Translate

4/19/2014

RISKWARE: Win32/SecurityXploded.A from
securityxploded.com
(Windows Autorun Disable)


RISKWARE DETECTED:
Win32/SecurityXploded.A
http://securityxploded.com/download-file.php?id=1231
  • https://www.virustotal.com/de/url/3e6d1b6ccbf37664c71e92a76a4ccb23d6004d283541a19c51d50fa342b2a4a3/analysis/1397904253/
http://securityxploded.com/getfile_plus.php?id=1231
  • https://www.virustotal.com/de/url/34c9887456cdf35153f3a938a127e88fa06fb1c8c40f1ffe92a498d19ee58688/analysis/1397904283/
(WindowsAutorunDisable.zip) Win32/SecurityXploded.A
  • https://www.virustotal.com/de/file/45b799b53adf58fdd6ed78b9c2f59e4b3b9c929bf055becb5c83d9db57f2a609/analysis/1397904083/
(WindowsAutorunDisable.exe) Win32/SecurityXploded.A
  • https://www.virustotal.com/de/file/306da318050082d9e6b23120772f61aaaaac0fdcde0b10f3de6ab789c9c8ab94/analysis/1397904074/
  • http://zulu.zscaler.com/submission/show/a38523587f7f1912d01cea34d13e3782-1397904455
  • https://urlquery.net/report.php?id=1397904464200
IP:
http://64.150.191.172/
  • https://www.virustotal.com/de/url/774ec0fe019369938cf734a511ae4334b74f31e5c0202710934e0997df8a6e7f/analysis/

4/18/2014

Category MALICIOUS IP: 203.153.100.82

Infected with a spam sending trojan, proxy or some other form of botnet.
It HELOs as a bare IP address
(INDONESIA)

The IP Address 203.153.100.82 is listed in the CBL (Composite Blocking List). It appears to be infected with a spam sending trojan, proxy or some other form of botnet. It was last detected at 2014-04-18 18:00 GMT (+/- 30 minutes), approximately 1 hours ago.

It has been relisted following a previous removal at 2014-04-09 01:07 GMT (9 days, 17 hours, 55 minutes ago).

The listing of this IP is because it HELOs as a bare IP address (A bare ip address looks like: "54.33.33.5"). It is not HELO'ing as itself ("203.153.100.82"). Not only is this a violation of RFC2821/5321 section 4.1.1.1, it's even more frequently a sign of infection.




These listings are often a sign of a compromised SSH account. If you are running a SSH service (especially on Linux), please check your ssh server logs (often/var/log/auth.log) for logins from unusual IP addresses not normally associated with that login id. If you find any, secure the associated account. This usually means changing the password or disabling the account.

If it's a mail server, see naming problems for details on how to diagnose and fix the problem. If you are running Symantec Protection Center, this appeared to be a known issue in the past. See this Knowlege Base item. Their KB item was updated October 18, 2010 to indicate that they now understand the issue. The KB item indicates that the problem will be resolved in a "future build", but no ETA was provided. If you have SPC's email notification feature turned on, we recommend checking through the Knowledge Base item to see if your version has this issue fixed. If not we recommend turning SPC's notification feature off before delisting your IP address as a temporary workaround.

--------------------------------------------------------------------------------------------------------------------------------------------

MALICIOUS IP:




Heuristic.LooksLike.HTML.Suspicious-URL.K
SPAMBOTSERVER, COMMENT SPAMMER, DICTIONARY ATTACKER, MALWARE
http://203.153.100.82/
  • https://www.virustotal.com/de/url/4d0bf7e41c8dceaebbafa1bf0c70c8b1560a49ce397a92df5a1913a979f70f37/analysis/1397848027/
  • https://www.virustotal.com/de/ip-address/203.153.100.82/information/
Heuristic.LooksLike.HTML.Suspicious-URL.K
  • https://www.virustotal.com/de/file/8822bad3d62e9fbc8dc272644c42f81e4fec540ef7f05c9fd7bcaa26aee7a61b/analysis/
HOSTNAME:
http://ip-82-100-static.velo.net.id/
  • https://www.virustotal.com/de/url/85f9e6aa401e85da826c0d9590b8b671a24afac3000580f79754982b0f9ffadf/analysis/1397850756/

