Malvertizing at Tweetmeme (again)

image

 

You may recall that Wayne Small of SBSFAQ contacted me to warn that there was malvertizing at tweetmeme back in December 2009 – well, tweetmeme have a problem again.

This time I see no openx.  Instead, we bounce from ads.tweetmeme.com to y5-media.com, to 173.244.173.133 to www3. luckfind42td.in to www2. guardhere5.in (thanks to Kimberley for the heads up)

y5-media.com
ICANN Registrar: EVOPLUS LTD
Created 7 June 2010

IP: 178.162.133.226 - Netdirekt E.K

Registrant hidden behind evoprivacy.com

*****

173.244.173.133 - Enet Inc (85.ad.f4.static.xlhost.com)

*****

luckfind42td.in
ICANN Registrar: DIRECTI
Created 13 July 2010

Registrant: Kooken Garritt (gkook@checkjemail.nl) -- That email address is associated with 2,939 domains!

*****

guardhere5.in
ICANN Registrar: DIRECTI
Created 14 July 2010

Registrant: Kooken Garritt (gkook@checkjemail.nl)

*****

Also seen:

wareforyou10.in
ICANN Registrar: DIRECTI
Created 14 July 2010

Registrant: Kooken Garritt (gook@checkjemail.nl)

*****

206.217.206.111 - Providence Hosting Services - noptr.midphase.com

178.162.133.218 - Netdirekt E.k

image

Published Thu, Jul 15 2010 15:54 by sandi
Filed under: ,

Comments

# re: Malvertizing at Tweetmeme (again)

Thursday, July 15, 2010 3:22 AM by Sarah

Hi,

Many thanks for bringing this to our attention.  The advertisement causing this issue has now been removed.

Kind regards

Sarah

# re: Malvertizing at Tweetmeme (again)

Thursday, July 15, 2010 4:31 AM by sandi

Hi Sarah

If you could share information about whoever it was that sold the malvert to you, that would be great - what pseudonyms were they using?  Feel free to contact me at sandi @ mvps.org.

Sandi