The URL hxxp://videos.dskjkiuw.com is one of the ones being used. At this time, zvelo is not detecting malware or exploits on this domain, but the target page presents a good imitation of the twitter login page in an attempt to steal credentials. As such, zvelo has flagged it as “Phishing & Fraud.” zveloLABS™ will keep a close eye on developments.
Below is a series of screenshots starting with an example direct message and leading to the fake login page and the series of pages that come up after entering bogus username and password info.[Screenshots removed.]