Elecrtonic mail campaigns are circulating advertising "fraud hosting" and directing readers to about a dozen domains, many of them hosted in Russia. The sites mentioned in this article are currently offline, with the exception of carderportal.org which has recently resurfaced at Server Beach.

The domains advertised in the e-mail solicitations include carder.org, carderclan.net, carderportal.com, carderportal.org, the cc.ru, mazafaka.ru, lncrew.com, majordomo.ru and agava.com. A sample mail illustrates the structure of the pitch:

Hello, Thank you for registration on our board
http://www.carderclan.net & http://www.carderportal.com
Your Login & Password:
Login: User871
Password: MkSCs4c
On our site you will find:
Spam Hosting - from 20$ per mounth.
Fraud Hosting - from 30$ per mounth.
Stolen Credit Cards, Fake ID, DL's.
Spam For free only from 5.02.2004 to 14.02.2004.
Welcome: http://www.carderclan.net & http://www.carderportal.com

Nethouse in St. Petersburg housed a number of the suspect domains, including stalk.ru, majordomo.ru and mazafaka.ru. Nethouse, which brands its hosting unit as Majordomo.ru, is housed within the data center of Runnet, the third-largest Russian hosting provider with 11.5K hostnames.

Agava Software Network in Moscow hosted the "Russian Carder Clan" site at carderclan.net (195.161.118.168), which ran on a shared server at Agava.net. The site has recently been taken offline, as has Carderportal.org (81.176.64.102) at epolis.ru, which also resided at Agava.

Several other destination domains for the fraud hosting pitches are hosted in North America. Carderportal.com resolves to NetFirms,a hosting service based in Telus' data center in Toronto. carder.org has recently dropped out of the DNS but was also hosted in North America.