunn ezah HaeckerUpdate junkfood akinova bl4ck Dark Smile F0x hagenharry justnew akmedes834 blackbez Darkhammer Fa1L HAK K3r!x al3rt BlackDesert dasemih Fall0ut Haksor k3uL3 Alex BlackEagle dazed Fapter haloxss Kain101 Aliina
42 | U-Markt: Peering into the German Cybercriminal Underground kaiz0r maui NoOffence,justtruth ruskov931 SpongeBob UndergroundCrime kamii mazzl88 Nookie russe spx uni.x kanbi mdiek Norky RuyRun Srgt.Weed unity kaps1500 Median notinsane s@rs SSIO unkn0wn Kataklysmos Medion Novexx s0ke St0rmi unnex Kazeshini megastyl3R NSB S1L3nTL3ARn3R st3aLth URAN0S kennydark megatr0n Obstsalat S3aside Stacyboy usedefault kevvv memories ocz S3RB33 starz user44 keyb0ardz Mfr719 Ogen Saidox stefancael VainInsanity Keyuko michael OicSailor Samuel William Str1k3r vanilie kingbob middey Oizo sandro1243 Stryder VAXU KingRaven Mikesz Olli :3 Sanii STUDI0 VENNI kingshit1337 milw00rm Online SAW F1ghtM4ch1ne Suffix1337 Vesanius kioshikazumi Milw0rm Orianbeter Scan7raxx SuiZiD vid KiR0V minder originalz ScenePirat SuN vioLa Know v2.0 missundercover ouser schatzi Sunshen Vip3r KoB24 mit0hne ownz0r Scheichmanfred sup3ria Viper kobold modnar pandora schulek21 SymBose ViruZH4CK Konsul Mofo PAPIER! Second LevelHunky SYS64738 W4r10ck krusty mokolo PAQI secunetnoobs System1000 whiteBit krYon monty Paradox Secx system1084 Winning L!NCH most_uniQue pasza SeD³ takeit winterz2010 L1ght Mpie peacem4ker SensEye Teke woschtbud Landerek MR.GREEN peasy Seobusiness tenuces Wrongturn laser-lord Mr.Security pensioniertDreisT sepe99 Terrafaux X-Ray the unknown Leeky mrkrabs peroxid servit TgZero x00 Legatus MrNice Pessimist Seventy tHaNaToS x3daudio1_7 LetzFetzii MrNobody peterdermeter87 Shiva thecoon x3n Link MrOverflow pFailuRe* SHLAGGY1337 THEDARK xan1m0rphx lip mrv2 Ph@ntom Silenus TheHaste xartux LLORT MS13 ph0g Since TheSaint xenon loewenherz Mückenstich PIXeL1337 Sirius.GER thibo xerox log Mydayyy pnk Sirly Thor xisco lol myrae Poimas SirPhil Tick_Trick XlimiT lolkraft Mystic PolskaPower SkapyTek till7 XoiL Lryzx33 N0P proceed Skunk Tiq3reye xoor Luc1d n1312 ProHex Skyline Tojen xtony45 Luke21 n3ws pugnator Slaxxer Touch xup3x lunvar ne0n punisher SLinT tr4st xxMagierxx Lut0x nemoest Puppetmaster Smylie2 treeplx YouGo M@te Neophyte01 purplera1n sn0wf0x TrickyTrisi zeeeeeeek1 M/\TR!X Nesoc PwNeD snapo Tritium Zephyr M0R155 Netwxrk r1cht3r Sniffer trixx3r Zepp m4cx NewerA r1ck_ Snipp3r TrueEBW zepsus M4gician Nexon rabulla snoo Trytime ziegenpeter MacHack Nexus88 rainboww snoppy0066 trznitu Zipoman Mad Hatter nickMAMA Ralpa Socke? TUNNY zone maddixx night Rastajan SolidNerd Türke Zy0x mainflame nilptr rayesia Some0ne Tw0F1sh ZyRoX77 Mandela no-limit reverse-proxy SpecialUser txncr4nk mandi12 no-mercy rey456 spectator tyson30 Mantrayana No.3xit Rhinodanny speedywolf ugurano Marlboro_14 nomaam Roff Spitfire Un!t Maskulin NoMercy rumludi Splitty unbekannter Bus1nezz.biz !5K0RP!X 7GUEN ALCHIMIST Anhed0nic Arrina Bahnschlampe .Fuzzl3 852456 Aldi Animanum ArthurArsch bale .Litecoin 8NiNE3 aldijochen anisan As-seller Ballerina .root 999soldier999 alee3000 anniebiafra AS8 BamBam @tarik Abdurachman Alex DeLarge AnnunaKi asapasapasap BANKBABO #Blond abit4662 alex85 anonisyhma asc06 BankDropFilling #Milo Abnormal alexej Anonym asmc Barken0 ☠xrahitel☠ ABSCHZ alexwd anonym_ghost asmir_cracker Barneyâ„¢ $$cashomat ABUS Alfather anonymous Ate Batchamlao12 0mar Abzug Mahmut alfredeu AnonymUser Atrax batpol 0x0 acab22 Alisa AnoPro Atrax_ Bauchladen_1312 0x000F ACB allstar Anosims.biz Attastyle baxxter 0x01 Acbstyler66 Almancun Antikörper audibleavenue BD Service 0x17 Account147 Alpha AntiZion1 audioline bdmanci 0xf Acheloos altec Antonio AUR0R bdmancii 123daweidawei Acheron Hades Amazon AOE1976 aurora BeatZ 123kimiya1232 ACID XD amfibija Apiz austrian-elite Becks 131² adktd Amigo apo12 AV24 beginning 1337 adramax aMinute Apo1337 Available BelAir 13AC37 adren AMK Apologize aXa Benelli 18* advanced AMNESiA. appleblossom b.giuseppe74 Benstar 1UP Aer AMNEZ1A AppleFan b11-87 Beppone 2high aes AMOK apxjdk B3B€K Bergmannweb 32sdsd AEZ Amos Ar3s BürstenKevin90 Berzerk 3rdShift affa81 An0nspecZ Arces babadora besenkammer 3x3 aibatt99 an94 Archangels Babarecords bhk 5K1 aids Anabol ardamax babo187 Bi0haZard 637456042 Ak’ Anakata ARES81 babooo Bi7hop 654321 ak47 and1 arias babsmer BiFi 6aus49 akaaka55 andihro ariek Bad Angel BigBoy 6Zweiundsechzig2 akf - andrewpl1984 Arktus BadBoy Bigfoot 777 al-Almani andythefirst Armageddon Badman bigloop 7894561235 albinoxx angelo155 aro2011 BadMotherfucker bigman32
43 | U-Markt: Peering into the German Cybercriminal Underground Billy Kalender CASH0UT Cyberbore drikerise Fluxx Harvey Biometrix Cash0ut-777 CyberKitty driver flyaway Hate biosmanp cashflow cyberwhore DropperFutzi Forensic Hawk birne cashzoschel cyegun dru9 forrest_dampf Hayvan BitcoinRally CC Babo cyno dtrip Fossen Haze bitstore.cc CC Dealer Cypress Dudelmann Foxtrottp123 Heart4Gamer BizOp cccp2014 Cyropolis duki112 FR4M Heat Black CCS cyrox123 dwdogge Fra-Mi heaven Black0230 CCStore D!DD!E dynamix Fralli Hedon Blackbird CDAI d’Niro e0s france Heimat_erde Blackice cdcsx D@Vinci easy-Domain Frank Junior Heimaterde blackoutxx CengoHH D3ADLIN3 Easysafer1337 frankagnolo Heineken Blackpit centurion D3adMod3 Ebola freak0ut Heisenberg810 Blackrider cha0z daath eddyexp FreakedKIddi Heisenberg92 BlackRock chairman DaneSahne egotrip FredBret heldderarbeit BlackSecurity chaos danielitto eintevizen fredthebaker Helios BlackStar Charly75 Dante Eko freefame herb Blackstyler923 chefket DarkICE ElCabron freestar herbst BlackSun Chev Chelios darookie eldiablo freiland Hermann blägbierd Chiko Darth Vader Eleison199 Freiluftfanatiker Herzog blink chillaholic DasArcher Elektrojude Frenchlover herzog187 Blodyrane Chillhead dasses ElGamal Fridolino hhtown bloeffmaster Chingi Davi elgringo fsx HiddenM BloodyKiss chlorum Davidov Elihu Yale ft-777 Hide’n’Seek blubber chr0n dea7h elpr4d4 Fuck0FF HIGH Definition Blue Screen Chronos deadman Emissary FUCKSCAN Himpson Bluthund chthit Dealer eN0RY Fulk Hinterwald Blx chubakka dealerscup Enel FuNTeX hola12 bobby88 chuchu Debaucher engineer FuxVOL2 Holomaster bofrei cigimigi DebCore Era G0lD€NCR!M€ honeybird bomber12 cinq dee.h erfinder2014 g0rf honigmann bombji Clemens78 deevilxxx ErikOne g0rx hostfat bondaagee clickster Defoee error G0stF4CE Hotdog Bongjo Cliff degus error404 Galaxy420 hottna BonySon cLiT Dekron ersguterjunge GANG-fickt-DICH hqcns boom55 cloaker Dekronn Erstklassig Garth HRNSN BosnianCrime Clonix demoniac eskalation Gasparus hrruin BOSS cls Denny EureHoheit Gatsby htcplaya boss13 Clusterhead denyobanyo evios Gauloises1337 htw Bossaura Cobra der Evolotion Gauloises7mg Hubbabubba Bossde cocain_ Der Insider EX1t Gazo Huettig Boston George Codein Der3er EX3treem gemüse hydrocopter Bounty Cody1337 DerBabo eXept1on Genetikk Hypnotica BrassKnuckle Coin DerBabo69 Exodia GeraxY I need Money Brasus coinotron derchillaa Extensa German-Plaza.cc iamalcatraz bratko CoJane DerExchanger f00t3r gingelg iamr00t Brezzer Col DerGeier f0rs4k3n gismo1 ibm broke Cola derneue F4ker GOA IceCracKer bronson ColtSivers DerPate F4T4L1TY Golden Eye IcEmAnN brososto Combichrist DerPateUC Facebook GoldJunge IceQ Brower CompactHack devilsystem fackyaa GoldLabel IchHabeName Bruder Complex Dgaz Fahrraddieb GoldRock Ichigo Bubble congo2 DIA Fake GoLoud ickeone Bubblerium conrad diablo31 FAKE-ID.PRO gonzo ifailit buddha Cookies dialecticus fake2pay GoodCat