Generic pop-up hosted at d1baoae6v99f76.cloudfront.net

_fn_reality · 24 Aprile 2021, 6:47pm

I got this redirect after going to (http://gmaiill.com/):

https://d1baoae6v99f76.cloudfront.net/CHH9/?phone=+1-(855)-516-3058&uclick=bz37b43y&uclickhash=bz37b43y-bz37b43y-pm-0-pm-ft-9l-b53016#

This isn't just for a single scam, https://d1baoae6v99f76.cloudfront.net/CHH9 can be set to display any phone number through the `phone` URL parameter. You could even do this is if you wanted to (unfortunately angle brackets are escaped, so just plain text):
https://d1baoae6v99f76.cloudfront.net/CHH9/?phone=THIS_IS_A_SCAM!!!________________________________________________!!THIS_IS_A_SCAM!!_____!!THIS_IS_A_SCAM!!_&uclick=bz37b43y&uclickhash=bz37b43y-bz37b43y-pm-0-pm-ft-9l-b53016#

I'm getting in contact with AWS CloudFront to try and get this taken down. Hopefully this is used my multiple scams and we can kill $n birds with one stone.

_fn_reality · 24 Aprile 2021, 8:01pm

Update: The CloudFront domain has been removed from operation. Thanks AWS!

_fn_reality · 25 Aprile 2021, 8:49pm

sigh New CloudFront domain. I’m getting in contact with AWS now.

https://d1em4ms65sd6a6.cloudfront.net/CHH9/?phone=+1-(877)-401-2536&uclick=bzfyscbl&uclickhash=bzfyscbl-bzfyscbl-pm-0-pm-ft-9l-5b9132#

(phone# 18774012536)

_fn_reality · 25 Aprile 2021, 8:50pm

AWS still hasn’t responed, but I did manage to bait them and waste 1 hour and 10 minutes of scammer time. It’s not much, but at least its something.