Dynadot

Domains used for evil purposes

Spaceship Spaceship
Watch

MapleDots

Account Closed (Requested)
Impact
13,169
Capturev.png


A member posted a domain for sale aboutme(dot)ca and I thought it was a really good domain so out of curiosity I thought I would punch in aboutus(dot)ca and it forwarded a few times and completely locked up my chrome browser.

Nothing got me out, I could not click away and a voice came on saying that I am compromised I have been visiting porn sites etc. It gave a blue Microsoft warning that I need to call in to unlock my computer and the heavens will open up if I circumvent it.

A quick control alt delete and I was out of course but sure enough chrome could not even recover my tabs etc.

A sweet domain like aboutus(dot)ca used for such an evil purpose surprised me a bit and I wondered what the next step was and who to report it to.

Anyone that is an expert in this field and wants to go there do so at your own risk. I on purpose did not put a link to the website here so you have to manually punch it in.

If someone knows how to get around it and post a screenshot and what evil trick they are using please post in topic.

WARNING USE LINK AT OWN RISK AND ONLY IF YOU ARE SURE YOUR BROWSER IS PROTECTED

aboutus(dot).ca

It really does not damage anything and control alt delete gets you out if you get stuck.

PS. I am not in any way affiliated with any of the domains in this topic.
 
Last edited:
8
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
Indian scammers at it again. The phone number they list will take you a fake Microsoft tech.

Look up "Microsoft Indian scammers" on the tube.
 
2
•••
I believe that does happen, but it's not always the site that's malicious. I can't say for certain, but perhaps it is your browser that might be compromised.

Again, not trying to sound dismissive, as I have had similar experiences on rare occasions: try to go to a site, and get redirected to malware (to the point of the browser locking up). Usually, I try it once more (just to test). More often than not, that 2nd attempt yields a normal website.

This one (at the time of my 2 visits, which took place immediately before this post) seemed a-okay. It appears to be parked at SEDO (or is on rotation that includes Sedo).

aboutusdotca.png

I am not an expert in malicious web sites, but I have helped many folks with removing malware infections (without completely erasing everything and starting over) on their (mainly Windows) machines. Often, it was the browser(s) used that had problems.

Just my observations.
 
1
•••
I believe that does happen, but it's not always the site that's malicious. I can't say for certain, but perhaps it is your browser that might be compromised.

Again, not trying to sound dismissive, as I have had similar experiences on rare occasions: try to go to a site, and get redirected to malware (to the point of the browser locking up). Usually, I try it once more (just to test). More often than not, that 2nd attempt yields a normal website.

This one (at the time of my 2 visits, which took place immediately before this post) seemed a-okay. It appears to be parked at SEDO (or is on rotation that includes Sedo).

Show attachment 105166

I am not an expert in malicious web sites, but I have helped many folks with removing malware infections (without completely erasing everything and starting over) on their (mainly Windows) machines. Often, it was the browser(s) used that had problems.

Just my observations.

Very odd, when I punched the address into the browser it forwarded numerous times and landed on tha malware. I don't want to go back because it crashed my browser but if anyone does can you post a screenshot of what the page looks like when it shows the malware?

It would also be interesting to see what address it forwards too.

I'm not going there again personally because it makes me a bit nervous.
 
1
•••
Indian scammers at it again. The phone number they list will take you a fake Microsoft tech.

Look up "Microsoft Indian scammers" on the tube.

Did you get the malware or a parked page like @Bertrell ?
 
0
•••
Simple tech scam

Google - granny edna tech scammer
 
0
•••
Simple tech scam

Google - granny edna tech scammer

I've seen it tons of times but this one really locked things down tight. Usually I can recover my tabs or just go to the task bar and close the window but this was was a bit more elaborate. Even after the control alt delete chrome could not recover.

I't will be interesting to see who gets the same and can post a screen shot.
 
0
•••
It just forwards to sedo lander for me
 
0
•••
3
•••
0
•••
Could it be if you add https:// in front of aboutus(dot)ca ?

My chromebook refuses to connect with that and I'm not going there with my windows 10 machine.
Chromebooks usually won't allow ill behavior so I use one whenever I get something like this.
 
1
•••
Yep...happens a lot. Just had a 'revenue enhancing specialist' contact me this morning about me using their service for parking. Promised me quite a chunk of change to let them monetize one specific name since it gets so much traffic. When I asked him how he planned to make me so much money, he said 'zero click'. That, ZC, is the problem.
 
