Domains used for evil purposes

[MapleDots]

A member posted a domain for sale aboutme(dot)ca and I thought it was a really good domain so out of curiosity I thought I would punch in aboutus(dot)ca and it forwarded a few times and completely locked up my chrome browser.

Nothing got me out, I could not click away and a voice came on saying that I am compromised I have been visiting porn sites etc. It gave a blue Microsoft warning that I need to call in to unlock my computer and the heavens will open up if I circumvent it.

A quick control alt delete and I was out of course but sure enough chrome could not even recover my tabs etc.

A sweet domain like aboutus(dot)ca used for such an evil purpose surprised me a bit and I wondered what the next step was and who to report it to.

Anyone that is an expert in this field and wants to go there do so at your own risk. I on purpose did not put a link to the website here so you have to manually punch it in.

If someone knows how to get around it and post a screenshot and what evil trick they are using please post in topic.

WARNING USE LINK AT OWN RISK AND ONLY IF YOU ARE SURE YOUR BROWSER IS PROTECTED

aboutus(dot).ca

It really does not damage anything and control alt delete gets you out if you get stuck.

PS. I am not in any way affiliated with any of the domains in this topic.

 

[JB Lions]

So this is the actual warning page

us.ww2012-supportusdr05.xyz

They are using an xyz address extension

https://www.namepros.com/search/31842090/?q=zero+click&o=relevance&c[title_only]=1

Zero Click, that's it. Going on for years. Read the old threads.

 

[MapleDots]

Thank you, I do see that but it still does not explain why nobody else got that and just I had it when I visite the domain in my opening post.

Should other members not be getting the same?

 

[JB Lions]

Thank you, I do see that but it still does not explain why nobody else got that and just I had it when I visite the domain in my opening post.

Should other members not be getting the same?

I believe they rotate the landing pages, redirects etc. When I first started, my rookie year, I was using Sedo parking and noticed some of that. You can't sell a domain with Zero click enabled. People might associate the crap they land on, with that domain. I guess some people make money with it but not good for actually selling the domain.

 

[creataweb]

yes its zero click with rotation (annoying I know.)

 

[MapleDots]

yes its zero click with rotation (annoying I know.)

I really don't understand.... it was a pure scam trying to extort money out of me.

As a reputable company how can Sedo allow themselves to be associated with this?
And as a domain owner that would horrify me thinking that someone that might want to buy my domain is getting redirected to malware.

So why on gods green earth would anyone park at sedo?

 

[JB Lions]

I really don't understand.... it was a pure scam trying to extort money out of me.

As a reputable company how can Sedo allow themselves to be associated with this?
And as a domain owner that would horrify me thinking that someone that might want to buy my domain is getting redirected to malware.

So why on gods green earth would anyone park at sedo?

Other parking places have that option as well, like Bodis - https://www.namepros.com/threads/bodis-forwarding-advertisement.1070787/#post-6619923

" I just signed up for bodis and I noticed when I visit my site a standard parked page appears for a moment then the entire site is redirected to an advertisement website."

I was using Voodoo, and I don't think they have it. Not sure about the other parking companies.

 

[MapleDots]

Other parking places have that option as well, like Bodis - https://www.namepros.com/threads/bodis-forwarding-advertisement.1070787/#post-6619923

" I just signed up for bodis and I noticed when I visit my site a standard parked page appears for a moment then the entire site is redirected to an advertisement website."

I was using Voodoo, and I don't think they have it. Not sure about the other parking companies.

I understand that and don't have an issue with it but when it redirects to malware that is a huge issue and I have confirmed that it was not cache poisoning (as one member mentioned). It definitely started at the domain I indicated.

So all this click redirecting fine but Sedo should stomp on it for directing to malware.

 

[Larion]

ParkingCrew.com is also using this form of advertising, which gives you a virus alert and even a strange sound. The ads are being rotated, so there is a different ad evertime you visit the URL.


I stopped using ParkingCrew.com for monetizing my domains after testing them for a few days.

Definitely damages the value of the domain itself by putting up such crappy "parking-programs" as ParkingCrew.com is providing.
I would advise not to use "parking-services" like these, if you want to protect the value of your domain-name.

 

[JB Lions]

I understand that and don't have an issue with it but when it redirects to malware that is a huge issue and I have confirmed that it was not cache poisoning (as one member mentioned). It definitely started at the domain I indicated.

So all this click redirecting fine but Sedo should stomp on it for directing to malware.

I agree, but from what I've seen most of this zero click stuff is exactly that. Bunch of crap sites, malware, dirty stuff, etc. There is nowhere in that process someone could even submit an offer. Like I said, not good if you want to actually sell a domain.

 

[Bertrell]

There is nowhere in that process someone could even submit an offer. Like I said, not good if you want to actually sell a domain.

This was my takeaway. I encountered that whole thing early on, and simply assumed it was the norm. I started using Undeveloped landers and making my own, as a result.

 

[imadoer]

Show attachment 105163

A member posted a domain for sale aboutme(dot)ca and I thought it was a really good domain so out of curiosity I thought I would punch in aboutus(dot)ca and it forwarded a few times and completely locked up my chrome browser.

Nothing got me out, I could not click away and a voice came on saying that I am compromised I have been visiting porn sites etc. It gave a blue Microsoft warning that I need to call in to unlock my computer and the heavens will open up if I circumvent it.

A quick control alt delete and I was out of course but sure enough chrome could not even recover my tabs etc.

A sweet domain like aboutus(dot)ca used for such an evil purpose surprised me a bit and I wondered what the next step was and who to report it to.

