Independent Contractor. Bitcoin: 15Zvie1j8CjSR52doVSZSjctCDSx3pDjKZ Email: dancho.danchev@hush.com OMEMO: ddanchev@conversations.im | OTR: danchodanchev@xmpp.jp | TOX ID: 2E6FCA35A18AA76B2CCE33B55404A796F077CADA56F38922A1988AA381AE617A15D3D3E3E6F1
Thursday, July 07, 2011
Keeping Money Mule Recruiters on a Short Leash - Part Ten
The following intelligence brief is part of the Keeping Money Mule Recruiters on a Short Leash series. In it, I'll expose currently active money mule recruitment domains, their domain registration details, currently responding IPs, and related ASs.
Currently active money mule recruitment domains:
ACWOODE-GROUP.COM - 184.168.64.173 - Email: admin@acwoode-group.com
ACWOODE-GROUP.NET - 184.168.64.173 - Email: admin@acwoode-group.net
ART-GROUPINTEGRETED.COM - 78.46.105.205 - Email: admin@art-groupintegreted.com
ARTINTEGRATED-GROUP.NET - 78.46.105.205 - Email: crony@cutemail.org
COMPLETE-ART-GROUP-LTD.COM - 193.105.134.233 - Email: saps@cutemail.org
COMPLETE-ART-UK.NET - 193.105.134.232 - Email: admin@complete-art-uk.net
CONDORLLC-UK.COM - 193.105.134.231 - Email: plods@fxmail.net
CONDOR-LLC-UK.NET - 193.105.134.233 - Email: admin@condor-llc-uk.net
CONTEMP-USAINC.COM - 184.168.64.173 - Email: admin@contemp-usainc.com
CONTEMP-USGROUP.COM - 184.168.64.173 - Email: admin@contemp-usgroup.com
DE-KADEGROUP.CC - 193.105.134.230 - Email: cents@mailae.com
DERWOODE-GROUP.CC - 98.141.220.115 - Email: web@derwoode-group.cc
ELENTY-CO.NET - 184.168.64.173 - Email: abcs@mailti.com
ELENTY-LLC.COM - 184.168.64.173 - Email: admin@elenty-llc.com
GAPSONART.NET - 184.168.64.173 - Email: admin@gapsonart.net
GLACIS-GROUPUK.NET - 78.46.105.205 - Email: admin@glacis-groupuk.net
GURU-GROUP.CC - 184.168.64.173 - Email: admin@guru-group.cc
GURU-GROUP.NET - 184.168.64.173 - Email: jj@cutemail.org
INTECHTODEX-GROUP.COM - 184.168.64.173 - Email: uq@mail13.com
INTEGRATED-EUROPE-IT.NET - 78.46.105.205 - Email: admin@integrated-europe-it.net
ITAGROUP-USA.NET - 98.141.220.117 - Email: admin@itagroup-usa.net
IT-ANALISYS.COM - 98.141.220.115 - Email: yea@mailae.com
ITANALYSISGROUP.NET - 98.141.220.116 - Email: admin@itanalysisgroup.net
KADE-GROUPDE.NET - 78.46.105.205 - Email: zigzag@fxmail.net
MASTERARTUSA.COM - 98.141.220.114 - Email: day@mailae.com
NARTEN-ART.COM - 209.190.4.91 - Email: glamor@fxmail.net
NARTENART.NET - 209.190.4.91 - Email: admin@nartenart.net
quad-groupuk.cc - 78.46.105.205 - Email: prissy@mailae.com
REFINEMENT-ANTIQUE.COM - 184.168.64.173 - Email: xe@fxmail.net
SCAR-BEIINC.COM - 184.168.64.173 - Email: admin@scar-beiinc.com
SKYLINE-ANTIQUE.COM - 209.190.4.91 - Email: blurs@mailae.com
SKYLINE-LTD.NET - 209.190.4.91 - Email: admin@skyline-ltd.net
SMARTLLC-UK.COM - 193.105.134.234 - Email: admin@smartllc-uk.com
SMART-LLC-UK.NET - 193.105.134.233 - Email: pol@mailae.com
SPECIAL-ARTUK.COM - 193.105.134.232 - Email: admin@special-artuk.com
SUBLIMELTD.COM - 98.141.220.118 - Email: admin@sublimeltd.com
TODEX-GROUP.NET - 184.168.64.173 - Email: admin@todex-group.net
The domains reside within the following ASs: AS10297, RoadRunner RR-RC; AS42708; PORTLANE Network; AS26496; GODADDY.com; AS29713, INTERPLEXINC; AS24940, HETZNER-AS Hetzner Online.
