Translate

4/05/2014

ZDF ++EILT++ACHTUNG++SCHOCKIERENDE MELDUNG++:
German PHISHING MAIL from:
www.redcappi.com
arbeit-von-zuhause-aus.com
goo.gl/p3rL07

(United States)

++EILT++ACHTUNG++SCHOCKIERENDE MELDUNG++

ZDF berichtete HEUTE im Fernsehen!: Deutschland ist schockiert über diese Geldmaschine!
Vergessen Sie alles, aber wirklich ALLES was Sie bisher in Ihrem Leben gesehen haben!
So etwas haben Sie noch NIE gesehen! 100% GARANTIERT

Das wird sicher Ihr Leben komplett ändern!

Nur noch 429 Mal verfügbar!

Schauen Sie sich das Video an!

Hier klicken: >»ZUM VIDEO«<

Screenshot Mail
SPAM - SCAM - PHISHING MAIL:
http://arbeit-von-zuhause-aus.com/
  • https://www.virustotal.com/de/url/e7a5745161f044e06b3f75c5ec2b10cd724b9214dfd0d2b714ea9dee2eaf9d61/analysis/1396714323/
  • https://www.virustotal.com/de/file/06e076babd1bc5d7cd32d34f28fa54c4bdd37db5b50eb8328e0469ab29659bf3/analysis/1396714606/
OTHER LINK FOUND IN HTMLSRC:
http://www.mega-ways.com/index.php?d=forum&s=24
  • https://www.virustotal.com/de/url/e33e88bc05bacb38a97d9c73f111a852651edb02f5fcc9c5e99c1f10fc566ecd/analysis/1396718339/
TO MENTION HERE IS:
http://www.mega-ways.com/javascript/alphanumeric.js
  • https://www.virustotal.com/de/url/50d7f3901c7599a6af623faf05cf912b2e8ab05b4566ccd8ed69b6719c7308d0/analysis/1396716791/
Virus.exp.js.1
  • https://www.virustotal.com/de/file/bae1f370c9a4ae19a9bd6d68d98629c115f1f764a844691bfd406211ca321575/analysis/
Ihr Einkommen wird EXPLODIEREN - LOOOL

THROUGH:
http://www.redcappi.com/
  • https://www.virustotal.com/de/url/67dc853cd6c065dae93edf295021f261c0c3a2b181cdd28f6780119554a3cfca/analysis/
  • https://www.virustotal.com/de/file/c2bcdd9e4362bcb2341d8c18525b49f23bf5b5fc530ef43b4f13846bdb94a875/analysis/1396717343/
SPECIFIC MALICIOUS URL IN PHISH-MAIL:
http://www.redcappi.com/newsletter/clickrate/create/35671/MzY3NjczNjItZ2FyeWR1bnNtb3JlQGdtYWlsLmNvbQ/1
  • https://www.virustotal.com/de/url/39917f03a8488217564a62a540548c328a95b6aff48249951027f2b50aafd9d9/analysis/
---> REDIRECTS TO: (PHISHING INTENDED)
http://goo.gl/p3rL07
  • https://www.virustotal.com/de/url/5cab9105b00691593c6decf0b4702ba2798cbcfcd46331bed86f089e5913f759/analysis/
http://goo.gl/p3rL07 – this URL has been disabled. Note that goo.gl short URLs may be disabled for spam, security or legal reasons.


FULL REPORT:


Document hosting: UploadEdit.com

Diverse E-MAIL Spam, Scam & Phishing Screenshots for use in different Posts, or Forums etc. (If you need one of them, feel free to Download)




goo.gl/p3rL07
THESE 3 SCREENSHOTS BELONG TO THE FOLLOWING POST:
http://stayaway2.blogspot.com/2014/04/zdf-eiltachtungschockierende-meldung.html
----------------------------------------------------------------------------------------------------------------------------------------------




 ----------------------------------------------------------------------------------------------------------------------------------------------


SPAM SCREENSHOT RELATED TO FOLLOWING POST
----------------------------------------------------------------------------------------------------------------------------------------------



SCREENSHOTS RELATED TO THE FOLLOWING POST:
----------------------------------------------------------------------------------------------------------------------------------------------


----------------------------------------------------------------------------------------------------------------------------------------------



----------------------------------------------------------------------------------------------------------------------------------------------


----------------------------------------------------------------------------------------------------------------------------------------------


 ----------------------------------------------------------------------------------------------------------------------------------------------


 ----------------------------------------------------------------------------------------------------------------------------------------------


----------------------------------------------------------------------------------------------------------------------------------------------





----------------------------------------------------------------------------------------------------------------------------------------------


pchelpsoft.com welcomes you with:
MALICIOUS DOWNLOADS (Win32/SpeedingUpMyPC) PLUS
HIDDEN IFRAMES
(IP: 107.6.189.44)
as well as a Bad Reputation
USA & FRANCE


FOR WEBMASTERS & BLOGGERS
If you own a Website or a Blog and are affiliated with Google AdSense, in order to your own Reputation, should block the Domain www.pchelpsoft.com in your AdSense Dashboard. The Site lets your Visitors download and install persistant ADWARE or other Malware like in this case a variant of Win32/SpeedingUpMyPC. See the following Report:


MALICIOUS ADvertiser & HIDDEN IFRAMES

Screenshot with only SOME of the detected Hidden IfRames

DOMAIN:
http://www.pchelpsoft.com/
  • https://www.virustotal.com/de/url/5c3edae4e373ca3e00b12d47e8cca063d95788ce51bf2231183583fb09c410fe/analysis/1396709017/
W32.HfsIframe
  • https://www.virustotal.com/de/file/5423ccf2d362c574dd92ee16048771654c0c147615e30969708287e823e86d14/analysis/
AD-LINK:
http://googleads.g.doubleclick.net/aclk?sa=l&ai=C_5YSLfY_U477Oaf97QbKlYCICo_WvewF95Pew5MBwI23ARABII7AlCNQ59rJ-fr_____AWC7A6AByYS85gPIAQGpArbIwK_Uja4-qAMByAPDBKoEhAFP0DaVh04U04otA5RC7LkKN6Bb_76Gi-a6KPMQvyX3m8F19ghuSsCTgBc7cUAPAstOz7czutL_m7MOzFOIkKzeFLZ3UN9ZUEOlz4xXwJPPBb5gK8G6YxHi-4h_mZg4uzJ7soJ9bRaeuP_OZ2MIq7zyOqfZY3eePfaxuKdr22MRIEQwDEuAB5_7wxk&num=1&sig=AOD64_3jGSApnWn_Emx9WI29PpLZtrEk6Q&client=ca-pub-5585202032329389&adurl=http://www.pchelpsoft.com/pc-cleaner/lp1-ms/%3Ftracking%3DPH_EN_PP_GO_CO_ROW_PCC%26keyword%3D%26campaignID%3DADWORDS&nm=39&mb=2&bg=!A0Q9TCHak0v0HwIAAABKUgAAADcqAOG1EZitqUzYO4cdHgIIvh0nlm7oDd0knPeZUrYknpQ3F5-tZmBmXeKSHkPmRrr_CHVhEUhzRoOlThSLBgrs5fJLBrB5bES3Cg3gSdBl8Q6gTAGIzXrrfFYMCH9BIYOWLOuS7dqRqWoHQHEer0wQaFUVg8VOCK9FOIlzVHnwhGYzDu54619Pr81rBHDv7mscitGvxqSMzZirAzqRJipFcOzj4t9u__q1EYkusciy23n30yN3jgPeP_Ps4igDQY2IWVDYlesicGJKIgCoclKMhqQuga9DgkcUZAewYWXsVZknShE