Anyone that is an expert in this field and wants to go there do so at your own risk. I on purpose did not put a link to the website here so you have to manually punch it in.

If someone knows how to get around it and post a screenshot and what evil trick they are using please post in topic.

WARNING USE LINK AT OWN RISK AND ONLY IF YOU ARE SURE YOUR BROWSER IS PROTECTED

aboutus(dot).ca

It really does not damage anything and control alt delete gets you out if you get stuck.

PS. I am not in any way affiliated with any of the domains in this topic.

Parking at sedo is notorious for this your only hope is to x the page out as fast as possible. Thanks @MapleDots for not posting another thread about killing .com

 

[offthehandle]

I agree, but from what I've seen most of this zero click stuff is exactly that. Bunch of crap sites, malware, dirty stuff, etc. There is nowhere in that process someone could even submit an offer. Like I said, not good if you want to actually sell a domain.

I dont park with any of those companies mentioned, so never knew there was a name “zero click”, for that behavior. Thanks for posting that.

So curious, is that what is going on with the Files.com domain?

I went to look at it to see if it was being used, parked or whatever right after the domain sale was announced (on another thread here) and was shocked and pissed that it starts this stupid redirect sequence jumping from one Url to the next and next, etc. not knowing if it was phishing or malware or whatever, I thought it was a scam site and lost all respect for the buyer/broker/owner when that happened.

 

[Asset Profit]

Please do not assume you are not infected. They have stuff inside their stuff. Some computers are just used to control other computers. Start getting those AntiVirus Trial Periods my friend. Stop Zilla got me out once.

Art

 

[Asset Profit]

Those damn Free Movie sites got me good. learned my lesson. Free can be painful.

 

[eurorealtor]

Those damn Free Movie sites got me good. learned my lesson. Free can be painful.

Free movie sites are usually pirates offering movies without proper agreement, you can't expect a safe environment there.

 

[Asset Profit]

Free movie sites are usually pirates offering movies without proper agreement, you can't expect a safe environment there.

Absolutely agree. Traveling in Asia and here you will find movies on the street literally before even released for 50 cents. Was actually a series episode I just had to see haha and I got the Bonus so to speak ha.

 

[Mister Funsky]

Voodoo did away with the zero click option. Based on my parking experiences in the recent past, sedo, parking crew and above still utilize it. One or more of those services may allow you to opt out.

I, like a lot of people here, am on the net 18 hours a day some days and I run across these crap redirects all the time. One thing that saves me over and over again is using the avast browser and their virus protection. They have a free version that is awesome...the paid service is even better. Using avast in combination with ccleaner keeps the comp running smoothly.

Oh yeah...if you are planning to sell a domain at any time in the future, do not use zero click. Unless it is a 3L or a top notch 4L, the domain may never reach a reasonable value again.

 

[Dotword]

I know this is not directly relevant to OP's case but "domains used for evil purposes" made me think about bitsquatting. Bitsquatting is where someone registers a domain name that is just "1-bit away" from another (high-traffic) domain. They then just wait for random memory errors to direct traffic their way.

See http://dinaburg.org/bitsquatting.html

 

[MapleDots]

So today I booted up my computer and my chrome browser took forever to start, it was hanging and glitchy.

I ran windows anti virus and it found nothing.

Then I decided to run the advanced scan and it found this....

Sure enough that bastard website put a key logger on my computer. Good thing I use the LastPass Password system and I never actually punch in my passwords. These tricky bastards are using legitimate domains for sale on sedo to plant this shit on computers.

I don't know about you guys put Sedo needs to put an end to this crap NOW!!

 

[Bertrell]

Then I decided to run the advanced scan

Did the advanced scan give the infected file or registry location on your drive? If so, that could be an indicator that something malicious was obtained from one or more sites you visited. I can't say 100% that that virus/malware signature [Hacktool:Win32/keygen] is always associated with a keylogger (as supposed to a key generator).

(I'm a LastPass subscriber, too--that app/service is pretty good.)

 

[MapleDots]

I'm sure it came from that site because my computer started to hang right after that. I re-booted and my chrome browser just sat there and I had to hit control ale delete a couple times again and then I decided I best run a deep scan.

 

[accuname]

There is a program called Sandboxie you can use surfing random domain names. I even use a separate browser - not just separate tab so when something like that happens it's no big deal. Also combine that with Malwarebytes and Windows firewall. That's it. Haven't had a problem in about two years.

 

[CJ6]

I've had my domains do this when parked at Sedo. Therefore, I never park my domains there, now.

 

[Haroon Basha]

I believe that does happen, but it's not always the site that's malicious. I can't say for certain, but perhaps it is your browser that might be compromised.

Again, not trying to sound dismissive, as I have had similar experiences on rare occasions: try to go to a site, and get redirected to malware (to the point of the browser locking up). Usually, I try it once more (just to test). More often than not, that 2nd attempt yields a normal website.

This one (at the time of my 2 visits, which took place immediately before this post) seemed a-okay. It appears to be parked at SEDO (or is on rotation that includes Sedo).

Show attachment 105166

I am not an expert in malicious web sites, but I have helped many folks with removing malware infections (without completely erasing everything and starting over) on their (mainly Windows) machines. Often, it was the browser(s) used that had problems.

Just my observations.

Several of my domain names that are parked at SEDO, used to take to some malicious websites. I reported this t SEDO, but they do not seems to understand my problem.

 

[MasterOfMyDomains]

I can't find where to turn zero click on or off.
@Sedo can you help us out here with an explanation?
Wont use sedo nameservers until they come up with no ads for sale lander