1
•••
Hmm, I just visited from my chromebook and I get the sedo page as well.

Sooo strange, I read the dns poisoning and that adds another whole dimension. So the user (in this case me) thinks the domain they are going to is the culprit when really it is the dns. Wow, things are just getting crazy at this point.

Isn't that just Sedo parking and 0 click. Just mentioned in previous post. I would never use 0 click.
 
Last edited:
4
•••
Picture0011.png


Here you can see my history of where it sent me to...

Bottom is where I went, then it forwarded to next one up the list and so on.

So you see, it really happened
 
1
•••
The microsoft warnings were the issue, it took multiple tabs and I was using chrome on windows 10
 
0
•••
0
•••
http ://feed.adrebels.net/preclick2.ashx?sys=AdRebels&e=h/sGfaEQh1KPKjRgcm1SuGqxlHqhVS76wDUt9AP9JNuWXW9XTc+j5dQYCAH8tRIYUGFt7O/HuulbtBdaCJ4nEkG0IKRemD7Aj+re6xV9fWmlTc0HXQOuLjYQ0gysBPJzHEo/jpBa9bMJ+fFS6bSLIHV+BikY/AxzJeTJko8xjV99rwCSsxnmW7lV7IwKEdYjCTXH8GqNs0Z69/lmmpkxNwcATEs6KO+T7ph593eV4j79sA1IytbAK2ojQiF78kwzvNP6CUiIdtL9UJl1Dra9E1lbJvmb9QL0e/Mljn/jIENcoTZX0lKJgawr9T5rBn8fYT29vX7QnpgmfkYY5gNRuEtvMeJWc+hbun9SL/rSbtwWMO3HEFemomoZ1W363Klohms3JOLWEx9KDoyUxfiqe6dqclB+lxxBHOwIo7FV2chkElVgVjJZW+oL3DgLTVl+Jn2CLuveouhe3D3a5vXQKQcjUj+bIbDcsV6Dv2iBXQo3w9Blr1iFVRvApEwe6HSJX3cScIVdrdGwVNNB85BxlwLm/9ujZX4OKwyQPnZz15NBTj9qTFQ/tdjvu59tRYCzmrGrd8y+CpFuq9El7jDNfrMWoEGEQmI8W1nliOQU+8daF4IP3l2WA80S2lENCOURYxjZWdTHysDbCs1UUKtLUVbrzddZL1mc2D67rkmZEyqa/Q6xS/sAnRZfivy3yzIY4O/dW+V6Is/AU6GYK2CIMLPCx0YUnnwumBykdofV0P/JFIxI2xutE9AHJBvYnxsdgi5LlSVoSkxzQxOFNXe0mf8ziyejAfp5UweelOFRVBD35SUs+Y+WxyxqaJ9LvGiBXHYXvx43/q3PPaFQNR7iRpGv2dim8ZLDn7GR1f3lpSo1SY3PYpG226zSPB4hJw/HCnh13A62+yQHyM3YqzxyhrhoKex2a9VHo0ohii/JVOOncZowQhRHrKhoxikUkoO8cvqI4NaFU8jLQTLfikYifuBkB/M/TeopUMcEfEVQztQ=

That was what it linked to - I disabled the link so cut and paste at your own risk

I did that so nobody accidentally clicks it.
 
Last edited:
2
•••
The only odd part is how I got there from starting off at aboutus(dot)ca

You can clearly see the click history in the history picture I attached.

It goes from the bottom up. The bottom being the first address to start the process.
 
0
•••
Edit: didn't see the REMOVE part! :)
 
Last edited:
1
•••
The next time I encounter something similar...I'll try to remember to post it here.

It happens to me maybe once every couple of months--not to the point of getting my browser locked up, but the first destination being something undesirable or unintended.

Will try to keep a closer eye out in the future.
 
Last edited:
0
•••
Not sure if it's my browser (I may have an extension that makes http links clickable), but that link you posted is active in my browser.

Maybe put a space or something within the first few characters of the address might make it tougher for someone to access it without copying and pasting.

I just did that and it should be disabled now
 
0
•••
Last edited:
6
•••
I just tried it. There have been countless threads on threads on this. It's just Sedo's Zero Click. It usually goes to crap sites, adware, downloads, viruses etc.

If sedo is doing any of that locking up browsers and such then we have a problem.
 
Last edited:
1
•••
1
•••
So this is the actual warning page

us.ww2012-supportusdr05.xyz

They are using an xyz address extension
 
1
•••
Back