Domains used for evil purposes

[MapleDots]

A member posted a domain for sale aboutme(dot)ca and I thought it was a really good domain so out of curiosity I thought I would punch in aboutus(dot)ca and it forwarded a few times and completely locked up my chrome browser.

Nothing got me out, I could not click away and a voice came on saying that I am compromised I have been visiting porn sites etc. It gave a blue Microsoft warning that I need to call in to unlock my computer and the heavens will open up if I circumvent it.

A quick control alt delete and I was out of course but sure enough chrome could not even recover my tabs etc.

A sweet domain like aboutus(dot)ca used for such an evil purpose surprised me a bit and I wondered what the next step was and who to report it to.

Anyone that is an expert in this field and wants to go there do so at your own risk. I on purpose did not put a link to the website here so you have to manually punch it in.

If someone knows how to get around it and post a screenshot and what evil trick they are using please post in topic.

WARNING USE LINK AT OWN RISK AND ONLY IF YOU ARE SURE YOUR BROWSER IS PROTECTED

aboutus(dot).ca

It really does not damage anything and control alt delete gets you out if you get stuck.

PS. I am not in any way affiliated with any of the domains in this topic.

 

[JB Lions]

I just tried it. There have been countless threads on this here. It's just Sedo's Zero Click. It usually goes to crap sites, adware, downloads, viruses etc. Some other parking places have that too.

Endless threads on it - https://www.namepros.com/search/31842090/?q=zero+click&o=relevance&c[title_only]=1

 

[JB Lions]

Hmm, I just visited from my chromebook and I get the sedo page as well.

Sooo strange, I read the dns poisoning and that adds another whole dimension. So the user (in this case me) thinks the domain they are going to is the culprit when really it is the dns. Wow, things are just getting crazy at this point.

Isn't that just Sedo parking and 0 click. Just mentioned in previous post. I would never use 0 click.

 

[carob]

Might be DNS poisoning

https://www.howtogeek.com/161808/htg-explains-what-is-dns-cache-poisoning/

 

[JB Lions]

Thank you, I do see that but it still does not explain why nobody else got that and just I had it when I visite the domain in my opening post.

Should other members not be getting the same?

I believe they rotate the landing pages, redirects etc. When I first started, my rookie year, I was using Sedo parking and noticed some of that. You can't sell a domain with Zero click enabled. People might associate the crap they land on, with that domain. I guess some people make money with it but not good for actually selling the domain.

 

[JB Lions]

I understand that and don't have an issue with it but when it redirects to malware that is a huge issue and I have confirmed that it was not cache poisoning (as one member mentioned). It definitely started at the domain I indicated.

So all this click redirecting fine but Sedo should stomp on it for directing to malware.

I agree, but from what I've seen most of this zero click stuff is exactly that. Bunch of crap sites, malware, dirty stuff, etc. There is nowhere in that process someone could even submit an offer. Like I said, not good if you want to actually sell a domain.

 

[Bertrell]

There is nowhere in that process someone could even submit an offer. Like I said, not good if you want to actually sell a domain.

This was my takeaway. I encountered that whole thing early on, and simply assumed it was the norm. I started using Undeveloped landers and making my own, as a result.

 

[sircc]

Indian scammers at it again. The phone number they list will take you a fake Microsoft tech.

Look up "Microsoft Indian scammers" on the tube.

 

[MapleDots]

