I'm noticing a tech support scam campaign with a theme in the domain name. At least one of these was served by Google search malvertising and I think they all were. What kills me is the search term was simply "facebook". Why is that even purchasable at this point.
The first one I saw yesterday.
www[.]track100googleads[.]website
143[.]244.220.150
Then these came by today. The base path is an open directory.
googleads100kms[.]agency/ilakafb/
googleads100kms[.]club/lanibobofb/
googleads100kms[.]club/lipapoti/
50[.]62.183.225
They're hosting the scam on Azure.
qktussbhelxy1fbgqprw.azurewebsites[.]net/4FQbQTDRV9z17aW84OJg/
zrgliql5waeszh7i7axm.azurewebsites[.]net/DUnMLrAWh4A1fPBTxsb6/
Anybody know of a handy method to search all known domains? In this case search for "googleads" plus "100".
https://media.infosec.exchange/infosecmediaeu/media_attachments/files/111/172/298/494/087/352/original/78032209f547230e.png