EVERYTHING about Booters (and CloudFlare)
Adrian
choprboy at dakotacom.net
Wed Jul 27 23:03:24 UTC 2016
On Wednesday 27 July 2016 07:58:49 Paras Jha wrote:
> Hi Justin,
>
> I have submitted abuse reports in the past, maybe from 2014 - 2015, but I
> gave up after I consistently did not even get replies and saw no action
> being taken. It is the same behavior with other providers who host malware
> knowingly. I appreciate you coming out onto the list though, it's nice to
> see that CF does maintain a presence here.
>
I am not seeing Justin's replies hitting my mailbox, only snipets of quotes
and replies... but my experience to date with CloudFlare has been exactly the
same, no response or action of any kind to abuse reports.
...Searching... here is an example. Banco do Brasil "you must update your
details" phishing fraud using compromised hosts. Example email and for details
neccessary to confirm sent to abuse at cloudflare.com on 7/17. Ten days later and
the compromised CloudFlare-fronted site is still up and still running. Would
there be any confusion if the following abuse report (plus attached original
email) arrived in your mailbox?
====================
Phishing / Fraud / Compromised server
Phishing URL:
http://www.rua.edu.kh/joomla/tecno/porta-bb2.com.jpg/
Redirects to:
http://fonecomercial.com.br/admin/wip.php/index.php
Redirects to:
http://app.flipedition.com/css/www2.bb.com.br.jpg/
Compromised server:
www.rua.edu.kh - 203.189.134.18
fonecomercial.com.br - 104.27.148.36 104.27.149.36
app.flipedition.com - 62.75.219.22
====================
Any guesses who 104.27.148.36 104.27.149.36 is? PlusServer.de (62.75.219.22)
terminated the final destination compromised pages within 12 hours... The
others are still up. Some providers actively monitor and take control of
reported abuses. Some providers actively ignore reported abuses.
More information about the NANOG
mailing list