ALERT: malvertizement featuring Rhapsody (alternative title: Well well, they have a sense of humor….)
I’ve been taking a look-see at the latest malvertizement that has hit my desk (sourced from multiple IP addresses and received over several days) – it is a Rhapsody themed malvertizement that looks like this:
Visually the malvertizement is identical to one that was circulating at least a year ago.
The malvertizements are hitting different domains despite being visually identical, which is nothing unusual. That being said, there is a new domain being used to facilitate a browser hijack, and I just to laugh when I saw it:
welovesandi.com
Anyway, let’s take a look-see at this new domain:
welovesandi.com
Website Title: “TotalVirusProtection” (seems they’re still not cleaning up their site code when creating new sites)
ICANN Registrar: Communigal Communications Ltd
Created: 20 March 2009
NS1.WELOVESANDI.COM
NS2.WELOVESANDI.COM
NS3.WELOVESANDI.COM
NS4.WELOVESANDI.COM
IP: 212.177.165.128 - Luxembourg, Steinsel, Root Esolutions
Shares IP address with the following domains, all of which should be treated with extreme caution:
enterprisestat.net, givemystats.com, measurehits.com, pleaselinkmeto.com, statsnclick.com and waytotheprofit.com.
Registrant:
Robert Robinson (RobertSRobinson@mail.com)
4452 Dogwood Lane
Phoenix 85012
602 5205539781