ALERT: malvertizement from trackstarmedia.com (domain suspended)
I have just received word that a malvertizement featuring cardstore.com has been discovered. The distributor of the malvertizement is, according to my contact, trackstarmedia.com
I'll post further information, and screenshots, as it comes to hand.
Thumbnail of trackstarmedia.com page, courtesy of Robtex.
Domain Name: TRACKSTARMEDIA.COM
Registrar: WILD WEST DOMAINS, INC.
Whois Server: whois.wildwestdomains.com
Referral URL: http://www.wildwestdomains.com
Name Server: NS49.DOMAINCONTROL.COM
Name Server: NS50.DOMAINCONTROL.COM
The URL www.trackstarmedia.com does not load. Its listed IP address, 220.127.116.11, redirects to the URL defaultpage.3fn.net/?htr=18.104.22.168:
A WHOIS search reveals this interesting message:
This domain name has been suspended due to invalid Whois information. If you are the registrant of this domain name please contact us at: email@example.com."
Doesn't it warm the cockles of your heart to see the bad guys take a tumble?
We can use domaintools.com to review historical WHOIS data - this is what the WHOIS used to contain:
WHOIS records dated 18 January and 24 February, 3 June and 11 July note that the Registrar was "Wishing Tree Records", PO Box 197, Warren, Rhode Island.
WHOIS records dated 22, 25 and 28 July 2008 list the Registrant as Patrik Kelly of 580 Harrison Avenue, Boston MA 02118.
Then on 12 August the Registrant was changed to Oliver Gruner, 53 Marlborough Street, Boston, Massachusetts.