http ://feed.adrebels.net/preclick2.ashx?sys=AdRebels&e=h/sGfaEQh1KPKjRgcm1SuGqxlHqhVS76wDUt9AP9JNuWXW9XTc+j5dQYCAH8tRIYUGFt7O/HuulbtBdaCJ4nEkG0IKRemD7Aj+re6xV9fWmlTc0HXQOuLjYQ0gysBPJzHEo/jpBa9bMJ+fFS6bSLIHV+BikY/AxzJeTJko8xjV99rwCSsxnmW7lV7IwKEdYjCTXH8GqNs0Z69/lmmpkxNwcATEs6KO+T7ph593eV4j79sA1IytbAK2ojQiF78kwzvNP6CUiIdtL9UJl1Dra9E1lbJvmb9QL0e/Mljn/jIENcoTZX0lKJgawr9T5rBn8fYT29vX7QnpgmfkYY5gNRuEtvMeJWc+hbun9SL/rSbtwWMO3HEFemomoZ1W363Klohms3JOLWEx9KDoyUxfiqe6dqclB+lxxBHOwIo7FV2chkElVgVjJZW+oL3DgLTVl+Jn2CLuveouhe3D3a5vXQKQcjUj+bIbDcsV6Dv2iBXQo3w9Blr1iFVRvApEwe6HSJX3cScIVdrdGwVNNB85BxlwLm/9ujZX4OKwyQPnZz15NBTj9qTFQ/tdjvu59tRYCzmrGrd8y+CpFuq9El7jDNfrMWoEGEQmI8W1nliOQU+8daF4IP3l2WA80S2lENCOURYxjZWdTHysDbCs1UUKtLUVbrzddZL1mc2D67rkmZEyqa/Q6xS/sAnRZfivy3yzIY4O/dW+V6Is/AU6GYK2CIMLPCx0YUnnwumBykdofV0P/JFIxI2xutE9AHJBvYnxsdgi5LlSVoSkxzQxOFNXe0mf8ziyejAfp5UweelOFRVBD35SUs+Y+WxyxqaJ9LvGiBXHYXvx43/q3PPaFQNR7iRpGv2dim8ZLDn7GR1f3lpSo1SY3PYpG226zSPB4hJw/HCnh13A62+yQHyM3YqzxyhrhoKex2a9VHo0ohii/JVOOncZowQhRHrKhoxikUkoO8cvqI4NaFU8jLQTLfikYifuBkB/M/TeopUMcEfEVQztQ=

That was what it linked to - I disabled the link so cut and paste at your own risk

I did that so nobody accidentally clicks it.

 

[offthehandle]

I agree, but from what I've seen most of this zero click stuff is exactly that. Bunch of crap sites, malware, dirty stuff, etc. There is nowhere in that process someone could even submit an offer. Like I said, not good if you want to actually sell a domain.

I dont park with any of those companies mentioned, so never knew there was a name “zero click”, for that behavior. Thanks for posting that.

So curious, is that what is going on with the Files.com domain?

I went to look at it to see if it was being used, parked or whatever right after the domain sale was announced (on another thread here) and was shocked and pissed that it starts this stupid redirect sequence jumping from one Url to the next and next, etc. not knowing if it was phishing or malware or whatever, I thought it was a scam site and lost all respect for the buyer/broker/owner when that happened.

 

[Asset Profit]

Please do not assume you are not infected. They have stuff inside their stuff. Some computers are just used to control other computers. Start getting those AntiVirus Trial Periods my friend. Stop Zilla got me out once.

Art

 

[carob]

I can't find where to turn zero click on or off.
@Sedo can you help us out here with an explanation?
Wont use sedo nameservers until they come up with no ads for sale lander

Hi there is no user accessible setting - you have to submit a request to turn off Zero Click:

https://sedo-us1.custhelp.com/app/answers/detail/a_id/3776/~/can-i-disable-zero-click?

Can I disable Zero Click?

If you do not wish to have this feature enabled, please contact your account manager or our customer support team.

Contact Sedo's Customer Support Center for more information.

BUT if you try to use the customer support form it does not send, it just says

A problem has been encountered. Your question could not be processed.

On the Customer Support page there is an email address to contact them on:
https://sedo.com/uk/know-how-support/

 

[Bertrell]

I believe that does happen, but it's not always the site that's malicious. I can't say for certain, but perhaps it is your browser that might be compromised.

Again, not trying to sound dismissive, as I have had similar experiences on rare occasions: try to go to a site, and get redirected to malware (to the point of the browser locking up). Usually, I try it once more (just to test). More often than not, that 2nd attempt yields a normal website.

This one (at the time of my 2 visits, which took place immediately before this post) seemed a-okay. It appears to be parked at SEDO (or is on rotation that includes Sedo).



I am not an expert in malicious web sites, but I have helped many folks with removing malware infections (without completely erasing everything and starting over) on their (mainly Windows) machines. Often, it was the browser(s) used that had problems.

Just my observations.

 

[MapleDots]

I believe that does happen, but it's not always the site that's malicious. I can't say for certain, but perhaps it is your browser that might be compromised.

Again, not trying to sound dismissive, as I have had similar experiences on rare occasions: try to go to a site, and get redirected to malware (to the point of the browser locking up). Usually, I try it once more (just to test). More often than not, that 2nd attempt yields a normal website.

This one (at the time of my 2 visits, which took place immediately before this post) seemed a-okay. It appears to be parked at SEDO (or is on rotation that includes Sedo).