Name servers of notice:
NS1.MKNS.SU - 85.25.250.244 - Email: mkns@cheapbox.ru
NS2.MKNS.SU - 46.4.148.119
NS3.MKNS.SU - 184.82.158.76
NS1.MLDNS.SU - 85.25.145.63 - Email: mldns@free-id.ru
NS2.MLDNS.SU - 46.4.148.74
NS3.MLDNS.SU - 184.82.158.74
NS1.MNAMEDL.SU - 85.25.250.211 - Email: mnamed@yourisp.ru
NS2.MNAMEDL.SU - 46.4.148.118
NS3.MNAMEDL.SU - 184.82.158.75
NS1.DNSUS.SU - 217.23.15.137 - Email: wifi@yourisp.ru
NS2.DNSUS.SU - 87.118.81.7
NS3.DNSUS.SU - 87.118.81.10
NS1.NAMEUSNS.SU - 217.23.15.138 - Email: lavier@bz3.ru
NS2.NAMEUSNS.SU - 84.19.161.7
NS3.NAMEUSNS.SU - 84.19.161.10
NS1.USDENNS.SU - 217.23.15.136 - Email: lipstick@free-id.ru
NS2.USDENNS.SU - 84.19.161.7
NS3.USDENNS.SU - 84.19.161.10
NS1.NAMESUKNS.CC - 86.55.210.4 - Email: pal@bz3.ru
NS2.NAMESUKNS.CC - 193.105.134.232
NS3.NAMESUKNS.CC - 193.105.134.237
NS1.NAMEUK.AT - 86.55.210.5 - Email: admin@nameuk.at
NS2.NAMEUK.AT - 193.105.134.233
NS3.NAMEUK.AT - 193.105.134.236
NS1.UKDNSTART.NET - 86.55.210.5 - Email: admin@ukdnstart.net
NS2.UKDNSTART.NET - 193.105.134.233
NS3.UKDNSTART.NET - 193.105.134.236
NS1.DENDRUYOS.NET - 86.55.210.4 - Email: admin@dendruyos.net
NS2.DENDRUYOS.NET - 193.105.134.232
NS3.DENDRUYOS.NET - 193.105.134.237
NS1.DEDNSAUTH.NET - 86.55.210.2 - Email: admin@dednsauth.net
NS2.DEDNSAUTH.NET - 193.105.134.230
NS3.DEDNSAUTH.NET - 193.105.134.239
NS1.DELTOPOOR.AT - 86.55.210.3 - Email: admin@deltopoor.at
NS2.DELTOPOOR.AT - 193.105.134.231
NS3.DELTOPOOR.AT - 193.105.134.238
Monitoring of ongoing money mule recruitment campaigns is ongoing.
Related posts:
Keeping Money Mule Recruiters on a Short Leash - Part Nine
Keeping Money Mule Recruiters on a Short Leash - Part Eight - Historical OSINT
Keeping Money Mule Recruiters on a Short Leash - Part Seven
Keeping Money Mule Recruiters on a Short Leash - Part Six
Keeping Money Mule Recruiters on a Short Leash - Part Five
The DNS Infrastructure of the Money Mule Recruitment Ecosystem
Keeping Money Mule Recruiters on a Short Leash - Part Four
Money Mule Recruitment Campaign Serving Client-Side Exploits
Keeping Money Mule Recruiters on a Short Leash - Part Three
Money Mule Recruiters on Yahoo!'s Web Hosting
Dissecting an Ongoing Money Mule Recruitment Campaign
Keeping Money Mule Recruiters on a Short Leash - Part Two
Keeping Reshipping Mule Recruiters on a Short Leash
Keeping Money Mule Recruiters on a Short Leash
Standardizing the Money Mule Recruitment Process
Inside a Money Laundering Group's Spamming Operations
Money Mule Recruiters use ASProx's Fast Fluxing Services
Money Mules Syndicate Actively Recruiting Since 2002
This post has been reproduced from Dancho Danchev's blog.
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Keeping Money Mule Recruiters on a Short Leash - Part Ten
The following intelligence brief is part of the Keeping Money Mule Recruiters on a Short Leash series. In it, I'll expose currently active money mule recruitment domains, their domain registration details, currently responding IPs, and related ASs.
