It seems that the portfolio of redirectors using my name part of an ongoing Ukrainian blackhat SEO is expanding, with seximalinki .ru/images/ddanchev-sock-my-dick.php, as the latest addition. This brings up the number of redirectors to three, at least for the time being:seximalinki.ru/images/ddanchev-sock-my-dick.php - active - 74.54.176.50; Email: Hippacmc@land.ru
seo.hostia .ru/ddanchev-sock-my-dick.php - active - 213.155.2.37
HiDancho.mine .nu/login.js - active - 64.21.86.16
Let's dissect the latest campaigns, including several related ones not necessarily serving scareware, moreover, let's also establish a connection between this gang and the ongoing hijacking of Twitter trending topics for malware serving purposes, shall we?
The redirector takes the user to antimalwareonlinescannerv3 .com - 83.133.115.9; 91.212.65.125; 69.4.230.204 - Email: immigration.beijing@footer.cn where the scareware is served.
The campaign is also relying on three more scareware domains antimalware-live-scanv3 .com; antimalwareliveproscanv3 .com ;fastsecurityupdateserver .com, with ns1.futureselfdeeds .com ensuring that the rest of the portfolio remains intact.
Continued @ DDanchev
Login
Register
FAQ
Search
Members
