The domains advertised in the e-mail solicitations include carder.org, carderclan.net, carderportal.com, carderportal.org, the cc.ru, mazafaka.ru, lncrew.com, majordomo.ru and agava.com. A sample mail illustrates the structure of the pitch:
Hello, Thank you for registration on our board http://www.carderclan.net & http://www.carderportal.com Your Login & Password: Login: User871 Password: MkSCs4c On our site you will find: Spam Hosting - from 20$ per mounth. Fraud Hosting - from 30$ per mounth. Stolen Credit Cards, Fake ID, DL's. Spam For free only from 5.02.2004 to 14.02.2004. Welcome: http://www.carderclan.net & http://www.carderportal.com
Nethouse in St. Petersburg housed a number of the suspect domains, including stalk.ru, majordomo.ru and mazafaka.ru. Nethouse, which brands its hosting unit as Majordomo.ru, is housed within the data center of Runnet, the third-largest Russian hosting provider with 11.5K hostnames.
Agava Software Network in Moscow hosted the "Russian Carder Clan" site at carderclan.net (126.96.36.199), which ran on a shared server at Agava.net. The site has recently been taken offline, as has Carderportal.org (188.8.131.52) at epolis.ru, which also resided at Agava.
Several other destination domains for the fraud hosting pitches are hosted in North America. Carderportal.com resolves to NetFirms,a hosting service based in Telus' data center in Toronto. carder.org has recently dropped out of the DNS but was also hosted in North America.