Passing malicious URL filters is crucial to operations like ransomware, phishing, etc - hiding a bad domain behind a good one is extremely valuable to hackers and relatively cheap. Though I am surprised they'd pay for it due to the payment -> identity link (maybe it's stolen CCs but Stripe is pretty good about blocking that).
> Though I am surprised they'd pay for it due to the payment -> identity...
Between gift cards, money mules, shell corporations, and "that country doesn't cooperate with investigations"...I'd guess that this is no more than a minor problem for serious criminals.