IP BLACKLISTED AT:
1) SPAMHAUS (CBL):
  • http://www.spamhaus.org/query/ip/203.153.100.82
2) COMPOSITE BLOCKING LIST:
  • http://cbl.abuseat.org/lookup.cgi?ip=203.153.100.82
3) SPAMCOP:
  • http://www.spamcop.net/w3m?action=checkblock&ip=203.153.100.82
4) CISCO SENDERBASE:
  • http://www.senderbase.org/lookup/?search_string=203.153.100.82
5) BLOCKLIST.DE:
  • http://www.blocklist.de/en/view.html?ip=203.153.100.82
6) PSBL.ORG:
  • http://psbl.org/listing?ip=203.153.100.82
7) WPBL.INFO:
  • http://www.wpbl.info/cgi-bin/detail.cgi?ip=203.153.100.82
8) PROJECT HONEYPOT:
  • https://www.projecthoneypot.org/ip_203.153.100.82
9) SORBS:
  • http://www.au.sorbs.net/lookup.shtml
10) NiX SPAM:
  • http://www.dnsbl.manitu.net/lookup.php?language=en&value=203.153.100.82
------------------------------------------

SEE ALSO:
  • https://urlquery.net/report.php?id=1397848399616
  • http://zulu.zscaler.com/submission/show/0d60892bc9e925ace8bf7a1c422b7358-1397848147
http://203.153.100.82/winbox/winbox.exe
  • https://www.virustotal.com/de/url/2e48031a59a5f99f23b91508988285232203405cb8640f3c8c40c24e1a702284/analysis/1397848218/
  • https://www.virustotal.com/de/file/eabfa1fd55a53367b901364486f5a5607b9ab04ad94403b7d0fc12509ad85321/analysis/

Obama.exe: Hoax.Win32.BadJoke.Agent.nlz
NEW MALWARE CODE found @ demonx.org

(IP: 70.32.97.245 - UNITED STATES)


MALICIOUS LINK:

http://demonx.org/Obama.exe
  • https://www.virustotal.com/de/url/32cdf34a986b807db7b0fddd2acb3214f4c4ee0a8b00e07802504fbcb083e27f/analysis/1397739518/
Hoax.Win32.BadJoke.Agent.nlz
  • https://www.virustotal.com/de/file/0be76fb84d1b6f4fae6b5f38d4d5f58fcfd313fe6b48e9a1a5c5f17f6dab280c/analysis/1397739348/

4/17/2014

Comment SPAMMER: 37.59.88.251 = Malicious IP from Roubaix, France



MALICIOUS IP: COMMENT SPAMMER (FRANCE)
FOUND ON A CnC BOTSERVER ROUNDUP LIST

IP seen with 30 user-agents
21 web post submissions sent from this IP
  • https://www.projecthoneypot.org/ip_37.59.88.251
http://37.59.88.251/
  • https://www.virustotal.com/de/url/8054a21ddb8f63f903b056ccad3527d3ebc27bdb9799de478cb0b5cdf3aad5b4/analysis/1397725938/
  • https://www.virustotal.com/de/ip-address/37.59.88.251/information/
https://www.virustotal.com/de/file/f85e4b5b4089a91599c87da17d10eba5c1535fcc83fce58231b85cbf55bd376d/analysis/1397726108/

4/16/2014

Illegal gambling over the Internet 2011/2012:
William Lisle, 57, and Kenneth B. Lovett, 72 of Joplin, Missouri Sentenced

Was Dürer a Gambler...?

