The following intelligence brief is part of the Keeping Money Mule Recruiters on a Short Leash series. In it, I'll expose currently active money mule recruitment domains, their domain registration details, currently responding IPs, and related ASs.
Currently active money mule recruitment domains:
ACWOODE-GROUP.COM - 184.168.64.173 - Email: admin@acwoode-group.com
ACWOODE-GROUP.NET - 184.168.64.173 - Email: admin@acwoode-group.net
ART-GROUPINTEGRETED.COM - 78.46.105.205 - Email: admin@art-groupintegreted.com
ARTINTEGRATED-GROUP.NET - 78.46.105.205 - Email: crony@cutemail.org
COMPLETE-ART-GROUP-LTD.COM - 193.105.134.233 - Email: saps@cutemail.org
COMPLETE-ART-UK.NET - 193.105.134.232 - Email: admin@complete-art-uk.net
CONDORLLC-UK.COM - 193.105.134.231 - Email: plods@fxmail.net
CONDOR-LLC-UK.NET - 193.105.134.233 - Email: admin@condor-llc-uk.net
CONTEMP-USAINC.COM - 184.168.64.173 - Email: admin@contemp-usainc.com
CONTEMP-USGROUP.COM - 184.168.64.173 - Email: admin@contemp-usgroup.com
DE-KADEGROUP.CC - 193.105.134.230 - Email: cents@mailae.com
DERWOODE-GROUP.CC - 98.141.220.115 - Email: web@derwoode-group.cc
ELENTY-CO.NET - 184.168.64.173 - Email: abcs@mailti.com
ELENTY-LLC.COM - 184.168.64.173 - Email: admin@elenty-llc.com
GAPSONART.NET - 184.168.64.173 - Email: admin@gapsonart.net
GLACIS-GROUPUK.NET - 78.46.105.205 - Email: admin@glacis-groupuk.net
GURU-GROUP.CC - 184.168.64.173 - Email: admin@guru-group.cc
GURU-GROUP.NET - 184.168.64.173 - Email: jj@cutemail.org
INTECHTODEX-GROUP.COM - 184.168.64.173 - Email: uq@mail13.com
INTEGRATED-EUROPE-IT.NET - 78.46.105.205 - Email: admin@integrated-europe-it.net
ITAGROUP-USA.NET - 98.141.220.117 - Email: admin@itagroup-usa.net
IT-ANALISYS.COM - 98.141.220.115 - Email: yea@mailae.com
ITANALYSISGROUP.NET - 98.141.220.116 - Email: admin@itanalysisgroup.net
KADE-GROUPDE.NET - 78.46.105.205 - Email: zigzag@fxmail.net
MASTERARTUSA.COM - 98.141.220.114 - Email: day@mailae.com
NARTEN-ART.COM - 209.190.4.91 - Email: glamor@fxmail.net
NARTENART.NET - 209.190.4.91 - Email: admin@nartenart.net
quad-groupuk.cc - 78.46.105.205 - Email: prissy@mailae.com
REFINEMENT-ANTIQUE.COM - 184.168.64.173 - Email: xe@fxmail.net
SCAR-BEIINC.COM - 184.168.64.173 - Email: admin@scar-beiinc.com
SKYLINE-ANTIQUE.COM - 209.190.4.91 - Email: blurs@mailae.com
SKYLINE-LTD.NET - 209.190.4.91 - Email: admin@skyline-ltd.net
SMARTLLC-UK.COM - 193.105.134.234 - Email: admin@smartllc-uk.com
SMART-LLC-UK.NET - 193.105.134.233 - Email: pol@mailae.com
SPECIAL-ARTUK.COM - 193.105.134.232 - Email: admin@special-artuk.com
SUBLIMELTD.COM - 98.141.220.118 - Email: admin@sublimeltd.com
TODEX-GROUP.NET - 184.168.64.173 - Email: admin@todex-group.net
The domains reside within the following ASs: AS10297, RoadRunner RR-RC; AS42708; PORTLANE Network; AS26496; GODADDY.com; AS29713, INTERPLEXINC; AS24940, HETZNER-AS Hetzner Online.