Currently active money mule recruitment domains:
ACWOODE-GROUP.COM - 184.168.64.173 - Email: admin@acwoode-group.com
ACWOODE-GROUP.NET - 184.168.64.173 - Email: admin@acwoode-group.net
ART-GROUPINTEGRETED.COM - 78.46.105.205 - Email: admin@art-groupintegreted.com
ARTINTEGRATED-GROUP.NET - 78.46.105.205 - Email: crony@cutemail.org
COMPLETE-ART-GROUP-LTD.COM - 193.105.134.233 - Email: saps@cutemail.org
COMPLETE-ART-UK.NET - 193.105.134.232 - Email: admin@complete-art-uk.net
CONDORLLC-UK.COM - 193.105.134.231 - Email: plods@fxmail.net
CONDOR-LLC-UK.NET - 193.105.134.233 - Email: admin@condor-llc-uk.net
CONTEMP-USAINC.COM - 184.168.64.173 - Email: admin@contemp-usainc.com
CONTEMP-USGROUP.COM - 184.168.64.173 - Email: admin@contemp-usgroup.com
DE-KADEGROUP.CC - 193.105.134.230 - Email: cents@mailae.com
DERWOODE-GROUP.CC - 98.141.220.115 - Email: web@derwoode-group.cc
ELENTY-CO.NET - 184.168.64.173 - Email: abcs@mailti.com
ELENTY-LLC.COM - 184.168.64.173 - Email: admin@elenty-llc.com
GAPSONART.NET - 184.168.64.173 - Email: admin@gapsonart.net
GLACIS-GROUPUK.NET - 78.46.105.205 - Email: admin@glacis-groupuk.net
GURU-GROUP.CC - 184.168.64.173 - Email: admin@guru-group.cc
GURU-GROUP.NET - 184.168.64.173 - Email: jj@cutemail.org
INTECHTODEX-GROUP.COM - 184.168.64.173 - Email: uq@mail13.com
INTEGRATED-EUROPE-IT.NET - 78.46.105.205 - Email: admin@integrated-europe-it.net
ITAGROUP-USA.NET - 98.141.220.117 - Email: admin@itagroup-usa.net
IT-ANALISYS.COM - 98.141.220.115 - Email: yea@mailae.com
ITANALYSISGROUP.NET - 98.141.220.116 - Email: admin@itanalysisgroup.net
KADE-GROUPDE.NET - 78.46.105.205 - Email: zigzag@fxmail.net
MASTERARTUSA.COM - 98.141.220.114 - Email: day@mailae.com
NARTEN-ART.COM - 209.190.4.91 - Email: glamor@fxmail.net
NARTENART.NET - 209.190.4.91 - Email: admin@nartenart.net
quad-groupuk.cc - 78.46.105.205 - Email: prissy@mailae.com
REFINEMENT-ANTIQUE.COM - 184.168.64.173 - Email: xe@fxmail.net
SCAR-BEIINC.COM - 184.168.64.173 - Email: admin@scar-beiinc.com
SKYLINE-ANTIQUE.COM - 209.190.4.91 - Email: blurs@mailae.com
SKYLINE-LTD.NET - 209.190.4.91 - Email: admin@skyline-ltd.net
SMARTLLC-UK.COM - 193.105.134.234 - Email: admin@smartllc-uk.com
SMART-LLC-UK.NET - 193.105.134.233 - Email: pol@mailae.com
SPECIAL-ARTUK.COM - 193.105.134.232 - Email: admin@special-artuk.com
SUBLIMELTD.COM - 98.141.220.118 - Email: admin@sublimeltd.com
TODEX-GROUP.NET - 184.168.64.173 - Email: admin@todex-group.net
The domains reside within the following ASs: AS10297, RoadRunner RR-RC; AS42708; PORTLANE Network; AS26496; GODADDY.com; AS29713, INTERPLEXINC; AS24940, HETZNER-AS Hetzner Online.
