NameSilo

Domains used for evil purposes

Located in General Domain Discussion started by MapleDots, Dec 20, 2018.

Replies:
51
Views:
1,636

  1. MapleDots

    MapleDots Domain Properties 2010 - 2019 VIP

    Posts:
    4,214
    Likes Received:
    8,261
    Capturev.png

    A member posted a domain for sale aboutme(dot)ca and I thought it was a really good domain so out of curiosity I thought I would punch in aboutus(dot)ca and it forwarded a few times and completely locked up my chrome browser.

    Nothing got me out, I could not click away and a voice came on saying that I am compromised I have been visiting porn sites etc. It gave a blue Microsoft warning that I need to call in to unlock my computer and the heavens will open up if I circumvent it.

    A quick control alt delete and I was out of course but sure enough chrome could not even recover my tabs etc.

    A sweet domain like aboutus(dot)ca used for such an evil purpose surprised me a bit and I wondered what the next step was and who to report it to.

    Anyone that is an expert in this field and wants to go there do so at your own risk. I on purpose did not put a link to the website here so you have to manually punch it in.

    If someone knows how to get around it and post a screenshot and what evil trick they are using please post in topic.

    WARNING USE LINK AT OWN RISK AND ONLY IF YOU ARE SURE YOUR BROWSER IS PROTECTED

    aboutus(dot).ca

    It really does not damage anything and control alt delete gets you out if you get stuck.

    PS. I am not in any way affiliated with any of the domains in this topic.
     
    Last edited: Dec 20, 2018
    The views expressed on this page by users and staff are their own, not those of NamePros.
  2. sircc

    sircc Established Member ★★★★★★★★★★

    Posts:
    203
    Likes Received:
    367
    Indian scammers at it again. The phone number they list will take you a fake Microsoft tech.

    Look up "Microsoft Indian scammers" on the tube.
     
  3. Bertrell

    Bertrell WayTooWoke Gold Account

    Posts:
    191
    Likes Received:
    627
    I believe that does happen, but it's not always the site that's malicious. I can't say for certain, but perhaps it is your browser that might be compromised.

    Again, not trying to sound dismissive, as I have had similar experiences on rare occasions: try to go to a site, and get redirected to malware (to the point of the browser locking up). Usually, I try it once more (just to test). More often than not, that 2nd attempt yields a normal website.

    This one (at the time of my 2 visits, which took place immediately before this post) seemed a-okay. It appears to be parked at SEDO (or is on rotation that includes Sedo).

    aboutusdotca.png

    I am not an expert in malicious web sites, but I have helped many folks with removing malware infections (without completely erasing everything and starting over) on their (mainly Windows) machines. Often, it was the browser(s) used that had problems.

    Just my observations.
     
  4. MapleDots

    MapleDots Domain Properties 2010 - 2019 VIP

    Posts:
    4,214
    Likes Received:
    8,261
    Very odd, when I punched the address into the browser it forwarded numerous times and landed on tha malware. I don't want to go back because it crashed my browser but if anyone does can you post a screenshot of what the page looks like when it shows the malware?

    It would also be interesting to see what address it forwards too.

    I'm not going there again personally because it makes me a bit nervous.
     
  5. MapleDots

    MapleDots Domain Properties 2010 - 2019 VIP

    Posts:
    4,214
    Likes Received:
    8,261
    Did you get the malware or a parked page like @Bertrell ?
     
  6. Aaron Allison

    Aaron Allison Established Member

    Posts:
    215
    Likes Received:
    337
    Simple tech scam

    Google - granny edna tech scammer
     
  7. MapleDots

    MapleDots Domain Properties 2010 - 2019 VIP

    Posts:
    4,214
    Likes Received:
    8,261
    I've seen it tons of times but this one really locked things down tight. Usually I can recover my tabs or just go to the task bar and close the window but this was was a bit more elaborate. Even after the control alt delete chrome could not recover.

    I't will be interesting to see who gets the same and can post a screen shot.
     
  8. Aaron Allison

    Aaron Allison Established Member

    Posts:
    215
    Likes Received:
    337
    It just forwards to sedo lander for me
     
  9. carob

    carob Active Member VIP

    Posts:
    3,027
    Likes Received:
    3,602
  10. MapleDots

    MapleDots Domain Properties 2010 - 2019 VIP

    Posts:
    4,214
    Likes Received:
    8,261
    Hmm, I just visited from my chromebook and I get the sedo page as well.

    Sooo strange, I read the dns poisoning and that adds another whole dimension. So the user (in this case me) thinks the domain they are going to is the culprit when really it is the dns. Wow, things are just getting crazy at this point.
     
  11. MapleDots

    MapleDots Domain Properties 2010 - 2019 VIP

    Posts:
    4,214
    Likes Received:
    8,261
    Could it be if you add https:// in front of aboutus(dot)ca ?

    My chromebook refuses to connect with that and I'm not going there with my windows 10 machine.
    Chromebooks usually won't allow ill behavior so I use one whenever I get something like this.
     
  12. Mister Funsky

    Mister Funsky Active Member VIP

    Posts:
    1,799
    Likes Received:
    6,888
    Yep...happens a lot. Just had a 'revenue enhancing specialist' contact me this morning about me using their service for parking. Promised me quite a chunk of change to let them monetize one specific name since it gets so much traffic. When I asked him how he planned to make me so much money, he said 'zero click'. That, ZC, is the problem.
     
  13. JB Lions

    JB Lions Top Member VIP

    Posts:
    12,830
    Likes Received:
    17,669
    Isn't that just Sedo parking and 0 click. Just mentioned in previous post. I would never use 0 click.
     
