The Latest in IT Security

Keeping Money Mule Recruiters on a Short Leash – Part Ten

07
Jul
2011


The following intelligence brief is part of the Keeping Money Mule Recruiters on a Short Leash series. In it, I’ll expose currently active money mule recruitment domains, their domain registration details, currently responding IPs, and related ASs.

Currently active money mule recruitment domains:
ACWOODE-GROUP.COM – 184.168.64.173 – Email: [email protected]
ACWOODE-GROUP.NET – 184.168.64.173 – Email: [email protected]
ART-GROUPINTEGRETED.COM – 78.46.105.205 – Email: [email protected]
ARTINTEGRATED-GROUP.NET – 78.46.105.205 – Email: [email protected]
COMPLETE-ART-GROUP-LTD.COM – 193.105.134.233 – Email: [email protected]
COMPLETE-ART-UK.NET – 193.105.134.232 – Email: [email protected]
CONDORLLC-UK.COM – 193.105.134.231 – Email: [email protected]
CONDOR-LLC-UK.NET – 193.105.134.233 – Email: [email protected]
CONTEMP-USAINC.COM – 184.168.64.173 – Email: [email protected]
CONTEMP-USGROUP.COM – 184.168.64.173 – Email: [email protected]
DE-KADEGROUP.CC – 193.105.134.230 – Email: [email protected]
DERWOODE-GROUP.CC – 98.141.220.115 – Email: [email protected]
ELENTY-CO.NET – 184.168.64.173 – Email: [email protected]
ELENTY-LLC.COM – 184.168.64.173 – Email: [email protected]
GAPSONART.NET – 184.168.64.173 – Email: [email protected]
GLACIS-GROUPUK.NET – 78.46.105.205 – Email: [email protected]
GURU-GROUP.CC – 184.168.64.173 – Email: [email protected]
GURU-GROUP.NET – 184.168.64.173 – Email: [email protected]
INTECHTODEX-GROUP.COM – 184.168.64.173 – Email: [email protected]
INTEGRATED-EUROPE-IT.NET – 78.46.105.205 – Email: [email protected]
ITAGROUP-USA.NET – 98.141.220.117 – Email: [email protected]
IT-ANALISYS.COM – 98.141.220.115 – Email: [email protected]
ITANALYSISGROUP.NET – 98.141.220.116 – Email: [email protected]
KADE-GROUPDE.NET – 78.46.105.205 – Email: [email protected]
MASTERARTUSA.COM – 98.141.220.114 – Email: [email protected]
NARTEN-ART.COM – 209.190.4.91 – Email: [email protected]
NARTENART.NET – 209.190.4.91 – Email: [email protected]
quad-groupuk.cc – 78.46.105.205 – Email: [email protected]
REFINEMENT-ANTIQUE.COM – 184.168.64.173 – Email: [email protected]
SCAR-BEIINC.COM – 184.168.64.173 – Email: [email protected]
SKYLINE-ANTIQUE.COM – 209.190.4.91 – Email: [email protected]
SKYLINE-LTD.NET – 209.190.4.91 – Email: [email protected]
SMARTLLC-UK.COM – 193.105.134.234 – Email: [email protected]
SMART-LLC-UK.NET – 193.105.134.233 – Email: [email protected]
SPECIAL-ARTUK.COM – 193.105.134.232 – Email: [email protected]
SUBLIMELTD.COM – 98.141.220.118 – Email: [email protected]
TODEX-GROUP.NET – 184.168.64.173 – Email: [email protected]


The domains reside within the following ASs: AS10297, RoadRunner RR-RC; AS42708; PORTLANE Network; AS26496; GODADDY.com; AS29713, INTERPLEXINC; AS24940, HETZNER-AS Hetzner Online.

Name servers of notice:
NS1.MKNS.SU – 85.25.250.244 – Email: [email protected]
NS2.MKNS.SU – 46.4.148.119
NS3.MKNS.SU – 184.82.158.76
NS1.MLDNS.SU – 85.25.145.63 – Email: [email protected]
NS2.MLDNS.SU – 46.4.148.74
NS3.MLDNS.SU –     184.82.158.74
NS1.MNAMEDL.SU – 85.25.250.211 – Email: [email protected]
NS2.MNAMEDL.SU – 46.4.148.118
NS3.MNAMEDL.SU – 184.82.158.75
NS1.DNSUS.SU –     217.23.15.137 – Email: [email protected]
NS2.DNSUS.SU – 87.118.81.7
NS3.DNSUS.SU – 87.118.81.10
NS1.NAMEUSNS.SU – 217.23.15.138 – Email: [email protected]
NS2.NAMEUSNS.SU – 84.19.161.7
NS3.NAMEUSNS.SU – 84.19.161.10
NS1.USDENNS.SU – 217.23.15.136 – Email: [email protected]
NS2.USDENNS.SU – 84.19.161.7
NS3.USDENNS.SU – 84.19.161.10
NS1.NAMESUKNS.CC – 86.55.210.4 – Email: [email protected]
NS2.NAMESUKNS.CC – 193.105.134.232
NS3.NAMESUKNS.CC – 193.105.134.237
NS1.NAMEUK.AT – 86.55.210.5 – Email: [email protected]
NS2.NAMEUK.AT – 193.105.134.233
NS3.NAMEUK.AT – 193.105.134.236
NS1.UKDNSTART.NET – 86.55.210.5 – Email: [email protected]
NS2.UKDNSTART.NET – 193.105.134.233
NS3.UKDNSTART.NET – 193.105.134.236
NS1.DENDRUYOS.NET – 86.55.210.4 – Email: [email protected]
NS2.DENDRUYOS.NET – 193.105.134.232
NS3.DENDRUYOS.NET – 193.105.134.237
NS1.DEDNSAUTH.NET – 86.55.210.2 – Email: [email protected]
NS2.DEDNSAUTH.NET – 193.105.134.230
NS3.DEDNSAUTH.NET – 193.105.134.239
NS1.DELTOPOOR.AT – 86.55.210.3 – Email: [email protected]
NS2.DELTOPOOR.AT – 193.105.134.231
NS3.DELTOPOOR.AT – 193.105.134.238

Monitoring of ongoing money mule recruitment campaigns is ongoing.

Related posts:
Keeping Money Mule Recruiters on a Short Leash – Part Nine
Keeping Money Mule Recruiters on a Short Leash – Part Eight – Historical OSINT
Keeping Money Mule Recruiters on a Short Leash – Part Seven
Keeping Money Mule Recruiters on a Short Leash – Part Six
Keeping Money Mule Recruiters on a Short Leash – Part Five
The DNS Infrastructure of the Money Mule Recruitment Ecosystem
Keeping Money Mule Recruiters on a Short Leash – Part Four
Money Mule Recruitment Campaign Serving Client-Side Exploits
Keeping Money Mule Recruiters on a Short Leash – Part Three
Money Mule Recruiters on Yahoo!’s Web Hosting
Dissecting an Ongoing Money Mule Recruitment Campaign
Keeping Money Mule Recruiters on a Short Leash – Part Two
Keeping Reshipping Mule Recruiters on a Short Leash
Keeping Money Mule Recruiters on a Short Leash
Standardizing the Money Mule Recruitment Process
Inside a Money Laundering Group’s Spamming Operations
Money Mule Recruiters use ASProx’s Fast Fluxing Services
Money Mules Syndicate Actively Recruiting Since 2002

This post has been reproduced from Dancho Danchev’s blog.

Leave a reply


Categories

WEDNESDAY, DECEMBER 13, 2017

Featured

Archives

Latest Comments

Social Networks