I’ve received several emails from people who’ve clicked on similar links, …./godmfas.html?whatever-is-afterwards. In most recent email the injected page was in the “flexsqueeze” theme folder.
The re-direct and target pages are not currently loading malware or a virus however, it’s best practice to never click on a link you’re not 100% sure of.
Re-direct just received goes to x—x-story.com (not the domain mentioned above, x’s added to slow the spread). The domain was registered via “CENTER OF UKRAINIAN INTERNET NAMES.” It seems they do not publish network admin info and also block traceroutes, which is typical of spammer companies.
Yes, there are companies that lease servers to spammers. Last year we helped bust one who had a datacenter in NJ. Unlikely anything can be done about hackers/spammers operating out of Kharkiv in the Ukraine.
I traced the hacker/spammer’s nameserver to a registrar in the Bahamas and sent details and screen captures of everything to their abuse@ address. Hopefully the Bahamian registrar (who appears to be legitimate) will shut down the nameserver domain, which may eliminate the hacker’s website for a little while.