William Lisle, 57, of Joplin, MISSOURI, was sentenced on October 31st, 2012, by U.S. District Judge Richard E. Dorr to two years of probation (including six months of home detention) and ordered to pay a fine of 2.000 USD. As a condition of his probation, Lisle may not enter any gambling establishment or engage in any type of gambling, including off-shore or Internet gambling. Lisle must forfeit to the government almost 100.000 USD (98.263 USD) that was seized from his residence by law enforcement, which was the proceeds of gambling activity.

Judge Dorr
Co-defendant Kenneth B. Lovett, 72, also of Joplin, received the same sentence on October 18th, 2012.

Lisle and Lovett each pleaded guilty to using the Internet to transmit wagering information, including placing bets on sporting events, as part of their gambling business from January 1st, 2003, until to February 8th, 2011. Lovett, who was primarily engaged in wagering on National Football League events, took on Lisle as a partner in 2006. Lisle and Lovett shared income and expenses equally until 2010, when Lisle’s share of income and expenses increased to 60 percent.

Lisle and Lovett utilized two Internet websites, with servers located in Costa Rica, to administer the bookmaking operation. Their gambling operation flourished when they began using the off shore gambling Web sites in 2006. The number of their customers and the amounts they wagered increased. For example, according to the plea agreement, one gambler would wager as much as 35.000 USD on a single weekend during the American football season.

Lisle also pleaded guilty to money laundering. Lisle sent cashier’s checks, payable to a false name in an effort to conceal the transfer, to the Costa Rican company that operated the websites. Lisle’s plea agreement cites 15 instances in which he sent cashier’s checks (totaling 72.000 USD) to Costa Rica via Federal Express as part of his scheme to launder money obtained from the gambling enterprise.

SOURCE: http://www.highbeam.com/

PUA.Phishing.Bank @ www.sinaafra.com
PHISHING URLs FROM Sanayi, TURKEY
(IP: 212.68.50.31)

PHISHING LINKS: 
PUA (PHISHBANK)

DOMAIN:
http://www.sinaafra.com/
  • https://www.virustotal.com/de/url/918c5ec31a6f15e91d44cd1aa9cd40efa5b93e44dac77b212f4faf471d9f8894/analysis/1397667269/
PHISHING URLs:
1)
http://www.sinaafra.com/detroit-ve-istanbul-aslinda-birbirine-cok-yakin
  • https://www.virustotal.com/de/url/7ffa8b6b95e71ee3cac62063009b0d0f70c9f0f1770070208d9e8fa772895682/analysis/1397667413/
PUA.Phishing.Bank
  • https://www.virustotal.com/de/file/b0be1f8cf908f6ac5e508c4d1a0386c890193655bd419c4b88a74cfbda37f483/analysis/1397666858/
  • http://virusscan.jotti.org/de/scanresult/f439c8d1c4cdf2efb3ae8c6b4448ed0175c1f538

2)
http://www.sinaafra.com/sosyal-ticaretin-kirilma-noktasi-daha-ufukta-gozukmuyor
  • https://www.virustotal.com/de/url/e40dd9a4b165bd4a8e274017f30c18141289ca4d5aec039424874af6788a490d/analysis/1397667642/
PUA.Phishing.Bank
  • https://www.virustotal.com/de/file/d60d5d52ffbd6bf038b5dc5ba8b6ef004a4914a68dd6d2b9f7928f3880af1e09/analysis/1397667089/
  • http://virusscan.jotti.org/de/scanresult/1904fa37af41fe728a89a251a6097700ffc3e3d7
IP:
http://212.68.50.31/  (Sanayi, TURKEY)
  • https://www.virustotal.com/de/url/8741b7d59e97bedf742d7fe933fa278819d651ba8d295931f093146c3a8f5e6e/analysis/1397668079/
  • https://www.virustotal.com/de/ip-address/212.68.50.31/information/

UPDATES: Massive (Java) Oracle Critical Patch Update Advisory - April 2014

 

Description

A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:
Critical Patch Updates and Security Alerts for information about Oracle Security Advisories.
Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible. This Critical Patch Update contains 104 new security fixes across the product families listed below.