VT ANALYSIS:
  • https://www.virustotal.com/de/url/aaa0b4defa15863722a5a1f3a972cb1b5ae58782a51ee2ddf099479d13401a25/analysis/
W32.HfsIframe
  • https://www.virustotal.com/de/file/97297c8b5512bf9630a4785d5efc8b1fa8c0ed256a259f41f2e420dd7ab75f3f/analysis/
URL After Redirect:
http://www.pchelpsoft.com/pc-cleaner/lp1-ms/?tracking=PH_EN_PP_GO_CO_ROW_PCC&keyword=&campaignID=ADWORDS&gclid=COLyicasyb0CFcU-Mgod9WIAFg
  • https://www.virustotal.com/de/url/b812f343e219878f936a148c61d82ee7b868b62f126c33035034c30558cff252/analysis/
W32.HfsIframe
  • https://www.virustotal.com/de/file/33e518a1049cacd6ad92fcb4dc8cc4276a7def88a673ec8f8b6730169c874399/analysis/1396709347/
OTHER (MALICIOUS) LINK OF THIS DOMAIN:
http://webtools.pchelpsoft.com/download.cfm?tracking=PH_EN_PP_GO_CO_ROW_PCC&keyword=&campaignID=ADWORDS&gclid=CJi1oOCsyb0CFcx9OgodfGkAVg&go=http://cdn2.pchelpsoft.com/pch_downloads/pc-cleaner-3248.exe
  • https://www.virustotal.com/de/url/1ac047af6364f4d0b32c39cc39916c2f2c20126ac9084b34a8e37fc243575e3a/analysis/1396710143/
Win32/SpeedingUpMyPC
  • https://www.virustotal.com/de/file/61825b61802647f122a2faf60ed2b06d4d139939c2305f421557ba7aadeaca8d/analysis/1396709870/
---> REDIRECTION TO: (7 AV-FLAGS)
http://cdn2.pchelpsoft.com/pch_downloads/pc-cleaner-3248.exe
  • https://www.virustotal.com/de/url/695aac7dd7c803f95c1ff3fb22114a8c07710377c1f761360b4919703dde422d/analysis/
Win32/SpeedingUpMyPC
  • https://www.virustotal.com/de/file/61825b61802647f122a2faf60ed2b06d4d139939c2305f421557ba7aadeaca8d/analysis/1396709870/

SEE AS WELL:
Scam
Misleading claims or unethical
Poor customer experience

  • https://www.mywot.com/en/scorecard/pchelpsoft.com
LISTED AT HpHosts:
  • http://hosts-file.net/?s=pchelpsoft.com
IPs:
http://107.6.189.44/  (Chicago, U.S.A.)
  • https://www.virustotal.com/de/url/500ee0900e907eb3ec6ddfa941715422ba0d629117bd78a11abfc425e792f55a/analysis/1396710479/
  • https://www.virustotal.com/de/ip-address/107.6.189.44/information/

http://217.195.25.241/  (Le Pecq, FRANCE)
  • https://www.virustotal.com/de/url/2fcdb898c3033fa329006d6ad7a857426898b76c36d4031015e80c74b1bcdc0e/analysis/1396710659/
  • https://www.virustotal.com/de/ip-address/217.195.25.241/information/

http://205.251.253.160/  (Seattle, U.S.A.)
  • https://www.virustotal.com/de/url/69651f27754573792bde992f0a5bdbb08107d6477da0e85a9f383504ced67cad/analysis/1396710819/
  • https://www.virustotal.com/de/ip-address/205.251.253.160/information/
BHA: 3
  • https://www.projecthoneypot.org/ip_205.251.253.160

4/04/2014

POTENTIALLY SUSPICIOUS Advertiser:
Several HIDDEN IFRAME(s) @ www.123website.lu (IP: 194.36.0.218) W32.HfsIframe
DENMARK & LUXEMBOURG




POTENTIALLY SUSPICIOUS AD:

HIDDEN IFRAME(s) (SEE SCREENSHOT) AND DETAILS:


Just some of the Hidden IframeS (SCREENSHOT)
DOMAIN:

http://www.123website.lu/
  • https://www.virustotal.com/de/url/a03823518f3671592887260096bec16c1b1d5d79edabf13876494abf6bdbc169/analysis/1396635445/
W32.HfsIframe
  • https://www.virustotal.com/de/file/869d5dbd685251eb3d0e81b63ddf38a3ed677aa4f0c58e8fe645f6f188282980/analysis/1396636218/

AD-LINK:

  • http://www.googleadservices.com/pagead/aclk?sa=L&ai=CY1txnNU-U9_pDYuO7ga4toGYCO6FoJEE_sWnpm_AjbcBEAEgjsCUI1CutKrh-P____8BYLsDoAHi_KLfA8gBAakC8_NBOZOpiD6oAwHIA8MEqgSCAU_Qxzwdn7KWqRkRgEqP-T0vCCDpT44e1v2EMEWMlPZmGtNUjbWFauJ31RkoXcGUlHrSZW_S7lahvV8xTs9rTzDbpLJs1QWIAuWqGJxA1QTGIVvK1tUjAWhTVMBe2_JSVODMNpQ2hgAlPgJElHizxqeOTvCIxGeWCptETkwcW4cMOCCIBgGAB4aD3SA&num=1&cid=5GjjiwBrtH0oojSrRRBwcn6u&sig=AOD64_2c2xtAyodTjj5mcs8xvK-DC8EBoA&client=ca-pub-5585202032329389&adurl=http://www.123website.lu/pages/receive.aspx%3Fpartnerkey%3Dlugoogle:EUR_LU_DE_Display_Website_Unspecified%26target%3Dftp3:crea%26culturekey%3Dde-LU&nm=28&mb=2&bg=!A0TdBD8XrW8UnQIAAABMUgAAABQqAOF0Oumc1QQKA-9W_LeBTiOCxun8ZxWfdRem_F0bW-qK-wC960UMEfC8AcaJisf20I4gWBiWGSkXF5gxXUkhw8X3-3kBqNjIBeysSTArHdQiCF2sWtlU5vK5EoFhweYlm8ndXrGDG3Grtu4c04Bh-tMRVBo4Q4vx7-4w4z_jhfgIEF3W9zdNxC2J38p3j4YNT9afqougU3fgvWsg-9kWtG-eA9flGkBJx_eZp0EHZW8X4riKOV3mB-zd8MSr51EvB3WkFoZ2vO712pj4NQIfzPAC4Eb3nN_ffhvaUlqqTfzhoR8


VT ANALYSIS:

