Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Domain alerts…

March 1st 2013 in Uncategorized

Looks like latimes.com has had some issues in recent days… spotted when taking a look at safe browsing information for ads.zitaholdings.com

image

 

And huffingtonpost.com

image

 

And nbc.com

image

 

And msn.com

image

 

Anyway, here’s some domains that has been seen in association with infection / malvertizing incidents in recent times…

Wexistat.com
Created 26 February 2013
ICANN Registrar: Internet.BS Corp
Registrant: Thomas Fine, nikas.fak@yandex.ru

 

adtmc.com
Created 19 February 2013
ICANN Registrar: INTERNET.BS CORP
Registrant: Private WHOIS

 

esstat.com
Created 1 February 2013
ICANN Registrar: INTERNET.BS CORP
Registrant: Private WHOIS

 

cpsstat.com
Created 1 February 2013
ICANN Registrar: INTERNET.BS CORP
Registrant: Private WHOIS

 

azestat.com
Created 1 February 2013
ICANN Registrar: INTERNET.BS CORP
Registrant: Private WHOIS

 

icestats.net
Created 30 January 2013
ICANN Registrar: EVOPLUS LTD
Registrant: Private WHOIS

Shares IP with mantrads.net, pertaxmedia.com and repassmedia.com, all of which should be treated with extreme caution.

 

bleatstats.com
Created 1 February 2013
ICANN Registrar: INTERNET.BS CORP
Registrant:

 

vw-advert.com (wish I had a screenshot of this one; am wondering if it spoofed the VW car company – probably did)
Created 28 January 2013
ICANN Registrar: EVOPLUS LET
Registrant: Private WHOIS

 

ic-adserver.com
Created 30 January 2013
ICANN Registrar: EVOPLUS LTD
Registrant: Private WHOIS

 

mantrads.com
Created 16 January 2013
ICANN Registrar: GODADDY.COM, LLC
Registrant: “Self” (jasenward@gmail.com)

 

4pinteractive.com
Created 30 January 2013
ICANN Registrar: EVOPLUS LTD
Registrant: Private WHOIS

Shares IP address with drtsc.com, eh4xors.tk, kollyxvid.net and porsche-ads.com (that last one is especially interesting)

 

porsche-ads.com
Created 15 January 2013
ICANN Registrar: EVOPLUS LTD
Registrant: Private WHOIS


Comments are closed.

    As always, you can immediately see that the email is a fake by hovering over hyperlinks.  

Previous Entry

  You don’t want to open that attachment… really… email text below:   A copy of your ADP TotalSource Payroll Invoice for the following payroll is is attached in […]

Next Entry

Archives