Please note that a blog entry summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at https://blogs.oracle.com/security.
This Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available at: http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html#CVRF.

Affected Products and Components

Security vulnerabilities addressed by this Critical Patch Update affect the products listed in the categories below.  The product area of the patches for the listed versions is shown in the Patch Availability column corresponding to the specified Products and Versions column.   Please click on the link in the Patch Availability column below or in the Patch Availability Table to access the documentation for those patches.

For further Information, go to:

The ingredients are:
2 for Oracle Database Server
20 for Oracle Fusion Middleware
  3 for Oracle Hyperion
10 for Oracle Supply Chain Products Suite
  8 for Oracle PeopleSoft Products
  1 for Oracle Siebel CRM
  1 for Oracle iLearning
37 for Oracle Java SE
  3 for Oracle and Sun Systems Products Suite
  5 for Oracle Virtualization
14 for Oracle MySQL

PHISHING MAIL from:
www.med-equip.com.tn (IP: 193.95.93.62)
HTML:Script-inf

(THAILAND & TUNESIA)
"!Keep It Simple In The Bed retread"
gaecaoro@totbb.net



PHISHING SPAM & MALWARE:
HTML:Script-inf
ROGUE MEDICATIONS (THAILAND & TUNESIA)

DOMAIN:
http://www.med-equip.com.tn/
  • https://www.virustotal.com/de/url/b9fb02cf988d929e6a2c86e2570c607bf20bce182b931092f2afdb72cc30a153/analysis/1397659999/
HTML
  • https://www.virustotal.com/de/file/c6b1a536e10e685f7eb2e7875e1385070f1381d3c7142d6bf35cdd99f464baea/analysis/1397660454/
E-MAIL LINK:
http://www.med-equip.com.tn/geriforte.html
  • https://www.virustotal.com/de/url/403d17cc13d16d4f05fde4699d1fbb319c5aad5af693f5526c82a0d4558455e8/analysis/1397659995/
HTML:Script-inf
  • https://www.virustotal.com/de/file/af51c501f333a7a1c81a7e64f09850d249a22283e6731df4482a58bd9134838d/analysis/1395389479/
SREENSHOT PHISHING MAIL

IP:
http://193.95.93.62/
  • https://www.virustotal.com/de/url/4842c7f2236d8e6fb467f709bf7833ffbd3907a913681c44dddb94a0ce54293b/analysis/1397662127/
  • https://www.virustotal.com/de/ip-address/193.95.93.62/information/
LISTED AT SPAMHAUS (SBL):
  • http://www.spamhaus.org/query/bl?ip=193.95.93.62
  • http://www.spamhaus.org/sbl/query/SBL204400
WEB-REP: POOR
EMAIL-REP: POOR
  • http://www.senderbase.org/lookup/?search_string=193.95.93.62

www.med-equip.com.tn/geriforte.html REDIRECTS TO:
http://triptabletspharmacy.ru/
  • https://www.virustotal.com/de/url/9a59b27ab7899a59763aed3092d887621a3a55c684227a7471fd05f2803da02d/analysis/1397661510/
IP triptabletspharmacy.ru:
http://107.182.164.141/
  • https://www.virustotal.com/de/url/ed96c08ef5482160f445fcd3665d2e8991ff0ba2a0f74d73c063227b5a59b89d/analysis/1397662386/
  • https://www.virustotal.com/de/ip-address/107.182.164.141/information/
  • http://www.senderbase.org/lookup/?search_string=107.182.164.141