  • https://www.virustotal.com/de/url/56a610f0efb79b3cd860e31539a63842561f7815b80d74f17c192178d31d5342/analysis/1396634713/
W32.HfsIframe
  • https://www.virustotal.com/de/file/e0330f31fefdb10b055254a29d50485550861431465106f1ba0c00e31392bae2/analysis/1396634933/
  • https://www.virustotal.com/de/file/7db994d76f40d736213871786c4a2649e4bfe11375b778666efade39256b92df/analysis/1396635163/

IFRAME: <--- iframe src="//www.googletagmanager.com/ns.html?id=GTM-2MMH"height="0" width="0" style="display:none;visibility:hidden" --->

URL after Redirect:
http://www.123website.lu/pages/receive.aspx?partnerkey=lugoogle:EUR_LU_DE_Display_Website_Unspecified&target=ftp3:crea&culturekey=de-LU
  • https://www.virustotal.com/de/url/191f4624274d721cf7e96e4dbfc3eeaf7563aea0444baec0bef3c6c1c6169385/analysis/
W32.HfsIframe
  • https://www.virustotal.com/de/file/ed8c114ffafcfa4b2d80a3168f285e277692a0bd5374af60fbb642c6db987d77/analysis/1396635893/
IP:
http://194.36.0.218/
  • https://www.virustotal.com/de/url/b049d416dee632649e02a94fe72d79be607f7437547f3a5811bfe51b26041ce6/analysis/1396636806/
  • https://www.virustotal.com/de/ip-address/194.36.0.218/information/

"La Crise m'a frappe de plein fouet"
FRENCH SPAM of the Moment (March 2nd 2014):
globalmrkt.net (IPs: 14.3.2.2 & 66.111.202.245)
JAPAN & USA
SPAM, SCAM, PHISHING

La Crise m'a frappe de plein fouet, et pourtant cela
m'a rendu Riche tres rapidement.

En 2011, une catastrophe arrive au garage pour lequel
je travaillais. Le patron est tomber malade et nous
n'avons trouve personne pour reprendre cette petite
affaire sans grand interet...

Du coup nous les 5 employes, nous nous sommes retrouves
au chomage sans grand avenir devant nous surtout dans
notre région.

Cela a ete un coup terrible ...

Je n'avais nulle part ou aller, aucune idee de quoi
faire, avec un simple diplome de mecanicien obtenu
en travaillant dans ce meme garage...

Et pourtant, un amis tres aise a decide de me
prendre par la main et de m'expliquer comment
faire fortune avec un PC et une connexion internet.

Rendez-vous est pris chez lui, je n'en reviens pas
du luxe qui l'entoure, voiture, piscine, hifi,
le reve pour toute personne...

On s'installe devant son PC et il me fait voir
comment en quelques minutes il gagne 100€, c'est
tout simplement incroyable je n'en revenais pas.

Presser de rentrer a la maison pour me mettre
au travail j'en oublie presque de le remercier.

Bref fini les blablas...en quelques semaines j'ai
gagne plus d'argent quand 5 annee de travail au
garage c'est stupefiant et dur a croire.

Du coup comme je sais que beaucoup galere avec
cette crise mondiale, j'ai cree une page web
pour vous expliquer en details comment vous
aussi commencer a mettre en place ce systeme.

Pour vous y rendre cliquez simplement ici >>

Je suis content de pouvoir vous aider alors
n'hesitez pas a venir me parler sur MSN
si vous avez besoin de moi...

E-MAIL SCAM SCREENSHOT

MALICIOUS DOMAIN: SPAM, SCAM, PHISHING
http://globalmrkt.net/
  • https://www.virustotal.com/de/url/fc9354101dde316cc480db2faaa4a9cb4d67c1c83b442b437b271d798c3af9c3/analysis/1396623727/
http://globalmrkt.net/link.php
  • https://www.virustotal.com/de/url/f6ba43bb07d8bd0b29bd10e4c38a2ab65f5954d51bf4f297088d918ba2a76872/analysis/1396623762/
http://globalmrkt.net/open.php
  • https://www.virustotal.com/de/url/a0d3800e98aa335b3bd3e39ed0b0bc32fc3f46febeced00ebef054ceab3a4645/analysis/1396623856/
ORIGINATING IPs:
http://14.3.2.2/ (Asahi, JAPAN)
  • https://www.virustotal.com/de/url/452305e81bc2b995dadee0ad7a30c2a4071b6c5ad9d20d0aa7f3b049fa130c9f/analysis/1396623426/
  • http://www.senderbase.org/lookup/?search_string=14.3.2.2
MALICIOUS IP:
http://66.111.202.245/ (Santa Monica, USA)
  • https://www.virustotal.com/de/url/b4b642acac605882a2012b00bd46454690e5bcd475930800b2a21e95d517960e/analysis/1396624250/
LISTED AT SPAMHAUS (SBL):
  • http://www.spamhaus.org/query/bl?ip=66.111.202.245
  • http://www.spamhaus.org/sbl/listings/ARIN
Fwd/Rev DNS Match: NO
EMAIL-REP: POOR
WEB-REP: POOR
  • http://www.senderbase.org/lookup/?search_string=66.111.202.245
SEE AS WELL:
  • https://www.mywot.com/en/scorecard/globalmrkt.net
LISTED AT SURBL:
  • http://www.surbl.org/surbl-analysis


MALICIOUS ADs:
www.xforex.com (IP: 23.8.245.172)
risking with
Bad Reputation
Scam, Spam, Poor customer experience,
Misleading claims or unethical & Phishing
Cambridge, Massachusetts, USA


FOR WEBMASTERS & BLOGGERS
If you own a Website or a Blog and are affiliated with Google AdSense, in order to your own Reputation, should block the Domain www.xforex.com in your AdSense Dashboard. The Site is potentially Blacklisted. See the following Report:

Screenshot of XForeX.com

MALICIOUS AD: LEADS TO BAD REPUTATION DOMAIN 
Domain/host was seen to host badware at some point in time


SEE AS WELL:
Scam
Spam
Poor customer experience
Misleading claims or unethical
Phishing
  • https://www.mywot.com/en/scorecard/xforex.com


