Jump to content


Photo

darodar.com

spam malicious website

  • Please log in to reply
2 replies to this topic

#1 m3equals333

m3equals333

    Member

  • Helper Trainee
  • Pip
  • 78 posts

Posted 14 December 2014 - 10:43 AM

Hello, noticed a weird referrer showing up in my personal blog's analytics:

 

http: / / forum.topic53643669.darodar.com/

 

 

having a hunch it may have been a malicious website, I tested it at virustotal - Detection Ratio 0/61.  I decided to visit the site out of curiosity, at which time MBAM immediately blocked it as a malicious site (blocked a chrome ext. download)

 

 

 

URL Scanner Result ADMINUSLabs Clean site AegisLab WebGuard Clean site AlienVault Clean site Antiy-AVL Clean site AutoShun Unrated site Avira Clean site Baidu-International Clean site BitDefender Clean site Blueliv Clean site C-SIRT Clean site CLEAN MX Clean site CRDF Clean site Comodo Site Inspector Clean site CyberCrime Clean site Dr.Web Clean site ESET Clean site Emsisoft Clean site Fortinet Clean site FraudSense Clean site G-Data Clean site Google Safebrowsing Clean site K7AntiVirus Clean site Kaspersky Unrated site Malc0de Database Clean site Malekal Clean site Malware Domain Blocklist Clean site MalwareDomainList Clean site MalwarePatrol Clean site Malwarebytes hpHosts Clean site Malwared Clean site Netcraft Unrated site OpenPhish Clean site Opera Clean site PalevoTracker Clean site ParetoLogic Clean site PhishLabs Unrated site Phishtank Clean site Quttera Clean site Rising Clean site SCUMWARE.org Clean site SecureBrain Clean site Sophos Unrated site Spam404 Clean site SpyEyeTracker Clean site StopBadware Unrated site Sucuri SiteCheck Clean site Tencent Clean site ThreatHive Clean site Trustwave Clean site URLQuery Unrated site VX Vault Clean site Web Security Guard Clean site Websense ThreatSeeker Unrated site Webutation Clean site Wepawet Clean site Yandex Safebrowsing Clean site ZCloudsec Clean site ZDB Zeus Clean site ZeusTracker Clean site malwares.com URL checker Clean site zvelo Clean site


Edited by m3equals333, 27 December 2014 - 12:37 PM.


#2 m3equals333

m3equals333

    Member

  • Helper Trainee
  • Pip
  • 78 posts

Posted 27 December 2014 - 12:22 AM

Just to give an update the above domain and a few others (so far, ~econom.co~ ~ilovevitaly.com~ ~ilovevitaly.co) are all part of a spamming effort that targets websites with a Google Analytics UA tracking code embedded in their underlying code.  Definitely stay away from them.

 

to the spammers: you could have at least made it ilovewladimir...


Edited by m3equals333, 27 December 2014 - 12:35 PM.


#3 jacobw

jacobw

    Member

  • New Member
  • Pip
  • 1 posts

Posted 28 December 2014 - 11:46 PM

So I've also had this issue and noticed that it isn't spyware, per say, but more of a malicious referral bot that visits thousands of sites per day trying to spread the referral script. This blog sums everything up really nicely about the whole issue, including the other sites too (iloveviatly, econom, etc): hxxp://www.wiyre.com/google-analytics-darodar-forum-spam-what-is-it/
 
 
EDIT: Just to clarify econom.co, ilovevitaly, darodar are ALL doing the same thing as described in the blog above, it is not just darodar which takes advantage of this.


Edited by TheJoker, 29 December 2014 - 06:11 AM.
Link disabled






Also tagged with one or more of these keywords: spam, malicious website

Member of UNITE
Support SpywareInfo Forum - click the button