The following intelligence brief is part of the Keeping Money Mule Recruiters on a Short Leash series.
In it, I’ll expose currently active money mule recruitment domains,
their domain registration details, currently responding IPs, and related
ASs.
Money mule recruitment domains:
ACWOODE-GROUP.COM – 78.46.105.205 – Email: [email protected]
ACWOODE-GROUP.NET – 78.46.105.205 – Email: [email protected]
ART-GAPSON.COM – 78.46.105.205 – Email: [email protected]
CONDOR-LLC-UK.NET – Email: [email protected]
CONDORLLC-UK.COM – Email: [email protected]
DE-DVFGROUP.BE
ELENTY-CO.NET – Email: [email protected]
ELENTY-LLC.COM – 78.46.105.205 – Email: [email protected]
fabia-art.com – 209.190.4.91 – Email: [email protected]
fine-artgroup.com – 209.190.4.91
GAPSONART.NET – 78.46.105.205 – Email: [email protected]
gmd-contracting.com – 194.242.2.56 – Email: [email protected]
GURU-GROUP.CC – 78.46.105.205 – Email: [email protected]
GURU-GROUP.NET – 78.46.105.205 – Email: [email protected]
INTECHTODEX-GROUP.COM – 78.46.105.205 – Email: [email protected]
ltd-scg.net – 209.190.4.91 – Email: [email protected]
NARTEN-ART.COM – 78.46.105.205 – Email: [email protected]
NARTENART.NET – 78.46.105.205 – Email: [email protected]
panart-llc.com – 78.46.105.205 – Email: [email protected]
REFINEMENT-ANTIQUE.COM – 78.46.105.205 – Email: [email protected]
REFINEMENTUK-LTD.NET – 78.46.105.205 – Email: [email protected]
SKYLINE-ANTIQUE.COM – 78.46.105.205 – Email: [email protected]
SKYLINE-LTD.NET – 78.46.105.205 – Email: [email protected]
techce-group.com – 184.168.64.173 – Email: [email protected]
TODEX-GROUP.NET – 78.46.105.205 – Email: [email protected]
triad-webs.com – 85.17.24.226
The domains reside within the following ASs: AS24940, HETZNER-AS Hetzner Online AG RZ; AS16265, LeaseWeb B.V. Amsterdam; AS26496, GODADDY .com, Inc.; AS10297, RoadRunner RR-RC-Enet-Columbus.
Name servers of notice:
NS1.MKNS.SU – 85.25.250.244 – Email: [email protected]
NS2.MKNS.SU – 46.4.148.119
NS3.MKNS.SU – 184.82.158.76
NS1.MNAMEDL.SU – 85.25.250.211 – Email: [email protected]
NS2.MNAMEDL.SU – 46.4.148.118
NS3.MNAMEDL.SU – 184.82.158.75
NS1.MLDNS.SU – 85.25.145.63 – Email: [email protected]
NS2.MLDNS.SU – 46.4.148.74
NS3.MLDNS.SU – 184.82.158.74
NS1.NAMESUKNS.CC – Email: [email protected]
NS2.NAMESUKNS.CC
NS3.NAMESUKNS.CC
NS1.NAMEUK.AT – Email: [email protected]
NS2.NAMEUK.AT
NS3.NAMEUK.AT
NS1.UKDNSTART.NET – Email: [email protected]
NS2.UKDNSTART.NET
NS3.UKDNSTART.NET
Monitoring of ongoing money mule recruitment campaigns is ongoing.
Related posts:
Keeping Money Mule Recruiters on a Short Leash – Part Ten
Keeping Money Mule Recruiters on a Short Leash – Part Nine
Keeping Money Mule Recruiters on a Short Leash – Part Eight – Historical OSINT
Keeping Money Mule Recruiters on a Short Leash – Part Seven
Keeping Money Mule Recruiters on a Short Leash – Part Six
Keeping Money Mule Recruiters on a Short Leash – Part Five
The DNS Infrastructure of the Money Mule Recruitment Ecosystem
Keeping Money Mule Recruiters on a Short Leash – Part Four
Money Mule Recruitment Campaign Serving Client-Side Exploits
Keeping Money Mule Recruiters on a Short Leash – Part Three
Money Mule Recruiters on Yahoo!’s Web Hosting
Dissecting an Ongoing Money Mule Recruitment Campaign
Keeping Money Mule Recruiters on a Short Leash – Part Two
Keeping Reshipping Mule Recruiters on a Short Leash
Keeping Money Mule Recruiters on a Short Leash
Standardizing the Money Mule Recruitment Process
Inside a Money Laundering Group’s Spamming Operations
Money Mule Recruiters use ASProx’s Fast Fluxing Services
Money Mules Syndicate Actively Recruiting Since 2002
This post has been reproduced from Dancho Danchev’s blog.
Leave a reply