LINK:
http://www.googleadservices.com/pagead/aclk?sa=L&ai=C7kIPTbA-U9r2MqLu7Qa34oGICKiNkI4FiOvztmOE05t5EAEgjsCUI1DHtrnlBmC7A6AB-rD19APIAQKoAwHIA8EEqgTAAU_Q1g4toONI8eh4XQEyxHCFFEpgkD3s3VJSDzQPbzQ47fu8UJOB4_RNiCTdxf4vK_LKSdNczlvgb_vd2pb_mxTanR-wYBEI9aQX6KoWcCLae1OAI277O6w9N3KSo20c9UZMuh_-gNPlGVV7Cd8UnTVHSdTzazgwo_zpaKyeOiXHAgE_vEjWqA83eftbjPMD4XZsdyuLms2tiV8UB_jLN2NEzZjGZpxAkY_b6sFs54LPl8Vc7X3gP2wNAWpUH5NUc4gGAaAGAoAH7s6KCw&num=1&cid=5Gjyw7ojawW0czFIzezfwp9h&sig=AOD64_3DIimc5hTEw20ICdz_UVXHn3iwIQ&client=ca-pub-5585202032329389&adurl=http://www.xforex.com/ForexTradingTL%3Ftlid%3D115069%26src%3DAdWords%26medium%3DPPC%26campaign%3DAdGroupName%26ad%3D26652225616%26SiteTarget%3Dstayaway2.blogspot.com&nm=3&mb=2&bg=!A0TOlq2_SVCfUQIAAAA6UgAAABEqAPHBcvoWfHjKrzYiCXP8K18SMcCKicgztc2N1qFlSFwV-JoauJojxqe0p7gbnlnhPr1_XrKGNVLJLetSDJNw8-oa0_5Atqssh7YnQ1iAdBlL_sYFFUUD661JesYOjpxKL2xo4eHYTOWo8Rrim73oi0rkDTdIRZGqChSPt3--pLJ7IBdbaA1A_zkNhCvgo3w5evKr3lGHbnUQx_2lr0G5SiJf0SH6miR9ZfMSWPvWE39JGjUiQZ4OP8BHNHCJG-LK8EdzB4Dbu2JQ-RgdA0zCRBcrIEHy5EXJQ4vFdMaulhVEaD_q7cAC5jDhxi5Vtn-lDj5O
  • https://www.virustotal.com/de/url/d2a5d5d9bf918228e5cb654ae3798e09b8256ed110d5f633f18d60da82c56ded/analysis/1396617728/
URL after REDIRECT:
http://www.xforex.com/cms/lp/GSplit_FR/?cid=45&tid=115069&lid=fr&pubid=-1&reqt=1396617729225
  • https://www.virustotal.com/de/url/29ee4b6d441d8430c95f6f01b58c0eabbd1b3677f00cef5b6fd4a2faeb8d8d79/analysis/
DOMAIN ITSELF:
http://www.xforex.com/
  • https://www.virustotal.com/de/url/da5478eab00be730cd930a7dce16ecc2666df8586a018d366c83e8856d6064b5/analysis/
IP:
http://23.8.245.172/  (Cambridge, Massachusetts)
  • https://www.virustotal.com/de/url/28c450178989e65f572bff524c8cd114bdaf81864c8a5e9de52c89950428fceb/analysis/1396618830/
  • https://www.virustotal.com/de/ip-address/23.8.245.172/information/

Web me up before you gogo
SUSPICIOUS GOOGLE ADs:
webmeup.com (IP: 216.176.184.89)
Hidden Iframes (W32.HfsIframe) & a Bad Reputation on itself
Seattle, Washington State, United States

FOR WEBMASTERS
If you own a Website or a Blog and are affiliated with Google AdSense, in order to your own Reputation, should block the Domain webmeup.com in your AdSense Dashboard. The Site is Suspicious and at some Places flagged as Blacklisted. See the following Report:


SUSPICIOUS AD:
HIDDEN IFRAMES & BAD REPUTATION DOMAIN

URL:
http://www.googleadservices.com/pagead/aclk?sa=L&ai=Cy6O_ik89U_CEIeOI7gaK9oDIC72808sEnfip6VSUxIHcPhABII7AlCNQ2ZS9zf7_____AWC7A6ABi_in2QPIAQGpAjqXAXKKNF4-qAMByAPDBKoElwFP0IxRSJTVZjBsIIh_UKvd2TUxunzo_S1-mT0bHH-6aHVMkkt0bf8N7C2RN54CvduFy5uquln0IlzMKJqSFKoPSOjT4wI4wfZX1JOl4RJFud_YtgI0WUPm5xKyKxk1LEwtTHbKNpyitjQ3LvBuTqA2CSCF3ii18QrtPmozmjPlgRoqj5J3xIvApdowzXB4Diw-IBq5abxBiAYBgAfdh9gm&num=1&cid=5Gg4hurKMkl83P4fAziMfmtH&sig=AOD64_0VkVLWrxlHQohYi1xoDo9ter1sUA&client=ca-pub-5585202032329389&adurl=http://webmeup.com/offers/keywords.html&nm=11&mb=2&bg=!A0Trb4WEKT6hggIAAABDUgAAACwqAOFBSmCeDMOoMHIYzFuNtFz1qHErfwXeeDTD1dx8byzTqOLoPcTOxQnJpNBmlBOscGglXLvKqjWa2C_7QhuO0AJxGI4QiECd7jJaWLGzQyxDdwbUAPhfVaxLM1jcnU6fLcnuRbtaNTSc9ZYJMO6W8r9PZIEV9Y7o3f0OecWCHjPbVpqbxdNbnNSk4XGCtSKOtdY6ixbZUkTlQQmuKzmfAYcfj8sbbzQGX_G4ZfTgvOfKh1JelRWzc9vVA6Pf-gXn6vJGlR_Gv-_iDYCHtQo2Q3kCk-T8PCaagzw3O_J8gGbPNlE

  • https://www.virustotal.com/de/url/c33ad49edc713f5ff2af1d58ba81dd71b4aa4332280ae8e291ac0fe4dec3b887/analysis/1396530528/
---> Goes to
http://webmeup.com/offers/keywords.html?gclid=COG_6tCxxL0CFa5DMgody3IASw
  • https://www.virustotal.com/de/url/fa1117992d0c80fa00883fe425a759a3c828905344fd1bb7a87b19e95111c3bc/analysis/
DOMAIN ITSELF:
http://webmeup.com/
  • https://www.virustotal.com/de/url/d895fbc6abbc712a6a4369b9c48872faab1298a3dfbf9373b187fbe4728374f5/analysis/
W32.HfsIframe.018f (HfsIframe means HIDDEN IFRAME (Bavk))
  • https://www.virustotal.com/de/file/0f5bfa6ed4473ac57bf830b535e8a405b40e0546066f720c21a51fcb1a9940b4/analysis/1396530855/
  • https://www.virustotal.com/de/file/e706e43d9aaea8a11e559b98b5f5d16bad4e2a093bf39527a3e61751ac180480/analysis/1396530988/
HIDDEN IFRAMES (EXAMPLE)
http://webmeup.com/seo-tools-review/index.html
REDIRECTS To:
http://webmeup.com/seo-tools-review/
  • https://www.virustotal.com/de/url/788897b0ba28cf358d0093795fc903f827dfb8c4d170bff954ded9bbbed0b7a2/analysis/1396532538/
W32.HfsIframe.47db
  • https://www.virustotal.com/de/file/94fab1782e1291c9732eed4a91b76548493b54bf23d30945dbd7eba2d13ef355/analysis/1396532239/
OTHER HIDDEN IFRAMES SEE SCREENSHOT:

Screenshot
IP:
http://216.176.184.89/
  • https://www.virustotal.com/de/url/317d8c56e1517093d04b96162e0b4bc2155aa8d24abe5ea2790de2d150abf121/analysis/1396533149/
  • https://www.virustotal.com/de/ip-address/216.176.184.89/information/

4/03/2014

MALICIOUS ADs:
download.fromdoctopdf.com
risking with
Adware.MyWebSearch
White Plains, NEW YORK (UNITED STATES)