SEE ALSO:
  • http://zulu.zscaler.com/submission/show/b6bc817a43647a0fa89d3e68a44e696b-1397660255
  • http://zulu.zscaler.com/submission/show/8d1a7645f4d5da4e722e8c11b95b4e9c-1397660264
  • https://urlquery.net/report.php?id=1397660035929
MAIL SENT "FROM":
http://totbb.net/
  • https://www.virustotal.com/de/url/dfc051bf8979828be83f9b5b0ffe9d372302dc7d88bb2aa8ebc289437bcd6a23/analysis/1397660871/
IP totbb.net:
http://203.113.9.20/

  • https://www.virustotal.com/de/url/c62bc82dab5ac1d2100e2fc5fc26972ca6bd86d8b55925645540eadeff8279f7/analysis/1397662629/
  • https://www.virustotal.com/de/ip-address/203.113.9.20/information/
ORIGINATING IP ADRESS FROM MAIL:
http://111.84.115.252/
  • https://www.virustotal.com/de/url/9b7ee547d226d4fc171a124b383f6528b8308ad493efb984a6d9a0dd7a637440/analysis/
  • https://www.virustotal.com/de/ip-address/111.84.115.252/information/
LISTED AT SPAMHAUS (PBL):
  • http://www.spamhaus.org/query/bl?ip=111.84.115.252
EMAILREP: POOR
  • http://www.senderbase.org/senderbase_queries/detailip?search_string=111.84.115.252

4/15/2014

www.ensemble-berlin.de
infected with SEO SPAM (Viagra & Co.)
ROGUE MEDICATIONS PHISHING
IP: 80.67.31.164 & 5.61.42.211
GERMANY



MALICIOUS RUSSIAN PILLS PHISHING URL:
TDS URL pattern
http://www.ensemble-berlin.de/
  • https://www.virustotal.com/de/url/fa621d60d52c535f849c29fe9327a46e2248dedcc24fbe3ccf58388cad5c5c85/analysis/1397567841/
http://www.ensemble-berlin.de/viagra-rezeptfrei-lander.html
  • https://www.virustotal.com/de/url/c516b883ef52e0fef2b2884bcad2b97ecb7db4c9cd1037a847e1d082523cc5a7/analysis/1397566470/
TDS URL pattern
  • https://urlquery.net/report.php?id=1397566888166

  • https://urlquery.net/report.php?id=1397566887262

  • https://urlquery.net/report.php?id=1397566892018
---->
http://tds.cigarettescheap.net/
  • https://www.virustotal.com/de/url/108ea225a2cbc221f9a087fbcc49495921fa191d9fb0358385673df27b0a805d/analysis/1397567431/
TDS URL pattern
  • https://urlquery.net/report.php?id=1397567579389
----->
http://apharmshop.com/
  • https://www.virustotal.com/de/url/a0cf825561616bba65374be8a7b676cbfeb2964a47b08a7a566c186b4d511158/analysis/1397567650/
------>
http://edapotek.eu/
  • https://www.virustotal.com/de/url/796f23f603e37c30c96323a5a17e9240452213df055795e53fc2d94b4965c37c/analysis/1397567302/

Category MALICIOUS IP:
14.4.10.21 BLACKLISTED
Hijacked Netblock from Seoul, South Korea
(SBL & Don't Route Or Peer Lists)

A "hijacked netblock" is a netblock brought back from the dead, often by a spammer, also called a "zombie netblock." (The term "zombie" later became widely applied to the infected PC drones in a botnet.) The original owner of the block may have left it derelict for any number of reasons. Squatters then reclaim it with various ploys including registering an abandoned domain name to accept email to the point-of-contact domain contact, or printing up bogus letterhead, or doing a bit of human engineering over the telephone. Some hijackers even outright steal IP-space allocated to someone else just by announcing it under their BGP Autonomous System Number. Continue Reading...


