ALERT: Please treat advertising from Gilmours Media (gilmoursmedia.com) with extreme caution
They have been caught distributing malvertizing.
Current registration details are:
ICANN Registrar: REGTIME LTD
Created 24 March 2008
NS1.NAMESELF.COM
NS2.NAMESELF.COM
IP: 64.28.187.33 - New York, Internet Path Inc
Registrant:
Jacob Tua (saidfahtih@gmail.com)
Maltiskam 12-67
Belgrade 11008
Russia
+381 113 114 094
It should be noted that gilmoursmedia.com was originally registered via the infamous ESTDOMAINS, to a "Jacob Tua" of Maltiskam 12-67, Belgrade, 11008, telephone +381.113114094.
More importantly, the email address for "Jacob Tua" was "jackyouthere@gmail.com". See this Apple discussion forum conversation about a the clipboard hijacking problem – the same clipboard hijacking problem that led to Adobe changing the way Flash behaves:
http://discussions.apple.com/thread.jspa?messageID=7768848
The domain being copied to clipboard via the Flash exploit was "windowsxp-privacy.net", which just so happened to be registered to, you guessed it, jackyouthere@gmail.com!! This information was posted to the discussion thread on 20 August 2008.
"Jacob Tua" was also listed as owning adclickmate.net, another domain associated with malvertizing:
http://msmvps.com/blogs/spywaresucks/archive/2009/02/18/1672789.aspx
The contact phone number for Gilmours Media is/was the same as that for "Trackstar Media", being tel 401.237.4731.
But the address is different, being 17 Vernon Street, Warren:
http://www.merchantcircle.com/business/Trackstarmedia.401-237-4731
trackstarmedia.com was suspended due to inaccurate WHOIS information. That domain has also been featured on this blog before:
http://msmvps.com/blogs/spywaresucks/archive/2008/08/13/1644602.aspx