iFr3sHx3 BulZz CoolUp91 Diaro fakeerror Goooofy Illuministrator Bundei cornflakes DieLupe Falco gora inaktiv Burner Corvette dieter7 falschername GrafPorno Inda. Co. burning cosa dimethyl fanta4 Grauzone IndiKa bus1ness council Dingiso FARID.GANGBANG greenlight INEEDMONEY Bus1ness Junkie Crash-Override Dingo1337 farid45 grenzbereich1 InFamous Businessworlds Crawler DirtySanchez Fat Joe gretsche infaption Butt3rs crazy17 DirtyWhiteBoy Fath0m Groove4-live Insta C 14 CRaZzYBeaTzZ Distelrose feierkind Gruenzeug instantaccounts.cc C!R!S CreditcardUser divine-intervention Feinkost gtawelt Interpol c0la Crime is King Django feltox guga123 Intexx. c0re CrimeCRD DJSchwitzkatze FeridBang guram Invicible C24 Criminal dl2oo9 Ferkel Guter Faize iRapez C2H6O criston doc zydz Fernandes H-Milch iraqi c8x criticalinjury DOC-FAKING fetch h@ck ishigami4 Caesars Heaven Cro Doenerbudenali FHY H2O2 IsolatedSystem calc croweyeonetwo Dolce Fiddler h3h3j0 itachii caligula crowley dolus.cc fidi921 H4xx0red69x itaLy Calypso crusher DOMIAN Fidibus Habibo Its_Riley-Man camel Cryme Don$ Fil Hack4Revolution itsmy Camserd Crypt Service donguralesko Filling Service hacked IVORY CapnCrunch crypt0x donner Fillwerker Hacker123456 iwantmoney Capo Crypt91 Dope filou HACKfleisch J45ONX Captain CrypteGFZ Doram Filth hackloz Jablonski CaptainBong Crypto doublec Finanzberater Hadolf jackbauer CaptainSpaulding CSH Dr. Mengele Firecrash Haike1337 Jade carddecard cst Dr. Schizo FirePanther Haiwan Jaheira Carl Marx CStorm Dr.Allen-Hu Fl0yd Hallowelt Jalava carlito CTD Dr.Arroganto Flavio hame Janjij CarloColucci cube Dr.DRE Fleo Hank jarbukk carlog cup2g dr.grow flexer1312 Hans91 Jarod carlop Currywurst Pommes Dr.Gyno FlexNET hansgans Jason carls cYb dr3ck flipflop Hardwxre jauz Casablanca Cyb3r DramaModz Flosstradamus Harivi JB-Capital casar CyberAnarchist DrDroid0041 flowbahn HarryPotter jd21
44 | U-Markt: Peering into the German Cybercriminal Underground jdn Knuckle Malboro11 Mr.Klaster Papstdererste rambo 5 jecko KoB24 Maleficium Mr.Pink Paradeo Rapstar Jeko KokainTeam man5 Mr.Reis PartYGina Rasputin Jesse pinkman kokorak Manda Mr.RU paule RayDonovan Jesus Navas KomaKind mani1993 Mr.Security paulusklugus razz jetzthier KONLY0815 Mantarochen Mr.Undercover pawner realforever jimmyjey Kontaktmann Mantrayana MrBlackHat PawnGFX realhaze JimmyT kontrakt marblemobyb MrD PayPal realk jj3333 kopf marius MrMafia1 peacemaker reb0rn jogsvish KPax markus82 MrMongolo peddder1234 RecordZ John Doe kppd Marky MrsNaice Pedro50 Red_Bull John Gotti Kraenk marlowe MRUndercover pelmar Red2015 Johnbow361 krb Marshall MRX peppire RedBlack Johnkennedy kriminella Maserati mugi09 Peppo redbull JohnVegas Kugelfisch MashedSquirrel mulihackbaba pepsi Twist Redhat Joktor Doint kushberry Massari MultiKriminell perry04 redpiper Jon Snow Kygrox massh Multistore perryabel Regenmacherx Jonas Kylo Master mundpropaganda Perserkatze ReL0AD jonny112 L--G mastergunner Murafat Peterhonigbaum RennerPenner jor1092 l<3na MasterID Muschiwasser PeterLustig Repous JPSBLACK L0KK0 masterman mushroomer peterlustig55 requiem jstylo L5xX!z matad0r MutenRoshi PeterMaskman Resolve jugo Lab511 Matschkopf MyDay PeterPan rich Julio110 laboni matzex3 Myself peterpan222 Richie Rich Jum_p3r lama mauiWowie MySQL pfefferbud Ricola junky lamachun Maurice Mystia Ph@ntom ring0 junky12 lamontana MaxiKing1 mzr PHA15 riseup just. landsbaer maxmustermann210 n0xe phantom ritZee8 JUSTBUSINEZZ LaOnDa MaxMutzke n0z4RTx Phantomicx RiverPlate JustSmile Lars Windhorst Maxpowder n30 Phazer Rizla Jutga lasso3 mazehaze n34rly phil.t.rich robbyrobsen K1NG LastKing mcfit Namtaru Phillip robertnesta K3lly lattes23 McMaestro Nao Phrenetic Robin Hood Käse Lausepeter MDMAMonster nasgul pieromatro robocop Kaajaa LaWeedsmoker me. Nate57 Piggeldy Roccat Kabber Lazar Mechanic nazR Pillath rockthatbody kackboon238 Leafy mecker Neger Waldi Pipe Rocky kaiser lean megaman nemez Pirat roepcke kaizor Leathafac3 mehlfelds Nesquik pixel Roflaaa KaliLinux lederstrumpf Memmmet NetVision Piyyy rohkohl kalle85 Legend300 Memory network Plasmasmog Rothschild kamagra lennard MeNt0z Netwxrk plot Rox kamaz lesezeichen mentalist newman001 poccoloco Roy Kandesbunzler lesssmell MercedesB Newton pokerfull Royalflush Kaneology Levty1312 mercedizML48 neymar Polsilver rrpunched KANZLER LexiHexi Mercur NicsonJr polym ruben kaputtesdeutsch lifeisabitch metallicblue Nikolai Pong ruby karaone Lilplayer Metheor NinoBrown Popei Rumpeli KarlEssDerEchte Limitless METRO nninja premiumcrimer Ryze karlnai lionheart213 MgD No1z3 Premsell RzUx77 Karma Liquicity mh00 nobrain Prikamye S.A.T.A.N kartina loco michel Noctis PrinceJunkie S.Y.O.Z.Z kasubek log micky66 NoGov Private s@rs kathy0123 Loises middlemanG nokia.leni Projektil S13G KatiL loken Migga NoNePuB Prometheus S4WX Kay.ZZ lola123 migtab nonex Prophet S63 kay0 Lorab mike-bravo NoOne psayco Safedog Kayanzo Los Narcoticos Mike•Ehrmantraut nouser PSN sallandcall KCIWK LoudSound mikropizza1 Novoliner psY Sallasa keeper lounge Mikula novolinexxx Psycho1 Samanta Kekzline lowie Milhouse novus PTK sammyy2 Kellogg’s Luc1d milonair nucle0 PuffPuff123 Samsara Kemal58 luck MiloShot nwo PumperJoe samson kennedy01 luk45 Minimax O-Tec Pumuckl Sangs Kenny187 Luka24 Mishox O.M.A PursePirate SantaClaus ker777 LUKE MisterSpex OBEY Pusher Sayco kerox LuRez miwaf Oga123 pussylikk2 Sazuke kesch lurking Mlnr oneeightseven Putin SBX Kevin lusitane mmui95 OneUp Putz Scene-Tools Kevin.weppich lutZ. Moldova OnkelTom pw!tt Sch0ko Kevin7x Lux MolliMob openworld Pyle Schakal KevinJunker Luxury mollotow orange python.smoker Schakal2.0 kevinjunker73 M.Jordan MOLOTOV Oreo Qaiz SchakalZ Keymaster m0nster monkey47 Osmose Qex schänerföhb KeyserSöze M3G4N monochrome Oswaldo qp313373 Schlaaand Kido m4riocom Mont otherme qronix Schlampie KiezKokain M4ST3R montana54 otti Quatschkopf schmocko KingZaza macdoc MoOe OxyWhite Querox Schneider kinotkt Mafia-Crime morf0se oytset quexing Schnotte kit Mafia-Reis Morgen Ozonking quincy schrankhustler Kitkat MagicBox Mortany ozout Quirinus schumba KizZamp magnum moshpit p0lyt0x qwerasdf1234 Schwarzenegger klaa2 mahir12 Mosoni p3p31337 qwerty ScoobyDoo Klarspueler Mahlzeit mostter packstationen24 qwertzqwertz55 Scylla klaudiakuhn Majestro mozart Paco R0CC0 sebastian kleinkraken makarov Mr_NiceGuy Paketmarkenscan r0th seco Klerus Makaveli.CC Mr. Cool Panasonic123 R3belli0n SecureVPN.to klingelbeutel Make-Money Mr. White panda1331 Raikal Select klitschko75 malak Mr.Clean Panther96 rainy Self Pwned klomann123 malatya Mr.Green panthera Raiper Selinas