MALICIOUS IP: SEOUL, SOUTH KOREA
Hijacked Netblock
http://14.4.10.21/
  • https://www.virustotal.com/de/url/3520dd867e8371847c08460ac094cb5d6e216f0c7bae7dbb98864e9d79201af6/analysis/1397564100/
LISTED AT SPAMHAUS (SBL & Don't Route Or Peer Lists (DROP))
  • http://www.spamhaus.org/sbl/query/SBL187947
  • http://www.spamhaus.org/drop/
EMAILREP: POOR
WEBREP: POOR
  • http://www.senderbase.org/senderbase_queries/detailip?search_string=14.04.10.21
  • http://zulu.zscaler.com/submission/show/77cd2213cfd2699ec4e1d264d01de591-1397564244

CHILD MOLESTERs MUGSHOTs NOT FORGOTTEN:
Marcelo Alejo Desautu (MAD)
Sentenced to 17 Years in Prison for Sex Trafficking of a Minor

“Mr. Desautu gave drugs and alcohol to a 12-year-old girl and then prostituted her to adult men,” 

“He will now, appropriately, spend the next 17 years of his life paying for his horrific crimes. While no prison sentence can repair the harm caused by such appalling conduct, today’s sentence sends a strong message that we will pursue child sex traffickers to the fullest extent of the law.” 

Marcelo Alejo Desautu
http://www.justice.gov/opa/pr/2012/March/12-crm-354.html

4/14/2014

CATEGORY MALICIOUS IP:
118.249.108.152 = COMMENT SPAMMER

from Changsha, CHINA


CATEGORY MALICIOUS IP FROM 
Changsha, CHINA:

COMMENT SPAMMER - LISTED AT SPAMHAUS (PBL)
FOUND ON A CnC BOTSERVER (EXPLOIT) ROUNDUP LIST
http://118.249.108.152/
  • https://www.virustotal.com/de/url/6ed60ee1803bdf1832b1b82f44411076a2b118bcafcda2e48d4610d2a9baf2e8/analysis/1397506802/
PBL SPAMHAUS LISTED:
  • http://www.spamhaus.org/query/bl?ip=118.249.108.152

LISTED AT Tornevall:
  • http://www.ipvoid.com/scan/118.249.108.152/
EMAIL-REP: POOR
  • http://www.senderbase.org/lookup/?search_string=118.249.108.152
ROUNDUP:
  • https://www.projecthoneypot.org/ip_118.249.108.152

NEW POTENTIALLY RISKWARE DETECTED:
not-a-virus:PSWTool.Win32.Agent.wi

from securityxploded.com
(SX Password Remover Suite - PASSWORDSTEALER)


NEW POTENTIALLY RISKWARE DETECTED:
SX Password Remover Suite - PASSWORDSTEALER
not-a-virus:PSWTool.Win32.Agent.wi
http://securityxploded.com/download-file.php?id=1175
  • https://www.virustotal.com/de/url/e16f4432398839be81b26f99bd1383feb414f05f5a2a87c7a44b76ac835b72b1/analysis/1397489175/
http://securityxploded.com/getfile_plus.php?id=1175
  • https://www.virustotal.com/de/url/208ae819b9936e31aebe61a1f8109006c352819503e642d4dd7af3e28a554ca6/analysis/1397489192/
(SXPasswordRemoverSuite.zip) not-a-virus:PSWTool.Win32.Agent.wi
  • https://www.virustotal.com/de/file/39122c76f0ed46174644d507eb28d40050d2954f49a0cb4cdceeb3b4be7aec10/analysis/1397488622/
(Setup_SXPasswordRemoverSuite.exe) not-a-virus:PSWTool.Win32.Agent.wi
  • https://www.virustotal.com/de/file/b24cbff70b29b2da22dfb510fd446abcb302db15fdd373823d7aca59b58cabef/analysis/1397488631/
WEPAWET: SUSPICIOUS
  • http://wepawet.iseclab.org/view.php?hash=7e7933fe50b94cc98b071cd4f3cf0c3d&t=1397488890&type=js
  • http://zulu.zscaler.com/submission/show/e15f2d9e3452820d3e013e126d29424d-1397488901
IP:
http://64.150.191.172/
  • https://www.virustotal.com/de/url/774ec0fe019369938cf734a511ae4334b74f31e5c0202710934e0997df8a6e7f/analysis/
BESIDES THAT, FOLLOWING SUSPICIOUS/MALICIOUS LINK HAS BEEN FOUND (HIDDEN IFRAMES):
http://securityphresh.com/index.html
  • https://www.virustotal.com/de/url/560aa2ab68e0ab1713b590a4df8096afe6b7efcb072defb901c7d02446a75cd9/analysis/1397489696/
HIDDEN LINKS