FOR WEBMASTERS
If you own a Website or a Blog and are affiliated with Google AdSense, in order to your own Reputation, should block the Domain download.fromdoctopdf.com in your AdSense Dashboard. The Site lets your Visitors download and install persistant ADWARE. See the following Report:


MALICIOUS ADs: Adware.MyWebSearch.15

MALICIOUS CONTENT & DOWNLOADS:
http://www.googleadservices.com/pagead/aclk?sa=L&ai=CZ5u950M9U8H1Goiu7Qbw7YDgCMWmg7oEza6d5Fmwtc3fUBABII7AlCNQq8iQnAZguwOgAbuLoeMDyAECqAMByAPBBKoEkwFP0INx3GRxGmf75YJHVfg23Y1q0faoAWwxpSI0eW2lAjrO4iGtdTPCH5e2qE0-OJYs2Nzy3PwLsVBURyZQBdBqSuU3c8rON3dh9vA-8VLjBuUDUefI0r3rD9eSIrC-NykRnoCC_TyV-EAoBCDuoqT7Gs-hxBakOM0ZIuWaQx0i1lofQlAkWFG6zz51lD0laNJkf-uIBgGgBgKAB6303hw&num=1&cid=5Gi0szH0G6npQc1zBwu_So85&sig=AOD64_1k0A5LtYUiNxfDGsHRhrPeLa_gQA&client=ca-pub-5585202032329389&adurl=http://download.fromdoctopdf.com/index.jhtml%3Fpartner%3DY6xdm010&nm=1&mb=2&bg=!A0S2nPCfVMrd2QIAAAA3UgAAABgqAOEAYGl_c7TMnCDOZeuOQ1tdwMlTc5AjqsfXe6qIrAw64KouboiusTyHanPQBv1xwPq5aJtvphicS2RfNGWeczY_j68aSMS7YgI5crzlya6a1oHsBSRE3bjLecUvRnaNGRi2UveY9oI91rKvISEK3gSPdHKAZ9We2D12U3d-N6nskV2jobsjRJYY1P0-R2Utrg-kJcArZtz9bURG1mslSipysYp8n3u3rGyh40WBX4gqJJkgGqYahbw9-wnY3eF4A2ooAG4_smQYaM9C0Iu5FwVm1Us5ddKk2NOcgoOoqeDV7KE
ANALYSIS VT:
  • https://www.virustotal.com/de/url/09f26ddc5338a53ab3d8161f9694c23b876736809c779d59ccd0265bfac9d423/analysis/1396524292/
URL AFTER REDIRECT:
http://download.fromdoctopdf.com/index.jhtml?partner=Y6xdm010&gclid=CPOus7OaxL0CFaw-Mgod8FAA7A
  • https://www.virustotal.com/de/url/f47d656744a326f0c31554124e28cfed59e6417e1f2f19a907478fb0aa437522/analysis/
IP:
http://74.113.233.180/
  • https://www.virustotal.com/de/url/54b4d071b1897bce1af782c969f0510bd2744190d95d92e4bae7d9758a033bb3/analysis/1396460279/
  • https://www.virustotal.com/de/ip-address/74.113.233.180/information/
Fwd/Rev DNS Match: NO
  • http://www.senderbase.org/lookup/?search_string=74.113.233.180


SCREENSHOT AT URLQuery: https://urlquery.net/screenshot.php?id=1396456860485


CLICK TO DOWNLOAD & INSTALL:
Adware.MyWebSearch.15
  • https://www.virustotal.com/de/file/3861f4259af68b4ba6ea7cdff84d9ce2deddcf4f5056685d00997d12fdcd4593/analysis/1396524664/

California CYBERSTALKING:
Jason White, 43, of Temecula pleads guilty
in L.A. federal court to 2 counts of federal stalking charges

A Temecula art gallery owner on Monday admitted to cyberstalking and threatening to blackmail a Los Angeles art dealer.

Jason White, 43, of Temecula pleaded guilty in Los Angeles federal court to two counts of federal stalking charges and demanding 300.000 USD from his former boss at a Beverly Hills art gallery.

He could face up to 10 years in prison when he is sentenced on June 9th 2014.

FBI agents arrested White on February 12th 2014 after he sent dozens of emails and text messages over a six-month period threatening Los Angeles-based art dealer Robert Bane.

After he abruptly quit Bane’s gallery, White set up several websites claiming Bane and an artist associated with Bane were engaged in international fraud and selling paintings made in sweatshops.


Jason White
Prosecutors said White then tried to blackmail the artists for sums eventually reaching 300.000 USD to take down the websites or hand over the domains. He also contacted a British art dealer who was one of Bane’s largest clients and threatened to contact London newspapers unless he was paid.

As the continued demands were ignored, White’s messages escalated, prosecutors said. Later messages threatened to target artists’ children and White threatened to “kneecap” a child, according to court records.

White, who rented a space behind the Temecula Promenade Mall billed as White Galleries, also threatened a local artist for rent money.


Temecula Promenade Mall
The local artist, who agreed to sell his artwork through White’s gallery, said White asked him to pay his electric bill (which the artist’s family paid). White, whom FBI surveillance teams say was sleeping in the gallery, then began asking for rent money. The artist then began removing his artwork from the gallery. When the artist did so, White sent a message threatening to harm the artist’s child.

On Wednesday, February 12th 2014, White was arrested on charges that he cyberstalked and threatened the children of a Beverly Hills art dealer, his former boss and two artists, as he tried to extort hundreds of thousands of dollars from them.

Federal prosecutors and FBI agents said they collected dozens of text messages and emails from Jason White, 43, in which he threatened to defame the artists and art dealers.

He set up several websites, one claiming the artists were involved in international fraud, one claiming an artist was selling paintings made in sweatshops, and another claiming his former boss “is slandering my grandmother.”

When the demands were ignored, the threats escalated and targeted the art dealers’ children and families, the complaint said.

White’s messages included photos of the children with statements such as, “It will be very unfortunate if something was to happen to him,” and “Your children are my end game … I’m going to be waiting in the bushes to kneecap a child.”

FBI agents monitored White at the gallery off Margarita Road across from the Temecula Promenade mall. The agents believed White was living at the gallery and sleeping in a sleeping bag.

White worked for the Robert Bane Fine Art Gallery in Beverly Hills for about four months, until he quit abruptly in August. According to the complaint, he had claimed to be a reputable art dealer from North Dakota, but failed to make commissions. About a week after White quit, Bane began receiving threatening emails, demanding a 150.000 USD consulting fee, according to the complaint.

“A person with nothing left to lose becomes a very powerful thing,” White wrote. He also listed the websites he had created, using the art professionals’ names in the URLs. White said he would remove the websites once he was paid, according to the criminal complaint.


J.White
A week later, White sent an email to Bane’s largest client, who was the largest art publisher in the United Kingdom.

The email said Bane and an artist “were engaged in international fraud” and that White would be contacting London newspapers with the story unless 300.000 USD was paid to White’s Fargo Gallery, the affidavit states.

The emails continued for four months, threatening Bane, his family, White’s former supervisor at the gallery, clients and an artist associated with Bane’s gallery. White said Bane would lose a multimillion-dollar account or go to jail.