45 | U-Markt: Peering into the German Cybercriminal Underground Semper snoopez Suppenmann TomViolence villageparty wrecked serbiankurac snowmanx suraguard toniliter Villon wtftw servas75 snuffx SUSU tony13 violentritual wulfert ServerSpy so’n..1337og sweetdevel79 TonyMontana ViperViper1 wurm23 Seth sofasurfer swiss8888 Tortilla visionaer wutsthis SeventySeven solidcashout Swissmade Touch_Freak vitovice WWF SEX Somebody swissmedicalCH tr1cky Voleur X4N SFive sommerliebe SWOOSH tra1n VONNIXKOMMTNIX x770s Sh0wtime sonbka12 Syn trakskills vorlaeufiger xane shadow045 Sonicxs syndikat Tramper Vorne xar ShadownLight SoNiice Synonyme trapcap vovan-f xEMOTiiONx Shag Sonny Synthi trax W.W xGdsnX SharkNet sonnyblack Syphon TrHotD W4E2ED0 xGoeshif sheld0n Sp0nt3x SzeneAlex Tritium w4rl0ck XIA0 sheld0r sparr0w T3XSELL Tron Legacy walther.weed Xodie Shewit SpecialUser Tabaluga Troy WaltherWhite xoro Shindy-Cool spee Takedown TrustMe Wanderhure Xreator Shiny-Flakes SpeedBoy Taktlo$$ Trustno1 Wave xs3c Shiva speedup Tanju Try Web xxgreeen Shizoe Speedy Tayes TryItHard webcrawler xxop shreechetlur spicy TCB TuKo WebMoney XxXxXxXxXx sibelmibel spike80 tdust tut4u weed4ever xxxyz siggio Spirit te$la TwoFace weedag XY1 silassibylle SpongeBozz TeamMember tyler23 Weedking xZerberster silence12 SQLError TeamSpeed24 TYRANNUS weedmaster Yavsak SilverAluminaris squat92 TeCo ubi weedshop24 YM_Tunechi sim-seller.cc Squirter tefo Ubique WellDone yolo Simsek SSH Terentius56 uglyboss welovecarding ysedc Sinned Ssoys Terror Ultimate wesleywebber yugo sirius stachel tester ultrahaze WestCoastMafia yugo32 Sixty starz tester88 uMad WestRed Zündholzkönig Sklot Stay Th0r umarex wesTThug Zaebis skyfly Steiger THCXpert Undercoverbulle wheat Zaphod Skyline Strici The Dude Underman WhiteDream zaztaa Skyper strobopop The_Buddler Unity WhiteRussian Zecke slay09 STROHMANNN the-iceman unrealshape WhiteWidow2806 zeeeeeeek1 Sleeve87 Strong. TheHive untier why-me ZeeeK_ sleipnir styles thesavage Uruchi WIGWAG Zelly Sleven subdata TIJARA usualsuspect wiiwarer Zepp Slippin’ Jimmy subsix tilized V3nus willi zepsus Slumski subway Timbo451 vaio WireCracker Zigo_Fuffi Smart Success Timbo4545 Valadur wiz zillas SmithUp suckerburg TimeIsMoney VanHolz Wolf Zizee Smn Suizid gefaehrdet Timme vanPoorn WolF23 zokkr Smokey Sunburst TinaTurner Vaske WolfOfWallStreet Zombiholocaust Sn1per Sungsam tingle vault_tec Wonderbear zoschel Sneaky Sunrise tinieda vegga wordi ZUCHT.BIZ snibbit sunshine Tio Vendormat Worldopen zuke snickersodermars SUP32 Tjaret venni WoRM zyrus Snipp3r Superior TODESDANC9R Verurteilter wowa1986 БРИГАДА88 snippa Superman133 tommy88 VEVO Woyzeck
Back2hack.cc
__fastcall 0xff42 add ANterior BannedNOPÉ black_Lotus _[G]H05T 10111 Administrator anti7rust BannedSh4rk black_tiger _93N_ 1234588 adoppelgroberlin Antr4x Bannedtheex black_woman _denotsluos 12345A AfKi aoon BannedWuus Blackbox _DextAr 12x12 AFW Apfelkrawatte Barbie blackhat222 _TheLegend_ 1337-o-mat AgainsT ASD Barny BlackHook -=ARES=- 1337geek aids ashcr@ck Barry Zuckerkorn BlackJack -Adi- 17Hacker13 Airwaver asimov Basis7 blacklight -is- 191cda1e ajeshoven Asmo basllo Blackproxy !zw0scura 24ds AJT assa Bass BlackSky .__ 3.4-MDMA aKiller47 Atropos Bass_Fisher Blacktiger .29 3rror.exe AKL Auf eigenen Wunsch bbking blanger ·xed 3Xpl0r3R Al Pacino gesperrtdomitian BCfu Blitz ‘AnD’ 403 Alaska axe Becks blixz [-] 4hack AlbusCervus Azazel beginnner blub.txt [XeNoN] 4hack2 alex2122 azrayil Benoit blue.grass @l3x 4wid Alexander B-Trojan benutzer bluehorizon **HackOne** 5chrr3d00r Alexander123 B1on4de berlinaaa BlueShift #DataBase 5ev3n alg0r!thm b3nua Berni1212 bmachine ´wusaaaaa 70b14s ali-g B4N3 bewiz bmnn ███████████ 72DDOSer allons Babbage BHG boby147 $_staX 8-) allrounder Back Bi0virus boff $okow 83ck3r ALoki Backdoor bi0x bokkei| 0DARK30 84k3nd AltF4 backslash BiF_z bombejo 0div 8asx87878 An0nix BackTrack BIG SMOK3 Border 0ooC3lt1coo0 abc Andrew3726 Bagatell BigBrother borium 0x00 ac0n1te androdox Banker1 BigNick BoRn2h4cK 0x00.0x00 ac3dia anfaenger BannedBlackD binary Botmaster 0x1cedd1ce Accessor Angerf1st BannedChuzpe Bismarck_1 brainiac 0x24 Account not AnNoymuS Bannedinfokrieg bitcracker brb 0x7e ActivatedJackmp AnonimoX BannedInt3rcore bl1ndm4n breakdown 0xC3 acedia anorexianervosa BannedJojo_23 BL4CK_KN1HGT brechthold 0xDE4DC0D3 acer Anqualos Bannedlol blaaaaa breez 0xDEADBEEF Active Antagonist BannedmKay black_dice bruzzler
46 | U-Markt: Peering into the German Cybercriminal Underground BSDBlack CrystalClear Don Fizzle hi118 JouBro BttR Cryx dono FlaggeXL highz Jozgi Bugger CSG dony Flamez HLSW jsb bugyc66 CSRFan dori22 Flaskzz hmpf juanarangoal BuntspechT csskevin Dr. Greenthumb Flex Hoax-TX juli burningdog ctp Dr. Shell floege hokus~pokus Junges_Deutschland Butak Cuadrado Dr. Sp!c floki HoMeR justasking Butcher cupidus scire Dr.Haxel0rd flood-1k4 Horadrim justme131 c0d3x cuxberg drak3 Florian hoschi10 justpwnY c0dix cvoid Drei3ck FlyinRhino hostelhostel jxMANNY C1T Cyber Tjak Dreimaster fnordsniff hoyo06 k0or C3lt1c Cyber-Soldat DrivinClose foo Hp elitebook K3nn3dy C3PO CyberKing Dude Fox-Jet Hugo12 K3VIN c43d35 cybi0nic Duellking FoxMulder hugohaken Kabashi c4gey Cycode dukkha Fr3ezr Hunt4life kalachnikov c4pone cyphrex dumpfbacke Franke35 Huskynarr Kali caldicot CYSER dunhill freak_out hybridd kalimkhan0900 Caliba d-d0s Durak freakamaster HyBriDo Känguru capslock.phishR D.Crane dy_man fred777 hyt3rz Kappac0re CaptainAmerica D$C dylan freecrac IblackGhost Kapri carnifex d0ne Dyn4mic freeswallow13 Ice2age Karl carolina d0se dYnAm1c Freeview Iceman7292 kartoffelk CaSe d0wn easton freezer icemanns kayoli Castiel D4rk R00t easysurfer frostbyyte IchEben kazuya catweewee d7fSMcFi EBFE fulcrum Icqcoke keex catz <3|xratzrattillox| Da!Z ecize füller id4n1el kefal0 catz <3phre4k Daddy eclick futtwumper iDontKnow Kein2009 Caudex danny EdelHell g0rge iDope Kejko Cayo1988 Dark Smile Elazer G36KV Ignatius kekek cbob DarkBasti elitehamster g4rbi Illuminati keksifi CellarDoor DarkD eminenz GabbaFreak iMan404 Ken Celt1c darkfl3yer emotionthomas GabberGandalf imul kennen Ch0tz0 DarkFlower Emrex385 Galileo inetz Kerberos Chainsaw Darkmiller Endecs Gammel_Hardware Infected_by_X Keydara Cheese DarkRaver energy16 Gammler infinitum kibu ChEeTaH darkSm0ke Enzo gangster001 init-0 King364 chilliboy999 Darkyy EpicFail Gantz inkarnation Kingdezz Chiqsaw daron Eprom Geisti Innocence kingol chris darthkermit eQuin0x gesocks iNs KingRaven Christian Dasschwarzelol ERNST GeTTeX ins0mnia Kingvisse cifa database err000r getType Insignium kipagafi CioP datapump2000 Error51 Gewitterchen Insolvenzverwalter Kizaru cl@usi dattj Etara5 gf0x intel_p6612 klausw cl0cky Dauerbauer eternalfame ghaza IntelCA Klimax Claus Dav1d Eth0n GhettoHörnchen interessierter Kniffel cleex Dawqrt Ethon GHosT_WallZ interNode knight clif7 dazer EvilMaster Gigi1992 Intersect Koala cliffy73 dbcore evilmind gigu intx80 kogen CloudFlare ddl Ewaxy Gking70 Invisibility Koksi Club-Mate Death eX0duS godfather ge0ffreys InVisible kolmi clubmaster deb excatz Gokudera IP-Sh0k kortex CmdFreak debian Exceen Golem_5 iPwn Kraftsportler co0k dee exec gotroot ir0xc0de kranked5 code dekadenz eXon green IRET Krill CodeCracker delgado eXonline GregorSamsa irgendsontyp kro.9 CodeX Demian exploIT GregvonSchleck IronMind krusty CodingScherge DEPARTMENT OF exs Grim-Reaper Isaia kuemel Cojones1945 PENETRATIONkingfinn eye grimjow ITexplo kuri coloban Deque f!nch Groshy itn0made kvNN Coma der_Dude f00bar GT3X iTPunk kvrqhdlk Computerliebe Der-Knechter f0x Guckste_Oo J@ssu Kwasir conrado derAlfr3d f1@nig@n gunner J0hn.X3r L0pht continname derkleinemann f1n4ld0wn h4XX0r-7 J0nk L3stEr cooky1 derm f1sh3r0 hackbart2 j3rk Lain.from.the.Wired cooli DerProgrammierer F31ndflug hackerking jack4flash lambert cor1 DerWilleGottes facer Hackmanedi Jakob_N LAN corruption destr0yer failoverfl0w HackTheWorld jamaal Lankabel CorVu5 Detinox FAM0US Hacodrix James LaOnda COSiNUS dev-0 Fanatica hajo808 JamesMoriarty Larex couch Developer85 FaNNboii hakanabitur Jar3d Larry cptxc Devtronic FantaSyEX Haksor Jaro laurent Cr4ck3r Diagnosis fastcom hallamasch Jay Jay Lawliet Cr4cker die_Spinne Faststefan Halux JayKeane layle Cr4cks DiinnZ fat_joe Hansel0 Jekkt laythesemento17 cr4p dimavery FDNY Hansi jewlz1337 learning Cracksoldier dirk1992 fehrlichmann haRd jjjuno LegSo crapdawg DirtyDevil Feinkost HardersoundZ jKardon Levero Crasher DiViS0R Fenerium65 Harry Potter jne Levion Crassmaker DizzY_D Ferkel HateHack John levis CrazyPlayer2000 djeko feVer hawley John Mueller lffxzer0 crazyscript DLFreal fh0sy haxX1337 JohnDoe li0n CRC32 dmatmdm fiki Haz4rd Joi li0nsar3c00l CRE DMW007 Final headz0r JokA lie CreamyCewie dnet_ finbey HeathenMan Joman liese cremi Dodel fineproxy heiko71de jonato lifeishard Crisader Dokta FInnH@X Heinrich Jonjomate lilly CrOniC Domenic finsternacht helpusobi jonnyo lilUnicorn Crovean Dominario fipbro2013 Herakles Jonst Lincos crush3dice dominic FireFreak herby2305 jonvan Linus cryptix domo Five-3-Nine HexEdit jos lipton
