Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Tepuro Advertising leads us to some more bad names – please treat all domains with extreme caution

August 30th 2010 in Uncategorized

Thanks to industrypace.com for the info (the only thing I would point out is that just because they use a Chinese registrar, doesn’t make the bad guys themselves Chinese…).  There is link to a youtube video in the industrypace.com article which allows you to listen to the voicemail potential victims are directed to when they try to contact various credit references.

 

Zamma Media (zammamedia.com)
ICANN Registrar: BIZCN.COM, INC
Created 26 July 2010

IP: 72.9.236.181 – Global Net Access Llc

Registrant: Zammamedia Contractors, Paula Contractors (it@zammamedia.com)

*****

Gold Bird Network (goldbirdnetwork.com)
ICANN Registrar: BIZCN.COM, INC
Created 28 July 2010

IP: 72.9.236.168 – Global Net Access Llc

Registrant: Goldbirdnetwork.com (dns@goldbirdnetwork.com)

*****

7 Days Media (7daysmedia.com)
ICANN Registrar: BIZCN.COM, INC
Created 26 July 2010

IP: 72.9.236.178 – Global Net Access Llc

Registrant: Registrar Services, Norman Money (registar@7daysmedia.com)

*****

 

Some extra names that are in the same IP range and worth treating with caution are:

ad-kemation.com
ICANN Registrar: TODAYNIC.COM, Inc
Created 13 July 2010

IP: 72.9.236.163

Registrant: Frank K Robichaud (frankkrobichaud@gmail.com) (I’m sure I’ve seen that pseudonym before…)

*****

interceptinteractive.net
ICANN Registrar: TODAYNIC.COM, Inc
Created 29 July 2010

IP: 72.9.236.174

Registrant: Harold A Mcconville (haroldamcconville@gmail.com) (also used to register facilitatedigital.net and netmining.org)

*****

netmining.org
ICANN Registrar: TODAYNIC.COM
Created 29 July 2010

IP: 72.9.236.174

Registrant: Harold A Mcconville

*****

facilitatedigital.net
ICANN Registrar: TODAYNIC.COM, Inc
Created 29 July 2010

IP: 72.9.236.172 – Global Net Access Llc

Shares IP with trueffects.net

Registrant: Harold A Mcconville


Comments are closed.

phg-media.com were caught laying the groundwork for an attempt to impersonate Zedo (see the screenshot below captured before the site disappeared).  Please be aware that phg-media.com have nothing to do with Zedo. Safe Browsing Report – 63 scripting exploits and one trojan: http://www.google.com/safebrowsing/diagnostic?site=phg-media.com    phg-media.com ICANN Registrar: […]

Previous Entry

The real Mediavest domain is mediavestww.com (note the ww).  The impersonators are using mediavestw.com (note, just one w) mediavestw.com ICANN Registrar: Melbourne IT, Ltd D/B/A Internet Names Worldwide Created 6 August 2010 IP: 69.195.140.33 – Yahoo! Inc Registrant: hidden behind myprivateregistration.com

Next Entry

Archives