Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Report: Malvertizements that are currently circulating

June 28th 2008 in Uncategorized

perfectmatch.com

 image

image

Domains exposed:

profitabill.com/?cmpid=cancrineso

stat-diagnostic-imaging.net/c/index.php

 

profitabill.com

Hosted by Plusserver, Germany.  Administrative contact is the infamous Serg Moon – WHOIS details are, of course, unhelpful.

Note: WHOIS notes that registration services are provided by NameCheap.com, which shares IP indirectly via cnames with davidrohlf.com, georgerohlf.com, kristinerohlf.com and therohlfs.com.

Registar is the well known Enom, Inc – created on 25 March 2008

 

hostnames sharing ip with a-records
manzano181.serv.lt
xen-su-01.serv.lt

Lots and lots and LOTS of bad domains sharing name servers with profitabill.com


Comments are closed.

First Choice in French (we have seen malvertizements featuring First Choice before – eg: this one in English) This malvertizement exposes a domain to us, waytotheprofit.com/?cmpid=atrecreant and click.adlbrite.com.  adlbrite.com is hosted by nine.ch in Switzerland (yes, the same nine.ch that has hosted domains used by malvertizements in the […]

Previous Entry

XM Radio Exposed domain: aboutstat.net   XM Radio again     Exposed domains: waytotheprofit.com/?cmpid=weannalist and officialstat.com/c/index.php, both of which are known malvertizement domains. waytotheprofit.com/?cmpid=weannalist leads us to an adverdaemon.com URL which then leads on to diskretter.com.   adverdaemon.com is hosted by PEER1, with […]

Next Entry

Archives