IT.COM

domains How to age domains for an investment scam like fine scotch

Spaceship Spaceship
Watch

Lox

____Top Member
Impact
12,358
n Internet parlance, “old” has a much younger meaning — domains, virtual servers, image assets — everything is now or never. So much so that many security vendors rely heavily on what is called “domain reputation”, or the history a particular domain name has acquired over time on the Internet; a domain that is days old for a supposedly established online shop for example can raise concerns, while a 5-year-old digital presence works like a kosher staple.

Despite having extensively talked about investment scams for quite some time, we’d like to bring attention to this actor we’ve been tracking for almost two years now whose tactics are particular in ways we’ve never seen before; CashRewindo, first seen in 2018, distributes attacks all around the globe, smuggling malicious code in common JavaScript libraries and aging domains like fine scotch.

.... Apart from A/B-testing campaigns and in so doing abusing time-based creative verification systems, CashRewindo has yet another trick up its sleeves: domain aging.

Most of the IOCs we collected have domains that were registered two or three years ago, only to be activated, i.e. certificates updated and virtual server assigned, just in time for the campaigns. We speculate that either they buy these from reputation-building markets, or wait around for them to age, likely the former. Being outsourced or not, this technique is able to bypass security systems that classify registration timing as reputable.


read more
 
12
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
2
•••
Cheers. Emd secured.


🤣 This widely released article was out for 3 days, and within a half hour of this being posted to nP, CashRewindo[.]com gets registered. 🤣

@branding - Did you read the article to the degree of understanding who or what CashRewindo is? And if so, what do you envision for this domain?
 
Last edited:
3
•••
🤣 This widely released article was out for 3 days, and within a half hour of this being posted to nP, CashRewindo[.]com gets registered. 🤣

@branding - Did you read the article to the degree of understanding who or what CashRewindo is? And if so, what do you envision for this domain?

Yes. I specialise in brand protection. It's not going to sell but will make me at least 50x reg fee within months.

Meanwhile informing/protecting innocent bystanders... Win win.
 
5
•••
It's not going to sell but will make me at least 50x reg fee within months.

I'm not sure if you're referring to development, or parking. Either way, I'd be very interested to hear how this plays out for you.

Meanwhile informing/protecting innocent bystanders... Win win.

👍
 
Last edited:
2
•••
Yes. I specialise in brand protection. It's not going to sell but will make me at least 50x reg fee within months.

Meanwhile informing/protecting innocent bystanders... Win win

Winner :xf.smile:

d_.jpg
 
2
•••
I'm not sure if you're referring to development, or parking. Either way, I'd be very interested to hear how this plays out for you.



👍
Could be both. Parking/dev. Undecided. Usually loss leaders to support the bigger picture.
 
2
•••
3
•••

The real winner is to the cryptography sleuth who won access to 10 bitcoins by depixelating this pillow photo to reveal hidden bitcoin wallet addresses with keys.

@Lox I bet you didn't expect anybody to know the history behind this pillow, huh?! While a depixelated photo revealing hidden bitcoins was just a pillow talking lie, is there any history behind that photo? I feel like I've seen it before...
 
Last edited:
6
•••
The real winner is to the cryptography sleuth who won access to 10 bitcoins by depixelating this pillow photo to reveal hidden bitcoin wallet addresses with keys.

@Lox I bet you didn't expect anybody to know the history behind this pillow, huh?! While a depixelated photo revealing hidden bitcoins was just a pillow talking lie, is there any history behind that photo? I feel like I've seen it before...

Pizza SSL :xf.smile:

d_.jpg
 
2
•••
Back