1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar

U.S. Courts Look-a-Like Domain Used in Ransomware Phishing Campaign

Announcement Posting Period:
Thursday, July 5, 2018 - Friday, July 5, 2019

Cybercriminals have registered a U.S. Courts look-alike domain, uscourtsgov.com. The domain is hosted on a Russian server and includes email authentication, which makes it more likely that the emails will get delivered. The domain includes 80 subdomains and is involved in an active phishing campaign that delivers ransomware (see the appendix for complete list of subdomains). The domain was registered in April and the phishing campaign began as early as May. The domain registrar is NameCheap Inc, a popular web hosting service that uses WhoisGuard to mask website owner information.

Various links listed on this and other pages are maintained by other public and private organizations. These links and pointers are provided for the user's convenience. The U. S. Bankruptcy Court does not control or guarantee the accuracy, relevance, timeliness, or completeness of this outside information; nor does it control or guarantee the on-going availability, maintenance, or security of these Internet sites. Further, the inclusion of links or pointers to particular items in hypertext is not intended to endorse any views expressed, or products or services offered on these outside sites, or the organizations sponsoring the sites.