Thursday, July 07, 2011

Keeping Money Mule Recruiters on a Short Leash - Part Ten


The following intelligence brief is part of the Keeping Money Mule Recruiters on a Short Leash series. In it, I'll expose currently active money mule recruitment domains, their domain registration details, currently responding IPs, and related ASs.

Currently active money mule recruitment domains:
ACWOODE-GROUP.COM - 184.168.64.173 - Email: admin@acwoode-group.com
ACWOODE-GROUP.NET - 184.168.64.173 - Email: admin@acwoode-group.net
ART-GROUPINTEGRETED.COM - 78.46.105.205 - Email: admin@art-groupintegreted.com
ARTINTEGRATED-GROUP.NET - 78.46.105.205 - Email: crony@cutemail.org
COMPLETE-ART-GROUP-LTD.COM - 193.105.134.233 - Email: saps@cutemail.org
COMPLETE-ART-UK.NET - 193.105.134.232 - Email: admin@complete-art-uk.net
CONDORLLC-UK.COM - 193.105.134.231 - Email: plods@fxmail.net
CONDOR-LLC-UK.NET - 193.105.134.233 - Email: admin@condor-llc-uk.net
CONTEMP-USAINC.COM - 184.168.64.173 - Email: admin@contemp-usainc.com
CONTEMP-USGROUP.COM - 184.168.64.173 - Email: admin@contemp-usgroup.com
DE-KADEGROUP.CC - 193.105.134.230 - Email: cents@mailae.com
DERWOODE-GROUP.CC - 98.141.220.115 - Email: web@derwoode-group.cc
ELENTY-CO.NET - 184.168.64.173 - Email: abcs@mailti.com
ELENTY-LLC.COM - 184.168.64.173 - Email: admin@elenty-llc.com
GAPSONART.NET - 184.168.64.173 - Email: admin@gapsonart.net
GLACIS-GROUPUK.NET - 78.46.105.205 - Email: admin@glacis-groupuk.net
GURU-GROUP.CC - 184.168.64.173 - Email: admin@guru-group.cc
GURU-GROUP.NET - 184.168.64.173 - Email: jj@cutemail.org
INTECHTODEX-GROUP.COM - 184.168.64.173 - Email: uq@mail13.com
INTEGRATED-EUROPE-IT.NET - 78.46.105.205 - Email: admin@integrated-europe-it.net
ITAGROUP-USA.NET - 98.141.220.117 - Email: admin@itagroup-usa.net
IT-ANALISYS.COM - 98.141.220.115 - Email: yea@mailae.com
ITANALYSISGROUP.NET - 98.141.220.116 - Email: admin@itanalysisgroup.net
KADE-GROUPDE.NET - 78.46.105.205 - Email: zigzag@fxmail.net
MASTERARTUSA.COM - 98.141.220.114 - Email: day@mailae.com
NARTEN-ART.COM - 209.190.4.91 - Email: glamor@fxmail.net
NARTENART.NET - 209.190.4.91 - Email: admin@nartenart.net
quad-groupuk.cc - 78.46.105.205 - Email: prissy@mailae.com
REFINEMENT-ANTIQUE.COM - 184.168.64.173 - Email: xe@fxmail.net
SCAR-BEIINC.COM - 184.168.64.173 - Email: admin@scar-beiinc.com
SKYLINE-ANTIQUE.COM - 209.190.4.91 - Email: blurs@mailae.com
SKYLINE-LTD.NET - 209.190.4.91 - Email: admin@skyline-ltd.net
SMARTLLC-UK.COM - 193.105.134.234 - Email: admin@smartllc-uk.com
SMART-LLC-UK.NET - 193.105.134.233 - Email: pol@mailae.com
SPECIAL-ARTUK.COM - 193.105.134.232 - Email: admin@special-artuk.com
SUBLIMELTD.COM - 98.141.220.118 - Email: admin@sublimeltd.com
TODEX-GROUP.NET - 184.168.64.173 - Email: admin@todex-group.net


The domains reside within the following ASs: AS10297, RoadRunner RR-RC; AS42708; PORTLANE Network; AS26496; GODADDY.com; AS29713, INTERPLEXINC; AS24940, HETZNER-AS Hetzner Online.

