ALERT: traffichunter.net and traffichunters.net – spot the similarities to Olympic Media

I think it is fair to say that all content from traffichunter.net and traffichunters.net should be treated with extreme caution.

First of all, I received an email warning me that there are remarkable similarities between the Olympic Media web site and the Traffic Hunter(s) web site (and we already know that Olympic Media has been implicated in the distribution of malvertizements). There are screenshots evidencing the remarkable similarities at the end of this article. 

This is a report featuring Olympic Media:
http://msmvps.com/blogs/spywaresucks/archive/2008/12/10/1656329.aspx

Secondly, my correspondent described the references supplied by Traffic Hunters as being “fishy”. 

Thirdly, the WHOIS details for traffichunter.net and traffichunters.net raise suspicion – traffichunter.net and traffichunters.net share IP address but have completely different WHOIS details.  Not only that, traffichunters.net has WHOIS details identical to another domain that hosted (hosts?) a web page which tries to infect computers via various security exploits (cite: bluetack.co.uk URL below)

Traffic Hunter’s office is apparently in Poland - Nowowiejska Str. 12, Room 36, Warsaw, Poland to be exact.

traffichunter.net
ICANN Registrar: NAME.COM LLC
Created: 25 September 2008
NS1.TRAFFICHUNTER.COM
NS2.TRAFFICHUNTER.COM

IP: 72.232.107.19 - New York, Layered Technologies Inc

Registrant: Jeann Covergale Petroleum (jeann.petroleum@yahoo.com)
339 St Paul Street, Kamloops, Vancouver BC
Note: It is worth noting that the Coast Canadian Inn is located at the address claimed by the traffichunter.net Registrant (http://www.coasthotels.com/hotels/canada/bc/kamloops/coast_canadian/overview)

traffichunters.net
ICANN Registrar: MONIKER ONLINE SERVICES, INC
Created: 10 October 2008
NS1.TRAFFICHUNTERS.NET
NS2.TRAFFICHUNTERS.NET

IP: 72.232.107.19 - New York, Layered Technologies Inc

Registrant: Helen Nikolson (helen.nikolson@gmail.com) - owns about 64 other domains

 

"Helen Nikolson" has been associated with other malvertizing in the past via the domain "ashoping.com":

http://www.bluetack.co.uk/forums/index.php?s=55413883d1e914887037bbb7f6866a9f&showtopic=18064&pid=90586&st=210&#

An ashoping.com page was discovered that contained an iframe pointing to yet another domain that attempted to infect computers via various security exploits.

ashoping.com
ICANN Registrar: MONIKER ONLINE SERVICES, INC
Created 13 October 2008

NS1.ASHOPING.COM (193.33.61.161 - Netherlands, Panther IT Services - digex.colocated.redunix.net)
NS2.ASHOPING.COM
NS3.ASHOPING.COM
NS4.ASHOPING.COM

IP: 85.12.43.124 - Netherlands, Xentronix

Registrant:  Helen Nikolson (helen.nikolson@gmail.com)

 

Olympic Media:

Traffic Hunter:

image

Olympic Media:

image

Traffic Hunter:

image

Olympic Media:

image

Traffic Hunter:

image

Comments

# re: ALERT: traffichunter.net and traffichunters.net – spot the similarities to Olympic Media

Monday, January 05, 2009 12:14 AM by Sandi

BTW, did you notice the typographical errors appearing on both sites?  It will be a long time before that is fixed if we follow the example of the "creaches" mis-spellings.

# re: ALERT: traffichunter.net and traffichunters.net – spot the similarities to Olympic Media

Wednesday, February 11, 2009 11:14 AM by Anonymous

Its possible that this is another one of these malware companies - please let people know! I'll send more information as it is available.

# re: ALERT: traffichunter.net and traffichunters.net – spot the similarities to Olympic Media

Friday, February 27, 2009 5:07 PM by Tom Z

Be cautious of Yourdirectmedia . Tried to pass us HP ads with malware and gave us Olympicmedia.net, Atlantmedia.net and Ads2revnue for their references.