Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

ALERT: please treat the domains hit-detect.com and statsnclick.com with extreme caution

March 12th 2009 in Uncategorized

Both are new domains associated with the Registrant "Gabriel Jenks".  Regular readers of my blog will know that "Gabriel Jenks" is a name associated with several malvertizement related domains in recent times, including measurehits.com and statisticsishere.com.

hit-detect.com
ICANN Registrar: YESNIC CO. LTD
Created 10 March 2009

NS1.HIT-DETECT.COM – 116.50.15.1 – HostFresh
NS2.HIT-DETECT.COM – 116.50.15.1 – HostFresh
NS3.HIT-DETECT.COM – 89.149.226.121 – Netdirekt

NS4.HIT-DETECT.COM (only in zone) – 212.117.162.90) – Luxembourg Root Esolutions

IP: 195.62.37.14 – Sardegna – Olbia – Geonic.net Ltd

Web sites in the same IP range: addded.com, banner-count.com, lineacount.com, lineweather.com, mypersonalhttp.com, tangoing.info, tinnily.info, unmarine.info, warwork.info, wovens.info.

Registrant::
Name      : Gabriel Jenks
Email     : gabrielcjenks17@mail.com
Address   : 3515 Cooks Mine Road, NM
Zipcode   : 88101
Nation    : US
Tel       : 1-505-763-5453
Fax       :

IMPORTANT: Let’s not forget that the postcode (88101) and phone number (505-763-5453) map to Clovis, New Mexico.  I cannot find a "Cooks Mine Road" in Clovis.  Not only that, the phone number listed in the WHOIS is apparently owned by a Brian A Jones and Delinda K Jones, not a Gabriel Jenks.

NS1.HIT-DETECT.COM and NS2.HIT-DETECT.COM:  hostnames sharing ip with a-records – mail.xxx-online.in | ns1.statisticsishere.com | ns2.02sta.com | ns2.admediastats.com | ns2.onlinestatsmanager.com | s2.promorotation.com | ns2.securityclick.net | ns2.st-athome.net | ns2.st-aticglobalsources.com | ns2.themonitoring.net
domains using this as nameserver under another name – o2sta.com | measurehits.com | promorotation.com | st-athome.net | st-aticglobalsources.com | statisticishere.com | themonitoring.net | traffic-analytics.com | waytotheprofit.com

NS3.HIT-DETECT.COM: hostnames sharing ip with a-records – 89-149-226-121.internetserviceteam.com – ns2.measurehits.com – ns3.02sta.com – ns3.admediastats.com – ns3.promorotation.com – ns3.securityclick.net – ns3.st-athome.net – ns3.st-aticglobalsources.com – ns3.statisticsishere.com – ns3.themonitoring.net

nameservers missing in parent delegation – ns4.hit-detect.com (212.117.162.90): hostnames sharing ip with a-records – ns3.measurehits.com – ns4.02sta.com – ns4.admediastats.com – ns4.onlinestatsmanager.com – ns4.promorotation.com – ns4.securityclick.net – ns4.st-athome.net – ns4.st-aticglobalsources.com – ns4.themonitoring.net – ns4.traffic-analytics.com

 

statsnclick.com
ICANN Registrar: YESNIC CO. LTD
Created 10 March 2009

NS1.STATSNCLICK.COM – 116.50.15.1
NS2.STATSNCLICK.COM – 116.50.15.1
NS3.STATSNCLICK.COM – 89.149.226.121

NS4.STATSNCLICK.COM (only in zone) – 212.117.162.90)

IP: 212.117.165.128 – Luxembourg – Root Esolutions

Shares IP with measurehits.com and waytotheprofit.com

Registrant::
Name      : Gabriel Jenks
Email     : gabrielcjenks17@mail.com
Address   : 3515 Cooks Mine Road, NM
Zipcode   : 88101
Nation    : US
Tel       : 1-505-763-5453
Fax       :


Comments are closed.

For heavens sake … according to the news report at the URL below it took “130 experts” to “find the problem and fix it” – the “problem” was, apparently, the fact that the “hacker” (and I use that term very loosely) “deleted 10,475 user accounts”. The incident is explained as: […]

Previous Entry

Seen in association with malvertizing incidents – measurehits.com used in same malvertizing campaigns. hitoptimist.com ICANN Registrar: Communigal Communications Ltd Created 10 March 2009 DNS1.COMMUNIGAL.NET DNS2.COMMUNIGAL.NET IP: 88.198.8.15 – Bayern – Gunzenhausen – Hetzner-rz-nbg-net Contact Information : […]

Next Entry