Bulletproof hosting (BPH) services, as their name suggests, are more robust than other web hosting services. More resilient against complaints and takedown requests from law enforcement, they enable and facilitate a vast array of cybercriminal activity, such as phishing sites and malware download servers, to continue undisturbed.
BPH services are perhaps the biggest enabler of cybercrime within the underground, and for the last decade, one threat actor has maintained prominence: yalishanda. This actor operates one of the most popular BPH services in the world. The actor provides a “top-tier” service that is both more mature and expansive than other offerings, perhaps explaining yalishanda’s continued popularity. Here, Intel 471 presents a snapshot of the prolific bulletproof hoster.
For teams seeking to proactively prevent cyber threats, the tracking of BPH services and actors behind them is key. By leveraging exclusive intelligence, organizations can better monitor for and block activity stemming from such infrastructure, while law enforcement agencies can use the intelligence to refine their efforts to permanently disrupt BPH infrastructure. Intel 471 is dedicated to sharing the latest updates on BPH and more to help empower the defenses of enterprises and government agencies.
In August 2025, two anonymous researchers released 9 GB of data from a workstation of a likely advanced persistent threat (APT) group. Here’s an analysis of the data by Intel 471’s Cyber Geopolitical Risk team.
Initial access brokers (IABs) sell access to compromised organizations on underground forums. Here's an analysis looking at whether these offers can be correlated to ransomware attacks.
In this Studio 471, Jacob Larsen discusses the effects of doxing, how sites like Doxbin take advantage of legal loopholes and how to defend against being doxed.
Stay informed with our weekly executive update, sending you the latest news and timely data on the threats, risks, and regulations affecting your organization.