Comment by nikisweeting
8 years ago
We're compiling a list of domains using several scrapers and updating it here: https://github.com/pirate/sites-using-cloudflare
You can start by cross referencing your password manager with this list, and working your way out from there.
As an aside, I found this really interesting:
ashleymadison.com
ashleyrnadison.com
I find it really interesting that they registered that particular misspelling and they both point to the same servers. I can see doing this for some obvious domains like gogle.com, but the distinction there is simply that r+n looks like m.
Probably a really obvious answer here, but my guess is that they are trying to help people throw off the scent of someone browsing a history.
I think it's more likely that they bought the domain to prevent scammers from trying to bait users onto a fake site and enter login info, and since they have it why not redirect traffic.
You don't have to use scrapers, just use copies of the TLD zone files looking for cloudflare nameservers.
This will not cover all sites[1].
1. https://support.cloudflare.com/hc/en-us/articles/202320534-C...
Huh TIL. Good call!
Not everyone uses Cloudflare for their proxying service. I use them purely for my DNS, but don't have the MITM proxy enabled at all. His scraping is a better idea probably.