47 | U-Markt: Peering into the German Cybercriminal Underground Liquid Monty nuit Prokhor s3ries Speaker liVe moplayer numa99 psi S4ib0t SpeCtr3 locksmither moppelkotze Numinos Psycho-Formel s4rs speedywolf loewenherz MÖRDERFURZ Nur4mon PsychoEngel s4ty Spike lokem87 Morkai Nyx psyko sakalonys Spike188 Lol2014 Morris o.Osyb3r_hulkO.o psykoon303 Salad!n spiralis lolinger motion oabbo pszalewicz saldo Spitfire lolyai MpOnE Obstsalat Pumba sau5000 Splatter Longo Mr.Ru OCIN punk91 Saver spoofer Lopus mrmagic ocsme purpur sbww12 Sprayed Lord Ben@ MrMerkur oleoleola push dword ptr [edi scene_it Sprayer LordRAM mrs OlgaOrlowski + 42] schachstelle sqliteddy LordSticky mrt0w Omegavirus pussey Schattenbaum squaredoc LostPW mssbyassg OnlyOne Pwn3rD schido1991 st1kl Lotos mstsc OpCodez Pwntifex Schitzlo sT34LeR lotus mtm-power Orianbeter Pyco Schnipsy st4cky love mtx orium pyr0t0n Scife Stalker loverdream muffin44 Osay pyro scinex starflow lowl multipick osca Pyth0n Scoppia startx Luca myo osys Pytrox Script StealOr LuckySH Mythoz overseas qchn Scrizor steelbot Lucy n0x oxys QcY seb1# stefdean lui n1312 p!rat qlimax1509 Secret47 steried luigi100 n1nj4x P1NKY QpL SecUpwN stilleswasser lulzworthy++ N3Cr0N p2pBob quasar450 secure StOnShOG luma420 Naji p3rnosco Queer SecureCoders Stranger167 Lynking namedesnutzers P4d1n0r quite security Strelok Lynx Napalm Paarvernichtung qwertz seeker strVar M-$p33Đ narohT PabloEscobar qx_ Seker stuffi M@te Nastrajo palikuca R0-07-77 seltoh styl4z m0n0m Navanbethrax PAN r00t_4o4 semtex Stynx M1CR0 Nazrek PancakeStack r00tkill senseye. SukZu m1santhr0p ne0phytet panthe0n r0xx Serverspy sunny-boy3 m3teor Neal Thompson Panther96 r3miX sesgeb SunshenOne M4!nStreamer NEAVORC Panzermensch R3s1stanc3 sft sup3ria m4core Nec papazian r41d SFX supreme m4cx necroph param0re Raavgo sh0xx Susanne-goes-to- maarius_37 neitec Paran0id Rabbit Sh1z0 Hollywood Mac_Hack nelson PaRaNoiD Radix64 Shadowgamer Sushi-Sushi-Kun Mace Windu Neo paranoid_ raiizero shadowleet Svanire Macomethics NEO_2.0 ParTee Rainbown Kitteh Shadowstyle SveN madoexe neonpunk pascalao rainboww ShadowXD Svens0n MagicFridge NeppNepp pdb rakim ShadowZeu$`` swissbosss mainstreet Nerap PDM502 Ralf ShadowzKnowledge swo_0sh makakawa nerdsupreme peak Rapter Shamy Sylver Makropol Netw0rx pechpilz raptorimus ShaQ syntax3rr0R malik44 netzpirat Peckori Raschdestwo sharky SyntaxX Malware Netzwerk Pedro Rastajan Sheep SyntaxXx Mancer Newfag penguin rastelli SheeX Syphon mani newgamor peppy Ratchet shiggy100 Syscall ManU NewKing per2perr Ravelux Shinigami System1000 Marcese NeXT Perforin Ravenmaster ShockerZz systemless marcosafken Nextlive peter123 rayz0r shutemup SystemPunX master bratack nginx peterchen Razorigga sidisido Szkuta Master of Chaos nice2kn0w PeterPan RaZz0r Silence09 t-junction Mate NickFragger pfannekuchen Rc05venom SiN T0x1cBaSs Mattisq nightfall pFreak Reaktion Sinco tagkiller MaverickJohnson nightfighter ph0x realizer Sinobis take2 Maztek nightythehawk phaja reaper Sirect takeit Meisterkeks Nihilus philicious reb00t Sirius.GER TastelessBlog memcpy Niiub PHIPU Recevid sketax Tatzia MeMp_!power NiMaD Phoenix rechnerdergerechten skillfreak td0s meneedhelp niph Phoenixx592 redux Skittles TeamAlpha meow.qq nninja phoseus regenmann Skrill_Low teebusch meowhax no17 Photonensauger relakks skullteria teffub Metroz Noah Phreak reputation sl33py Temp666 micro-mars nobody phrk reqq456 sl33py_0x15 Termi middey Nobody29a pHySSiX Restyle Slava Terroryoschi Midged NoGo Picknicker reverserUser slavy testee Miguel Capone Nokia1100 Pie Rezin slimline Teth0ruX mil0 noname Pikayyy Ridijak SmaSh-MaN2k teufelsfrucht Million$Man noname69 Pinas Rifler smogfish Texogil MineCore NoNameMT Pinguincommander RightBack smokey7 th0Zz MiNERVA nong_dan Pinkywesen riotstarter Smoki80 The Fog minimal nonverbal pixelg0tt Rob Otter SmokingJoe Theblacksuit minimuli noob planl0s roland1951 smrrd thec0nvict mirr0r Nookie Plitvix Romulus smzn theeddy Miryks NOOP Poison Ivy Ronnzn SnappySanta thegamer Misterlong Norev polk76 root Snifalor512 ThePhantom Misterniceguy223 Noriam PolskaPower rope4dope Snitch therabbit miyakei nothing Poonky Roundabout Socke? theriddler MK1020 novedad Poscaenium rukav socks5 theripper Mo. Noxcon PowerLED rumpelstilzien Softload3r theroot Modulo noxor pr0g4mer RunYourWay sotpot Thery Moe86 NoxX Pr1Me S!l3nt 4ss4ss!n SouL TheSaint Moerfieone noxxim praeon S!mon Southpark TheVamp Mofo nrxpro Prime s0fa sp1nny thibo mogtarno nSinus-R PrinceJunkie s0me_oNe Sp3ct0r Thogs molli nsk programmer444 S1GNUM spam Thron MoneyHoney Nucleolus ProHex S3RB31 SpamFerkel thschulz
48 | U-Markt: Peering into the German Cybercriminal Underground Tiffany TurrBo vendetta whit3 Xiider zeco tightgeist Turundeth VenDor whiterabbit Xinary ZenMan till7 TuxXx VenomV Winning xlazvegaz Zer0Flag Titus Twinkie :D verpeilt2007 wischmob xpecs ZerBi100 Tivja twodarkmessiah VeXx Wishmaster616 xPhase Zerco Toast Tyga VIcca WNDPROC xpod zero_d TobiahStealth tylersuicide ViciousC wolfgang77 xqooqlehackerx zero/zero Tobii Tyu Vince_Crusher Wow_a_APPLECAKE! xrahitel Zero0150 Tobsen Tzelathiel Vision wowa xSPERMBALLx zero334 Tobus uberNewbster viTaaa ws80et XTASK Zimmerer TomasG udata voiD Wundertüte xxacidbrainxx ZiuX Tommi Un1ted VooDoo666 wuzzup xxas zobold TonY undetected_bot VTX. www xxXDforceXxx Zoom tooltime uni.x vyzoryzox x0De y0sh zoomland Torecore Unreplace w@rlord x0r y2404 Zorbas tr0n Unu w00f x0red YaHomie zucker Tr1one uNxxS16 w4sp x0x Yakuza112 zweistein tr4st Upgrayedd w4vee x7aa1185 Yakuzza Zwiebielein tracert upix90 wAAZAAP xaeiou yayo Zy0x Trashkiller Upperchen wannabe xd123 Yeas zymobacter trastsus uschi553 WannaBeCookie Xen Yerst Zyx3cro trisn user44 wannastudy Xenio z0d!aC^ zYzTeM Tritglorlee user54321 wap2wap xeniq Z1GB3RT zzbaron Tritium VainInsanity WarChild xenon Z1n3 trololo vankillsing WeeMan xerox Z3br4 Trytime Varg wgob xh4nf Z4ppy TulpenMonster VB_Freak whispers2011 XigncodeCrack zc.shiny
