Hi,

There is a huge amount of some type of fraud happening with .it, .pl, .xyz and other domains being registered (see links below).

https://docs.google.com/document/d/159Sbik8CkO9WDbLjH_tqAhr-dkpODWS1kt4UULLLfk0/edit?usp=sharing

https://docs.google.com/document/d/1z43WugqqgyVjNy6-IPgON118YaE0HxrgRMKbVwW42NM/edit?usp=sharing

These links contain a list of over 5,000 domains that are currently spamming search engines with spun text and then cloaking users to malware that have the search engine referrer.

Most of the .it, .pl and .xyz domains have all been registered in the last few weeks.

They are basically registering a new domain and it is immediately being added into this spam operation. 

Most of them are being registered through OVH, but trying to contact them about this has been useless.

All of them are being hosted through Cloudflare and I have tried multiple times to bring this to their attention. It has been unsuccessful and it is allowing this spam operation to hide behind the cloudflare proxy.

There are also other domains that appear to be hacked taking part in this and I have included the hacker script that has been found on two of the servers that have disabled php to figure out how to remove the malware.

I hope that this is the right place to post this type of information and hope that somebody can help with the fraud domain registrations.