Name servers of notice:
NS1.MKNS.SU - 85.25.250.244 - Email: mkns@cheapbox.ru
NS2.MKNS.SU - 46.4.148.119
NS3.MKNS.SU - 184.82.158.76
NS1.MLDNS.SU - 85.25.145.63 - Email: mldns@free-id.ru
NS2.MLDNS.SU - 46.4.148.74
NS3.MLDNS.SU -     184.82.158.74
NS1.MNAMEDL.SU - 85.25.250.211 - Email: mnamed@yourisp.ru
NS2.MNAMEDL.SU - 46.4.148.118
NS3.MNAMEDL.SU - 184.82.158.75
NS1.DNSUS.SU -     217.23.15.137 - Email: wifi@yourisp.ru
NS2.DNSUS.SU - 87.118.81.7
NS3.DNSUS.SU - 87.118.81.10
NS1.NAMEUSNS.SU - 217.23.15.138 - Email: lavier@bz3.ru
NS2.NAMEUSNS.SU - 84.19.161.7
NS3.NAMEUSNS.SU - 84.19.161.10
NS1.USDENNS.SU - 217.23.15.136 - Email: lipstick@free-id.ru
NS2.USDENNS.SU - 84.19.161.7
NS3.USDENNS.SU - 84.19.161.10
NS1.NAMESUKNS.CC - 86.55.210.4 - Email: pal@bz3.ru
NS2.NAMESUKNS.CC - 193.105.134.232
NS3.NAMESUKNS.CC - 193.105.134.237
NS1.NAMEUK.AT - 86.55.210.5 - Email: admin@nameuk.at
NS2.NAMEUK.AT - 193.105.134.233
NS3.NAMEUK.AT - 193.105.134.236
NS1.UKDNSTART.NET - 86.55.210.5 - Email: admin@ukdnstart.net
NS2.UKDNSTART.NET - 193.105.134.233
NS3.UKDNSTART.NET - 193.105.134.236
NS1.DENDRUYOS.NET - 86.55.210.4 - Email: admin@dendruyos.net
NS2.DENDRUYOS.NET - 193.105.134.232
NS3.DENDRUYOS.NET - 193.105.134.237
NS1.DEDNSAUTH.NET - 86.55.210.2 - Email: admin@dednsauth.net
NS2.DEDNSAUTH.NET - 193.105.134.230
NS3.DEDNSAUTH.NET - 193.105.134.239
NS1.DELTOPOOR.AT - 86.55.210.3 - Email: admin@deltopoor.at
NS2.DELTOPOOR.AT - 193.105.134.231
NS3.DELTOPOOR.AT - 193.105.134.238

Monitoring of ongoing money mule recruitment campaigns is ongoing.

Related posts:
Keeping Money Mule Recruiters on a Short Leash - Part Nine
Keeping Money Mule Recruiters on a Short Leash - Part Eight - Historical OSINT
Keeping Money Mule Recruiters on a Short Leash - Part Seven
Keeping Money Mule Recruiters on a Short Leash - Part Six
Keeping Money Mule Recruiters on a Short Leash - Part Five
The DNS Infrastructure of the Money Mule Recruitment Ecosystem
Keeping Money Mule Recruiters on a Short Leash - Part Four
Money Mule Recruitment Campaign Serving Client-Side Exploits
Keeping Money Mule Recruiters on a Short Leash - Part Three
Money Mule Recruiters on Yahoo!'s Web Hosting
Dissecting an Ongoing Money Mule Recruitment Campaign
Keeping Money Mule Recruiters on a Short Leash - Part Two
Keeping Reshipping Mule Recruiters on a Short Leash
Keeping Money Mule Recruiters on a Short Leash
Standardizing the Money Mule Recruitment Process
Inside a Money Laundering Group's Spamming Operations
Money Mule Recruiters use ASProx's Fast Fluxing Services
Money Mules Syndicate Actively Recruiting Since 2002

This post has been reproduced from Dancho Danchev's blog.