Crimenetwork.biz _bizzy 5KOMMA0Pils alex123456 Ar3s Banana-Boot Bigpoint _cornflakes 5onny6lack alexfro arabella BananaJ BigSean ---Steve--- 5Posts & no-mehr AlexH araton7811HQ Bandidos Billy Kalender --dioX-- 6aus49 alexwd Archimedes71 bandit54o billybilly -.- 7h3D4g5t3r Alfred Ardy Banduri BillyBoy88 -=Re@p3r=- a lezilolu Alfred E. Neumann Arion banger1091 Billythekidinc -Bundeskriminalamt- A-Team Alfred187 Arkan BangerMusik Binary -j-p-s- A.Makarov AlkoholikerAndy Arn0Nuehm Bankdrop-Filler Bing -warchild- Abdurachman AllesVerzockt aro2011 Bankkaufmann1337 Binkibonko -XNXX- Abramowitsch ALLGOOD arrina banklady biobiobio ??The Riddler?? Abu al Hul AllStar Arrows BanX Biolaxy . 24 ABU-AZRAEL Almancun ArthurArsch bargain Biomatrix .Autrux Ac4nth alone15 Arturo barmin Biometrix2 .ensure ACB alones Aryx barnio Biostar .Gal accs Alonso Ascend BarrySoetoro biras .io Accumulo Alonso1985 asdfghj bartmz BitDrugs .Litecoin Ace alphacrime askiim Bashar bitLync .Lude aced AlphaIndustries asmir_cracker basics bitstore.cc .M. AcidBird alphasrfc AspireAut batchamlao12 BizuCC .Narcos. Acidfighter Alsuna Astriel Batzen447 bizzl .Rolex. acidv1rus Alter Mann aStudent BB.U.M.SS.N Bkahuna89 .root actionaction111 alu85 Aszero bbcool Black Sun .rulez actionboy AM3 Atallah1 BBQ Blackaim ‘’’ Actylus amazing atechment BD Service BlackAnarchy § 263a StGB adamW amc Atrax BD-Service BlackBABA *** addict amgbenz Attila BDBaron BlackBerryBusiness *B-Rabbit* adktd AminaK atze66 Beavis Blackbird *Deadpool* ADM1CDc amn3zia Audiofunktional beckspatriot blackgohst *TH-PFLICHT*Chico ADP World Amnesia augustus Belvedere blackkitty /root ADRIANO AMNEZIA36 Auslands-Hass belzon blacknrw #CC aeon212 amoalleramos Avatar Benelli BlackSeller #haramstuferot aequitas Amon42 avbiz Benjies GanjaBar Blackstar #LanceButters aero2 An94 avenTus benjiiko BlackStarMafia #Originals AeroX Anabol88 AVTOMAT. bensonh Blackstuff ©ħĄǿS AEZ Anarchy awesomepp Benutzer blackyellow ~LaDroga~ aff_yhoq Anders axx berlin30 Blade 0class affe22 Andreas1985 azad888 Berlin361 BlobROB_ 0Kush afterburner andro21 Azerbaijan61 berliner123 BlockbusteR 0nyx_ Agent.C androdox B-Man42 BerlinPharm BloodyKiss 0x539 Agent007 AngiNo178 b@ng BERNDUS123 blow. 12 3kimiya AgenturFuerArbeit Anhed0nic b0tw1n Bernstein Blowcard69 1BrokenArrow AGoldenBerg animalcuts B3kl0ppt3r BERS blowie 1chris Agon animanum B4D bes blowy 1data1 ahamerg1m anis abou chaker 2 B4NDITO Bestellhotline Blue Fox 1st Ahmetfam anisan ba16123 Besucher blueberry 25 7er ahmooo AnistonGraphics Baba Roga Betonspritze bluexxxxxdevil 2criminal airmax2015 anko baba yugo BetterDayz blunt 2Mephisto2 AK-47 Anon BabaSaho Bettgestell BmcHaze 37Deluxe Akatsuki anonisyhma baboo32 Between1 BMG 37T0XiC Akeus anonshop Back BGD Bmoebe 3daweidawei Akhab Anonymusx BackBurner bict Bob 0 3mpir3 Akihisha AnthraX BackINBussines Bierwesen bobbels 3nForceR AKIMON AntiRipper backwaren biffle Bobby2 3x3 akinim155 anton111 BadaBing Big Bang bobby88 3xP1oI7 akralou AntraxX badu big.jabba bobbydown 3zudemK. Al-Capone Apate baenker BigDeals BoBo 4chan.org aldijochen applederalte Bakassi Bigf00t Bodybild.de 5FL alee3000 AppleFanBoy Bale BIGFATA BoeseKatze 5knp Alex DeLarge apzm1 Baman bigman32 bofrei
49 | U-Markt: Peering into the German Cybercriminal Underground Bombaklack capone777 Coca-Cola13 Cyberfetischist DerPraesident Dr.Pepper Bombendrohung- Captain morgan CocaCoala Cyberjack DerRobinHood dr.schuhh Service CaptainJack cocaincowboy123 Cyberpunk DerTransporter Dr.Seuss Bomber Captcha CocaRange CyborgT1000 derukrainer Dr.Watson Bomber Pilot Carab Cockstar CyCle DerUserxx Dr.Who bomber12 Carbanak CocoLoco cyka Dessert drabibrudi bonafide Card3r CODEiNE Cypherpunk Destiny Drache BonAppetit CarderNR1 codura Cyrace destroyer_ Dragnite Bond CardingBob coinseller cyrox123 destructive_device Dragon888 Bongjo cardingmen Cokemoke Cyrus2k10 Deus_Ex dragongt Bonieclyde Cardsharing Col.Khadafi D!DD!E Developer2 DrCashout bonkth Cardsharing.io colben d’Niro devilxxx DrDieHard Bonus94 carlito76 Columbine D#Icke DevinityMoDz DrDromedar bonx carloskatana Combichrist d0kt0r devour Dreamo BonySon CARNIVORE Complex D0KZ0NE dex123 DrHaze boom55 Caruso666 Comtec66 D0p3 W4lk3r Di4m0nd driver44 boomboom Cas con man D4gob3rt Diablo DrKralle2014 Borak CashCommander cong Da Brain diablo_0 drolf123 BorisValeo Cashflash congo2 DaButcher DiabloXYZ droppord Borium Cashmaaa ConloCare Dad DiamoD drossel Bosnian_Crime cashoutch constancy Dagi Bee DiamondSeller DrSnuggles Boss11 Casio Conteo Daimler Benz DIB0ND dRunkEnxtC Bounty Casper0815 CoPKiller26 damager187 Diebstahl Drunks Bozz CassiusClay Copyright damiankos DieChemie201 drupp br0ke Castro corex damned Dieken dschengis2018 braaa789 catacandy Cori damolastar DieSchlange Dsystem Brabatsch cbx Cornelsen Dännis Dieselente DTM bradpitt123 CC Baba Corruptor danyelzo DieWolkeS Dubfire2 Braiin.exe CC Joe cosanostraAC DAOR Digital Child ducibus Bratan CC_Cash_Out Courius darienzz DigitalDrug duck313 Bratke cc-hacker Cow darius1337 digitalic dufyduck brauchID CC-King cpara Dark Cha0s dikomino duki112 breakdown CC-River CPU dark-crimer Dillinger dumaroc Bri-Za CC-Store cr_minds darkfire dindane DuMaroooc Briareos CC//CC cr1mArKid DarkJoker Ding Ding Ding DumingZone Briatore cc105 Cr3sh Darknet diniska91 dummenutte Briefkasten CCB cr4Z Darknezz Dinky 2 dummheit:( brilla cccp2014 Cr6z darknight dirt1 dummkopf Bringo cckkk Cramer1934 DarkOne Dirty69 DuraBatt Brisso CCLEAKS Cran1um DarkRacer79 dirtybass E IL i T E britenite CCPhishing CrankShit darksith Disaster e@sy Brohm CCRoulette Crash’n’Burn Darkxor Distel E1337E bronko88 CDAI crawlyn darookie DiVaio eagle0ne brososto cellonx crazzu Darth Vader DiyarDK Earthling Brownie33 cenivar CRDHD Darxneon django93 eassimode BruceLee Certified2 creater dataman djangobango EastsideLLC Brutus37 chakuza99 Creator DATGUY DjFroschFick EasyGoing Bruzza ChangeLog CreditcardUser Davi Djmiguan EbaY btcuser7x Chantal CreditCardUser2 DAVUD dmcpo EbbesVerspult Buddy ChaosBaerchen creedy dawng2 dnark Ebola budginger charliee Crey Daylight DNS_H1J4cK3R ebugger Bug38 charlycharly75 Crime is King DAYUM Doc? Eccem Bullboxer chechener crime-szene daywalker Doc.Headshot ecken bullhamster checknix crime-time dDetailz docucopy ED3N bulls23 Cheese crime.is.king Deal dolan eddyexp bullseye2015 chef999 Crime.network DealerB Domenic effex BuLuT chemist crimebaby dealerscup DOMIAN egal22345 buribu chemprox crimecrime decipto donbello1 eighty8 Busted Accident ChevisX crimeking deezigna Donbot einsameneachte Bustinjieber CHIll0R crimenuser defender87 DonChaoz Einzigartig butanika chillaholic crimepays777 defiance donfredo33 eisregen Butt3rs chiller CrimePayz Defoee- donguralesko Eistee93 Buzzed Chilli Crimers degus donguralesko11 El Ajedrecista Bxx2af chilling22 CrimeWorld Deja-vu DonLucenzo El Ano byacar chimaira2010 CriminalMind Dejta dontstop El Patron Bypass ChipsAhoyMcCoy Crimler91 Deklaration Doofian el_paco C.R.E.A.M Chirurg Crimler99 dekoder Doon949 Eleison199 c0bra1 Chiuso crimsoN Dekron dope-walker elektro bill c0ndor CHRiS-TRAViS CriticalInjury Delirium dopeasfuck Elektrojude c37z chrisko24 CRNP# demented DopeLXVII elemenOP C4kir chroos Crocos demon123 dopewalker elgringo C4Mehrtuerer Ciroq CroneSSX Dennis1337 DoppelT Elihu Yale C4sh cl500er crown123 Denny Dorian.der. elitecarder c8x classic Cruis3 dennyw3 Uebermensch ellexo ca1n Classified cruiser44 denyioo doris elmatador ca2no Classix1337 crusher1 depar doublec ElMiguel Cabardi Clay Cruz0 Der Forscher DoubleW ElSmoke cachflow cleanc0de CrYitZ Der Lachende Mann DownUpper-Crew Enelismus CAD cleancode CrypteGFZ Der_Schaffner Doxi Energy caffeekoppe Clever crystal1337 derantiworker Dr. Akula Enerox Calamaris Clex CSH DerBerater Dr. Pepper engelchen123 callmewhatever cli cspy09 DerBerserker Dr. Surabi eNoX Callo Cliff Cthulhu dered Dr.Allen-Hu Entreicherung Calvin Clock Cubensislove derendgegner dr.beat enzo44 Calypso clocky Cumcontainer DerHeld Dr.Business epiphany Cana-bisschen-dauern Clone69 cup DerLaeufer Dr.DRE Equinox CandyCrack Cloudzer Curse dermatze Dr.Gyno Erazer666 CandySpeed Clyde CyberBanana derml Dr.Medikinet Erdbeere Cannabis CMD247 cyberbitch derneue2014 Dr.Monk ErgoProxy capon Cobra cyberbusiness DerPostbote420 Dr.odin Ermittler
