Gift card fraud spam — expansionus.com

The domain expansionus.com houses the final payload for gift card fraud spams that are making the rounds in SMS. We have verified that the content is as expected and that the payload remains up and available at the time of making these six SBL listings.

This is redirected to from fireplacecoffee.com (SBL495886 et al) at the present time. SBL495886 et al are also not eligible for removal because the redirection continues to work. Both domains have DNS services from CloudFlare and must be taken down completely.

$ host burots.expansionus.com
burots.expansionus.com has address 104.24.118.194
burots.expansionus.com has address 104.24.119.194
burots.expansionus.com has address 172.67.151.147
burots.expansionus.com has IPv6 address 2606:4700:3034::6818:76c2
burots.expansionus.com has IPv6 address 2606:4700:3033::6818:77c2
burots.expansionus.com has IPv6 address 2606:4700:3035::ac43:9793

$ host www.fireplacecoffee.com
www.fireplacecoffee.com has address 104.28.9.234
www.fireplacecoffee.com has address 172.67.155.42
www.fireplacecoffee.com has address 104.28.8.234
www.fireplacecoffee.com has IPv6 address 2606:4700:3033::ac43:9b2a
www.fireplacecoffee.com has IPv6 address 2606:4700:3036::681c:9ea
www.fireplacecoffee.com has IPv6 address 2606:4700:3031::681c:8ea

Cloudflare, kindly take the domains down. Looking at the front page is not going to produce any useful answers, the redirections are deeper down. The domains were registered for malicious purposes only and serve no useful purpose.

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *