Glowing brain malvertizement – and, once again, we find DIRECTI
Touches the domain adclickmate.net
Registrar: DIRECTI (yet again)
Created 24 March 2008
IP: 188.8.131.52 - Germany, Netdirekt
WHOIS hidden behind privacy protect
Domain originally registered via ESTDOMAINS - WHOIS protection temporary removed around late August 2008, which revealed:
Jacob Tua (firstname.lastname@example.org)
Later changing to:
Domain Names copr.
WHOIS was again hidden behind PrivacyProtect on or about 9 January 2009.
Interesting info re email@example.com and firstname.lastname@example.org:
See this Apple discussion forum conversation about a the clipboard hijacking problem – the same clipboard hijacking problem that led to Adobe changing the way Flash behaves:
The domain being copied to clipboard via the Flash exploit was "windowsxp-privacy.net", which just so happened to be registered to, you guessed it, email@example.com!! This information was posted to the discussion thread on 20 August 2008.
It is not surprising that firstname.lastname@example.org was removed from WHOIS after it become public information that the email address was associated with the clipboard hijackings. But, changing to email@example.com has not made much of a difference – all it did was add another pointer towards guilt.
The email address firstname.lastname@example.org was discovered in association with malvertizing domains, including statscontroller.net (registered via Directi - no surprise there). statscontroller.net is associated with a malvertizing incident that hit MSN Encarta back in early December 2008.
I want to know why DIRECTI allowed an obviously bad domain to once again hide behind privacyprotect.org. Information was made available to the public on 20 August 2008 and 8 December 2008 that both email addresses mentioned in the WHOIS details, email@example.com and firstname.lastname@example.org, were associated with bad domains and malicious behaviour, yet despite this DIRECTI allowed an obviously bad domain to regain the protection of privacyprotect.org after this information became public … WHY?????