Click-through
Analysis of Spam Ads: March 11. 2007
·
64.111.214.154
·
66.230.138.211
·
206.161.121.115 and
216.195.46.254 are among the newer IP addresses under investigation.
·
Spam ads click-through traffic à http://64.111.214.154
Whois Record http://whois.domaintools.com/64.111.214.154
IP Information 64.111.214.154
Whois Record
|
o
Example #1: http://www.google.com/search?hl=en&q=online+xanax
§
Clicking on services.library.mssm.edu/aspnet_client/system_web/1_1_4323/xanax/buy-xanax-online.html:
§
Clicking on the “90 X 1mg” ad generated the following
redirection chain:
§
The mssm.edu URL is comment-spammed at http://cc.msnscache.com/cache.aspx?q=6036750536684&lang=en-US&mkt=en-US&FORM=CVRE,
cache of http://www.us24-suzaku.jp/modules/weblog/details.php?blog_id=117
o
Example #2: http://search.live.com/results.aspx?q=free+ringtone&form=QBRE
§
Clicking on the freeringtonetndcl.blogspot.com
link:
§
Clicking on the first ad generated the following
redirection chain
§
Comment-spammed at http://cc.msnscache.com/cache.aspx?q=6014453482506&lang=en-US&mkt=en-US&FORM=CVRE,
cache of http://www.googleresearch.com/article.asp?id=37
·
Spam ads click-through traffic à http://66.230.138.211
Whois Record http://whois.domaintools.com/66.230.138.211
IP Information 66.230.138.211
Whois RecordOrgName: ISPrime, Inc.
|
o Example #1:
http://search.live.com/results.aspx?q=chanel+handbag&mkt=en-us&FORM=LVCP
§
Clicking on the www.freewebs.com/newhandbags/chanel-handbag.html
link:
§
Clicking on the first ad generated the following
redirection chain:
§
Comment-spammed at http://cc.msnscache.com/cache.aspx?q=6013190260422&lang=en-US&mkt=en-US&FORM=CVRE4,
cache of http://www.forums.informationweek.com/jive3/thread.jspa?threadID=300145102&start=375&tstart=0
·
Spam ads click-through traffic à
http://206.161.121.115
Whois Record http://whois.domaintools.com/206.161.121.115
IP Information 206.161.121.115
Whois RecordOrgName: Beyond The Network America, Inc.
|
|
o
Example #1: http://www.google.com/search?hl=en&q=verizon+ringtone
§
Clicking on the geotechnic.ucsd.edu/liangcai/wwwboard/messages/13257.html
link:
§
Clicking on the first ad generated the following
redirection chain
|
§
Comment-spammed at http://cc.msnscache.com/cache.aspx?q=5998502886475&lang=en-US&mkt=en-US&FORM=CVRE3,
cache of http://www.northplattechamber.com/modules.php?name=NukeC&op=ViewDetail&id_ads=230
o
Example #2: http://search.yahoo.com/search;_ylt=A0oGkjcLjPRF8DQBB69XNyoA?p=ashley+furniture&ei=UTF-8&fr=yfp-t-501&x=wrt
§
Clicking on the mmm.sitesfree.com/ashley-furniture link:
§
Clicking on the first ad generated the following
redirection chain:
§ Comment-spammed at http://cc.msnscache.com/cache.aspx?q=5982712941180&lang=en-US&mkt=en-US&FORM=CVRE, cache of http://business.iafrica.com/php-bin/forums/BUSINESS/index.php?topic=18.0
o Example #3: http://search.live.com/results.aspx?q=personal+loans&form=QBRE
§
Clicking on
the personal-loans-tid.blogspot.com
link:
§
Clicking on the first ad generated the following
redirection chain:
§
Comment-spammed at http://cc.msnscache.com/cache.aspx?q=6012043889180&lang=en-US&mkt=en-US&FORM=CVRE5,
cache of http://www.ssfflocal343.org/Guest_Book/guests116.htm
·
Spam ads click-through
traffic à http://216.195.46.254
Whois Record http://whois.domaintools.com/216.195.46.254
IP
Information 216.195.46.254
|
Record Type: |
IP Address |
|
IP Location: |
Germany - Blazenet
Services Ghmb |
|
Reverse DNS: |
sys125.3fn.net |
|
Blacklist Status: |
Clear |
Whois Record
OrgName: APS Telecom
OrgID: APSTE
Address:
City:
StateProv: OR
PostalCode: 97225
Country: US