spyurk.am Open in urlscan Pro
37.252.78.253 Public Scan

Back to summary

URL:
https://spyurk.am/tags/exploited
Submission: On October 08 via manual (October 8th 2021, 1:57:32 pm UTC) from US — Scanned from DE

Form analysis
0 forms found in the DOM

Text Content

սփիւռք*

* Anmelden

DIESE WEBSEITE BENÖTIGT JAVASCRIPT, UM RICHTIG ZU FUNKTIONIEREN. FALLS DU
JAVASCRIPT DEAKTIVIERT HABEN SOLLTEST, BITTE AKTIVIERE ES UND AKTUALISIERE DIESE
SEITE.

NIEMAND IST MIT #EXPLOITED GETAGGT

#EXPLOITED

Sylvia J - vor 4 Monaten
#NSFW | Beitrag anzeigen | Alle zeigen
#NSFW | #nsfw-Beiträge verstecken

DEBT AS POWER

https://www.youtube.com/watch?v=ok1WwG3t19Q

’ #Debt is #power. #Extractive power over #people and #planet. #Class #societies
ensure that the debts of the extractors are never paid while insisting that the
debts of the #exploited are #sacrosanct. In this episode of #LTIO we dissect
debt and discuss how to #overthrow its hold over the many.’
#LetsTalkItOver #yanisvaroufakis #frankbarat #astrataylor #jayatighosh
#conversation #panel #capitalism #economics #economy #politics #classwar #risk
#gdp #abolition #antidemocratic #predatory #finance #neoliberalism #society
#diem25

LTIO#5 Debt as Power
DiEM25 - YouTube

5 Personen gefällt das
1 mal weitergesagt
Zeige 0 weitere Kommentare

irreversiblechaos@iviv.hu - vor 4 Monaten

https://itsamoneything.com/money/norm-franz-gold-money-of-kings/

Sylvia J - vor 4 Monaten

Cool ;-)

buzzkill@diaspora.schoenf.de - vor 4 Monaten

Mehr zeigen
Le Général Midi 3 - vor 5 Monaten
#NSFW | Beitrag anzeigen | Alle zeigen
#NSFW | #nsfw-Beiträge verstecken

#Nuclear missles raining from the sky
Innocent people destined to fry
Goodbye world hello space
This is where God greets us face to face

#Computers don’t blunder

I’m so troubled by what I see
In this so called democracy
Are you scared just like me
By the power of the #military

#Submarines beneath the sea
Probing, searching the enemy
Radar beacons sighted high
Plotting targets of those to die

#theExploited #Exploited #punk #punkrock

Mehr zeigen

Zeige -3 weitere Kommentare

Doc Edward Morbius - vor 6 Monaten
#NSFW | Beitrag anzeigen | Alle zeigen
#NSFW | #nsfw-Beiträge verstecken

SCUNTHORPE VS. PASTEBIN

A couple of years back I tracked down the basis of a story I’d long been aware
of, but hadn’t found the full details for. My source had been Isaac Asimov, who
in his autobiography and elsewhere mentioned work he did as a research
assistance while a graduate student at Columbia University. One project he
worked on was for a professor who was researching the resistance to
technological advances, and the background formed the basis for one of Asimov’s
first science fiction short story sales.

With some legwork, I found that the professor in question was a Dr. Bernard J.
Stern, PhD., a sociologist, and in fact a copy of the essay existed as a
government publication from 1937, now hosted at the Internet Archive. The scan
is hard to read, and not OCRd, so I retyped it, as one does (about 100 pages,
double-spaced, for the old-school typists out there).

Ideally I’d like to have that posted to my much-neglected blog. In the meantime,
at least making the Markdown available somewhere online seemed useful, so I
created a Pastebin which I could then link to, and have repeatedly over the
years since: https://pastebin.com/raw/Bapu75is

Earlier today, linking it once again, I had the presence of mind to verify that
the link did in fact work, and found it did not.

On re-submitting the text, the submission was rejected with the admonition
“potentially offensive or questionable content”.

Curious.

Digging through Pastebin’s site, I found a support contact and emailed that. Lo,
a response!

> Your paste has been flagged due to some of the keywords found.
>
> Please remove these words and your paste will be ok to publish as normal
>
> These keywords are as follows:
>
> exploited
> grosvenor
> xxx
> cocks
> retarded
> retard

Now, I could of course see how these might prove problematic. I could also see
how they might possibly not actually be as problematic as they seem, given time
and context.

Of these:

