Scam: Domain will be Disabled for ___

Here is a new scam going around. This fake email is pretending to be from SiteGround Web Hosting. Don’t fall it!

The scam originates from clients.your-server.de, home of many scammers and hackers. The email make you think you need to rush. The trick is to get you to click a link to trojan malware.

What is Trojan Malware?

Trojan malware is a program that claims to be one thing, but actually installs malicious software on your system. Trojans can take the forms, but once active on your system can attempt to steal your sensitive data or take control of the device.

The correct way to renew your domain name registration is:

  1. login to SiteGround
  2. click the Services tab
  3. click Domains on the menu bar
  4. click the Renew button next to the domain name

Here is a redacted copy of the fake email the scammer sent:

-----Original Message-----
From: SITEGROUND <Service@static.44.137.9.5.clients.your-server.de>
Sent: Tuesday, September 6, 2022 3:24 AM
To: xxxxxx xxxxx <xxxxxx@xxxxxxxx.xxx>
Subject: Domain will be Disabled for xxxxxxxx.xxx
Hello info@xxxxxxx.xxx
We inform you about the status of your products at SiteGround
and sending you a reminder 30, 15, 7 and 3 days before they end.
To renew all these services, click on "Renew Now" below:
Renew Now> <https://vse-tuta.ru.xxx//wp-load.php.xxx>   <https://skyswordone.com.xxx/wp-admin/sitegrounds/>

Here is the invoice of your concerned services:
Services ending in less than 3 days:

Product  Quantity        P‬‬r‬‬ic‬‬e     
Domain Name Registration         1       $49.99 
Subtotal:        $49.99 
Pa‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬ym‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬ent m‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬e‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬th‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬od:   Debit C‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬a‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬r‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬ds       
Total:   $49.99 

- If you would like to modify the characteristics of your services, you can use your management interface:
      httрs://Www.SіtGrоund.соm/manager/ <https://vse-tuta.ru.xxx//wp-load.php.xxx>
From this same management interface you can activate the automatic renewal option from the "Billing" section and then "My services".
info@xxxxxxx.xxx

How to block clients.your-server.de from scanning your website:

If you see as many hacking attempts on your website as I do from clients.your-server.de, you should block them. I use Apache to deny all access from clients.your-server.de. This code below will deny all web access from all of their IP’s. Depending on which version of Apache your web servers is running, add one of these lines to your .htaccess file:

For Apache v2.4 and above use:

Require not host clients.your-server.de

For Apache v2.0 use:

Deny from clients.your-server.de

How to protect your PC from malware and Trojans

To protect your PC from malware and Trojans I highly recommend virus protection from Malwarebytes.com. I have used Malwarebytes since 2014. Malwarebytes knows the website you are about to enter is infected and will warn you before you get there.

Website blocked due to trojan

Website blocked: skyswordone

Malwarebytes Browser Guard blocked this website because it may contain malware activity.

We strongly recommend you do not continue.

Published by

Kimball

Kimball is a website designer and developer in Goffstown, NH.

Leave a Reply

Your email address will not be published.