50 | U-Markt: Peering into the German Cybercriminal Underground err0r666 flashback1001 Goldcard hansgans HQELVS Its_Riley-Man error Flavio Goldesel hansmaier HQPP itsmy Error187 flensman goldsell hansudopeiter HQUSER iTunEz eRRoR4Life Fleo Goldstueck hanswalter123 hrruin ixtab Esartar Fler719 golf.4 Happy500 htw izmir35 Esc Flesyn golum007 HAPPYMAN Hubbabubba izzet Escrow flexer1312 gomon Haram Massari hubierft j0k3r eSozial Flexxx GOOGLEHUPF HaramPara Hug-Life j3nsen Eureka Flone Gorbatschow1337 harbor hugedongerino Jablonski europaminus Floxalmed Gordon Ramsay harrison Hugo Jack30t EuropaPlus+ Flummi GossipGirl harry HugodasNashorn jackbauer96 evios flX gosu1 HarryPoter hugokovac JackDerRipper Ewaxo Flyvix Gotovina Harvey hulk 1234 jackfrost exa321 Forrest Gottheit44 HarzIV Hulk51 jackson5 exchangejoe Forrest Gump Governor HauDrauf-Matze Hulk66 JacktheSnake exemption Fotzenknecht Gr33nShady HauptMann humiliation Jafila exhale FOURTWENTY GrafPorno Hautcreme HundeKokg jakprogresso Exhibition Fr0 Gran Coupe hauz hunter_76 Jaman ExKnacki fr0sty Grandmast3r havij1.15 Huron JanH EXLotus Frank C. Gras hawaiiansnow huschi555 Janosik expl0iter Frank the Tank grasraucher hawkben Hush jarkey Exploit. frankagnolo grassstation hax4 Hussarria Jarod extra111 fraud4life Greater haxor24 Hustensaft Jason exxo FraudConnection green777 Haxx3R hustleandflow Jaw Exyn0s FraudCrisis GreenBox haydarx3 hustler13 JayKey eyeofthetiger FraudMen GreenCobra Haz3 hxd jbk eyslw. FrauHolle greendead Haze-NL HydroFlow jbte eywa freeak GreenGarden Haze187 Hypo JBXX F*ckYou freeangels88 GreenGold21 hazebube iamawhore jd21 f00t3r freeling greenlight Hazeeschmecktlegggga iamr00t jdn F1er FreeStyle Gringo01 HazeOmatik ibizaboy Jean-Claude Van F1NAL6077 French Montana GRIP Hazey ibm Damme f1r3 Fresh Grizzly HDGDL3 IcEmAnN Jeko F4ker Fresh Dumbledore grone head.de Ich20 jellyjoker14 facebookprofi Fresh-Own Groove4-live Headbanger IchBinEinfallsLos Jesus Navas Fahrenheit freshdachs GROSSKROATIEN1941 Heat IchHabeName jesuslovesyou Fahrenheit_ Freshness28 groundy heatspeed Ichigo jesusluzifer Faiden frezz Gruenbauer Heineken_Bier Ichoderdu jetdirect FairExchanger frezze grunty heinheinsen icks JeyZ Fak0r Fridolino gtawelt Heinz Drossel iCrimeX jhb187 FAKE-ID.PRO Frimos12 gucci-man heinz95 id0ntcare Jibbertripo fake2pay Fritz55 GuckInDieLuft Heisenberg IDCARD2015 Jim92 fakebaba frobot GunzForHire helalmoney Identoz JimiBlue1337 fakedMe fubarak Gustago Helge-Schneider IDs jimmyjey FakeV2 FuckDaPolice Gustago2 helldogangel Igc JMSN fance fuckhacker Guthabenkönig Hellraiser555 ignusvir Joachim fangusherdot109 Fuckthatshit GutSellerhaben HERAKLES igridz1 Joanna faramundo fukkz gutswurst3 herb ijuhz Jochens farmer83 Fulham gutswurst37 HerbertSchnackenwurst IKnowYourBitchLoveIt Joerg Herbst Fat Joe X funnybunny Guybrush Threebwood herbst iLogar johann19 FATAL1TY FURIOUS guzmannn HerculesShop Ilon_61 John Gotti Fave G-HH gypson23 Herdentier Im_AllinCC John Player Special favela g-money h.sepp HermesFahrer Imaginary John_Riley Favorite G4RYMcK1NN0N H0RR0R Herr Kuchen iMark johnbo fayzl GaLeN h3h3j0 herzz imp3danz JohnDeer FCBROBBEN GameHeart H4R4M heyduda Imports JOHNGODGANDAN fealscher GameKey H5N1 hh8 impression Johnny Pepp Feel_the_Cool Gang Bang Klaus h66_fo Hide imtheboss Johnny-Kackfinger Felez Ganglife H8er hide44 inaktiv johnplayer123 Felix Cartal GanjaBar Ha00x7 highlife Incogn1to Johnwick007 FerengiJude gasigdiud31 habmalnefrage highroller Inda. Co. JohnyB fernsehen.to gast123 hacked Hinterwald indestructible JOin ff771133 Gauner-Coding HACKSEXTREM hiroshxd IndiKa joker1122 FHL Gavi hadamapadama Hiroxz ineffable123 JokerJJ Ficker96 Gaza hades Hirsch inFAMOUS Joko7 fidi GeldWaschen Haematom hitman infin JoN4z97 fifaking genet!kk hafen12334 HIV-Positiv infinity1 Jonny-Jackson FilhodaPuta Geraetschaft hafgsed5 HJS infucked jorgarov187 FillForFun GeraxY haftiabi hma1hma2 ingopingo JosefSchn Filling Service Gerd HAFTURLAUB hobbin insanex3 Joshua010023 Filling_Meister German HAGAKURE hobbylos#1 insert Joysticker Filling-Station GermanTrade hagenhagen HobiNr00D insider22 jQuery Fillingmaster Germanwinks2015 Haha20141234 HOLDINGGMBH Instant-Store jQuit filo GESpANN hal42 Holland Instantaccounts.cc Juan finalescape GhettoLive halulo007 Hollywood_Jackson Intensive Judas Prie5t Fireball GIBELLINI Hamas holyghost InterCrime JuDaSs Firecrash git hammerhomer holyshit interrupted JudeMitHut firegrow gizmo911 hamsterbacke777 HomeFront Invisible- Judgement fisch GKS hand0 honeybird Io. JuelzSantana fisch999 Gladio handy HoneyExtrakt0r IOCTNH Julian1978 Fischers Fritz GlooZ Hanf Honeymoon iOS junky FishandChips Glor Hanf-Gott. Hoodstar IPNE jurenjohn Fivester Gluecksbaerchi Hanfliebhaber Hooky69 iPwnx Juri69 FizzleW GnKK Hank1 Horst iRapez justbusiness24 Fl0w Gnom89 Hannah Crimetana horus33 Iron Man JUSTCASH flaconier God Hannes Wurst Howie iRznK# Justin32 flail32 Godlike2k Hannilein HQAccounts IstmirVayne K-EZ Flamingoboss GodsFather Hans Georg HQBahnTix Isyy K!ng Flaschbier gohard Hans Heftig hqcns itaLy k0nsument flash gohardtoday Hans91 HqDrugs ITAP K1ll1K
51 | U-Markt: Peering into the German Cybercriminal Underground k1lla knecht lichtan mandaz miwaf mypod K4NE knockz Lichterkette3 mandelbrot MixItWithRLCrime mysterio09 KAANZ1337 Knox. LIDL Manfred von MJBUSINESS Mystia Kackhaufen Knoxi Lifestyl3 Richthofen Mlnr Mystikal KaffeeTasse Knuckle LifeStyle123 mani1993 mmm2015 Mythos Kaiser Wilhelm II koala378 Lightbringer manitu2k15 Mo3chte_G3rn N. O Brain kaiser_franzl KoB24 lilly666 Mannequin Mobster n.0xe kaisimiro KoB2424 limano Mantrayana mocscosbirka N0BODY kalaschnikow Kobra Limecrime marckkk Moe2411 n0f3ar Kali User KOFOG Limited marco_87 Moersel N0iize kamagra Kojak LIONX Marek mofucker n0n4m3 kanak Koksta Liquidous mariachi Mogli1312 N0Problem kanak attack Kolbe43 lisa mariam Mohamed_ali N0v0line Kaney69 Kolkar lisa gerwien Marie_Curie Moldova N0x Kant KÖN!G litr3 Marijane MolliMob n0z4RTx Kapkekz kontrakt Littlediario mariodexto mollotow n1c Kaptain Blaubär kopfaut LiveMaster marius MOLOTOV N1njaGa1den Karalus Kosey LKA1312 MarleyMarl monee N1njaGa1den_sec Karandasch kpxen Ll_Ll marlon91 Money - Exchange n24 Karius Krambar localhost-127 marokko moneydirect N34RLY karivas KrankenHaus localhoster martadela Moneymachinegun n4x karlanikkel Krautexpress LoGGi007 martasdope MoneyMak3r nafa Karlchen Knack kraz0r Logitech90 Märtyrer moneymaker44 Nakasuzu KarlKani Kreativ Loha marx1900 Moneymaking nan0n kartina kreditkartenKing Loises Maryan moneyonmymind nana Kartoffelsuppe Kriminaloberkommissar longjack Mascapone Monkey D Ruffy Nandro katalana krle Lono Mashine-Man Monokel Nanobit kathy0123 kronicx Lorab MaskofZorro Monolith naroz1992 katze02 KrumblE lorbass massh monoX Natik kawele89 Krümmelmonster LordOfWeed Master1000 monsterenergy Natural-Love KCIWK kruz1984 Lost Soul MasterCards monteur21 Nazghul kebab krv Loudy mater61 Moody nazr kedrowski kry lounge matilda MoOe NDR Keeper KUchanft LovelyMaryJane matrioshki morex neandertaler2.0 keinenachtohnedrogen Kuchenbote Lowrider matteo69 Morgen NEEDiD KeinName KugelfischxD Loyed matze Moritz Kleinzeug nemawidis keks2 kunai1 lply matzex3 Morosow nEON/ kelloggsfrosties Kure LSDLars Maurpr Morph Neophyte123 Kenzo Kurosawa LST_2ndacc MaxiKing mosh33 Nepro Kerberos KurzUmschauen Luc1d maximalverdiener moshpit28 Nerfect Ketchupp kuschelhase luca000125 MaxMind Moskau NesQuiXz kevinjunker73 kushberry LuckyJay Maxy Mosoni nestea-rover Kevzt kushyh LuckyLuke mazehaze