DDoS Attack on SEO Hero

Attack was performed from:

http://www.rpgsoluce.com/forum/cache/iframe1.html
http://www.mubashertv.com/
http://btcsource.eu/
http://www.tunisiedevoirs.com/
http://www.faucetbtc1.com/
http://www.pubovore.com

Source code

<form action="https://seoheronews.com/api/feedback/send" id="form" method="POST">
 <input type="hidden" name="ifohezoiezghfezhipefzhoihezfiohioefzohiezf">
</form>
<script>
 document.getElementById("form").submit();
</script>

DDoS attack was made through the iframe which was located on site www.rpgsoluce.com.

This iframe was put to dozens of sites using iframe advertising banner.

This iframe banner is reloading constantly without visual effect for user and it sends requests to target site (DDoS target).

Here is example of such banner

http://www.pubovore.com/ban.php?f=300x250&id=4582&refresh

So, this banner loads iframe http://www.rpgsoluce.com/forum/cache/iframe1.html which, in turn, performs a request to SEOHeroNEWS.com.

To find out his, we placed HTML page to /api/feedback/send which collected information about attackers' sites and sent it to seoheronews.com using their methods.

Here is short list of sites, which were used for attack via advertising:

http://btcsource.eu
http://www.tunisiedevoirs.com
http://www.faucetbtc1.com
http://cours-examens.org
http://www.dzemploi.org
http://crazysat.ru
http://www.gge-pro.com
http://www.73abdel.com
http://hamasatrewaiya.net
http://www.movies2iq.ml
http://www.mubashertv.com
http://bitcoingala.xyz
http://officiel-streamingfr.over-blog.com