Oddbean new post about | logout
 I'm noticing a tech support scam campaign with a theme in the domain name.  At least one of these was served by Google search malvertising and I think they all were.  What kills me is the search term was simply "facebook".  Why is that even purchasable at this point.

The first one I saw yesterday.

www[.]track100googleads[.]website
143[.]244.220.150

Then these came by today.  The base path is an open directory.

googleads100kms[.]agency/ilakafb/
googleads100kms[.]club/lanibobofb/
googleads100kms[.]club/lipapoti/
50[.]62.183.225

They're hosting the scam on Azure.

qktussbhelxy1fbgqprw.azurewebsites[.]net/4FQbQTDRV9z17aW84OJg/
zrgliql5waeszh7i7axm.azurewebsites[.]net/DUnMLrAWh4A1fPBTxsb6/

Anybody know of a handy method to search all known domains?  In this case search for "googleads" plus "100".

https://media.infosec.exchange/infosecmediaeu/media_attachments/files/111/172/298/494/087/352/original/78032209f547230e.png