* “Exploited” appears with the meaning “put to productive use” in the context
“Delay in the effective utilization of tractors is in many countries and
regions due to the system of land ownership prevailing, for in order to be
exploited profitably, tractors require vast concentration of land areas, as
in the western United States and in the collective farms of the Soviet
Union.”
* "grosvenor’ is a proper name used in a reference citation: “William M.
Grosvenor has, in Chemical Markets, expressed the sentiments of modern
corporate management toward the utilization of new inventions”
* “xxx” appears as the Roman numeral for 30, again in a reference citation:
“Business Chronicle, vol. xxx (1930), p. 1.” The string appears in numerous
other contexts, also largely reference citations, e.g., “Lonberg-Holm, K.,
and Larson, C. T., “Trends in Building Production”, in Real Estate Record,
vol. cxxxvii (Apr. 18, 1936), pp. 19–25.”
* “cocks” describes steamship components, in a cited 1790 description by
Benjamin Franklin Bache: “A boat on this construction, barring all accidents
of breaking paddles, cranks, gudgeons, watchwheels, chains, Loggerheads,
cocks, valves, condensers, pins, bolts, pistons, cylinders, boilers, and God
only knows how many more useful parts, would almost stem the tide of the
Delaware…”
* Both “retard” and “retarded” are used in their original sense, “to slow”: “By
opposing franchises for electrical lighting, the gas companies retarded its
application.” “Similarly, the cradle or French telephones were long in use on
the Continent before they were installed in the United States and then a
service charge was added largely in order to retard their introduction.” And
“Changes within the electric industry have been retarded by the buying and
suppressing of patents by large corporations which dominate the field.”
* “nazi”. Well, OK, you’ve got me, because here, the term is used, in 1937, to
describe the actual extant government of Germany at the time, the National
Socialist Party: “The result is that styles of writing and alphabets become
tenacious. The ancient and medieval scripts prevailed for over five
centuries, the Gothic for over eight centuries, and is today being revived in
Nazi Germany.”

None of these usages strikes me as problematic.

I’m somewhat reminded of the (mythical) story of a US Navy aircraft carrier
encountering a radar return whilst at sea:

> Americans: “Please divert your course 15 degrees to the North to avoid a
> collision.”
>
> Canadians: “Recommend you divert YOUR course 15 degrees to the South to avoid
> a collision.”
>
> Americans: “This is the captain of a US Navy ship. I say again, divert YOUR
> course.”
>
> Canadians: “No, I say again, you divert YOUR course.”
>
> Americans: “THIS IS THE AIRCRAFT CARRIER USS ABRAHAM LINCOLN, THE SECOND
> LARGEST SHIP IN THE UNITED STATES’ ATLANTIC FLEET. WE ARE ACCOMPANIED BY THREE
> DESTROYERS, THREE CRUISERS AND NUMEROUS SUPPORT VESSELS. I DEMAND THAT YOU
> CHANGE YOUR COURSE 15 DEGREES NORTH. THAT’S ONE-FIVE DEGREES NORTH, OR COUNTER
> MEASURES WILL BE UNDERTAKEN TO ENSURE THE SAFETY OF THIS SHIP.”
>
> Canadians: “This is a lighthouse. Your call.”

https://www.snopes.com/fact-check/the-obstinate-lighthouse/

I’ve found an alternate posting site (https://rentry.co/szi3g) that seems not to
have issues with the text in question. Pastebin’s language hangups may prove
embarrassing. I refer them to the Scunthorpe problem:
https://en.wikipedia.org/wiki/Scunthorpe_problem

This is English, as used. Your call.

#scunthorp #pastebin #exploited #grosvenor #xxx #cocks #retarded #retard
#language

Technological trends and national policy, including the social implications of
new inventions. June, 1937 : United States. National Resources Committee.
Science Committee : Free Download, Borrow, and Streaming : Internet Archive

Prepared by the subcommittee on technology of the Science committee. cf. p. v

Mehr zeigen

6 Personen gefällt das
1 mal weitergesagt
Zeige 9 weitere Kommentare

Doc Edward Morbius - vor 6 Monaten

@randulo 🎷🎸 And still frequently. A lot of hacking and content disclosure
AFAIU. I’m not particularly aware of specific instances myself.

Given the potentially explosive nature of some such content, running at least a
sensible filter seems useful.

WIST Quotations - vor 6 Monaten

I’ll never forget struggling for most of a day to figure out why an Important
Spreadsheet from an Important Person for an Important Project wasn’t being
blocked in the email system.

Turned out his cumulative total columns were titled “cum”.

Doc Edward Morbius - vor 6 Monaten

@WIST Quotations I had an emailed brief awk script blocked for one recipient due
to a similar filter…

ꂵꄲ꒤ꋊ꓄ꋬ꒐ꋊ ꃳ꒐ꀘꏂ 𝔸𝕕𝕕𝕚𝕔𝕥~Ⓐ - vor 7 Monaten
#NSFW | Beitrag anzeigen | Alle zeigen
#NSFW | #nsfw-Beiträge verstecken

Anarchists and the trade unions | The Anarchist Library
https://theanarchistlibrary.org/library/paul-delesalle-anarchists-and-the-trade-unions?v=1614097223

> The importance of the trade unions, which is increasing every day, makes it
> our duty to consider and especially study what position we must assume towards
> these groups and to what extent we must participate in their development,
> whether by becoming members of them, or by helping to create them.

> Every social form contains within itself the agents of its own metamorphosis,
> and it is the capitalist regime’s own laws that militate in favor of the its
> destruction, as a result of the class antagonism generated by the capitalist
> mode of production.

> The modern industrial regime, that is, the prevailing economic form, possesses
> a corollary, in social relations, of the trade-based association. The trade
> union is the group that most effectively represents the exploited class in its
> struggle against the greed of the exploiting class. We must therefore not
> oppose this movement of association of the various groups of workers. To the
> contrary, we must resolutely encourage their creation and attempt to prevent
> their leadership from falling into the hands of ignorant or careerist
> elements, which would divert them from the revolutionary path.