    Last edited: Dec 20, 2018
  14. MapleDots

    MapleDots Domain Properties 2010 - 2019 VIP

    Posts:
    4,214
    Likes Received:
    8,261
    Picture0011.png

    Here you can see my history of where it sent me to...

    Bottom is where I went, then it forwarded to next one up the list and so on.

    So you see, it really happened
     
  15. MapleDots

    MapleDots Domain Properties 2010 - 2019 VIP

    Posts:
    4,214
    Likes Received:
    8,261
    The microsoft warnings were the issue, it took multiple tabs and I was using chrome on windows 10
     
  16. MapleDots

    MapleDots Domain Properties 2010 - 2019 VIP

    Posts:
    4,214
    Likes Received:
    8,261
  17. MapleDots

    MapleDots Domain Properties 2010 - 2019 VIP

    Posts:
    4,214
    Likes Received:
    8,261
    http ://feed.adrebels.net/preclick2.ashx?sys=AdRebels&e=h/sGfaEQh1KPKjRgcm1SuGqxlHqhVS76wDUt9AP9JNuWXW9XTc+j5dQYCAH8tRIYUGFt7O/HuulbtBdaCJ4nEkG0IKRemD7Aj+re6xV9fWmlTc0HXQOuLjYQ0gysBPJzHEo/jpBa9bMJ+fFS6bSLIHV+BikY/AxzJeTJko8xjV99rwCSsxnmW7lV7IwKEdYjCTXH8GqNs0Z69/lmmpkxNwcATEs6KO+T7ph593eV4j79sA1IytbAK2ojQiF78kwzvNP6CUiIdtL9UJl1Dra9E1lbJvmb9QL0e/Mljn/jIENcoTZX0lKJgawr9T5rBn8fYT29vX7QnpgmfkYY5gNRuEtvMeJWc+hbun9SL/rSbtwWMO3HEFemomoZ1W363Klohms3JOLWEx9KDoyUxfiqe6dqclB+lxxBHOwIo7FV2chkElVgVjJZW+oL3DgLTVl+Jn2CLuveouhe3D3a5vXQKQcjUj+bIbDcsV6Dv2iBXQo3w9Blr1iFVRvApEwe6HSJX3cScIVdrdGwVNNB85BxlwLm/9ujZX4OKwyQPnZz15NBTj9qTFQ/tdjvu59tRYCzmrGrd8y+CpFuq9El7jDNfrMWoEGEQmI8W1nliOQU+8daF4IP3l2WA80S2lENCOURYxjZWdTHysDbCs1UUKtLUVbrzddZL1mc2D67rkmZEyqa/Q6xS/sAnRZfivy3yzIY4O/dW+V6Is/AU6GYK2CIMLPCx0YUnnwumBykdofV0P/JFIxI2xutE9AHJBvYnxsdgi5LlSVoSkxzQxOFNXe0mf8ziyejAfp5UweelOFRVBD35SUs+Y+WxyxqaJ9LvGiBXHYXvx43/q3PPaFQNR7iRpGv2dim8ZLDn7GR1f3lpSo1SY3PYpG226zSPB4hJw/HCnh13A62+yQHyM3YqzxyhrhoKex2a9VHo0ohii/JVOOncZowQhRHrKhoxikUkoO8cvqI4NaFU8jLQTLfikYifuBkB/M/TeopUMcEfEVQztQ=

    That was what it linked to - I disabled the link so cut and paste at your own risk

    I did that so nobody accidentally clicks it.
     
    Last edited: Dec 20, 2018
  18. MapleDots

    MapleDots Domain Properties 2010 - 2019 VIP

    Posts:
    4,214
    Likes Received:
    8,261
    The only odd part is how I got there from starting off at aboutus(dot)ca

    You can clearly see the click history in the history picture I attached.

    It goes from the bottom up. The bottom being the first address to start the process.
     
  19. Bertrell

    Bertrell WayTooWoke Gold Account

    Posts:
    191
    Likes Received:
    627
    Edit: didn't see the REMOVE part! :)
     
    Last edited: Dec 20, 2018
  20. Bertrell

    Bertrell WayTooWoke Gold Account

    Posts:
    191
    Likes Received:
    627
    The next time I encounter something similar...I'll try to remember to post it here.

    It happens to me maybe once every couple of months--not to the point of getting my browser locked up, but the first destination being something undesirable or unintended.

    Will try to keep a closer eye out in the future.
     
    Last edited: Dec 20, 2018
  21. MapleDots

    MapleDots Domain Properties 2010 - 2019 VIP

    Posts:
    4,214
    Likes Received:
    8,261
    I just did that and it should be disabled now
     
  22. JB Lions

    JB Lions Top Member VIP

    Posts:
    12,830
    Likes Received:
    17,669
    Last edited: Dec 20, 2018
  23. MapleDots

    MapleDots Domain Properties 2010 - 2019 VIP

    Posts:
    4,214
    Likes Received:
    8,261
    If sedo is doing any of that locking up browsers and such then we have a problem.
     
    Last edited: Dec 20, 2018
  24. JB Lions

    JB Lions Top Member VIP

    Posts:
    12,830
    Likes Received:
    17,669
  25. MapleDots

    MapleDots Domain Properties 2010 - 2019 VIP

    Posts:
    4,214
    Likes Received:
    8,261
    So this is the actual warning page

    us.ww2012-supportusdr05.xyz

    They are using an xyz address extension
     

Want to reply or ask your own question?

It only takes a minute to sign up – and it's free!
Topics / Tags:

Share This Page

Lysted
  1. NamePros uses cookies and similar technologies. By using this site, you are agreeing to our privacy policy, terms, and use of cookies.
    Dismiss Notice
Loading...