Redirect Scammer Pages

Redirect Scammer Pages

 

Many scammers are actually just trying to get you to affiliate link sites without actually committing much in the way of crime, just misleading you into a deal without you realising who they are.

Google and Amazon are favourite sites to impersonate, but often they will pick an individual provider, such as T-Mobile, as we can see below:

 

We are assuming that scammers change their intermediate pages less often than the landing and destination pages and so thought it might be worth naming a few:

adverdirect.com which forwards you straight to Google, but is a redirect from bad to bad as we can see above.

https://vcdc.com/ Another cloudflare page that poses as a lifestyle page (and maybe once was) but is riddled with redirects for all sorts of affiliate links and scams.

http://iyfnzgb.com/ - These pages are wary, they count visits and then send you to a harmless looking holding page when you start to investigate them. They appear immune to Tor. They appear to track via IP address as you can get back on their good side with a VPN or a router tweak.

https://s.arclk.net Is a secured site only on the s. prefix and quickly recognises IPs that have visited before. 

https://lead1.pl/ is a page on https://mylead.global/ which is obviously one of the affiliate systems they employ. On this page it continually takes you through to a subscription page for wellnesszap.com and financeflick.com, whatever they are.

https://grand-prise-ishere4.life/ is another redirect site they have with a TLS certificate and appears in many hops. The site was obviously a free domain and the certificate appears to be a free 90 day Lets Encrypt affair too.

http://euphe-gun.com/ Is another AWS server install which seem to be favoured, along with firebase, by many scammers as it gives them complete anonymity from their victims.

Data is below:

Type Domain Name IP Address TTL
A euphe-gun.com 34.226.113.11 Amazon.com, Inc. (AS14618) 60 sec
A euphe-gun.com 34.202.98.117 Amazon.com, Inc. (AS14618) 60 sec
A euphe-gun.com 3.221.180.161 Amazon.com, Inc. (AS14618) 60 sec
A euphe-gun.com 52.73.170.217 Amazon.com, Inc. (AS14618) 60 sec

 

Many of these redirects take you to pages listed on the known scams page.