HIDDEN IFRAMES TO:
http://2014.confidence.org.pl/
https://www.virustotal.com/de/url/c121b7f7adb198511ce3ff8be6daf221595296fa01e03a8d76fc0cf8f1894b97/analysis/1397491597/


4/13/2014

Edward Snowden ! And Nothing Else !? What makes me think about the Leak(s) and the "official" YouTube Video from the Guardian

What makes me think about Edward Snowden ? When i recently watched the "official" Guardian LEAK-YT Video, that was lanced in June 2013 through Glenn Greenwald & Laura Poitras.


Take a first look, that i took a second one TODAY, and took this SS (Screenshot, not SurmStaffel) right before i started this Post. Therefor you should take one as well as soon you look to the VID (in case you didnt (long before)). The Video @:

So, now as you have took it,  (the look), you can see (for the moment) at least, almost 76.000 Views. Through the ScreenShot, i posted, it is exactly (at THAT Moment) 75.725 Clicks on the internal, everBLASTING Leak that will go down in History (maybe (possibly) not through YT, but in History-E-Books, or on Paper ! However; Ed Snowden (o Yeah, my Father has the same (Pre)name: (Maybe i am a Target now ?).



ONLY 75.725 Clickson that (this) LEAK ??? Is just unbelievable !!!!! Why ?

Because, Edward Snowdens compromising LEAK changed (and will still do throughout Decades) the World !

G. Greenwald (the main HS (Homeland Security Target, he will never BE)) works for the GUARDIAN. And now let us ask ourselves: Since June LAST Year (2013), the Video has only been seen 75.725 times ? ONLY ?

You understand what i Mean ? Yes. No. However, someday you will understand (or ment to being understood)....

After almost a year, the Video should have SEVERAL Million Views: Or is this Video more unimportant than the Leak-Video in Hong Kong (King Kong) ?



268.762.612 VIEWS ??????????????

 From 2007: 7 Years. So: 75.725 * 7 = 530.075

However. The YT Video of Snowden is Manipulated.......???????

"Blacksher Hall, Learn the secrets of top businesses in your industry"
SPAM AGAIN from:
ci33.actonsoftware.com
IP: 207.189.124.33

Englewood, COLORADO, UNITED STATES
(merchantcentric.com IP: 184.168.221.18)



Learn the secrets of top businesses in your industry as well as local competitors
Hi Blacksher Hall,

We have identified Atlanta Botanical Garden as the business in your industry with a high total marketing score of 1253. Create your free account to learn more about what they are doing and what makes up Blacksher Hall's score of 39, as of February 26, 2014.

We scan these top sites and more ...

Atlanta Botanical Garden may not be a direct competitor, however, seeing what they are doing to market themselves online can give you ideas for how to attract more customers. Merchant Centric will help you increase Blacksher Hall's marketing score from its current score of 39 by giving you unique insights into the competition.

Try it for free. No credit card required. Cancel at anytime.

    See what makes up Blacksher Hall's marketing score
    See what Atlanta Botanical Garden is doing to attract customers
    Pick other local competitors to see how you compare and learn what they are doing

Sign up for a free trial. No risk. No commitment.

Want to learn more? View Merchant Centric features.

