SCAM/ PHISHING THAI PASS
SCAM/ PHISHING THAI PASS is a Fraudster and Hacker and Scammer who is a citizen of India, and has been associated with the following entities as either a significant contributor, participant, promoter, or beneficiary, according to our OSINT research:
Brands:
Groups: B2C Scammers (India)
Domains: consul-passport.com, consular-document.com, document-consul.com, document-consular.com, document-passport.com, document-thailand.com, document-thpass.com, informationthailandpass.com, passinformationthailand.com, passport-consul.com, passport-document.com, teampassthailand.com, thailand-document.com, thailand-pass.live, thailandpassconsulate.com, thailandtravel.live, thapascon.com, thapascons.com, thpass-consular.com, thpass-passport.com, thpassconsulate.com, titan.email, tsmtp0001.email
Google Adsense:
Google Analytics:
Google Analytics (2):
Google Analytics (3):
Google Analytics (4):
Google Analytics (5):
Google Analytics (6):
Google Analytics (7):
Google Analytics (8):
Google Analytics (9):
Google Tag Manager:
Google Tag Manager (2):
Google Tag Manager (3):
Google Tag Manager (4):
Google Tag Manager (5):
Public references:
Mail servers: mx1.titan.email (
) mx2.titan.email (
)
Indian hacker using Titan.email service
same server running what could be a Ukraine donation scam site: https://stopwarinua.org/
might have designed these Dubai local biz sites: https://drypskin.com, http://skinivdrip.com/
might have designed these Sri Lanka local biz sites: http://isharaluxbake.com/
and these small biz from Pakistan: https://khizracollection.com/
possible related to these crypto scam sites too (same MX / registrar )
algoracoin.com |
simpyswap.net
Registrar: Hosting Concepts B.V. d/b/a Registrar.eu
using Hostinger servers
https://webcache.googleusercontent.com/search?q=cache:pTDSrvTuWZsJ:consular-document.com/+&cd=1&hl=en&ct=clnk&gl=sg
https://dnslytics.com/ip/156.67.74.107
https://archive.ph/IrBl0
https://www.world-today-news.com/thailand-hacket-passport-info-to-106-million-travelers-to-thailand-hacked/
Scammers spread phishing emails from fake ‘Thailand Pass’ domains
https://loyaltylobby.com/2022/01/28/thailand-pass-database-hacked-beware-of-malicious-emails-with-fake-qr-codes/
https://www.facebook.com/permalink.php?story_fbid=4243802522389073&id=557722827663746
There are a New updates regarding your submitted information Thailand Pass
Thailand Pass [email protected] via sendgrid.net
-
-
Th system noticed some problems in the documents you submitted to the embassy
-
ระบบ Th สังเกตเห็นปัญหาบางอย่
างในเอกสารที่คุณส่งไปยังสถานทู ต -
You should correct some information so that you are not held responsible by the government
-
คุณควรแก้ไขข้อมูลบางอย่างเพื่
อที่คุณจะได้ไม่ต้องรับผิดชอบต่ อรัฐบาล -
Please reply to this message and write the following information
-
โปรดตอบกลับข้อความนี้และเขี
ยนข้อมูลต่อไปนี้
-
-
-
-
Your full name.
-
-
-
-
-
Date of birth.
-
-
-
-
-
Last 4 digits of the passport.
-
-
ขออภัยในความไม่สะดวกที่เกิดขึ้
We apologize for any inconvenience caused
ขอแสดงความนับถือ Thailand Pass
Best regards, Thank’s
[email protected] via tsmtp0001.email
4:03 AM (1 minute ago)
to me
update attachment
There is a problem related to the request, please download the attachment and update the information
Please prepare your documents for submission at the check-in desk and relevant agencies
Passport with visa (if required)
Thailand pass QR code (on mobile device or hard copy)
Please submit your documents and QR Code to immigration and disease control officials.
Download Document
https://bit.ly/Thailand-passport
http://bit.ly/3q2gBpD
https://archive.ph/9bVLf
https://onedrive.live.com/Download?cid=6BCBE135551869F2&resid=6BCBE135551869F2!168&authkey=AGoYtbf1Lb5VjFg
important note. You must open the document from a PC and not from the phone
Who owned tsmtp0001.email in the past? (1 record)
Owner: REDACTED FOR PRIVACY (40.9 million domains)
Company: Nova (690 domains)
Geolocation: REDACTED FOR PRIVACY, Maharashtra, India (8.21 million domains from India for $500)
Status: addPeriod, clientTransferProhibited