RandallM wrote: > Open the UrL on a VMstation and this time the file came from: > > "SearchglobalSecurity.com"..where as before it was from ""GuardSytem-scanner" > > Fastfluxing?
Changing target domains is nothing to do with FF, which is more about changing/revolving the IPs returned as A records for a specific domain. Changing the domains that the blackhat SEO, search-engine-referer- checking redirects use is common in these Rogue AV, etc, etc scams, typically happening once to several times a day (though that can be tricky to trace informally because at least some of them use IP tracking and after "a few" hits they will eventually redirect you to some other page, such as an apparent search results page, etc). Regards, Nick FitzGerald _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