In January this year, the threats turned violent, the affidavit says. White allegedly told his ex-boss he would follow her in Manhattan Beach, where she lived, mentioned her children by name and said he would confront them in the style of the movie “Cape Fear.”

“I’d truly start thinking about your families at this moment. After this slander, you will pay some way,” the message stated. “It could have been cash, now you will pay with fear, anguish and pain.”

FBI agents recorded a phone call between Bane and White in which White asked Bain to buy the domain names, or else he would continue to harass him online.

Temecula City Hall
After the phone call, a different artist who had met White through his Temecula gallery reported to the FBI that White threatened him after White agreed to sell his work.

The artist’s family paid White’s electrical bill at the Temecula gallery, but began removing artwork after White began asking for rent money.

According to the federal complaint, White sent a photo of the artist’s child with the message, “Once this gallery closes, all I have to do in my life is take care of (the child). And what if I’m willing to do the time?”

If convicted of stalking charges, White could face up to five years in federal prison.

Source:  http://blog.pe.com

MALICIOUS GOOGLE ADs:
lp.usafis.org
IP: 199.83.133.103 Dover, DELAWARE (UNITED STATES)



FOR WEBMASTERS
If you own a Website or a Blog and are affiliated with Google AdSense, in order to your own Reputation, should block the Domain lp.usafis.org in your AdSense Dashboard. The Site is Blacklisted. See the following Report:

SCREENSHOT

CATEGORY MALICIOUS ADs:

URL-ADRESS:
http://www.googleadservices.com/pagead/aclk?sa=L&ai=CQWYQ6Fg8U-mVAqbh7gbvwYG4BuG8-sQEiYLSz6kBkMXezTQQASCOwJQjUPaHqvwBYLsDoAHIvKPRA8gBAagDAcgDwwSqBJMBT9DSNrdKaf3tgZ3HfWKVLH0Z46SKm9m2r8uHx3Ft-dltZpHnSTihb5h2ESNihNSi7PSdBLo5afvwg71-spzF0iaj_Aw6jWpUqxO_0Lr5Y7mObN50oN3QUHfVD4qPMo7nwFONtdoIGBHQp5Aaw-0GGiCq1lGeGPk6HWaJlslc6gVPhANw-yEp43j6sHJ37kXsPS_DiAYBgAehhcgg&num=1&cid=5GgDBitt7wd5qFH1jxkIzw7b&sig=AOD64_0UD0Zu2wYnP7KOChIno2RcihNCaw&client=ca-pub-5585202032329389&adurl=http://lp.usafis.org/newG_lp/usafis/usafisGLP%3Faf%3Dwiz_1959_&nm=17&mb=2&bg=!A0TCTVHOo1F4igIAAAAwUgAAACMqAOGa7fUKZLHPJScEM3xhxwSxbxPrjVHd-sw6Hg35xKGt3qwcRr-Ua8bVIgF-HTZ6EuyIcZyEn2OsnrTDBymDzR64g51dDmIK_dNVn4HnJaCqoWc34ChDOhdfiRLX8cyJIqWOw61MGek5TrJgT8jp0ZPjFcAMOqPrMKM-LQdgzlbuevIcZcWmSxXtO2P4oU7stltNGw9k8bDDnhJrkSJ5p3bcUYZxK4bnjKWTwc4JtrULyq1QFEbp0tOtnVHHVt9Y2-Dw42fvk6ZxyesqRuMnxCmV2gXQn81ajrTWBM7QxMKAUbA
VT-Analysis:
  • https://www.virustotal.com/de/url/57c334c691162cf05c07d1cd880313c4e51ac68b92315a65494a3df0d7314a61/analysis/1396464870/
URL AFTER REDIRECT: MALICIOUS DOMAIN
http://lp.usafis.org/newG_lp/usafis/usafisGLP?af=wiz_1959_&gclid=CJ6ov4S9wr0CFYY7MgodglgASQ
  • https://www.virustotal.com/de/url/0807f2619bc2c0e997f58d21acabc4ee3ac0900f1b7142d02eda01dd9cfac7a3/analysis/
DOMAIN ITSELF: (BR = BAD REPUTATION)
http://lp.usafis.org/
  • https://www.virustotal.com/de/url/d0c317fdd6d7274f310d98d4cb3efffbc2da92f503f4e7aed663d6615dba3871/analysis/
IP:
http://199.83.133.103/
  • https://www.virustotal.com/de/url/02b83c37d237956138a7fa8102e34ccdcb9e27b05422089a0f107734c5b5869c/analysis/1396465973/
  • https://www.virustotal.com/de/ip-address/199.83.133.103/information

4/02/2014

MALICIOUS ADs:
www.mapsgalaxy.com
risking with
Adware.MyWebSearch
White Plains, NEW YORK (UNITED STATES)



FOR WEBMASTERS
If you own a Website or a Blog and are affiliated with Google AdSense, in order to your own Reputation, should block the Domain www.mapsgalaxy.com in your AdSense Dashboard. The Site lets your Visitors download and install persistant ADWARE. See the following Report:

MALICIOUS GOOGLE AD: Adware.MyWebSearch.47

MALICIOUS CONTENT & DOWNLOADS:
http://googleads.g.doubleclick.net/aclk?sa=l&ai=CnEVeQDc8U-upIeel7QahnoDQCund95AHodCfgp4BtNjNkjsQASCOwJQjUOX47tf9_____wFguwOgAY-N4MsDyAECqAMByAPBBKoEiwFP0MESvZ_isD1TrzMOPDJ1o7Ufq5dre3IjKnqqYo-zjs39xY_t30Lip57ow-ldZoz2GU26VWAho6A9Zfx_82_n7YwdODV1nM_hOiWndJ9Ur_0KCBr2cVNXHqUbYh6rHuuZw6vVy-t87Bu9AdYWDGHkkkxPd-td_QvjgH9bq3ZYt0sk6iXBAIerka9uoAYCgAfZ8p80&num=1&sig=AOD64_0IYB2aEpKbXMiR0DfT4GK6wEbtjg&client=ca-pub-5585202032329389&adurl=http://www.mapsgalaxy.com/index.jhtml%3Fspu%3Dtrue%26partner%3DUXxdm063&nm=1&mb=2&bg=!A0Qka6E9cikknAIAAAAoUgAAABAqAOF3LAxbRwhN4BN-FCwOxvTpAJVAY9WiyoU86eSLNpX7oIu11_DHmjdhLtRJxnOsZ2ZRyxI1gmGBT5wpOWh-io87KnZHpVUxySq_sLVnszay-jesA7PsUY1GadC8jU80U8gmgzyt23KO5wCm_3kKPipcR-wmYUFGqhG3IF3DU6V5F_dft6JJcBuz8QGIoYwpzwmmdFstwcCSDxhbRT_gPOHJnI0rgkFGl8V_gcGC8067tK2mZXJ6J3RpV9c3FljPkMmJqBIAk27NWoNXPFLAtzCXuxRLD6Wx9O3OyjxViucvt-M
ANALYSIS VT:
  • https://www.virustotal.com/de/url/a92a922529b7b83d95cac0b4cc8d93e8e2370088c4084e86866279241bd5bcad/analysis/
URL AFTER REDIRECT:
http://www.mapsgalaxy.com/index.jhtml?spu=true&partner=UXxdm063&gclid=CI32lZabwr0CFYhaMgodVmQAAQ
  • https://www.virustotal.com/de/url/21b8b9a8349d7ddde85e4ca86b43d2e76552e689dcc3e80a9a38d4e49517a1bb/analysis/
IP:
http://74.113.233.180/
  • https://www.virustotal.com/de/url/54b4d071b1897bce1af782c969f0510bd2744190d95d92e4bae7d9758a033bb3/analysis/1396460279/
  • https://www.virustotal.com/de/ip-address/74.113.233.180/information/
Fwd/Rev DNS Match: NO
  • http://www.senderbase.org/lookup/?search_string=74.113.233.180


