You should avoid clicking on links in direct messages that you receive on Twitter today. “what on earth do you think you are doing in our video clip?” – is the current direct message.
Twitter direct message (if Facebook link is clicked) redirects to a Facebook app that redirects to hXXp://18.104.22.168/rem.php? [hosted on Victoria, Mahe, Seychelles Ideal Solution Ltd, inetnum: 22.214.171.124 – 126.96.36.199].
Spamhaus (SBL) initially listed IP:188.8.131.52 as a DDoS botnet controller on March 5, 2012 and IP:184.108.40.206 as a money mule database used by ZeuS/SpyEye botnet masters on May 25, 2011.
VirusTotal is reporting this as a clean site (though still unrated by Sophos and Websense).