MotherFuckerJoe neterra keyload KYLEPHONE Luckyy mBskens Move NetVision KeySail0r L E D Ludolf12 mbt2121 mpu.soforthilfe Netwxrk Khajiit l_™SN1PER Luffy mck6911111 Mr. Cool NeuInBerlin KickIt GH0ST™_l Luka24 mCore666 Mr. damca Neukoeln Kid Ink <3 l00pster Lukas Reinke MD2015 Mr. Legal NEVA Kiez Karate Tommy L0rdz lukbuz MDMAAA+ Mr. Weeder newbiehacker KiiNGDeZz La Fatema lulu1 medikamentenmannfred Mr. White newbilly Kiko100 Lab511 lulu12 medion Mr.Crime400 NewFetz killamaroc laboni lulzer mega85 mr.cvv Newman killerfrog Lackschuh Dieter Lurker_lurklurk Megblock mr.donmon Newo killness LaHaine1312 lurking mehrDesign Mr.Gfunk nexgen Killuminati123 Lahmacun Lutscher Meinberger Mr.Hoe neymar kim_jong-un Laila lutscher23 Mellie Mr.Marlboro niacin kim-selina lak shuu Luxury melonyi123 Mr.Miago nicegermandeveloper King Bob lakuna Lykan. Menethil Mr.NoxX Nickelback King Boba Lamar lynch MenschMaschine Mr.Pac Nico Baum King111 Lamm M@ddog mentus Mr.Snickers Nigelta kingalibaba Lance Butters M0SHPiT mercutio Mr.Undercover nightfall kingberko44 laox m0yNET Merkur-Store.to Mr.X nikkibeach Kingbing lapmeee M3THLOV3R merrit mr2015 niklas_schlewing Kingdrop lassmichinruhe M4A1 mesi4s2k8 mrblack Nikolai kingduglu Lavalampe M4CHETE mesrine MrBlackHat Nils001 kingfeuer Laverna M4gician Mezben MrFreeman Nimbala kingofexchange laviba m4riocom MichaelSantos MRG00DLiF3 ninjaboy KinGofRaP LawrenceDE` m4ry.jan3 MichaxXx mrgoldcard Nino Brown KingRalph82 lawsbube m4ryj4n393 michele MrGreen NinoBrown Kingsman Lazar M4X Michialkafir Mrlanboy NisK kingster lckn mackaka Michimoto mrundercover Niskon Kingsz Leafy mAd_mAx Mickers39 mrx1 nitroinblood Kinky leak madara uchiha middlemanG MS-13 nivea941 Kirei leaker87 Madd00g MieseSchelle mstrnn nix12345 Kiwi LegionX90 Maddin_O mikropizza mt3 nmx kkll leibl Madmarius Milan22 mucosolvan-elch nninja KlamottenTicker LejzerK MagicMan millers277 Muffel NNTERTAiNER klaudiakuhn LemonHaze MaikelJorden milonair muffla NNU KleinerKC LeoDiCaprio MailCloud Mindbird Mugus20 NoGov KleinerKoffeeShop leoleon MailManager Minder mulihackbaba noidea kleinkoe Leonardo Majan1987 miners MultiStore.cc Noir Kleriker LesherHund makaveli47 minx69 MultiVitamin noizer Klerus leshy Malaka MiorOne Muschi-katzi Noizy Kleve Letoe MalariuZ mischka12 Mushroom Nojackno klik Levicus Maleficium Missundercover mushroomer NONPUBL1KER KlingKling levik mama09 MissVerstaendnis muskelchemie Nordlicht Klisto Levis mamasagtichdarf MisterDonXX Muto noreason klomann123 LexLuthor Man mistery muyo NoRip klukluklan lexxxius Manager MISTGEBURT myi. Norist Knahlsen LFMO Managero mivex Mypack Norrec_Vizharan
52 | U-Markt: Peering into the German Cybercriminal Underground Norskyy pdz privat3x redpen Sanchess shark44 Nothingtosay peak444 privateerox RedTree013 sandmann sheld0r NOTORIOUS peerson Pro-Filling REDUX sandolol Shelled nouser Pelikan pro-hacker REGENMACHERXX Sandwichmaker Shi-Masaru Novamin Penisbaer Pro100DDoS Reimemonster Sanjo Shindy NPBro pentaG Professor 2Stein reiner13585 sansibar Shines nr187 PenunzenPaule Project X rekay Santa Fu shini91 nrgy8 Pepsi Projectns rema17 santana003 Shisha-King ntxub Perry Protection67 remove-my-icloud Saph1ire Shizo2015 Nuker Peter JB protrain ReNam3 Saram Shizoex Numb3er peter10 ProXy-N0DE Renegade SaraWal Shizovren Numbros Peter2015 psner Reporter SaSu ShoKs Nummer2 peter72 PSwaysee requiem Satan123 Shop nuttenfaker. Peterhonigbaum PSY ResearchE sawno3 shoutl0ud Nuzaih peterlustig1234 PsyBorg Resko# SawZ sichel O.G George Jung PeterMaskman PsYcHo45 Resolve saxona SICHERHEITSFRAGE o2active PeterPan47 psyk0mania Respekt sayro Sid Vicious OB-Ticker peterrete psylux restor Sayuri siglo Obenz peterzwegat Psynova Retk Sazuke Sign In Oberst.Behindert peterzwegatschuldenfrei Puffydotpuff Review scar face SikerimSeni OCBNeed petro Pulse. revo123 SCENESHOP.PRO silaz Octane² PETRUS PumperJoe Revoltek SceneTools silence12 odun96 pferdoanen Pumuckl1 Rexxar Scheinheilig Silent Control oezim88 Ph@ntom Punchline Reyax scheissegal Silentlarry OJGandalf ph183 punica rhilor Schlaaand Silk okokok PhaenoM punischer rich.biz SchlagringCZ Silver Surfer Olly phantomicx Punisher rico schlemiel silver54 OMAHA Pharmasports Punk Ricola Schlumpfine19 simfinity onewingedangel2 Phase10 puRe riderknight1 Schmidt Simmel112 Onkel Jimbo phd purGe riffa Schnotte SimonGreifer Onlymoney220 Phillip PursePirate rightguard Schocko-Kuchen Simsek OnlySomeHavjiStuff philly PUSAT rikule85 schreiblabor siN OokieKabuki Phoenix3 pusteblume RioMali Schrix single OP-4 Phrenetic pwitt Riotgrrl Schröder sinsemilla420 openMind Pichu.♥ PxL Ritchman Schtormi Sinus700K openworld PiereLucas PYR0ID RL_Crimer schwabbel SippinSissurp optimal pierini1 pythagoras RLCrime Schwampel SipplBernhard optimized Piggeldy Q7. rlpo67 Schwarzenegger Siralja 55 OptimusSpeed Pimmel424242 Qex robbse schwarzerlotus FirstLVLJoined: OPW Pingpong1337 qronix RockStar schwarzetasse Sirene Oramina Pinguin Quadratpyramide Rocky Balboa Schwarzkopf SirHunter orangensprudel Pinguin109 quality.crime rodhad Schwitzkasten Sirius777 Osd 45 Pinguru Quark roepcke Scient siro007 Osten Pink_Panther_YU Quatschkopf RogerSterling sconto sithari ott PinkmanJesse querre roland scoobydo SivasLi58 overloading Pinochet qwr RolandRoyce Scope1337 Sixty Overlord Pipifaxen r00ter Rollmops Scopo sizzurp Ovi Pipiman r0ckyb4lb04 RomanReigns scornedlady92 Skelet0n Owen PixelArt r0tt Ronzo Scorpion-Mud SkimmingKing OxyWhite pizzaboy r1sky Roschi scorpy123 skinny_pete ozeanoz pizzabrot R2D2 RossHug0 Scylla Skittl29 OznoG PKK7 r4-gaviera rotana123 sealed skyfly ozout Platon Radagast Rox sealion skyhigh P.M.C playandwin365 Radditz RoxoR Seb2000 Skyper p0rn0ralle plazma Radiergummi_2 Roy second skyweb p0rNii PlopFlop Raffnix RTE Sector13 Slarti P0SEID Pltox raggaboy ruben SecureVPN.to Slash p3p31337 pockone RAiD Ruben von hinten SecurX Slavik p4r4 pocoxx Raigen Rudibert secXsec slic3menic3 Pablo Bodybuilding PokerFace Raikal rudikffr Sed Slicker12399 packi pokito88 Ramb0 RumsiDumsi Seedbank Slon3 PainOfNoMercy polibri rambo 5 Runkle Seelachs SlotMachine PallyMally PolskaDream rand0mboy Runkulus sekseh Smacksmash Pampelmuse polym randomslave RussianLove selfcoded Smartbox PANDI0N Polytoxikomanie Randossi Rx2s_DEV/NULL Selfies Auf SMCP panigal Pommesfriteuse Randy Orton ryanalves Wunschdaten Smeath Pansy Pompa raptor963 ryann seller SmileyAccG Panthers Pong Rash!d S.S.I.O Senix SmoKingRed Paperwhite PORT1 Rattenstar S&K Senjay sn00p Parael Posiformin rawsharktext S0nnyyy sequix sn0w Paran Posteingang rawstate S13G SergeantLose Sn1per Paris posterisan raz00rs S1gner Serok Sn4k3 parryhotter Potter RaZeR5 S4WX servit Snakzoo Partyarti23 pp-hacker RazziaBIZ sabber servserv SnowFlake partymaster PPF real4 sachenmachen sethgecko snowmanx pasha pr0cell realbadman sackoin setup24.net Snowstaru Pate2013 Pr0Skill realhaze Saddam6 seven77 snuffguy Patrick Meier Prajin reb0rn Sadixy SeventySeven Sobek PatronTools praNNkii Rebelabt Saft Sexy Hexy socialdude Paul_Jacob Premium Seller Rebellismus salamanca SeyTi sockz.net Paulchen PREMIUM-SERVICE24 Rec. salas SFive Soeldner pax PremiumCrimer Red_Baron sallandcall SG8 SOL Pay2pal PremiumStore Red_Bull sam SgtRosette solman paymeout2015 Prestupnik RedBlack Samantha Sh4rk someone PAYPAL Princejayone redbuster187 Samariter SHA33 Someone_One PayPal007 PrinceLM92 redeye2806 SAMCRO Shade sommerliebe paysafecard20% Print RedFlag Same Ol’ G Shadow12 SON OF ANARCHY PaySafecc Prinz_Analium RedGiant samfischer74 Shakur Son_Anarchy Paz0r Prinz1 RedHack samuel Shanks sonbka12 pcp-sigma prinzvonzamunda Redoubt samzara shariv.1 songoku007