SCREENSHOT AT URLQuery: https://urlquery.net/screenshot.php?id=1396456860485


Own Screenshot

CLICK TO DOWNLOAD & INSTALL:
Adware.MyWebSearch.47
  • https://www.virustotal.com/de/file/68ae70b9cd962e0b44215c1e3b9909aec214ce508ce812876d0e2f0b798ad23a/analysis/1396457127/

OTHER MALICIOUS LINKS CONNECTED:
http://ak.imgfarm.com/images/download/spokesperson/spokesperson.js
  • https://www.virustotal.com/de/url/b08c15078bb414e7a8a5b00bfdd6cf39932a31b55d078bde87713ad4baa38ef9/analysis/
  • https://www.virustotal.com/de/file/dccc8d765c3a166c8fa79a0ad9358f1b6571cf0e411245a03950f1d9fc2e9d04/analysis/1396456474/
http://ak.imgfarm.com/images/anx/anemone-1.2.7.js
  • https://www.virustotal.com/de/url/02be3e7f50f96b17100f9298b452272ec2eda7aa02cf2f47acd56d168c83c2ae/analysis/
  • https://www.virustotal.com/de/file/b61f1dc82835d8bc3b6332443358eb5b9c41a5f4b0672497cdf06ac0a8bbfdfa/analysis/1394482504/
SEE ALSO:
http://wepawet.iseclab.org/view.php?hash=75d2310bc0fb8f44448a4ca37b09586c&t=1396455295&type=js

4/01/2014

Video:
THE FREEDOM OF SPEECH
1st AM(erica)-(END?)MENT or (AMEN)dment or Simply
----> "Fiefdom of Speech"

Press TV's documentary program "Fiefdom of Speech" unfolds the scenario of pressure by the western countries and companies on the Iranian media especially Press TV and Hispan TV.




On April 3rd, 2012, Munich-based media regulator Bayerische Landeszentrale für neue Medien (BLM), announced it was removing Press TV from the SES Astra satellite, as they did not have a licence to broadcast in Europe. However, the channel's legal team submitted documents to the court that proved Press TV could broadcast under German law. An administrative court in Germany accepted Press TV's argument and the legal procedures began.

For more read the article at WP.

Introducing COMMENT SPAMMERS (so the NET will not FORGET)
Helping those sorrow ones out in Publicity,
otherwise no one would notice them....


www.home-staging-montreal.com
IP: 66.43.56.89
(Montréal)


Anonymous wrote on February 8th, 2014:

Pretty great post. I just stumbled upon your blog and wished to mention that I have truly loved surfing around your weblog posts. After all I will be subscribing in your feed and I am hoping you write once more very soon! 
My weblog: www.home-staging-montreal.com...



COMMENT SCREENSHOT



On this Post:



Screenshot of the Webpage:

One important Question remains: Would you buy something at a place where the Spammer is trying to Advertise through an Article thats subject to Cild Predators & Pedophiles harming Children ??? I BET NOT !!!
----------------------------------------------------------------------------------------------------------------------------------------------

Trojan BLOGVISITOR from CHINA:
DOMAIN zychina.mobi infected with Trojan.JS.Iframe.fz
IP: 218.104.136.146 from Xiamen, CHINA




CHINESE MALWARE:

DOMAIN:
http://zychina.mobi/
  • https://www.virustotal.com/de/url/b212fd8098e178418e113cb823368b43f133aaac51838ae708dba4a923c41a7b/analysis/1396354754/
Trojan.JS.Iframe.fz
  • https://www.virustotal.com/de/file/49f2b6bf7563ea06b69ee3684c93570a430d18c97faaae60254a60459b798e1d/analysis/1396354981/
VISITING LINK:
http://zychina.mobi/seller/offerdetail/12-97-0-176.html
  • https://www.virustotal.com/de/url/7ebc5b4cbf1444fad375a685d687bdf33da5f77b4822b647f335faccd98770e4/analysis/
Trojan.JS.Iframe.fz
  • https://www.virustotal.com/de/file/3a0a92fc03235935b8403f6ebec3aeb1bc8dedce42b4531f6837856c276f8ab4/analysis/1396355327/


mm.aa88567.cn (Parked Domain)

DOMAIN:
http://mm.aa88567.cn/
  • https://www.virustotal.com/de/url/1e45da7aac14b36d7d105ce784a495150344dfd34da1978ac05606a30ddbc3ae/analysis/1396355633/

REMOTE URL:
http://mm.aa88567.cn/index/mm.js
  • https://www.virustotal.com/de/url/9301134079c20e75b649ea30d29daa465a2e81ead033a5312b394585b7cfd9ef/analysis/1396355646/

IP(s):
1) http://218.104.136.146/
  • https://www.virustotal.com/de/url/b33d2e7b96317081cb01eb03e844dbbc41485ba9eb8a40209d23e36cd060c789/analysis/1396356099/
  • https://www.virustotal.com/de/ip-address/218.104.136.146/information/
81 SPAM Mails sent from this IP:
  • https://www.projecthoneypot.org/ip_218.104.136.146
2) http://50.117.120.253/    (Personal 2nd Appearance)
  • https://www.virustotal.com/de/url/e619b1d78286c0b9cadfbb81b7ad400b5c94c97ada584689925d2ba3805ec165/analysis/1396356347/
  • https://www.virustotal.com/de/ip-address/50.117.120.253/information/

PHISHING from www.heavenjav.com (IP: 89.248.168.164)
Netherlands
PUA.Phishing.Bank


HeavenJAV Screenshot

Phishing SITE:
DOMAIN:
http://www.heavenjav.com/
  • https://www.virustotal.com/de/url/7ba4abf24940faa50c30bdea1e3788d98f79c5d38bbaf6a60934ec10951f8c02/analysis/1396342103/
PUA.Phishing.Bank
  • https://www.virustotal.com/de/file/e0862f4de5204feea0c3d8e365db0082d9b66743873bd1622248b392dfdc63ef/analysis/1396342533/
  • http://virusscan.jotti.org/de/scanresult/0882e3fab80e1c4561884fb123e103298c89153a
http://www.heavenjav.com/2013/02/24/front-magazine-uk-no-178-2013/
  • https://www.virustotal.com/de/url/07f6c70e33553e5b4da02f94af3c4b3ecca2003cf1610505e437a106ae85cbf9/analysis/1396342096/
PUA.Phishing.Bank
  • https://www.virustotal.com/de/file/90d8f789b5499a6d10b89b31cb75ed7474481e20996e125c676da78b8d599c9c/analysis/1396342153/
  • http://virusscan.jotti.org/de/scanresult/d8067f7e7a665777aeaeb064eb3fb32664db9e1a
http://89.248.168.164/
  • https://www.virustotal.com/de/url/3b8ce797c88762fece7858c4024261fb686117e4c6d68a9f0ef3d0f154a9ac71/analysis/1396350748/

Real Comment Number 3 on COMMENT SPAM (with Malicious Link) !

