Jeroen Gui 

This site has been used in over 40 spam mails (all crypto scams) in the last couple of days.

hxxps://keto-balancepro.pro/2601

It's using @cloudflare services.

Here is a capture of the redirect chain and screenshot of the malicious crypto site:
https://lookyloo.jeroengui.be/tree/9104538f-a380-4866-8ad9-3728c39fa975

#infosec #crypto #spam #phishing

Jan 29, 2023 at 9:17amWeb
Show threadJeroen Gui Jan 29, 2023

@cloudflare

Same site, almost all of them also behind a Cloudflare proxy.

Show threadAl DownunderJan 29, 2023
@jeroengui @cloudflare just gave it a test using #nextdns and all good if you use NextDNS with Newly Registered Domain blocking enabled.
Show threadJeroen Gui Jan 29, 2023

@bouncywallaby

I will check out nextdns, but most people don't use it, so they aren't protected.

Cloudflare should take quicker action on abuse reports with obvious malicious content like this...

Show threadAl DownunderJan 29, 2023
@jeroengui yeah, you'd think that, but no. Gotta look after ourselves.