Just got this email, should I be moving undercover to costa rica? (12)
Just got this email, should I be moving undercover to costa rica?
OK, the spanish FBI are after me or something like that.
Looks creepy. What should I do with my impersonating landers?
Should I be packing my things and moving to a lonely place and changing my name?
(context): been running aggressive (brands) in ES, just got this email:
**** English version ****
Dear Sirs,
The CERT of the Spanish National Cybersecurity Institute (INCIBE-CERT) have been informed of a fraudulent site, involved in an attempt to impersonate a company, that uses the following malicious domain that belongs to your company as a registrar, so we notify you to help us with the appropriate actions to resolve this incident:
mydomain.com
Resolves to:
172.**.***.***
***.**.*.50
We would greatly appreciate your assistance on taking down this domain as soon as possible. We will be monitoring this incident, and tracking its progress to closure.
As a recommendation, please remember to keep all the information related to this incident, as it could be required by the authorities for further investigations.
If you are not the correct person to be dealing with this incident, could you please forward this request to the appropriate person. Also, you are free to pass this information on to other trusted parties (e.g. law enforcement), as you see fit.
Any feedback you can provide will be greatly appreciated. Thank you for your cooperation to prevent and terminate this kind of activities.
Best Regards,
- --
INCIBE-CERT - Spanish National CSIRT
https://www.incibe-cert.es/
PGP keys: https://www.incibe-cert.es/en/what-i...gp-public-keys
====================================================================
INCIBE-CERT is the Spanish National CSIRT designated for citizens, private law entities, other entities not included in the subjective scope of application of the "Ley 40/2015, de 1 de octubre, de Régimen Jurídico del Sector Público", as well as digital service providers, operators of essential services and critical operators under the terms of the "Real Decreto-ley 12/2018, de 7 de septiembre, de seguridad de las redes y sistemas de información" that transposes the Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union.
====================================================================
In compliance with the General Data Protection Regulation of the EU (Regulation EU 2016/679, of 27 April 2016) we inform you that your personal and corporate data (as well as those included in attached documents); and e-mail address, may be included in our records for the purpose derived from legal, contractual or pre-contractual obligations or in order to respond to your queries. You may exercise your rights of access, correction, cancellation, portability, limitation of processing and opposition under the terms established by current legislation and free of charge by sending an e-mail to dpd@incibe.es. The Data Controller is S.M.E. Instituto Nacional de Ciberseguridad de España, M.P., S.A. More information is available on our website: https://www.incibe.es/proteccion-datos-personales and https://www.incibe.es/registro-actividad.
====================================================================
Take em down asap!
@roiter123
Hey man, just curious, did you receive any prior warning to take down these impersonating landers? If you did, did you ignore it that led to this letter?
Oh dear, what did you do?
Really man, I also ran lots of hyper aggressive and dirty stuff but I never received such an email.
Just few day ago one of my domains got banned by the registrar or I received an email from my server hosting for "malware" websites but nothing serious happened then.
Did you cloak?
And did you check if all infos about you are right and all outgoing links go to the appropriate websites?
I also wouldn´t reply to it, you probably could only make it worse the more you say.
Apart from that better play safe and stop the campaigns, remove the websites and maybe shut down the server.
Keep us updated.
Originally Posted by wes888
Originally Posted by twinaxe
I will probably just switch my domain on those landers
For the server, I use LanderLab which is essentially AWS S3 with cloudflare.
Originally Posted by roiter123
Yeah, they sent my lander URL in spain. They did not attach any personal info though, apart from finding my email (which already reveals my name) despite WHOIS protection.
I will probably just switch my domain on those landers
For the server, I use LanderLab which is essentially AWS S3 with cloudflare.
You don’t even have to run aggressive to get that shit.
Just take down the landers (or move to a different folder). And don’t run ES ever.
Also prepare for notices from your host, cdn, traffic sources, and a GSB flag on your lander domains and possibly your tracking domain soon.
Running in ES, especially push, will get this cyber security IT bullshit every time.
You’ll also see it with running LIDL offers anywhere in Europe.
Best to avoid.
Just got this email, should I be moving undercover to costa rica?
Originally Posted by roiter123
Yeah, they sent my lander URL in spain. They did not attach any personal info though, apart from finding my email (which already reveals my name) despite WHOIS protection.
I will probably just switch my domain on those landers
For the server, I use LanderLab which is essentially AWS S3 with cloudflare.
@roiter123 Any news about this one?
Ah yeah, nothing happened as it seems I just replaced the domain of my landers.
Great news, I keep my fingers crossed that nothing follows there
Home > Questions and Answers > General Questions