Don't miss important alerts for Blacksher Hall

For more information, please visit merchantcentric.com

"Real" Links marked on MAIL-Screenshot
SPAM DOMAIN FROM GERMANY:
http://merchantcentric.com/
  • https://www.virustotal.com/de/url/2655175568ddab160a5f3a07cb4f6bb08eb47b5970460bd619de5d3dc1ad195e/analysis/1397212380/
THROUGH:
http://b2b-mail.net/
  • https://www.virustotal.com/de/url/a0bf735206b0ae297b5fc69b8bbc14d42c1449cf671e3f04db456c138c372871/analysis/1397212963/
  • https://www.mywot.com/en/scorecard/b2b-mail.net
"Real" LINKS (DOMAIN):
 http://ci33.actonsoftware.com/
  • https://www.virustotal.com/de/url/d79508e04f1cebce60a2a5688ffe2e7bd9b2947a88bd165aab3f8d95eb7a203f/analysis/1397395024/



Redirects to: --->
http://www.actonsoftware.com/
https://www.virustotal.com/de/url/c5a38ba5fa2fa2610f32289824f259f551f7cfe17deace24f5b0bed532861069/analysis/1397397880/


Redirects to: --->
http://www.act-on.com/
  • https://www.virustotal.com/de/url/3825d42cb168ac6c02c2658039f6c9fe8c85dd38d9a73f75104fa0011a318655/analysis/1397398511/
HTML
  • https://www.virustotal.com/de/file/3d0425fd14e9054f8aad1949bcfef92f734ff1260370a865434af77ee2253f6d/analysis/1397394944/

Goes to:
http://code.jquery.com/jquery-latest.min.js
  • https://www.virustotal.com/de/url/726054b5aa9f603f7350b016e0d0e9656d0b36d24bc19cedf14efce395e4eeb9/analysis/1397397801/
AS WELL, HIDDEN IFRAME FOUND:
http://www.act-on.com/contact
  • https://www.virustotal.com/de/url/030e98abfbd9c463bdc1146846b6007db4fe30962d7c0fb6bb494fb828e53a18/analysis/1397399608/
W32.HfsIframe
  • https://www.virustotal.com/de/file/74f5fc3c7f530b15e849fad2696317a3c6bacb3aa3872918a04efe8f8cd8c768/analysis/1397399505/
Iframe:
http://flex.atdmt.com/mstag/tag/4a37b15a-3ef1-4a8b-a371-479fb864947c/conversion.html?cp=5050&dedup=1
  • https://www.virustotal.com/de/url/e3ea0036dd7351f6ae4bc2a4c58b3faa857651b8067f01386ea7cf8c68bb4ca0/analysis/1397399819/
--->
http://r.msn.com/?cp=5050&dedup=1
  • https://www.virustotal.com/de/url/c07e4f9ce3ba7d0590a15ec7b77abc9648d8488da09350ccdb9c5a1b6ef0ac38/analysis/
<--- iframe src="//flex.atdmt.com/mstag/tag/4a37b15a-3ef1-4a8b-a371-479fb864947c/conversion.html?cp=5050&dedup=1" frameborder="0" scrolling="no" width="1" height="1" style="visibility:hidden;display:none" --->
----------------------------------------------------------------------------------------------------------------------------------------------
IP:
http://207.189.124.33/

  • https://www.virustotal.com/de/url/6a7a91121e48253bb0b7919c01301015ae52960e711c7ee43b3df740e5d5059a/analysis/1397401056/

  • https://www.virustotal.com/de/ip-address/207.189.124.33/information/
---> REDIRECTS TO (NON EXISTING DOMAIN - NX)
http://www.124.33?ao=1
  • https://www.virustotal.com/de/url/a6aeb1ae8617a7888e4c75593c9568c5ad47aba2219b6c726b0ae0edadc49229/analysis/1397401221/
  • http://wepawet.iseclab.org/view.php?hash=3c2a82642a3515ac82103829f31fbd2a&t=1397401105&type=js
See also:
http://wepawet.iseclab.org/view.php?hash=eb0c9b909fa7a3ceca628aa14d38975b&t=1397395059&type=js

RELATED POST: