Seeing malicious campaigns using domain names that resemble big market players is not news anymore. This time I\’ll talk about the new redirects of cloudflare.pw.****
The domain, registered in 2017, has been used as a doorway to other suspicious content since then.
But this time it looks like they want to leverage the SSL adoption rush to hide the infection, since the script is loading content from https://*.contentssl.com.
We also found fake Jquery scripts injected on infected sites, so, if you see any of those entries on your site, perform a full check on it.