[jeroenhd]

If you find these in the wild, your best bet may be to report them to Google's Safe Browsing service (and probably Microsoft's one as well). CloudFront doesn't need to take action if the specific subdomain gets flagged for malicious content. These lists actually have an incentive to block malicious sites, unlike hosters like Cloudfront/AdAnythingReally that want to be involved as little as possible. The more of their domains get reported, the more screwed these hosts are, because at some point their actual business will start to get affected.

You can report malicious websites through Firefox (menu > help) or through this link: https://safebrowsing.google.com/safebrowsing/report_badware/... Microsoft's report page can be found here: https://www.microsoft.com/en-us/wdsi/support/report-unsafe-s...