--------------------------------------------------------------------------------

Tags: #dandelíon #anarchist #anarchy #Union #tradeunion #revolution #exploited
#workingclass #workers #capitalism #capitalist

via dandelion* client (Source)

Anarchists and the trade unions

Paul Delesalle Anarchists and the trade unions 1900 The text of a pamphlet first
published in 1900 encouraging anarchists to get involved in the trade...

Mehr zeigen

4 Personen gefällt das

Zeige -3 weitere Kommentare

Sylvia J - vor 9 Monaten
#NSFW | Beitrag anzeigen | Alle zeigen
#NSFW | #nsfw-Beiträge verstecken

HOW CAPITALISM EXPLOITS YOU

https://www.youtube.com/watch?v=2mI_RMQEulw

‘Unless you actually #own the #means of #production, you are not a “capitalist.”
You’re just an #exploited #worker under illusions about your role in the
#system.’
#richardwolff #wolff #capitalism #exploitation #profit #theft
#WeCanDoBetterThanCapitalism

Richard Wolff: How Capitalism Exploits You
The Gravel Institute - YouTube

4 Personen gefällt das
1 mal weitergesagt
Zeige -2 weitere Kommentare

tomgrz - vor 9 Monaten

Actually, I do not think “profit” as such is the main problem - though it is a
motivator. The root problem has to do with the abstraction of money from all
connection with the world itself. This results in an externalization of costs
(consequences) from money - thereby rather directly leading to the
cesspoolization of the planet as well as civil society.

huxley@mondiaspora.net - vor 9 Monaten
#NSFW | Beitrag anzeigen | Alle zeigen
#NSFW | #nsfw-Beiträge verstecken

#capitalisme #dictature #worker #exploited #stockholmsyndrome #syndrome

Mehr zeigen

2 Personen gefällt das

Zeige -3 weitere Kommentare

Twitter News - vor etwa einem Jahr
#NSFW | Beitrag anzeigen | Alle zeigen
#NSFW | #nsfw-Beiträge verstecken

NSA SHARES LIST OF VULNERABILITIES COMMONLY EXPLOITED TO PLANT WEB SHELLS

#commonly #exploited #list #nsa #plant #shares #shells #vulnerabilities #web

NSA shares list of vulnerabilities commonly exploited to plant web shells |
ZDNet

NSA and ASD issue joint advisory on detecting and dealing with web shells.

Zeige -2 weitere Kommentare

winners@diasp.org - vor etwa einem Jahr

#Anonymous #USA #NSA #Privacy #Security

Sapiens - vor 2 Jahren
#NSFW | Beitrag anzeigen | Alle zeigen
#NSFW | #nsfw-Beiträge verstecken

AVOID INTEL AND AMD UNIVERSAL BACKDOORS

Only use computers certified to Respect Your Freedom (RYF)

The #Intel #Management #Engine is present on all Intel #desktop, #mobile (
#laptop ), and #server #systems since mid 2006. It consists of an #ARC
#processor core (replaced with other processor cores in later generations of the
ME), #code and #data #caches, a #timer, and a secure #internal #bus to which
additional #devices are connected, including a #cryptography engine, internal
#ROM and #RAM, #memory #controllers, and a direct memory access ( #DMA ) engine
to access the host operating system’s memory as well as to reserve a region of
protected external memory to supplement the ME’s limited internal RAM. The ME
also has #network access with its own #MAC #address through an Intel #Gigabit
#Ethernet #Controller. Its #boot program, stored on the internal ROM, loads a
#firmware “manifest” from the PC’s SPI #flash #chip. This manifest is signed
with a strong #cryptographic #key, which differs between versions of the ME
firmware. If the manifest isn’t signed by a specific Intel key, the boot ROM
won’t load and execute the firmware and the ME processor core will be halted.

The Active Management Technology ( #AMT ) application, part of the Intel “vPro”
brand, is a #Web server and application code that enables #remote #users to
#power on, power off, view information about, and otherwise manage the #PC. It
can be used remotely even while the PC is powered off ( via #Wake-on-Lan ).
Traffic is encrypted using #SSL / #TLS libraries, but recall that all of the
major SSL/TLS implementations have had highly publicized vulnerabilities. The
AMT application itself has known #vulnerabilities, which have been #exploited to
develop #rootkits and #keyloggers and #covertly gain #encrypted #access to the
management features of a PC. Remember that the ME has full access to the PC’s
RAM. This means that an #attacker exploiting any of these vulnerabilities may
gain access to everything on the PC as it runs: all open #files, all running
#applications, all #keys pressed, and more.

ME firmware versions 4.0 and later (Intel 4 Series and later chipsets) include
an ME application for audio and video DRM called “Protected Audio Video Path”
(PAVP). The ME receives from the #host operating system an encrypted #media
#stream and encrypted key, decrypts the key, and sends the encrypted media
decrypted key to the #GPU, which then #decrypts the media. PAVP is also used by
another ME application to draw an #authentication PIN pad directly onto the
screen. In this usage, the PAVP application directly controls the graphics that
appear on the PC’s screen in a way that the host #OS cannot detect. ME firmware
version 7.0 on PCHs with 2nd Generation Intel Core #i3 / #i5 / #i7 (Sandy
Bridge) CPUs replaces PAVP with a similar DRM application called “Intel
Insider”. Like the AMT application, these DRM applications, which in themselves
are defective by design, demonstrate the #omnipotent #capabilities of the ME:
this #hardware and its proprietary firmware can access and #control everything
that is in RAM and even everything that is shown on the #screen.

