The following intelligence brief is part of the Keeping Money Mule Recruiters on a Short Leash series. In it, I’ll expose currently active money mule recruitment domains, their domain registration details, currently responding IPs, and related ASs.
Currently active money mule recruitment domains:
ACWOODE-GROUP.COM – 184.168.64.173 – Email: admin@acwoode-group.com
ACWOODE-GROUP.NET – 184.168.64.173 – Email: admin@acwoode-group.net
ART-GROUPINTEGRETED.COM – 78.46.105.205 – Email: admin@art-groupintegreted.com
ARTINTEGRATED-GROUP.NET – 78.46.105.205 – Email: crony@cutemail.org
COMPLETE-ART-GROUP-LTD.COM – 193.105.134.233 – Email: saps@cutemail.org
COMPLETE-ART-UK.NET – 193.105.134.232 – Email: admin@complete-art-uk.net
CONDORLLC-UK.COM – 193.105.134.231 – Email: plods@fxmail.net
CONDOR-LLC-UK.NET – 193.105.134.233 – Email: admin@condor-llc-uk.net
CONTEMP-USAINC.COM – 184.168.64.173 – Email: admin@contemp-usainc.com
CONTEMP-USGROUP.COM – 184.168.64.173 – Email: admin@contemp-usgroup.com
DE-KADEGROUP.CC – 193.105.134.230 – Email: cents@mailae.com
DERWOODE-GROUP.CC – 98.141.220.115 – Email: web@derwoode-group.cc
ELENTY-CO.NET – 184.168.64.173 – Email: abcs@mailti.com
ELENTY-LLC.COM – 184.168.64.173 – Email: admin@elenty-llc.com
GAPSONART.NET – 184.168.64.173 – Email: admin@gapsonart.net
GLACIS-GROUPUK.NET – 78.46.105.205 – Email: admin@glacis-groupuk.net
GURU-GROUP.CC – 184.168.64.173 – Email: admin@guru-group.cc
GURU-GROUP.NET – 184.168.64.173 – Email: jj@cutemail.org
INTECHTODEX-GROUP.COM – 184.168.64.173 – Email: uq@mail13.com
INTEGRATED-EUROPE-IT.NET – 78.46.105.205 – Email: admin@integrated-europe-it.net
ITAGROUP-USA.NET – 98.141.220.117 – Email: admin@itagroup-usa.net
IT-ANALISYS.COM – 98.141.220.115 – Email: yea@mailae.com
ITANALYSISGROUP.NET – 98.141.220.116 – Email: admin@itanalysisgroup.net
KADE-GROUPDE.NET – 78.46.105.205 – Email: zigzag@fxmail.net
MASTERARTUSA.COM – 98.141.220.114 – Email: day@mailae.com
NARTEN-ART.COM – 209.190.4.91 – Email: glamor@fxmail.net
NARTENART.NET – 209.190.4.91 – Email: admin@nartenart.net
quad-groupuk.cc – 78.46.105.205 – Email: prissy@mailae.com
REFINEMENT-ANTIQUE.COM – 184.168.64.173 – Email: xe@fxmail.net
SCAR-BEIINC.COM – 184.168.64.173 – Email: admin@scar-beiinc.com
SKYLINE-ANTIQUE.COM – 209.190.4.91 – Email: blurs@mailae.com
SKYLINE-LTD.NET – 209.190.4.91 – Email: admin@skyline-ltd.net
SMARTLLC-UK.COM – 193.105.134.234 – Email: admin@smartllc-uk.com
SMART-LLC-UK.NET – 193.105.134.233 – Email: pol@mailae.com
SPECIAL-ARTUK.COM – 193.105.134.232 – Email: admin@special-artuk.com
SUBLIMELTD.COM – 98.141.220.118 – Email: admin@sublimeltd.com
TODEX-GROUP.NET – 184.168.64.173 – Email: admin@todex-group.net
The domains reside within the following ASs: AS10297, RoadRunner RR-RC; AS42708; PORTLANE Network; AS26496; GODADDY.com; AS29713, INTERPLEXINC; AS24940, HETZNER-AS Hetzner Online.
