Select Page

As a follow-up to my post earlier today about a fake CastleCops page, there’s more to the story.

There are other domains sharing the same IP (

pepato org
slim-cash com
spyware-wiper com
Cpaypal com
Crazycounter net

All are copying legitimate sites.

Pepato is loading a fake page:

Slim-cash is spoofing

Spyware-wiper spoofs


CrazyCounter copies the European Space Agency:


And Cpaypal copies


These domains belong to the “Vladzone” malware gang. A while back, we believe that they were responsible for DDoS attacks against (Patrick Jordan, who works for Sunbelt) and — and maybe a few others. I would not visit these sites…

Alex Eckelberry
(Thanks, Adam)