Alerted to this scheme by my good friend, !Donovan. The vicitim visited an expired once secure website parked with TradeDoubler adware that now redirects to a fake malware warning site, read: https://isc.sans.edu/diary/How+Victims+Are+Redirected+to+IT+Support+Scareware+Sites/19487/
The landing site’s scan results: https://www.virustotal.com/en/url/d8d55a41f0efaccd1daf16a661c2525330ef014b8098bee7b183d79650ecb260/analysis/#additional-info and https://www.c-sirt.org/en/incidents-on-domain/p2.dntrax.com and
index
Severity: Suspicious
Reason: Detected suspicious redirection to external web resources at HTTP level. [What’s this?]
Details: Detected HTTP redirection to htxps://www.dntx.com/. uMatrix blocks this destination for us.
File size[byte]: 0
File type: Unknown
Page/File MD5: 00000000000000000000000000000000
Scan duration[sec]:
Thanks to !Donovan for his observations and we should report that Sucuri has not as yet detected this malicious scheme.
polonus