The Intel Management Engine with its #proprietary firmware has complete access
to and control over the PC: it can power on or shut down the PC, read all open
files, examine all running applications, track all keys pressed and #mouse
movements, and even #capture or #display #images on the screen. And it has a
network interface that is demonstrably #insecure, which can allow an attacker on
the network to #inject #rootkits that completely compromise the PC and can
report to the attacker all activities performed on the PC. It is a #threat to
#freedom, #security, and #privacy that can’t be ignored.

Before version 6.0 (that is, on systems from 2008/2009 and earlier), the ME can
be disabled by setting a couple of values in the SPI flash memory. The ME
firmware can then be #removed entirely from the flash memory space. Libreboot
does this on the Intel 4 Series systems that it supports, such as the Libreboot
X200 and Libreboot T400. ME firmware versions 6.0 and later, which are found on
all systems with an Intel #Core i3/i5/i7 CPU and a PCH, include “ME Ignition”
firmware that performs some hardware #initialization and power management. If
the ME’s boot ROM does not find in the SPI flash memory an ME firmware manifest
with a valid Intel signature, the whole PC will shut down after 30 minutes.

Due to the signature verification, developing free #replacement firmware for the
ME is basically impossible. The only entity capable of replacing the ME firmware
is Intel. As previously stated, the ME firmware includes proprietary code
licensed from third parties, so Intel couldn’t release the source code even if
they wanted to. And even if they developed completely new ME firmware without
third-party proprietary code and released its source code, the ME’s boot ROM
would reject any modified firmware that isn’t signed by Intel. Thus, the ME
firmware is both hopelessly proprietary and #tivoized.

For years, #coreboot has been #struggling against Intel. Intel has been shown to
be extremely uncooperative in general. Many coreboot #developers, and
#companies, have tried to get Intel to #cooperate; namely, releasing source code
for the firmware components. Even #Google, which sells millions of #Chromebooks
(coreboot preinstalled) have been #unable to #persuade them.

Even when Intel does cooperate, they still don’t provide source code. They might
provide limited #information (datasheets) under #strict #corporate #NDA (
#non-disclosure #agreement ), but even that is not guaranteed. Even ODMs and
IBVs can’t get source code from Intel, in most cases (they will just integrate
the blobs that Intel provides).

In summary, the Intel #Management #Engine and its applications are a #backdoor
with #total access to and control over the rest of the PC. The ME is a threat to
freedom, security, and privacy, and the Libreboot project strongly recommends
avoiding it entirely. Since recent versions of it can’t be removed, this means
avoiding all #recent #generations of Intel hardware.

RECENT INTEL GRAPHICS CHIPSETS ALSO REQUIRE FIRMWARE BLOBS

Intel is only going to get #worse when it comes to user freedom. Libreboot has
no support recent Intel platforms, precisely because of the problems described
above. The only way to solve this is to get Intel to #change their #policies and
to be more #friendly to the free software #community. Reverse engineering won’t
solve anything long-term, unfortunately, but we need to keep doing it anyway.
Moving forward, Intel hardware is a non-option unless a #radical change happens
within Intel.

Basically, all Intel hardware from year 2010 and beyond will never be supported
by Libreboot. The Libreboot project is actively #ignoring all modern Intel
hardware at this point, and focusing on #alternative platforms.

WHY IS THE LATEST AMD HARDWARE UNSUPPORTED IN LIBREBOOT?

It is extremely unlikely that any post-2013 #AMD hardware will ever be supported
in Libreboot, due to severe security and freedom #issues; so #severe, that the
Libreboot project recommends avoiding all modern AMD hardware. If you have an
AMD based system affected by the #problems described below, then you should get
rid of it as soon as possible.

AMD PLATFORM SECURITY PROCESSOR (PSP)

This is basically AMD’s own version of the Intel Management Engine. It has all
of the same basic security and freedom issues, although the #implementation is
wildly different.

The Platform Security Processor (PSP) is built in on all Family 16h + systems
(basically anything post-2013), and controls the main #x86 core #startup. PSP
firmware is cryptographically signed with a strong key similar to the Intel ME.
If the PSP firmware is not present, or if the AMD signing key is not present,
the #x86 cores will not be #released from #reset, rendering the system
#inoperable.

The PSP is an ARM core with TrustZone #technology, built onto the main CPU die.
As such, it has the ability to #hide its own program code, scratch RAM, and any
data it may have taken and stored from the lesser-privileged x86 system RAM
(kernel encryption keys, #login data, #browsing #history, #keystrokes, who
knows!). To make matters worse, the PSP theoretically has access to the entire
system memory space (AMD either will not or cannot deny this, and it would seem
to be required to allow the DRM “features” to work as intended), which means
that it has at minimum MMIO-based access to the #network controllers and any
other PCI/PCIe peripherals installed on the #system.