Show attachment 105166

I am not an expert in malicious web sites, but I have helped many folks with removing malware infections (without completely erasing everything and starting over) on their (mainly Windows) machines. Often, it was the browser(s) used that had problems.

Just my observations.

Very odd, when I punched the address into the browser it forwarded numerous times and landed on tha malware. I don't want to go back because it crashed my browser but if anyone does can you post a screenshot of what the page looks like when it shows the malware?

It would also be interesting to see what address it forwards too.

I'm not going there again personally because it makes me a bit nervous.

 

[MapleDots]

Could it be if you add https:// in front of aboutus(dot)ca ?

My chromebook refuses to connect with that and I'm not going there with my windows 10 machine.
Chromebooks usually won't allow ill behavior so I use one whenever I get something like this.

 

[Mister Funsky]

Yep...happens a lot. Just had a 'revenue enhancing specialist' contact me this morning about me using their service for parking. Promised me quite a chunk of change to let them monetize one specific name since it gets so much traffic. When I asked him how he planned to make me so much money, he said 'zero click'. That, ZC, is the problem.

 

[MapleDots]

Here you can see my history of where it sent me to...

Bottom is where I went, then it forwarded to next one up the list and so on.

So you see, it really happened

 

[Bertrell]

Edit: didn't see the REMOVE part!

 

[MapleDots]

I just tried it. There have been countless threads on threads on this. It's just Sedo's Zero Click. It usually goes to crap sites, adware, downloads, viruses etc.

If sedo is doing any of that locking up browsers and such then we have a problem.

 

[JB Lions]

https://www.namepros.com/search/31842090/?q=zero+click&o=relevance&c[title_only]=1

Zero Click, that's it. Going on for years. Read the old threads.

 

[MapleDots]

So this is the actual warning page

us.ww2012-supportusdr05.xyz

They are using an xyz address extension

 

[JB Lions]

I really don't understand.... it was a pure scam trying to extort money out of me.

As a reputable company how can Sedo allow themselves to be associated with this?
And as a domain owner that would horrify me thinking that someone that might want to buy my domain is getting redirected to malware.

So why on gods green earth would anyone park at sedo?

Other parking places have that option as well, like Bodis - https://www.namepros.com/threads/bodis-forwarding-advertisement.1070787/#post-6619923

" I just signed up for bodis and I noticed when I visit my site a standard parked page appears for a moment then the entire site is redirected to an advertisement website."

I was using Voodoo, and I don't think they have it. Not sure about the other parking companies.

 

[Larion]

ParkingCrew.com is also using this form of advertising, which gives you a virus alert and even a strange sound. The ads are being rotated, so there is a different ad evertime you visit the URL.


I stopped using ParkingCrew.com for monetizing my domains after testing them for a few days.

Definitely damages the value of the domain itself by putting up such crappy "parking-programs" as ParkingCrew.com is providing.
I would advise not to use "parking-services" like these, if you want to protect the value of your domain-name.

 

[imadoer]

Show attachment 105163

A member posted a domain for sale aboutme(dot)ca and I thought it was a really good domain so out of curiosity I thought I would punch in aboutus(dot)ca and it forwarded a few times and completely locked up my chrome browser.

Nothing got me out, I could not click away and a voice came on saying that I am compromised I have been visiting porn sites etc. It gave a blue Microsoft warning that I need to call in to unlock my computer and the heavens will open up if I circumvent it.

A quick control alt delete and I was out of course but sure enough chrome could not even recover my tabs etc.

A sweet domain like aboutus(dot)ca used for such an evil purpose surprised me a bit and I wondered what the next step was and who to report it to.

Anyone that is an expert in this field and wants to go there do so at your own risk. I on purpose did not put a link to the website here so you have to manually punch it in.

If someone knows how to get around it and post a screenshot and what evil trick they are using please post in topic.

WARNING USE LINK AT OWN RISK AND ONLY IF YOU ARE SURE YOUR BROWSER IS PROTECTED

aboutus(dot).ca

It really does not damage anything and control alt delete gets you out if you get stuck.

PS. I am not in any way affiliated with any of the domains in this topic.

Parking at sedo is notorious for this your only hope is to x the page out as fast as possible. Thanks @MapleDots for not posting another thread about killing .com

 

[Asset Profit]

Free movie sites are usually pirates offering movies without proper agreement, you can't expect a safe environment there.

Absolutely agree. Traveling in Asia and here you will find movies on the street literally before even released for 50 cents. Was actually a series episode I just had to see haha and I got the Bonus so to speak ha.