What is the Real Relationship between WordPress Hackers and Malicious Adtech?

June 13, 2025, 8:28 a.m.

Description

An investigation into VexTrio, a malicious traffic distribution system (TDS), revealed surprising connections between WordPress hackers and adtech companies. When VexTrio's operations were disrupted, multiple malware actors migrated to a new TDS that was discovered to be related to VexTrio. Several commercial TDSs were found to share software elements with VexTrio and benefit from its relationship with website malware actors. The investigation uncovered a complex network of adtech firms, including Partners House, BroPush, and RichAds, that use similar technologies and tactics to distribute malicious content. These firms have information about the identities of malware actors, which could potentially lead to their disruption.

Date

  • Created: June 13, 2025, 7:59 a.m.
  • Published: June 13, 2025, 7:59 a.m.
  • Modified: June 13, 2025, 8:28 a.m.

Indicators

  • 46.30.45.27
  • 185.161.248.253
  • 185.11.61.37
  • 185.234.216.54
  • https://help.scaleo.io/article/414-los-pollos-affiliate-network
  • http://somenth.bilitere.shop/?utm_medium=
  • http://pushtorm.net/System/AddSubscriber
  • mvgde.stonecoremason.com
  • mvgde.sec-tl-129-d.buzz
  • mvgde.sec-tl-129-b.buzz
  • mvgde.runicartisan.top
  • mvgde.runesmith.top
  • mvgde.mountbliss.top
  • mnz.oktrkme.com
  • i8b.wstbaw.com
  • help.scaleo.io
  • gzeao.check-tl-ver-154-2.com
  • gzeao.check-tl-ver-116-3.com
  • gzeao.cavernexplorer.com
  • fe12.brpdataboxx.today
  • f68wy7o9ezwwtqc1do.oscarey.my.id
  • date.oktrkme.com
  • d3l.wstbaw.com
  • cdn.jmp-assets.com
  • c62a.rpbuildhub.xyz
  • b9ab1.rpbuildit.xyz
  • 9c3e1.rpdiscover.xyz
  • 7r6.fmqrsj.com
  • 702942e07c.hotbkebani.cc
  • 6.lands.ninja
  • 6.enlala.com
  • 5435.rpknowledge.xyz
  • 43ff.rpstreamfx.xyz
  • 3ic.ymehtq.com
  • 2zhyl.iqfmvj.com
  • 2rt.xcumpw.com
  • 2765516796.news-xdujuwe.xyz
  • 209c.brpteamwork.cc
  • 1azo7.iqfmvj.com
  • 0cc79f7666.news-xzomigu.cc
  • 06254a045e.news-xkijeki.store
  • 0605ee9ae7.hotbfocuhe.cc
  • 01be885d26.hotbwixife.today
  • 01afa41bf2.news-xceyuna.live
  • 0.to6s.biz
  • 0.strongblackspaces.com
  • 0.se11.biz
  • 0.robotverifier.com
  • 0.mo10.biz
  • 0.blueskyactivecontrol.com
  • web-hosts.io
  • vipbonusgain.top
  • sweetrnd.net
  • siteforyou3d.com
  • scoretopprizes.top
  • rpn-news3.club
  • robotverifier.com
  • ritardalarmser.gq
  • purinagun.ru
  • prefez.shop
  • participates.cfd
  • phenotypebest.com
  • pacocha.shop
  • oktrkme.com
  • ospeau.com
  • notification-centr.com
  • msgdetox.com
  • news-abcd.cc
  • lookup-domain.com
  • logs-web.com
  • knowableuniverse.co
  • infosystemsllc.com
  • dns-routing.com
  • deidrerealestate.co
  • data-infox.com
  • data-cheklo.world
  • co34.space
  • cndatalos.com
  • cloud-stats.com
  • cdsecurecloud-dt.com
  • cdn-routing.com
  • betelgeuserigel.com
  • airlogs.net

Attack Patterns

  • Balada
  • DollyWay
  • Sign1
  • VexTrio

Additional Informations

  • 19a1.brpconnecta.digital
  • Czechia
  • Switzerland
  • Russian Federation