In theory any #malicious entity with access to the AMD signing key would be able
to install persistent #malware that could not be eradicated without an external
flasher and a known good PSP image. Furthermore, multiple security
vulnerabilities have been demonstrated in AMD #firmware in the #past, and there
is every #reason to assume one or more zero day vulnerabilities are lurking in
the PSP firmware. Given the extreme privilege level (ring -2 or ring -3) of the
PSP, said vulnerabilities would have the ability to #remotely #monitor and
control any PSP enabled machine completely outside of the user’s #knowledge.

A reliable way to avoid Intel and AMD’s universal backdoors is to use computers
with such spyware effectively removed or disabled like the ones certified to
Respect Your Freedom (RYF).

#NSA #spyware #spy #mass #surveillance #FSF #GNU #GNULinux #RYF #technology
#laptops #CPU #processor #universal #backdoor #malware #Corei3 #Corei5 #Corei7

Mehr zeigen

19 Personen gefällt das
8 mal weitergesagt
Zeige 30 weitere Kommentare

Even ইভেন - vor 2 Jahren

The Vikings ASUS KCMA D8 Workstation

Sapiens - vor 2 Jahren

@Whonix Anonymous Operating System

Whonix Anonymous Operating System - vor 2 Jahren

consider as well looking into IBM processors POWER9 they are modern and blobs
free as well check here for e.g:

https://www.raptorcs.com/

anonymiss - vor 2 Jahren
#NSFW | Beitrag anzeigen | Alle zeigen
#NSFW | #nsfw-Beiträge verstecken

#EXPLOITED AT EVERY TURN: THE LIVES OF #ITALY'S CHINESE PROSTITUTES

source:
https://www.aljazeera.com/indepth/features/exploited-turn-lives-italys-chinese-prostitutes-190406220713228.html

> Chinese workers in Italy are forced to live in factories to be more
> productive. When large orders arrive, they often work up to 16 hours a day.
> Labourers are paid per piece, sometimes earning between 1,500 and 2,000 euros
> ($1,685 to $2,246) a month. But earnings are not proportional to people’s
> efforts. Eventually, when their productivity decreases due to physical limits
> and sight problems, the workers lose their jobs. Men are left with no choice
> but to return to #China. Some women decide to stay, taking jobs as babysitters
> or maids for Chinese compatriots, for very low salaries. Others end up being
> exploited and enter #prostitution.

#economy #news #immigration #humanrights #politics #fail #work

Exploited at every turn: The lives of Italy's Chinese prostitutes

Female migrants quit factory labour for sex work to survive and provide a better
life for relatives back home.

Mehr zeigen

2 Personen gefällt das
1 mal weitergesagt
Zeige 4 weitere Kommentare

Harka - vor 2 Jahren

@Odysseus: Actually it’s more people on the left fighting prostitution and
fucking up countless lives of those, who really don’t need it. Usually because
of the severely mistaken theory, that people will not go into that business on
their own, voluntary terms. Instead they keep flogging the image of the poor
abused girl standing half-naked in freezing temps on the sidewalk, who ‘needs’
to be ‘protected’ from all those evil men forcing them to do so, which, however,
in probably 99% of cases is utter bullshit.

Odysseus - vor 2 Jahren

@Harka: Yes, I agree that, but I thought it more widely. I don’t put people in
left - right axis at this point. Try to ask some conservative people, should we
legalize prostitution, abortion, drugs or anything which is now illegal in most
of countries. I’m really amazed if they say ‘yes.’
And to be honest, prostitution is not all about voluntary job and happy life.
Nor is drugs or alcohol or anything else. World is not black and white. Not even
right-winger’s world, thus they act like that.
What we should do, is try to minimize the bad things that are caused by those
vain bans, regardless if we are politically from right or left.

mk - vor 2 Jahren

https://www.theguardian.com/news/2018/feb/01/migrants-more-profitable-than-drugs-how-mafia-infiltrated-italy-asylum-system

Miguel Ungooglable Unfacebookable Rotunno - vor 3 Jahren
#NSFW | Beitrag anzeigen | Alle zeigen
#NSFW | #nsfw-Beiträge verstecken

“Women are the majority of the world’s #poorest and most oppressed. Every day we
are #robbed, #exploited and #killed. #capitalism #destroys our #planet and
#dehumanizes us, turning everything into a #commodity. It cultivates and
reproduces #patriarchal #prejudices and imposes a #war between the #sexes. We
believe that this must be done away with, and #working-class women must be at
the forefront.”

#aurora Women’s #club: What do #women #desire?
https://redstaroverdonbass.blogspot.com/2019/03/aurora-womens-club-what-do-women-desire.html

Aurora Women's Club: What do women desire?

What do women desire? By Aurora Women's Club Donetsk, DPR We have often been
asked and asked about why we have a women's communist or...

