Monday, July 29, 2013

PinkShop - Carder Shop

www.PinkShop.name
This pepto-bismol themed shop is selling stolen credit card details. 

pinkode.org 69.197.18.178
pinkode.pro 69.197.18.178
(These domains redirect to pinkshop.name)
CIDR:           69.197.0.0/18
OriginAS:       AS25761
NetName:        STAMINUS-COMMUNICATIONS
abuse@staminus.net
www.pinkshop.name. 300 IN A 141.101.116.126
www.pinkshop.name. 300 IN A 141.101.117.126
(CloudFlare)
I contacted both Staminus and CloudFlare about this domain. 


Adverts for shop:

Another advert:

Google the ICQ or admin email for this shop. You will see more ads.




WARNING: 
The design of this site is so awful that it may damage your eyes. 



Login screen with some SEO keywords:

sell dumps, buy dumps, buy cvv, buy cvv2, sell dumps, sell track2, buy track2, buy cards,cheap cvv,buy cvv,sell cvv,fresh cvv,good cvv,buy good cvv,sell good cvv,best cvv,fresh paypal,carders market,check cvv,cvv2 dump,buy cvv online


Hideous welcome page:

User agreement and rules of site. (Lol)



Dumps:
Dumps - "a term which refers to stolen credit card data"
http://www.huffingtonpost.com/robert-siciliano/criminal-hackers-carders_b_295894.html



CVV2:



Checker:



Fund Balance:
Details:
BITCOIN ADDRESS TO PAY TO> 13rq5ZmjNP3sGQpcDbqewq6Mgu4scpXXCX
SEND WMZ TO > Z366667111653 , CONTACT ADMINISTRATOR AFTER MONEY SENT!
(see below for BlockChain details) (and Lol)  

(bottom of Funding page):




Contact :
No authentication check on this page.
http://www.pinkshop.name/contact.php

Contact details:
ICQ: 627809737
Email : pinkode@id.ru
Yahoo ID: pinkoder@yahoo.com
Jabber: pinkoder@jabber.org


new > FULLZ 
 note the 1337 use of Z in FULLS - pretty cool.




Bitcoin address for PinkShop payments: 

13rq5ZmjNP3sGQpcDbqewq6Mgu4scpXXCX

https://blockchain.info/address/13rq5ZmjNP3sGQpcDbqewq6Mgu4scpXXCX
No. Transactions63
Total Received12.43884827 BTC

UPDATE:
The same bitcoin address is used to collect funds on other carding sites.
track2shop.me
ccbase.biz



The admin is so lazy - he just copy/paste the same code all over!!


More notes:

In the source of site, reference to folder bulba.cc_files
stolen source or same admin? who cares. I would bet that all this garbage is offline soon.



track2.name and bulba.cc: 

good god - this is gross looking. 



Various Admin Contact Infos:

track2cvv@e1.ru

ICQ: 355555559
Jabber: cardshop@jabber.org
Yahoo Messenger > card2shop5@yahoo.com
Email: track2cvv@e1.ru

Support / ICQ: 617580016


Contact support by hand
ICQ: 617580016
Email : track2shop@ru.ru

3 comments:

  1. pinkshop.name is a ripper, is the same of pinkshop and darkode.com be careful with this man I send money to Eldar Karadza name is Bosnia Herzegovina, he stole me.
    Be careful

    ReplyDelete
  2. I wonder if this is the same Eldar Karadza:

    https://www.facebook.com/eldar.karadza.9

    ReplyDelete
  3. Topic: www.pinkshop.name 100% Scammer!!

    Hi Buyers(Advice)

    The shop admin called http://www.pinkshop.name/ the store admin created the site purposely to scam people by gaining their trust by after registering,you cant View the CC or do any View in the admin until you activate your account with $5 PM,the admin created a SCI perfectmoney look alike page called (Prfectmoney.is),once you enter your PM details,it will be use to login the main PM page from their end,Now when the login Pin is sent to your email,once you input the pin at the next page they design just like Perfectmoney look alike API2,it appears on their own end,which they will also use to login right into your account and transfer all your funds in your account to their own PM account that has been powered with a bitcoin address,so the funds goes into the bitcoin account direct.
    The admin stolen $170 PM in my account today Aug/2015...I think the list of rippers is absolutely right,buz pinkshop is among the list. Little word is enough for the wise.

    ReplyDelete