November 23rd 2008 in Uncategorized
Expedia have been alerted.
Details here:
http://www.mikeonads.com/2008/11/23/malvertisement-on-expediacom/
It looks identical to the malvert at allrecipes.com discussed here:
http://www.bluetack.co.uk/forums/index.php?s=6152c183e90c1f780588775106ba8be6&showtopic=18064&st=180&p=89945&#
Some of the same domains are used, prolinar.com and clicksoverview.com. The fraudware domain is also the same, antivirusdefense.com.
| prolinar.com |
ICANN Registrar: ESTDOMAINS
Created: 18 November 2008
NS57.1AND1.COM
NS58.1AND1.COM
IP: 74.208.131.124 – United States – 1&1 Internet Inc
Registrant: Thomas Schultz (ts8317@googlemail.com)
|
| vernariostar.com |
ICANN Registrar: NETFIRMS INC
Created: 20 November 2008
NS1.NETFIRMS.COM
NS2.NETFIRMS.COM
IP: 38.113.185.172 – United States – Performance Systems International Inc
Registrant: No WHOIS details <?>
|
| triesto.com |
ICANN Registrar: ESTDOMAINS INC
Created: 20 November 2008
NS57.1AND1.COM
NS58.1AND1.COM
IP: 74.208.131.124 – United States – 1&1 Internet Inc
Registrant: Andy Borman, Copress (andyborm@googlemail.com)
|
| clicksoverview.com |
ICANN Registrar: BIZCN.COM, INC
Created: 11November 2008
NS1.FREEFASTDNS.COM
NS2.FREEFASTDNS.COM
IP: 69.10.44.207 – United Kingdom – Innovation It Solutions Corp
Registrant: Arina Zubina (cndomainz@yahoo.com)
|
| antivirusdefense.com |
ICANN Registrar: BIZCN.COM, INC
Created: 13 November 2008
NS1.FREEYOURDNS.COM
NS2.FREEYOURDNS.COM
IP: 64.20.38.90 – Arizona – Phoenix – Interserver Inc
Registrant: Aleksey Kononov (cndomainsz@yahoo.com)
|
| freeyourdns.com |
ICANN Registrar: BIZCN.COM, INC
Created: 4 November 2008
NS1.FREEYOURDNS.COM (84.243.196.136) (Netherlands Grafix Internet B.v)
NS2.FREEYOURDNS.COM (64.86.17.44) (Canada Brampton Velcom)
IP: 64.20.38.90 – Arizona – Phoenix – Interserver Inc
Registrant: Evgeny Makarov (cndomainz@yahoo.com)
84.243.196.136:
antivirus-scan-online.com
ns1.freeyourdns.com
privateinfoclick.com
protectionlive-scan.com
quickscanpc.com
totalantivirusscan.com
64.86.17.44:
clickwww2.com
forcedscan.com
ns2.freefastdns.com
ns2.freeyourdns.com
|
| freefastdns.com |
ICANN Registrar: ONLINENIC, INC
Created: 17 September 2008
NS1.FREEFASTDNS.COM (91.203.92.47) (United Kingdom Isp Uatelecom )
NS2.FREEFASTDNS.COM (64.86.17.44) (Canada Brampton Velcom)
IP: “On Hold”
Registrant: Goroshko Igor (alexvasiliev1987@cocainmail.com)
91.203.92.47:
liveupdateservice.cn
ns1.mysecuritysupport.com
protectiononlineinfo.com
totalantivirusscan.com
travelmaxinside.cn
64.86.17.44:
clickwww2.com
forcedscan.com
ns2.freefastdns.com
ns2.freeyourdns.com
|
I also see that a domain 247-realmedia.com is sharing IP address with prolinar.com – it is also sharing Registrant details – could it be that the purpose of the domain is to impersonate the real 247realmedia?
ICANN Registrar: ESTDOMAINS
Created: 18 November 2008
NS57.1AND1.COM
NS58.1AND1.COM
IP: 74.208.131.124 – United States – 1&1 Internet Inc
Registrant: Thomas Schultz (ts8317@googlemail.com)
“ALERT: Malvertizement at Expedia.com”