Yalelodge… A Very Trusted and High End Website with a super high registration fee.
Found on xss.is You can clearly see that the site isn’t operated by Russians but rather appears to be Western in nature. This is notable due to formatting of the thread. (Note the link is a direct to the thread).
135.125.248.40 is the IP of the server… Now people are going to question the Validity of the IP I’m aware, So I was looking for similarities when I opened the IP in my browser compared to the domain. They both run Just Nginx nothing else nothing more.
But here’s some interesting info from their Whois. Now the IP Comes back to “France” But the Server Appears to be a Mix between Germany and France… But typically GmBH aren’t UK/FR They’re German Businesses. GmbH is also known as: Gesellschaft mit beschränkter Haftung which for you English speakers is Basically an LLC or Limited Liability company, So this is a step in the right direction.
The Name of the Registar is indeed German: Key-Systems GmBH
But the contact Living in West Yorkshire would make some sense given their post on xss.is:
Despite being written in English it stands out to me… Russians and Other “Fraudsters” don’t speak really good English let alone write in it. I Speak and write extremely well. However… I Have dedicated hours since 2013 to learn English as it’s quite hard to use a new alphabet and set of rules in terms of grammar. But off topic.
Now this maybe a little weird, But they may even be American as well. Now this comes down to another formatting of words among other things but this is yet to be proven but the English still sticks as proof they’re western.
Going forward if you use look at both the website on censys.io or shodan.io and then the IP they both run the same things, Have the same ports open and what not… Meaning the website is hosted on a German OVH-SAS Server.
You can notice both websites https://yalelodge.cm/ and https://yalelodge.ru/ have the same IP and aren’t even protected via cloudflare or proxies, You can simply notice that they are indeed the same by looking into the DNS/MX Records espcially in A.
I Hope these idiots learn their lessons, It’s been less then 30 days and I’ve downed 4 shops and 1 forum.