53 | U-Markt: Peering into the German Cybercriminal Underground sonii sufu Thugger Unlimited-Visions WhoCares? YTCracker Sotchi Suleman ThugLife UnStopIt why-me Yukacco soundbar sumsum thunder99 untier Wickeda yungbecher SouthPark SumSum78 tilized Untold wigget z100 souza Sunrise TILTFISH Uomo wiiwarer Zabsy Sp33dex SUP32 Time4Crime uppectle Will Smith Zaebis SP3CT3R superla_tive Timmee Urbane wind-waker Zaga OG Sp3zialMat3rial Suppenmann Titanzwerg Strassenlegende Windoof ZalandoPsis spacesur4er Supplier TLDodo UrInstinkt WinniePooh ZaphodB sparr0w SupriseMotherfucker ToasTBroT_21 USA Sports winpark zativa Sparrow surrealy0 Toby555 uselessidiot21 wireless zaza spartana susi Todesreiter usenetter WirRauchenEinen Zbigniew Special Offer Sveb toffly user wiwo666 zbyer special_sign sventhebird TOKAREV user5000 wiz ZCrack SpecialUser swcn tomandiza user5589 wnbe zedd speedup SweazY ToMoHawk ussr woiwoi zeeeeeeek1 SpeedyBongzales Sweet TomSawyer UziClan wolf666 ZEL0S SpeedyGamer sweet_lemon Toni Maccaroni v0ice wolfsruede ZenZen Spellbound Sweet-Dreams ToniBettine V12 WOM23 Zer0ne spike80 swiss tonii v1Dr333s WorldOfCarder Zeran spikexx swiss8888 Tony Montana v1ntage Wrong1 ZerGo0 Spin SyMBI0S tony12023 vaiovaio WUERGER Zero Cool Spirit sync TonyFuckingMontana Vap0r Wunderland Zerobun spirit. Syntaxx TonyMontanaa Vapaus wuschi Zerox Spitfir3 Synthex TonyStyles Vatikan wutsthis zFlaiiR SPLATTOR Syphon TonyTones Vatos wzylmq zidan369 Spliffa Syrodox. toomuchmoney Vayu x-hacker ZiegenJoe splinter SysFix TopRated Vectra x4nt3r ziggyx Spongebob Szenepate Topsell vegga xaladit2 zilopfeiff sportsexpert T H I E F torch Veltins Xampp zined22 SpringZ t0pkat Torekkk vengativo xane zissel spys T3x Tortilla venice xarixon zločin SQLi~Hoe T4G tosh venix xatarbaba Zombiholocaust SQLiJunkie Taliban Toshi venni1 XboxGuthaben ZUCHT.BIZ squat92 tamara tr0n Verurteilter xCeReLoN Zuendholzkoenig Squirter tamara1 Trader123 Veysel123 xChefkoch Zufall sranje TARTAR0S tralala ViKiNG Xclusive-CNW zukrass SRB_L33cher TaxiDriver travor Vilsa xd123 zunc Srna td4s Trax vinz xecuter ZureXx Srsly 1 Team-Jesus Trevortone violentj XEN0M0RPH Zy0x ss-service tech.nick trialpnch ViperViper xenxen zynex SSJ4 Ted Bundy TrickzZHD VirtualCamWhore Xerious. zzzzz St4nl3y Ted Mosby TripleChance777 Visa xev Λɴᴏɴʏᴍᴏᴜs STAATSDRUCKEREI. TehH0verGuy Trisomie 21 Visa Vie xfactorx БРИГАДА88 BIZ Teletavi Tritium Vitalitasia xGdsNx Яedcode STACXS Teletubbies Trojaner Vito Corleone xgee イるる子 stalker666 temka trolex Vodka XIAO stall Tempomat trommelanton Voltaire XING standortfaktor tenaciousD trôn Volvic xiNher0 Stark88 tendency Tron Legacy vorlaeufiger xIOIJA Starscream11 tesk troppel Vorne Xirion31 Stay test77 TrOvEjAr Vril xJAMESx staytuned testax Troy vxx XkrayneX Steal testee TRUE Vyreen xLarax Steam-Keys Germany testitesto TTown W33DM0NK3Y xNe0N steam34 Testosteron1 tuco75 w33dst4r XNotoriousX SteamVendor TestTester tumbler w33dzzz Xonix stecki Tetova TuraelTM w4r10 xoro Stecklingsshop2015 th1s turb0 w8173 Xow stefan619 TH4D3U5 turb0h wale xownage Steppenwolf THACKC turbo-hacker wallodja XPosed Steve_JOBS thaiwolf TURBOLADER wallstreet777 xRise stiber THANAT0S turtle waltdisney XSploiT Sticky Thavince TwoMillion walter.white xVirtu Stiefvater thc txxx wannatestit xX-Facebooker-Xx Stiffmaster The Director tycoon wanyama xxgreeen stonemaker The Dude Tygah warren88 xxpower stopcrime The Governor Tyler1987 wawa xxqxx storch The Matrix Tyrael Waycel2 xxsheen storebay The-Iceman tyser wayne xxxBANDITxxx Stormy the78f Tyson92 wdeal xxxCCC123xxx Straftaeter theben TzumT Wean XxxSmackxxX StraiN TheBigMan ubisoft92 Web Xylometa Straw TheBoss Ubuntu WeeD-420 xZockerx streetweed theeast UDSSR Weedking y2J Strg TheMan Uhfres WeedMen Yasemin strg+q TheMoneyKey UKASH-PSC Weedpr1ncess Yasir strikedesign THenry14 uKraZo Weedshop24 yaya strobopopV2 ThePackage ulica weeeed YeabaWouky Strohmann ThePurge Ulr1k3 Weeirdo yeahh StrongT therealdeal UltrAslan weiss05 Yellowpain stryta12 therefore umberto weisse rose yenisi studke TheRollerx unapalabra WeisseKönigin yessir styx TheSnake Unbekannt WEKEED yoda Subversiv TheSpecialOne81 Underground_Chief wesTTHug yogibear SUC theuser Underman WhatThe yolbe SUC_2 TheXO Underworld Wheany YoloJohn Success thinkpad UNION/**/SELECT Wheezy YouJizz Sucht-Carder Thriksaw Unity White77 yourstreamer suenrolf Thug Style Unknown_Identity whitehouse ysedc
54 | U-Markt: Peering into the German Cybercriminal Underground References
1. Max Goncharov. (2015). Trend Micro Security Intelligence. “Russian Underground 2.0.” Last accessed on 18 November 2015, https://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/wp-russian- underground-2.0.pdf.
2. Fernando Mercês. (2014). Trend Micro Security Intelligence. “The Brazilian Underground Market: The Market for Cybercriminal Wannabes?” Last accessed on 18 November 2015, http://www.trendmicro.com/cloud-content/ us/pdfs/security-intelligence/white-papers/wp-the-brazilian-underground-market.pdf.
3. Dr. Vincenzo Ciancaglini, Dr. Marco Balduzzi, Robert McArdle, and Martin Rösler. Trend Micro Security Intelligence. “Below the Surface: Exploring the Deep Web.” Last accessed on 18 November 2015, http://www.trendmicro. com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_below_the_surface.pdf.
4. Lion Gu. (2015). Trend Micro Security Intelligence. “Prototype Nation: The Chinese Underground in 2015.” Last accessed on 24 November 2015, http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white- papers/wp-prototype-nation.pdf.
5. Max Goncharov. (2015). Trend Micro Security Intelligence. “Criminal Hideouts for Lease: Bulletproof Hosting Services.” Last accessed on 18 November 2015, http://www.trendmicro.com/cloud-content/us/pdfs/security- intelligence/white-papers/wp-criminal-hideouts-for-lease.pdf.
6. Trend Micro. (9 September 2015). Trend Micro Security News. “Sphinx: $500 Banking Trojan Emerges in the Underground.” Last accessed on 18 November 2015, http://www.trendmicro.com/vinfo/us/security/news/ cybercrime-and-digital-threats/sphinx-500-banking-trojan-emerges-in-the-underground.
55 | U-Markt: Peering into the German Cybercriminal Underground Created by:
The Global Technical Support and R&D Center of TREND MICRO
TREND MICROTM Trend Micro Incorporated, a global cloud security leader, creates a world safe for exchanging digital information with its Internet content security and threat management solutions for businesses and consumers. A pioneer in server security with over 20 years experience, we deliver topranked client, server, and cloud-based security that fits our customers’ and partners’ needs; stops new threats faster; and protects data in physical, virtualized, and cloud environments. Powered by the Trend Micro™ Smart Protection Network™ infrastructure, our industry-leading cloud-computing security technology, products and services stop threats where they emerge, on the Internet, and are supported by 1,000+ threat intelligence experts around the globe. For additional information, visit www.trendmicro.com.
©2015 by Trend Micro, Incorporated. All rights reserved. Trend Micro and the Trend Micro t-ball logo are trademarks or registered trademarks of Trend Micro, Incorporated. All other product or company names may be trademarks or registered trademarks of their owners.