Has anyone else been getting the SEA hack popup

[lfkfkfkffs]

Just was wondering if it is just me or everyone, tried it on all my devices, came up during each sign in page. If it is a virus I can do my own analysis myself, but before I go about doing 2-3 hours of research I want to know if it is happening to anyone else. Not asking for advice.

 

[Someone Somewhere]

It seems to be coming from a subverted Gigya CDN server. Not sure why.

Only seems to be this IP: 23.238.235.254. Can't seem to find what DNS server sent me that; Google is giving me 89.238.149.73 and my ISP's servers are handing out an Akamai address.

 

[lfkfkfkffs]

Yeah if it is happening to everyone I won't go to crazy on it right now because I'm pretty tired. They probably just have an account with that service so you will only be able to track the ip back to that server that they have an account with over there. They are most likely also using an open source dns site that lists all the people involved with the project so all the dns records on their servers are never kept. Then with the open source dns from other people they can also bounce around their ip doing a proxy tunnel so it changes every 30sec which is normally the max that you would set it to. So in other words its pretty much sol for analysis as far as network traffic goes.

 

[Someone Somewhere]

Wasn't just us: http/www.independent.co.uk/life-style/gadgets-and-tech/news/syrian-electronic-army-hack-hits-sites-using-gigya-but-all-data-safe-9887503.html