Carding fraud site/forum: darkmoney.be / darkmoney.de / darkmoney.pl (DNS)

Sites mostly dedicated to cashing out stolen credit-cards. Providing DNS: darkmoney.pl. 21599 IN NS hugh.ns.cloudflare.com. darkmoney.pl. 21599 IN NS yolanda.ns.cloudflare.com. darkmoney.de. 21599 IN NS hugh.ns.cloudflare.com. darkmoney.de. 21599 IN NS yolanda.ns.cloudflare.com. darkmoney.de. 299 IN A 181.174.164.105 181.174.164.105 darkmoney.de 2021-06-16 17:21:26 181.174.164.105 darkmoney.pl 2021-06-15 15:27:23 darkmoney.pl. 299 IN A 213.227.131.212 ___________________ Was: darkmoney.be. 3599 IN A 99.83.175.80… Читать далее Carding fraud site/forum: darkmoney.be / darkmoney.de / darkmoney.pl (DNS)

Spamvertised domain/redirector hosting

Return-Path: []@mail.groupage.today> Received: from mars.groupage.today (host-193.17.7.68.meric.net.tr [193.17.7.68] (may be forged)) by [] (8.14.7/8.14.7) with ESMTP id [] for []; Sun, 20 Jun 2021 15:[]:[] -0400 Authentication-Results: [] DKIM-Signature: [] DomainKey-Signature: [] Mime-Version: 1.0 Content-Type: multipart/alternative; boundary=»[]» Date: Sun, 20 Jun 2021 21:[]:[] +0200 From: «Fruit For Eyes» <visioncare@groupage.today> Reply-To: «Fruit For Eyes» <visioncare@groupage.today> Subject: Bible… Читать далее Spamvertised domain/redirector hosting

Spamvertised domain/redirector hosting

Return-Path: []@mail.victuran.today> Received: from anthe.victuran.today (host-193.17.7.80.meric.net.tr [193.17.7.80] (may be forged)) by [] (8.14.7/8.14.7) with ESMTP id [] for []; Sun, 20 Jun 2021 13:[]:[] -0400 Authentication-Results: [] DKIM-Signature: [] DomainKey-Signature: [] Mime-Version: 1.0 Content-Type: multipart/alternative; boundary=»[]» Date: Sun, 20 Jun 2021 19:[]:[] +0200 From: «Slow Metabolism» <dietarysupplement@victuran.today> Reply-To: «Slow Metabolism» <dietarysupplement@victuran.today> Subject: Doctor Reveals REAL… Читать далее Spamvertised domain/redirector hosting

Spamvertised website

Received: from wcipstk.com (46.16.128.54) From: JIM <info@wcipstk.com> Subject: Bliv en del af Bitcoin-koden Date: Sun, 20 Jun 2021 20:3x:xx +0000 http://wcipstk.com/[] => http://webcourtyard.com/?hitid= => http://speedotechs.com/?hitid= wcipstk.com. 2929 IN A 46.16.128.54 webcourtyard.com. 300 IN A 104.21.70.81 webcourtyard.com. 300 IN A 172.67.221.213 speedotechs.com. 300 IN A 172.67.142.91 speedotechs.com. 300 IN A 104.21.87.76

Spamvertised domain/redirector hosting

Return-Path: []@mail.econixis.today> Received: from styx.econixis.today (scl-0044.mails—servers.org [185.239.242.43] (may be forged)) by [] (8.14.7/8.14.7) with ESMTP id [] for []; Sat, 19 Jun 2021 14:[]:[] -0400 Authentication-Results: [] DKIM-Signature: [] DomainKey-Signature: [] Mime-Version: 1.0 Content-Type: multipart/alternative; boundary=»[]» Date: Sat, 19 Jun 2021 20:[]:[] +0200 From: «Excruciating Back Pain» <newsletter@econixis.today> Reply-To: «Excruciating Back Pain» <newsletter@econixis.today> Subject: Arthritis… Читать далее Spamvertised domain/redirector hosting

Spamvertised website

Received: from wcipstk.com (46.16.128.54) From: JIM <info@wcipstk.com> Subject: Bliv en del af Bitcoin-koden Date: Sun, 20 Jun 2021 20:3x:xx +0000 http://wcipstk.com/[] => http://webcourtyard.com/?hitid= => http://speedotechs.com/?hitid= wcipstk.com. 2929 IN A 46.16.128.54 webcourtyard.com. 300 IN A 104.21.70.81 webcourtyard.com. 300 IN A 172.67.221.213 speedotechs.com. 300 IN A 172.67.142.91 speedotechs.com. 300 IN A 104.21.87.76

Carding fraud site/forum: uniccshop.pw (unicc.cx / unicc.com.cm / crdshop.su / cclub.su / cardpin.org / unicc.am / csu.su / abusehost.pro / dumpscrew.com / chindadump.su / dumpshop.net / dumpshop.cc)

Stolen credit card data websites. https://www.google.com/search?q=csu.su https://uniccshop.pw/ >>> https://unicc.cx/ uniccshop.pw. 299 IN A 172.67.209.74 uniccshop.pw. 299 IN A 104.21.82.239 unicc.com.cm. 43200 IN A 51.195.108.176 cclub.su. 2159 IN A 45.88.3.48 _______________ Was: www.uniccshop.market. 299 IN A 185.132.132.139 uniccshop.support. 299 IN A 185.132.132.139 uniccshop.support. 299 IN A 185.132.132.139 unicc.com.cm. 299 IN A 185.132.132.139 uniccshop.pw. 299 IN A… Читать далее Carding fraud site/forum: uniccshop.pw (unicc.cx / unicc.com.cm / crdshop.su / cclub.su / cardpin.org / unicc.am / csu.su / abusehost.pro / dumpscrew.com / chindadump.su / dumpshop.net / dumpshop.cc)

Package delivery fraud spam redirector — ert4.co

$ host e.ert4.co e.ert4.co has address 104.21.46.109 e.ert4.co has address 172.67.138.57 e.ert4.co has IPv6 address 2606:4700:3034::ac43:8a39 e.ert4.co has IPv6 address 2606:4700:3032::6815:2e6d Seen in SMS package delivery fraud spam, tested working (on desktop, leads to blank.org, on mobile, gives the appropriate response)

Package delivery fraud spam redirector — ert4.co

$ host e.ert4.co e.ert4.co has address 104.21.46.109 e.ert4.co has address 172.67.138.57 e.ert4.co has IPv6 address 2606:4700:3034::ac43:8a39 e.ert4.co has IPv6 address 2606:4700:3032::6815:2e6d Seen in SMS package delivery fraud spam, tested working (on desktop, leads to blank.org, on mobile, gives the appropriate response)

Zoltán Zarka

At it for years! https://www.onlinethreatalerts.com/article/2019/8/9/domain-name-search-engine-registration-scam/ https://hucksters.net/person/zoltan-zarka Hacked site? http://www.yingyok.com/domain/privacy-policy.php www.yingyok.com. 299 IN A 172.67.204.129 www.yingyok.com. 299 IN A 104.21.61.5 w396.ovm.website. 299 IN A 35.198.81.57 Received: from venturebacon.com (venturebacon.com [185.104.114.15]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by xx; Mon, 14 Jun 2021 03:22:24 -0400 (EDT) Received: from admin by venturebacon.com with… Читать далее Zoltán Zarka