Name servers of notice:
NS1.MKNS.SU - 85.25.250.244 - Email: mkns@cheapbox.ru
NS2.MKNS.SU - 46.4.148.119
NS3.MKNS.SU - 184.82.158.76
NS1.MLDNS.SU - 85.25.145.63 - Email: mldns@free-id.ru
NS2.MLDNS.SU - 46.4.148.74
NS3.MLDNS.SU - 184.82.158.74
NS1.MNAMEDL.SU - 85.25.250.211 - Email: mnamed@yourisp.ru
NS2.MNAMEDL.SU - 46.4.148.118
NS3.MNAMEDL.SU - 184.82.158.75
NS1.DNSUS.SU - 217.23.15.137 - Email: wifi@yourisp.ru
NS2.DNSUS.SU - 87.118.81.7
NS3.DNSUS.SU - 87.118.81.10
NS1.NAMEUSNS.SU - 217.23.15.138 - Email: lavier@bz3.ru
NS2.NAMEUSNS.SU - 84.19.161.7
NS3.NAMEUSNS.SU - 84.19.161.10
NS1.USDENNS.SU - 217.23.15.136 - Email: lipstick@free-id.ru
NS2.USDENNS.SU - 84.19.161.7
NS3.USDENNS.SU - 84.19.161.10
NS1.NAMESUKNS.CC - 86.55.210.4 - Email: pal@bz3.ru
NS2.NAMESUKNS.CC - 193.105.134.232
NS3.NAMESUKNS.CC - 193.105.134.237
NS1.NAMEUK.AT - 86.55.210.5 - Email: admin@nameuk.at
NS2.NAMEUK.AT - 193.105.134.233
NS3.NAMEUK.AT - 193.105.134.236
NS1.UKDNSTART.NET - 86.55.210.5 - Email: admin@ukdnstart.net
NS2.UKDNSTART.NET - 193.105.134.233
NS3.UKDNSTART.NET - 193.105.134.236
NS1.DENDRUYOS.NET - 86.55.210.4 - Email: admin@dendruyos.net
NS2.DENDRUYOS.NET - 193.105.134.232
NS3.DENDRUYOS.NET - 193.105.134.237
NS1.DEDNSAUTH.NET - 86.55.210.2 - Email: admin@dednsauth.net
NS2.DEDNSAUTH.NET - 193.105.134.230
NS3.DEDNSAUTH.NET - 193.105.134.239
NS1.DELTOPOOR.AT - 86.55.210.3 - Email: admin@deltopoor.at
NS2.DELTOPOOR.AT - 193.105.134.231
NS3.DELTOPOOR.AT - 193.105.134.238
Monitoring of ongoing money mule recruitment campaigns is ongoing.
Related posts:
Keeping Money Mule Recruiters on a Short Leash - Part Nine
Keeping Money Mule Recruiters on a Short Leash - Part Eight - Historical OSINT
Keeping Money Mule Recruiters on a Short Leash - Part Seven
Keeping Money Mule Recruiters on a Short Leash - Part Six
Keeping Money Mule Recruiters on a Short Leash - Part Five
The DNS Infrastructure of the Money Mule Recruitment Ecosystem
Keeping Money Mule Recruiters on a Short Leash - Part Four
Money Mule Recruitment Campaign Serving Client-Side Exploits
Keeping Money Mule Recruiters on a Short Leash - Part Three
Money Mule Recruiters on Yahoo!'s Web Hosting
Dissecting an Ongoing Money Mule Recruitment Campaign
Keeping Money Mule Recruiters on a Short Leash - Part Two
Keeping Reshipping Mule Recruiters on a Short Leash
Keeping Money Mule Recruiters on a Short Leash
Standardizing the Money Mule Recruitment Process
Inside a Money Laundering Group's Spamming Operations
Money Mule Recruiters use ASProx's Fast Fluxing Services
Money Mules Syndicate Actively Recruiting Since 2002
This post has been reproduced from Dancho Danchev's blog.
Tags:
Cybercrime,
Hacking,
Information Security,
Money Laundering,
Money Mule,
Money Mule Recruitment,
Security
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Summarizing ZDNet's Zero Day Posts for June
The following is a brief summary of all of my posts at ZDNet's Zero Day for June. You can subscribe to my personal RSS feed, Zero Day's main feed, or follow me on Twitter:
01. 'Hot Lesbian Video - Rihanna and Hayden Panettiere' scam on Facebook leads to Mac malware
02. Sony Europe hacked by Lebanese grey hat hacker
03. Spamvertised United Parcel Service emails lead to scareware
04. The most common iPhone passcodes
05. AutoRun malware infections declining
06. 'McDonald's Free Dinner Day' emails lead to scareware
07. Two DDoS attacks hit Network Solutions
08. 'The Creator of LulzSec arrested in London' scam spreading on Facebook
09. Federal Reserve themed emails lead to ZeuS crimeware
10. 'Photographer commited SUICIDE 3 days after shooting THIS video!' scam spreading on Facebook
This post has been reproduced from Dancho Danchev's blog. Follow him on Twitter.
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Subscribe to:
Posts (Atom)