ANONYMOUS WROTE:
"Whɑt's up, after reading this awesome paragraph..."
KEY COMMENT: "Stop by my website..."

scp.uma.pt/images/....... Portugal, Poland, Germany

This Post is (and will be & stay) to demonstrate what SPAM IN BLOGS (Comment SPAM) IS about and how you should difference it ! From this part it is surveilled, and followed. IP-Data and Domains who are involved are being recorded, to monitor the frequency and analyzing the connections given to it. In case suspicious Connections (related to Phishing, Spambots (what they already are), and other fraudulent activities and/or behaviour) will (not only) be recorded and transfered to the appropriate agencies (i.e. IC3) what however is done anyway. Special observations from outside can be adressed to me through IC3. 

Reminder: However, every SPAM-Post is delivered to the appropriate Adress. Keep following.
-------------------------------------------------------------------------------------------------------------------------------------------

NUMBER 3:

Whɑt's up, after reading this awesome paragraph i am as well happy to share my experience here with mates. Stop by my website http://scp.uma.pt/images/1.php/what-is-biaxin-used-to-treat-ogqd.php
SPAM COMMENT MADE ON FOLLOWING POST:

http://stayaway2.blogspot.com/2014/01/category-malicious-domain_13.html
 
SCREENSHOT OF ANONYMUS COMMENT SPAMMER
 
 
MW URL: PHISHING - ROGUE MEDS - TDS SUTRA
http://scp.uma.pt/images/1.php/what-is-biaxin-used-to-treat-ogqd.php
  • https://www.virustotal.com/de/url/b4ddfb4f5d1d6de3d7ac09bc3f9b86cf1e1152c431989be9ba128ebadcc902ed/analysis/1396334546/
TDS Sutra - redirect received
TDS Sutra - request in.cgi
  • https://urlquery.net/report.php?id=1396334666046
--->
http://getmarketschoice.com/in.cgi?12&parameter=what+is+biaxin+used+to+treat
  • https://www.virustotal.com/de/url/15b9552bdaaef5306203130d8ec521adc2ec02836e244a6c288660a77af1de9f/analysis/1396334968/
TDS Sutra - redirect received
  • https://urlquery.net/report.php?id=1396335061174
---->
http://okpillsbest.com/catalog/Antibiotics/Biaxin.htm
  • https://www.virustotal.com/de/url/817a3dad94af46f7e84cf077bf34f54888b21bf8df5e2b7aa8c58a00dc3437e4/analysis/
  • https://urlquery.net/report.php?id=1396335569086
IPs:
http://193.136.232.84/
  • https://www.virustotal.com/de/url/6e4f5bd49883788be5d2d08199a76341d1b5a44a5e1054a20bbb2999170950aa/analysis/1396335823/
http://91.230.205.65/
  • https://www.virustotal.com/de/url/cd4912b45256be4f214fd289ed20c225c7d68e236e44c78895ffe3fb862f847d/analysis/1396335909/
  • https://www.virustotal.com/de/ip-address/91.230.205.65/information/
http://176.9.192.16/
  • https://www.virustotal.com/de/url/4c8e99a657d39784c9bd79d726db6b96677fbb9e575d28bc2eb704caa08c7257/analysis/1396336061/
  • https://www.virustotal.com/de/ip-address/176.9.192.16/information/
  • http://95.169.190.160/
  • https://www.virustotal.com/de/url/00dfaf1d27128c8f8f00b91a82a1f3a259e51042b504b784c7fa970efaaa2424/analysis/1396336268/
  • https://www.virustotal.com/de/ip-address/95.169.190.160/information/
Spider Sightings: 14
  • https://www.projecthoneypot.org/ip_95.169.190.160

SCAM OF THE DAY from:
"WIR BIETEN DARLEHEN" ("We Offer Credits")
With Greetings from Coquitlam (CANADA), Australia &...& ratgeberplatz.com

IHR SEID IN ALLE FINANZNÖTE ODER BENÖTIGEN SIE MITTEL ZU STARTEN IHR EIGENES GESCHÄFT? BRAUCHEN SIE DARLEHEN FÜR IHRE SCHULD ZU BEGLEICHEN ODER ZAHLEN SIE IHRE RECHNUNGEN?
Wir geben Kredite im Bereich von 7000 US-Dollar (sieben Tausend Dollar) bis zu 50.000.000 US-Dollar (50 Millionen Dollar) mit 3 % Zinssatz.



Füllen Sie das nachstehende Formular (ist kein Formular, nur Text im Mail) für die Anwendung von Darlehen durch:



Persönliche e-Mail-Adresse:

Name: Adresse:

Land:

Telefonnummer:

Menge, die benötigt werden:

Darlehen-Dauer:

Monatliches Einkommen:

Alter:

Geschlecht:



Sie sind Beratung senden Ihre Daten an diese e-Mail-Adresse ein: scoth_smitt@ymail.com



Alles Gute
Herr Rev Scoth Smitt (Blöder gehts wohl nicht!)
Screenshot of HOCHwürden.....

MALICIOUS: HIDDEN IfRAMES ALL OVER THE PLACE & INVOLVED IN PHISHING SCAM
http://sd43.bc.ca/
  • https://www.virustotal.com/de/url/8290fd493074a03e4b9c2e28e27d880175519bba5ec36b12f16aae864214fe44/analysis/1396302819/
http://sd43.bc.ca/Pages/default.aspx
  • https://www.virustotal.com/de/url/3430aa5e2fcb1a7be76346576a55c9179acb649e9ab39d83843e692dbf2eca0e/analysis/1396302945/
HTML: 
W32.HfsIframe.420f (WHATEVER IT MEANS REFERS TO A HIDDEN IFRAME)
  • https://www.virustotal.com/de/file/701247cb9f12329ce5558b3ceff20ab16a4f4880606b86cfe7fe474480f7299b/analysis/1396302682/
ORIGINATING IP(s) (ratgeberplatz.com again involved): Coquitlam (CANADA)
http://142.35.6.131/
  • https://www.virustotal.com/de/url/0878044af1696c27903ac4978f8113c96b1222f5461fbc8f2e9db3191934f1f1/analysis/1396304403/
http://14.2.27.4/   (Adelaide, Australia)
  • https://www.virustotal.com/de/url/3bdc4ddd451c4313001e49b924ff7ff7022ee6cec34bf8ec7b614487b5de2bf8/analysis/1396304621/