Innovative Marketing made waves as a rogue scareware operator more than a decade ago.¹ But while law enforcement authorities successfully thwarted its large-scale business, its owners have yet to be captured.^{2, 3}

Danchev and WhoisXML API’s research team sought to determine if the company left digital breadcrumbs behind using Maltego and various WhoisXML API tools. He uncovered an expansive list of domains, IP addresses, and other web properties that could help the cybersecurity industry finally put an end to Innovative Marketing.

Our deep dive allowed us to build detailed threat research materials that revealed:

• Close to 1,000 domains identified as indicators of compromise (IoCs) throughout the company’s life span
• More than 80 email addresses the firm used to register their malicious domains
• Nearly 3,700 domains that shared the domain IoCs’ registrant email addresses
• Almost 600 IP addresses that the domains resolved to
• Over 1,000 MD5 malware hashes that identified the organization’s scareware

Download the threat research materials now to access the complete list of identified artifacts that you can use to conduct additional enrichment and threat analysis as well as trend identification.

---

• [1] https://www.reuters.com/article/us-technology-scareware-idUSTRE62N29T20100324
• [2] https://www.fbi.gov/wanted/cyber/shaileshkumar-p.-jain
• [3] https://www.fbi.gov/wanted/cyber/bjorn-daniel-sundin