2 Personen gefällt das
1 mal weitergesagt
Zeige -3 weitere Kommentare

Hacker News ( unofficial ) - vor 3 Jahren
#NSFW | Beitrag anzeigen | Alle zeigen
#NSFW | #nsfw-Beiträge verstecken

GOOGLE WARNS ABOUT TWO IOS ZERO-DAYS ‘EXPLOITED IN THE WILD’

iOS users are advised to update to iOS 12.1.4; release which also fixes infamous
FaceTime bug.
Article word count: 315

HN Discussion: https://news.ycombinator.com/item?id=19145683
Posted by LinuxBender (karma: 4409)
Post stats: Points: 172 - Comments: 66 - 2019-02-12T17:45:36Z

#HackerNews #about #exploited #google #ios #the #two #warns #wild #zero-days

--------------------------------------------------------------------------------

Article content:

A Google top security engineer has revealed today that hackers have been
launching attacks against iPhone users using two iOS vulnerabilities. The
attacks have happened before Apple had a chance to release [1]iOS 12.1.4 today
--meaning the two vulnerabilities are what security experts call “zero-days.”

The revelation came in a tweet from Ben Hawkes, team leader at Project Zero
--Googleʼs elite security team. Hawkes did not reveal under what circumstances
the two zero-days have been used.

At the time of writing, it is unclear if the zero-days have been used for
mundane cyber-crime operations or in more targeted cyber-espionage campaigns.

The two zero-days have the CVE identifiers of CVE-2019-7286 and CVE-2019-7287.

According to the Apple iOS 12.1.4 security changelog, CVE-2019-7286 impacts the
iOS Foundation framework --one of the core components of the iOS operating
system.

An attacker can exploit a memory corruption in the iOS Foundation component via
a malicious app to gain elevated privileges.

The second zero-day, CVE-2019-72867, impacts I/O Kit, another iOS core framework
that handles I/O data streams between the hardware and the software.

An attacker can exploit another memory corruption in this framework via a
malicious app to execute arbitrary code with kernel privileges.

Apple credited “an anonymous researcher, Clement Lecigne of Google Threat
Analysis Group, Ian Beer of Google Project Zero, and Samuel Groß of Google
Project Zero” for discovering both vulnerabilities.

Neither an Apple or Google spokesperson responded to requests for comment from
ZDNet before this articleʼs publication. It is highly unlikely that the two
companies will comment on the issue at this time, as both would like to keep the
zero-day specifics to a minimum and prevent other threat actors from gaining
insight into how the zero-days work.

iPhone users are advised to update their devices to iOS 12.1.4 as soon as
possible. This release [2]also fixes the infamous FaceTime bug that allowed
users to eavesdrop on others using group FaceTime calls.

More security coverage:

References

Visible links

1. https://support.apple.com/en-us/HT209520
2. https://www.zdnet.com/article/ios-12-1-4-fixes-iphone-facetime-spying-bug/

HackerNewsBot debug: Calculated post rank: 136 - Loop: 419 - Rank min: 100 -
Author rank: 19

Google warns about two iOS zero-days 'exploited in the wild' | ZDNet

iOS users are advised to update to iOS 12.1.4; release which also fixes infamous
FaceTime bug.

Mehr zeigen

Zeige -3 weitere Kommentare

WIRED (unofficial) - vor 3 Jahren
#NSFW | Beitrag anzeigen | Alle zeigen
#NSFW | #nsfw-Beiträge verstecken

WHY A HACKER EXPLOITED PRINTERS TO MAKE PEWDIEPIE PROPAGANDA

#exploited #hacker #make #printers #propaganda #security #why

Why a Hacker Exploited Printers to Make PewDiePie Propaganda

An anonymous hacker has claimed credit for the prank, which is part of an
ongoing YouTube subscriber feud.

Einer Person gefällt das

Zeige -3 weitere Kommentare

Hacker News ( unofficial ) - vor 3 Jahren
#NSFW | Beitrag anzeigen | Alle zeigen
#NSFW | #nsfw-Beiträge verstecken

HOW A MASSIVE AD FRAUD SCHEME EXPLOITED ANDROID PHONES TO STEAL MILLIONS

A BuzzFeed News investigation uncovered a sophisticated ad fraud scheme
involving more than 125 Android apps and websites, some of which were targeted
at kids.
Article word count: 5772

HN Discussion: https://news.ycombinator.com/item?id=18285275
Posted by minimaxir (karma: 30392)
Post stats: Points: 115 - Comments: 46 - 2018-10-23T17:12:16Z

#HackerNews #android #exploited #fraud #how #massive #millions #phones #scheme
#steal

--------------------------------------------------------------------------------

Article content:

Last April, Steven Schoen received an email from someone named Natalie Andrea
who said she worked for a company called We Purchase Apps. She wanted to buy his
Android app, Emoji Switcher. But right away, something seemed off.

“I did a little bit of digging because I was a little sketched out because I
couldn’t really find even that the company existed,” Schoen told BuzzFeed News.

The We Purchase Apps [1]website listed a location in New York, but the address
appeared to be a residence. “And their phone number was British. It was just all
over the place,” Schoen said.

It was all a bit weird, but nothing indicated he was about to see his app end up
in the hands of an organization responsible for potentially hundreds of millions
of dollars in ad fraud, and which has funneled money to a cabal of shell
companies and people scattered across Israel, Serbia, Germany, Bulgaria, Malta,
and elsewhere.

Schoen had a Skype call with Andrea and her colleague, who said his name was Zac
Ezra, but whose full name is Tzachi Ezrati. They agreed on a price and to pay
Schoen up front in bitcoin.

“I would say it was more than I had expected,” Schoen said of the price. That
helped convince him to sell.

