When is an online rag, not an online rag? When it's a scam of course.Investigating a site on Bizland IP space, that was previously carrying malicious content, I noticed an ad that immediately got my attention, and not in a good way either. There were 2 primary things wrong with it;
1. It was delivered via AdBrite - a company known for allowing very questionable adverts on their network
2. The adverts picture;
What's wrong with this picture, I hear you ask. You know what's wrong with it already of course, so you're not asking me, I'm just hearing things. Getting back, as my jokes are rubbish (can I blame too much caffeine?), the adverts clickthrough URL is;
click.adbrite.com/mb/click.php?sid=1556445&banner_id=13472994&variation_id=1759057&uts=1276543863&keyword_id=1474020&ab=171966555&sscup=0a61d052d9b1aae48b824e121046c583&sscra=67aa5e257fbea61876e86596d1111d3d&ub=3560464381&guid=933829ee-d106-4fe5-b1af-e676bbb8b4d0&odc=grx&rs=&tgt=http%3A%2F%2Fwww.news9online.org%2Fbusiness-news%2Fuk%3Ftid%3Dabuk1&sc=&adt=1&bg=12665422&rhash=8b993b0fe0d57a497eb39c573ab019df&zeid=deterministic&nsscup=8b2da98819f3852147e4c2af0a977eae&bkw=&r=
Once clicked, we're taken to a site that is claiming to be an online rag. However, there's something desperately wrong here. Besides the obvious, the story' writer is outlining steps, and the site has allowed pictures in the space usually reserved for user comment (El Reg would never allow pictures in their comment fields).
It gets even more obvious that it's a scam however, when we try clicking through to the other categories. For example, try clicking Politics, and you're taken to;
maspromo.quickckit.hop.clickbank.net/?tid=abuk1
And where does this go? Why to the scam itself of course;
quickcashkit.net
To save you some time, both news9online.org and quickcashkit.net, are on the same IP;
IP: 65.60.57.194
IP PTR: downloadgifts.com
ASN: 32475 65.60.0.0/18 SINGLEHOP-INC - SingleHop
downloadgifts.com is also on the same IP, and has some interesting name servers;
ns1.myhomewealthsystem.com (65.60.57.194)
ns2.myhomewealthsystem.com (65.60.57.195)
Both are also on SingleHop IP space, and I'll be highly surprised if the range is not on lease to JustHost (SingleHop customer that generates alot of abuse reports).
Posts
No comments:
Post a Comment