Report: Malvertizements that are currently circulating
First Choice in French (we have seen malvertizements featuring First Choice before – eg: this one in English)
This malvertizement exposes a domain to us, waytotheprofit.com/?cmpid=atrecreant and click.adlbrite.com.
adlbrite.com is hosted by nine.ch in Switzerland (yes, the same nine.ch that has hosted domains used by malvertizements in the past).
click.adlbrite.com is also sharing name servers with several well known malvertizement domains, including:
aboutstat.com
akamahi.net
entrerrenglonadura.com
newstat.net
officialstat.com
quinquecahue.com
stat-diagnostic-imaging.net
stat-diagnostic-imaging.com
stathisranch.net
station-appraisals.com
station-appraisals.net
thetechnorati.com
vozmiliogaranon.com
googiesindication.com
statestr.com
statgroup.net
staticglobalsources.com
staticglobalsources.net
statnation.net
statsla.net
statworld.net
adlbrite.com’s registrar is TLDS, LLC DBA SRSPLUS. The WHOIS is unhelpful, being:
Sara Sen (mail@adlbrite.com)
Hight str 45
Baltim, NONE 8232
CL
152656555
waytotheprofit.com is just as interesting, sharing IP with A-Records and mail servers with many known malvertizement domains including:
ad2profit.com
adgurman.com
adnetserver.com
adredired.com
astalaprofit.com
bizmarketads.com
brandmarketads.com
bucksbill.com
glorymarkets.com
iddqdmarketing.com
intervarioclick.com
invulnerableads.com
luckyadcoin.com
luckyadsols.com
mythmarketing.com
popadprovider.com
prevedmarketing.com
rocktheads.com
popadprovider.com
waytotheprofit.com also shares name server with many, many, MANY known fraudware and malvertizement domains, as well as domains associated with the sale of malvertizements.