SHOW:
|
|
- or go back to the newest paste.
| 1 | - | Below please find notes detailing a counterfeit ring peddling fake Christian Louboutin shoes via e-mail. These scammers use a RetailMeNot.com template and use services from Linode and Alibaba to facilitate their criminal enterprise. |
| 1 | + | Below please find notes detailing a counterfeit ring peddling fake Moncler via e-mail. These scammers use a RetailMeNot.com template and use services from Linode, Alibaba, and Global Frag Networks to facilitate their criminal enterprise. On occasion, they will use Amazon IP's as well. |
| 2 | ||
| 3 | This same crew runs counterfeit rings for other gear as well. Learn more about their other scams here: | |
| 4 | https://pastebin.com/zJuMcPGv - Fake Ray-Ban | |
| 5 | https://pastebin.com/Bn09agfE - Fake Birkenstock | |
| 6 | ||
| 7 | - | Subjects used in their typical e-mails peddling fake Christian Louboutin include: |
| 7 | + | Subjects used in their typical e-mails peddling fake Moncler include: |
| 8 | - | - Today's Best Deals - Summer Highheels Up To 70% OFF! |
| 8 | + | - 2020 New Year Expire Soon! | Moncler Coats 70% OFF! |
| 9 | - | - Today's Special Deals - Summer Highheels 70% OFF! |
| 9 | + | - Christmas Best Deals! - Moncler Coats 70% OFF! |
| 10 | - | - Summer Highheels Up To 70% OFF Ends Today, Hurry UP! |
| 10 | + | - Black Friday Special Deals! | Moncler Coats 70% OFF! bill |
| 11 | - | - Expire Soon: Highheel Special Deals 70% OFF! |
| 11 | + | - Greetings from Ahmed, November Best Deals | Moncler Coats 70% OFF! |
| 12 | ||
| 13 | The sender of their e-mail normally looks something like this: | |
| 14 | - | - High Heels Outlet |
| 14 | + | - Moncler Store |
| 15 | - alishba | |
| 16 | - | 20190906 |
| 16 | + | - Moncler Jacket |
| 17 | - | SPAM Domain: nnka.top |
| 17 | + | - Ahmed |
| 18 | ||
| 19 | - | SPAM IP: 95.163.82.13 |
| 19 | + | 20191230 |
| 20 | - | SPAM ISP: Some Russian ISP calling themselves Colocation Services |
| 20 | + | SPAM Domain: s84dq4.top |
| 21 | - | Counterfeit website: Hiding behind URL Shortener http://suo.im |
| 21 | + | |
| 22 | - | Counterfeit website IP: Hiding behind URL Shortener http://suo.im |
| 22 | + | SPAM IP: 66.42.105.99 |
| 23 | - | Counterfeit website ISP: Hiding behind URL Shortener http://suo.im |
| 23 | + | SPAM ISP: Vultr Holdings LLC |
| 24 | Counterfeit website: http://znfl.s84dq4.top/mtad/tl.php?p=TEXT_STRING_HERE | |
| 25 | - | 20190901 |
| 25 | + | Counterfeit website IP: 47.244.222.45 |
| 26 | - | SPAM Domain: xcqrsx.online |
| 26 | + | Counterfeit website ISP: Alibaba.com LLC |
| 27 | ||
| 28 | - | SPAM IP: 95.163.82.32 |
| 28 | + | 20191212 |
| 29 | - | SPAM ISP: Some Russian ISP calling themselves Colocation Services |
| 29 | + | SPAM Domain: d6a40ns.fun |
| 30 | - | Counterfeit website: Hiding behind URL Shortener http://suo.im |
| 30 | + | |
| 31 | - | Counterfeit website IP: Hiding behind URL Shortener http://suo.im |
| 31 | + | SPAM IP: 104.148.123.203 |
| 32 | - | Counterfeit website ISP: Hiding behind URL Shortener http://suo.im |
| 32 | + | SPAM ISP: Global Frag Networks |
| 33 | Counterfeit website: http://weew55s45f.fun/mtac/tl.php?p=TEXT_STRING_HERE | |
| 34 | - | 20190822 |
| 34 | + | Counterfeit website IP: 47.90.205.22 |
| 35 | - | SPAM Domain: zuogongxian.top |
| 35 | + | Counterfeit website ISP: Alibaba.com LLC |
| 36 | ||
| 37 | - | SPAM IP: 66.175.216.163 |
| 37 | + | 20191128 |
| 38 | - | SPAM ISP: Linode LLC |
| 38 | + | SPAM Domain: gpyw.xyz |
| 39 | - | Counterfeit website: http://mygm.zuogongxian.top/edmi/tl.php?p=TEXT_STRING_HERE |
| 39 | + | |
| 40 | - | Counterfeit website IP: 47.252.5.90 |
| 40 | + | SPAM IP: 52.67.114.24 |
| 41 | - | Counterfeit website ISP: AliCloud |
| 41 | + | SPAM ISP: Amazon Data Services Brazil |
| 42 | Counterfeit website: http://gpyw.xyz/special/moncler.html | |
| 43 | - | 20190819 |
| 43 | + | Counterfeit website IP: 47.252.76.215 |
| 44 | - | SPAM Domain: scbrcn.top |
| 44 | + | Counterfeit website ISP: Alibaba.com LLC |
| 45 | ||
| 46 | - | SPAM IP: 139.162.45.244 |
| 46 | + | 20191124 |
| 47 | - | SPAM ISP: Linode LLC |
| 47 | + | SPAM Domain: kkppk.top |
| 48 | - | Counterfeit website: http://pron.scbrcn.top/edmi/tl.php?p=TEXT_STRING_HERE |
| 48 | + | |
| 49 | - | Counterfeit website IP: 47.252.5.90 |
| 49 | + | SPAM IP: 91.217.121.200 |
| 50 | - | Counterfeit website ISP: AliCloud |
| 50 | + | SPAM ISP: Think Huge Ltd |
| 51 | Counterfeit website: http://zug.kkppk.top/edms/tl.php?p=TEXT_STRING_HERE | |
| 52 | - | 20190816 |
| 52 | + | Counterfeit website IP: 47.252.76.215 |
| 53 | - | SPAM Domain: utepny.top |
| 53 | + | Counterfeit website ISP: Alibaba.com LLC |
| 54 | ||
| 55 | - | SPAM IP: 45.79.79.83 |
| 55 | + | 20191105 |
| 56 | - | SPAM ISP: Linode LLC |
| 56 | + | SPAM Domain: eoudfe.club |
| 57 | - | Counterfeit website: http://byh.utepny.top/edmi/tl.php?p=TEXT_STRING_HERE |
| 57 | + | |
| 58 | - | Counterfeit website IP: 47.252.5.90 |
| 58 | + | SPAM IP: 52.194.254.225 |
| 59 | - | Counterfeit website ISP: AliCloud |
| 59 | + | SPAM ISP: Amazon Data Services Japan |
| 60 | Counterfeit website: https://weixinnmb.top/special/moncler.html | |
| 61 | - | 20190730 |
| 61 | + | Counterfeit website IP: 104.24.109.48 - Hiding behind CloudFlare |
| 62 | - | SPAM Domain: azxzqtf.top |
| 62 | + | Counterfeit website ISP: Unknown |
