Announcement Posting Period:

Thursday, July 5, 2018 - Friday, July 5, 2019

Cybercriminals have registered a U.S. Courts look-alike domain, uscourtsgov.com. The domain is hosted on a Russian server and includes email authentication, which makes it more likely that the emails will get delivered. The domain includes 80 subdomains and is involved in an active phishing campaign that delivers ransomware (see the appendix for complete list of subdomains). The domain was registered in April and the phishing campaign began as early as May. The domain registrar is NameCheap Inc, a popular web hosting service that uses WhoisGuard to mask website owner information.