Name servers of notice:
NS1.MKNS.SU - 85.25.250.244 - Email: mkns@cheapbox.ru
NS2.MKNS.SU - 46.4.148.119
NS3.MKNS.SU - 184.82.158.76
NS1.MLDNS.SU - 85.25.145.63 - Email: mldns@free-id.ru
NS2.MLDNS.SU - 46.4.148.74
NS3.MLDNS.SU - 184.82.158.74
NS1.MNAMEDL.SU - 85.25.250.211 - Email: mnamed@yourisp.ru
NS2.MNAMEDL.SU - 46.4.148.118
NS3.MNAMEDL.SU - 184.82.158.75
NS1.DNSUS.SU - 217.23.15.137 - Email: wifi@yourisp.ru
NS2.DNSUS.SU - 87.118.81.7
NS3.DNSUS.SU - 87.118.81.10
NS1.NAMEUSNS.SU - 217.23.15.138 - Email: lavier@bz3.ru
NS2.NAMEUSNS.SU - 84.19.161.7
NS3.NAMEUSNS.SU - 84.19.161.10
NS1.USDENNS.SU - 217.23.15.136 - Email: lipstick@free-id.ru
NS2.USDENNS.SU - 84.19.161.7
NS3.USDENNS.SU - 84.19.161.10
NS1.NAMESUKNS.CC - 86.55.210.4 - Email: pal@bz3.ru
NS2.NAMESUKNS.CC - 193.105.134.232
NS3.NAMESUKNS.CC - 193.105.134.237
NS1.NAMEUK.AT - 86.55.210.5 - Email: admin@nameuk.at
NS2.NAMEUK.AT - 193.105.134.233
NS3.NAMEUK.AT - 193.105.134.236
NS1.UKDNSTART.NET - 86.55.210.5 - Email: admin@ukdnstart.net
NS2.UKDNSTART.NET - 193.105.134.233
NS3.UKDNSTART.NET - 193.105.134.236
NS1.DENDRUYOS.NET - 86.55.210.4 - Email: admin@dendruyos.net
NS2.DENDRUYOS.NET - 193.105.134.232
NS3.DENDRUYOS.NET - 193.105.134.237
NS1.DEDNSAUTH.NET - 86.55.210.2 - Email: admin@dednsauth.net
NS2.DEDNSAUTH.NET - 193.105.134.230
NS3.DEDNSAUTH.NET - 193.105.134.239
NS1.DELTOPOOR.AT - 86.55.210.3 - Email: admin@deltopoor.at
NS2.DELTOPOOR.AT - 193.105.134.231
NS3.DELTOPOOR.AT - 193.105.134.238
Monitoring of ongoing money mule recruitment campaigns is ongoing.
Related posts:
Keeping Money Mule Recruiters on a Short Leash - Part Nine
Keeping Money Mule Recruiters on a Short Leash - Part Eight - Historical OSINT
Keeping Money Mule Recruiters on a Short Leash - Part Seven
Keeping Money Mule Recruiters on a Short Leash - Part Six
Keeping Money Mule Recruiters on a Short Leash - Part Five
The DNS Infrastructure of the Money Mule Recruitment Ecosystem
Keeping Money Mule Recruiters on a Short Leash - Part Four
Money Mule Recruitment Campaign Serving Client-Side Exploits
Keeping Money Mule Recruiters on a Short Leash - Part Three
Money Mule Recruiters on Yahoo!'s Web Hosting
Dissecting an Ongoing Money Mule Recruitment Campaign
Keeping Money Mule Recruiters on a Short Leash - Part Two
Keeping Reshipping Mule Recruiters on a Short Leash
Keeping Money Mule Recruiters on a Short Leash
Standardizing the Money Mule Recruitment Process
Inside a Money Laundering Group's Spamming Operations
Money Mule Recruiters use ASProx's Fast Fluxing Services
Money Mules Syndicate Actively Recruiting Since 2002
This post has been reproduced from Dancho Danchev's blog.
No comments:
Post a Comment