This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] Huge List of Domains Cloaking to Malware (5,000+)
- Previous message (by thread): [anti-abuse-wg] Second Notice: Squatting / Fraud / Identity theft by AS13259 - Delta Telesystems Ltd. (RU)
- Next message (by thread): [anti-abuse-wg] Huge List of Domains Cloaking to Malware (5, 000+)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
steve payne
stevenp8844 at gmail.com
Tue Jan 12 03:21:39 CET 2021
Hi, There is a huge amount of some type of fraud happening with .it, .pl, .xyz and other domains being registered (see links below). https://docs.google.com/document/d/159Sbik8CkO9WDbLjH_tqAhr-dkpODWS1kt4UULLLfk0/edit?usp=sharing https://docs.google.com/document/d/1z43WugqqgyVjNy6-IPgON118YaE0HxrgRMKbVwW42NM/edit?usp=sharing These links contain a list of over 5,000 domains that are currently spamming search engines with spun text and then cloaking users to malware that have the search engine referrer. Most of the .it, .pl and .xyz domains have all been registered in the last few weeks. They are basically registering a new domain and it is immediately being added into this spam operation. Most of them are being registered through OVH, but trying to contact them about this has been useless. All of them are being hosted through Cloudflare and I have tried multiple times to bring this to their attention. It has been unsuccessful and it is allowing this spam operation to hide behind the cloudflare proxy. There are also other domains that appear to be hacked taking part in this and I have included the hacker script that has been found on two of the servers that have disabled php to figure out how to remove the malware. I hope that this is the right place to post this type of information and hope that somebody can help with the fraud domain registrations. -------------- next part -------------- An HTML attachment was scrubbed... URL: </ripe/mail/archives/anti-abuse-wg/attachments/20210111/4a00dadc/attachment.html>
- Previous message (by thread): [anti-abuse-wg] Second Notice: Squatting / Fraud / Identity theft by AS13259 - Delta Telesystems Ltd. (RU)
- Next message (by thread): [anti-abuse-wg] Huge List of Domains Cloaking to Malware (5, 000+)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]