pornstarsxtra.com - came across this site mentioned on another board. It appears to be an old school paysite, but it also has pages that show a fake video player window (it's just an image, no attempt at embedding a video) with a link to an executable:
Description of IE SecPlugin
IE SecPlugin is an adware application that hijacks search page and monitors internet activities of the user.
WHOIS shows the registrant as
Netsaits BV with the admin contact
Gerco Marsch. clickzs.com has the same details.
clickzs.com lives at 64.237.39.70, pornstarsxtra.com lives at 64.237.39.66. 127 IPs from that block are allocated to Netsaits BV, which includes those two IPs.
So we have these two domains sharing the same company name, same admin contact, same host, same IP block.........
It's not the first time clickzs has been associated with shifty stuff, it wasn't so long ago that they were linking their buttons to Zango.
So who links to clickzs?
clickzs.com - Inlinks (166,840)
www.clicksz.com - Inlinks (95,762)
If they ever decided to be more blatant about their installs then there'd be a lot of shit going down.
