Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Innovative Marketing – slowly the old domains fall away

July 7th 2010 in Uncategorized

I still keep an eye on known Innovative Marketing pseudonyms; information continues to trickle in about domains that they have registered in the past.

Old bad domains have been expiring, and sometimes the protection of services such as Moniker Privacy Services falls away.

For example, on 24 May 2010 the domains tolerli.com and vollende.com lost the protection of Moniker Privacy Services, exposing their Registrant as "Helen Nikolson", helen.nikolson@gmail.com.  A few days before that the registrant details for ausgebl.com were also exposed.

That being said, sometimes it goes the other way.  codeconline.com, for example, used to be registered to "noo" (aka the infamous Serg Moons).  That domain’s registrant details are now hidden behind whoisservices.cn and it’s current domain details are as follows:

codeconline.com
ICANN Registrar: BIZCN.COM, INC (previously tucows and enom)
Created: 8 June 2010

IP: 194.8.251.162 – Paraguay – Donstroy.Ltd

Sharing IP with codecmicrosoft.com, maremot.com, missing-codecs.com, missing-codecs.net, missing-codecs.org, moviemoto.org, video-files.org, vidscentral.net – I think that we can assume that all of those domains should be treated with extreme caution.

codecmicrosoft.com is registered to a "Sean", domains@theraged.org
maremot.com is registered to a "Cliffad", domains@theraged.org
missing-codecs.com is registered to a "David Roberts", hansaprom@live.co.uk
missing-codecs.net is registered to a "David Roberts", hansaprom@live.co.uk
missing-codecs.org is registered to a "David Roberts", hansaprom@live.co.uk
moviemoto.org is registered to "Sean Cruz", domains@theraged.org
video-files.org is registered to a "Ben Born", "born.ben28@yahoo.com"
vidscentral.net is hidden behind privacypost.com


One comment to...
“Innovative Marketing – slowly the old domains fall away”

Andrew from Vancouver

The domain name maremot.com looks like an odd man out, but Norton reports malware found there:

https://safeweb.norton.com/report/show?name=maremot.com


In what I can only describe as a display of optimism, Reno has hired an attorney and entered a plea of "not guilty" to all counts of the indictment filed by the Special March 2010 Grand Jury which charged him, Bjorn Daniel Sundin and Shaileshkumar P Jain (aka Sam Jain) with one count of computer [...]

Previous Entry

  You may recall that Wayne Small of SBSFAQ contacted me to warn that there was malvertizing at tweetmeme back in December 2009 – well, tweetmeme have a problem again. This time I see no openx.  Instead, we bounce from ads.tweetmeme.com to y5-media.com, to 173.244.173.133 to www3. luckfind42td.in to www2. [...]

Next Entry