A similar scenario played out for five other app developers who told BuzzFeed
News they sold their apps to We Purchase Apps or directly to Ezrati. (Ezrati
told BuzzFeed News he was only hired to buy apps and had no idea what happened
to them after they were acquired.)

The Google Play store pages for these apps were soon changed to list four
different companies as their developers, with addresses in Bulgaria, Cyprus, and
Russia, giving the appearance that the apps now had different owners.

But an investigation by BuzzFeed News reveals that these seemingly separate apps
and companies are today part of a massive, sophisticated digital advertising
fraud scheme involving more than 125 Android apps and websites connected to a
network of front and shell companies in Cyprus, Malta, British Virgin Islands,
Croatia, Bulgaria, and elsewhere. More than a dozen of the affected apps are
targeted at kids or teens, and a person involved in the scheme estimates it has
stolen hundreds of millions of dollars from brands whose ads were shown to bots
instead of actual humans. (A full list of the apps, the websites, and their
associated companies connected to the scheme can be found in [2]this
spreadsheet.)

One way the fraudsters find apps for their scheme is to acquire legitimate apps
through We Purchase Apps and transfer them to shell companies. They then capture
the behavior of the app’s human users and program a vast network of bots to
mimic it, according to analysis from Protected Media, a cybersecurity and fraud
detection firm that analyzed the apps and websites at BuzzFeed Newsʼ request.

This means a significant portion of the millions of Android phone owners who
downloaded these apps were secretly tracked as they scrolled and clicked inside
the application. By copying actual user behavior in the apps, the fraudsters
were able to generate fake traffic that bypassed major fraud detection systems.

“This is not your run-of-the-mill fraud scheme,” said Asaf Greiner, the CEO of
Protected Media. “We are impressed with the complex methods that were used to
build this fraud scheme and what’s equally as impressive is the ability of
criminals to remain under the radar.”

Another fraud detection firm, Pixalate, [3]first exposed one element of the
scheme in June. At the time, it estimated that the fraud being committed by a
single mobile app could generate $75 million a year in stolen ad revenue. After
publishing its findings, Pixalate received an email from an anonymous person
connected to the scheme who said the amount that’s been stolen was closer to 10
times that amount. The person also said the operation was so effective because
it works “with the biggest partners [in digital advertising] to ensure the
ongoing flow of advertisers and money.”

In total, the apps identified by BuzzFeed News have been installed on Android
phones more than 115 million times, according to data from analytics service
AppBrain. Most are games, but others include a flashlight app, a selfie app, and
a healthy eating app. One app connected to the scheme, EverythingMe, has been
installed more than 20 million times.

Once acquired, the apps continue to be maintained in order to keep real users
happy and create the appearance of a thriving audience that serves as a cover
for the cloned fake traffic. The apps are also spread among multiple shell
companies to distribute earnings and conceal the size of the operation.

The revelation of this scheme shows just how deeply fraud is embedded in the
digital advertising ecosystem, the vast sums being stolen from brands, and the
overall failure of the industry to stop it.

App metrics firm AppsFlyer [4]estimated that between $700 million and $800
million was stolen from mobile apps alone in the first quarter of this year, a
30% increase over the previous year. Pixalate’s latest analysis of in-app fraud
found that 23% of all ad impressions in mobile apps are in some way fraudulent.
Overall, Juniper Research [5]estimates $19 billion will be stolen this year by
digital ad fraudsters, but [6]others believe the actual figure could be three
times that.

This scheme’s focus on Android apps also exposes the presence of fraud, malware,
and other risks affecting Google’s mobile ecosystem and the users who rely on
it. Experts say a scheme like this targets Android in part because of its huge
user base, and because the Google Play store has a less rigorous app review
process than Apple’s App Store. Android apps are bought and sold, injected with
malicious code, repurposed without users’ or Google’s knowledge, or, as in this
case, turned into engines of fraud. (Apple’s App Store is by no means immune to
malicious attacks: A security researcher recently [7]revealed that a top paid
app is secretly transmitting user browsing data to a server in China.)

Google told BuzzFeed News it quickly removes any apps that violate Play store
policies and that last year it took down more than 700,000 apps that were in
violation. It also emphasized its commitment to fighting ad fraud by
implementing standards such as ads.txt.

“We take seriously our responsibility to protect users and provide a great
experience on Google Play. Our developer policies prohibit ad fraud and service
abuse on our platform, and if an app violates [8]our policies, we take action,”
said an emailed statement from a Google spokesperson.

The ad networks and ad exchanges used by the scheme include major players, such
as those operated by Google, which means these companies earned commission if
ads shown to bots went undetected. There is no evidence Google or any of the
other companies knew the inventory was fraudulent.

After being provided with a list of the apps and websites connected to the
scheme, Google investigated and found that dozens of the apps used its mobile
advertising network. Its independent analysis confirmed the presence of a botnet
driving traffic to websites and apps in the scheme. Google has removed more than
30 apps from the Play store, and terminated multiple publisher accounts with its
ad networks. Google said that prior to being contacted by BuzzFeed News it had
previously removed 10 apps in the scheme and blocked many of the websites. It
continues to investigate, and [9]published a blog post to detail its findings.