Name servers of notice:
NS1.MKNS.SU – 85.25.250.244 – Email: mkns@cheapbox.ru
NS2.MKNS.SU – 46.4.148.119
NS3.MKNS.SU – 184.82.158.76
NS1.MLDNS.SU – 85.25.145.63 – Email: mldns@free-id.ru
NS2.MLDNS.SU – 46.4.148.74
NS3.MLDNS.SU – 184.82.158.74
NS1.MNAMEDL.SU – 85.25.250.211 – Email: mnamed@yourisp.ru
NS2.MNAMEDL.SU – 46.4.148.118
NS3.MNAMEDL.SU – 184.82.158.75
NS1.DNSUS.SU – 217.23.15.137 – Email: wifi@yourisp.ru
NS2.DNSUS.SU – 87.118.81.7
NS3.DNSUS.SU – 87.118.81.10
NS1.NAMEUSNS.SU – 217.23.15.138 – Email: lavier@bz3.ru
NS2.NAMEUSNS.SU – 84.19.161.7
NS3.NAMEUSNS.SU – 84.19.161.10
NS1.USDENNS.SU – 217.23.15.136 – Email: lipstick@free-id.ru
NS2.USDENNS.SU – 84.19.161.7
NS3.USDENNS.SU – 84.19.161.10
NS1.NAMESUKNS.CC – 86.55.210.4 – Email: pal@bz3.ru
NS2.NAMESUKNS.CC – 193.105.134.232
NS3.NAMESUKNS.CC – 193.105.134.237
NS1.NAMEUK.AT – 86.55.210.5 – Email: admin@nameuk.at
NS2.NAMEUK.AT – 193.105.134.233
NS3.NAMEUK.AT – 193.105.134.236
NS1.UKDNSTART.NET – 86.55.210.5 – Email: admin@ukdnstart.net
NS2.UKDNSTART.NET – 193.105.134.233
NS3.UKDNSTART.NET – 193.105.134.236
NS1.DENDRUYOS.NET – 86.55.210.4 – Email: admin@dendruyos.net
NS2.DENDRUYOS.NET – 193.105.134.232
NS3.DENDRUYOS.NET – 193.105.134.237
NS1.DEDNSAUTH.NET – 86.55.210.2 – Email: admin@dednsauth.net
NS2.DEDNSAUTH.NET – 193.105.134.230
NS3.DEDNSAUTH.NET – 193.105.134.239
NS1.DELTOPOOR.AT – 86.55.210.3 – Email: admin@deltopoor.at
NS2.DELTOPOOR.AT – 193.105.134.231
NS3.DELTOPOOR.AT – 193.105.134.238
Monitoring of ongoing money mule recruitment campaigns is ongoing.
Related posts:
Keeping Money Mule Recruiters on a Short Leash – Part Nine
Keeping Money Mule Recruiters on a Short Leash – Part Eight – Historical OSINT
Keeping Money Mule Recruiters on a Short Leash – Part Seven
Keeping Money Mule Recruiters on a Short Leash – Part Six
Keeping Money Mule Recruiters on a Short Leash – Part Five
The DNS Infrastructure of the Money Mule Recruitment Ecosystem
Keeping Money Mule Recruiters on a Short Leash – Part Four
Money Mule Recruitment Campaign Serving Client-Side Exploits
Keeping Money Mule Recruiters on a Short Leash – Part Three
Money Mule Recruiters on Yahoo!’s Web Hosting
Dissecting an Ongoing Money Mule Recruitment Campaign
Keeping Money Mule Recruiters on a Short Leash – Part Two
Keeping Reshipping Mule Recruiters on a Short Leash
Keeping Money Mule Recruiters on a Short Leash
Standardizing the Money Mule Recruitment Process
Inside a Money Laundering Group’s Spamming Operations
Money Mule Recruiters use ASProx’s Fast Fluxing Services
Money Mules Syndicate Actively Recruiting Since 2002
This post has been reproduced from Dancho Danchev’s blog.
Leave a reply
