blocklistproject
[Add request]
URL you wish to be added:
- conversionfanaticsapp.net
- conversionfanaticsappuk.com
Why you believe this should be added:
The domains are being used for a crypto work scam (pig butchering).
Add to list:
scam.txt
Other info you think we should know:
Yep, looks like their CDN (Tencent) have disabled them. DNS is still there, but the CDN no longer responds to the VIP that was assigned to them.
I'd suggest it may still be worth adding the central domain (conversionfanaticsapp.net) as they may yet pivot to another provider. All the others just make XHR calls to admin.conversionfanaticsapp.net so knobbling that will render any other frontends dead too.
They were being made by the web app that was at conversionfanaticsappuk.com
However, when the sute was live there were some elements (names in the terms and conditions etc) which suggested they're related to an work-scam outfit called Promatics.
They're known to have run region specific front end domains (some examples here), so its very likely the 'uk domain wasnt the only one
More interesting is it you get different sites depending on which CNAME you visit.
admin.conversionfanaticsapp.net. or kbpx4fdv.svip.tesucdn.com.
Adding conversionfanaticsapp.net to my privacy dns... thanks for sharing
-
admin.conversionfanaticsapp.net: https://0xacab.org/my-privacy-dns/matrix/-/issues/651666
you get different sites depending on which CNAME you visit
Yep, different site, same apparent model.
It's placing XHRs to admin.ambient-sys.net. Paths look exactly the same as on the earlier one - almost certainly the same deployment just answering to a different host header.
In fact, yep, it's the same guys. The root of admin.ambient-sys.net exposes a ThinkAdmin login page (Note: the ICP number in the bottom is that of the ThinkAdmin developer, not of the scam operators).]
Looks like they've switched to Telegram based "support" - Telegram username AmbientCS_1947.
So, yeah, I guess their next campaign is going to be under the name "ambient"