The company estimates this operation stole close to $10 million from advertisers
who used Googleʼs ad network to place ads in the affected websites and apps. It
said the vast majority of ads being placed in these apps and websites came via
other major ad networks.

Asked whether it reviews apps in the Play store on an ongoing basis, a company
spokesperson pointed to a [10]blog post from earlier this year that said,
“Sometimes developers change the content or behavior of their app and associated
app listing and marketing materials after initially approved, requiring ongoing
reviews as new information becomes available that can alter the original policy
judgment.”

The company would not say whether any apps in this scheme received a subsequent
review after they changed ownership, or for any other reason.

Amin Bandeali, the chief technology officer of Pixalate, told BuzzFeed News that
app stores provide minimal ongoing review of apps and their developers, which
makes them an easy target for fraudsters and other bad actors.

“App stores, perhaps unwittingly, are providing a gateway to connecting
fraudsters with [advertising] inventory buyers and sellers,” he said. “While the
stores present customer reviews, download numbers and other ‘quality’ metrics,
they offer minimal services that vet the business practices, technology and
relationships of the app companies.”

To identify key beneficiaries of this scheme, BuzzFeed News analyzed corporate
registration records, domain ownership and Domain Name System data, Play store
listings, and other publicly available information. It revealed that the network
of apps and websites is linked to Fly Apps, a Maltese company with multiple
connections to the scheme.

Corporate records obtained by BuzzFeed News show that Fly Apps is owned by two
Israelis, Omer Anatot and Michael Arie Iron, and two Germans, Thomas Porzelt and
Felix Reinel.

Anatotʼs LinkedIn profile lists him as the CEO of EverythingMe, a popular app
owned by Fly Apps. In messages sent on WhatsApp, Anatot said he only manages
EverythingMe and blamed the initial fraud identified by Pixalate on a firm he
says they worked with, AdNet Express. He said his company paid AdNet Express to
generate installations of its apps to help grow its user base, and that any
fraud was the fault of their partner.

“They were buying installs for us for a short time,” he said. “Very soon it
turns out these guys were 100% fraudulent traffic of bots pushing installs.”

It’s unclear if AdNet Express is a real company. It has virtually no online
profile or reputation other than a [11]very basic website, which does not list
an address or phone number or cite any clients or projects. The domain ownership
information for the site listed a fake US mailing address, as well as the email
address “MatthewBStrack@teleworm.us.” That email address was generated using a
service called [12]Fake Mail Generator. The company’s two employees listed on
LinkedIn cite no additional work experience or educational background on their
profiles, and appear to have no other online presence.

BuzzFeed News sent an email citing Anatot’s claims to the address listed on the
company’s website. “This is very interesting,” someone wrote back. “Today, i
cannot speak but Friday.” They did not reply to subsequent emails.

Also, at some point after Anatot began communicating with BuzzFeed News, many of
the websites in the scheme were taken offline. Several websites for shell
companies were unpublished at the same time.

“You try to tie me into something Iʼve no relationship to,” Anatot said in a
message. “And if you go and publish that, you and the publisher will carry the
legal liability. You really have no grounds for the things you tie me to.”

After receiving a detailed email with information connecting Fly Apps to apps
and companies involved in the scheme, the company responded with a letter from
its attorney that denied any involvement in, or knowledge of, the fraud
identified by Pixalate. Fly Apps also denied it has any connections to the apps,
websites, and companies identified in the overall fake traffic scheme.

“Please be advised that my client categorically denies these very serious and
false allegations, which if published, would cause tremendous harm to it,” the
letter, from Harder LLP, said. “Fly Apps’ applications are loved by many, and
have a significant amount of users. Fly Apps is a reputable application
developer, which has long been supported by advertising partners and advertising
verification companies.”

The letter, which can be read in full [13]here, omitted any reference to AdNet
Express and instead blamed the fraud revealed by Pixalate on an unnamed third
party that provided a “corrupted” software development kit. It did not address
the fact that Protected Media detected fake traffic in many of these apps and
websites beginning more than a year ago.

A subsequent set of questions from BuzzFeed News asked Fly Apps to comment on
the fact that Google removed advertising accounts associated with websites and
apps it found had received high levels of fraudulent traffic. The company,
speaking through its lawyer, acknowledged that Google was recently in touch with
Fly Apps about its account(s).

“A few days ago, Fly Apps received a Google notification concerning an issue
with Adsense and is in the process of trying to obtain further information. Fly
Apps is confident that it will resolve this issue in due time and notes that the
Google notification did not mention any issues regarding bad traffic,” said an
emailed statement.

BuzzFeed also asked the company to comment on the fact many websites connected
to the scheme went offline after Fly Apps learned of BuzzFeed Newsʼ interest,
and many apps in the scheme have since been removed from the Play store by
Google.

“Fly Apps cannot comment on applications and websites, online or offline, that
are not related to Fly Apps,” it said.

Here’s a breakdown of how a group of partners leveraged technical knowledge and
connections within the advertising ecosystem, a network of shell companies with
fake employee profiles, an army of bots, and more than 100 apps and websites to
operate a scheme that an insider says stole hundreds of millions of dollars.

The first step to creating convincing fake traffic for this scheme is to acquire
Android apps used by actual human users. The fraudsters study the behavior of
the users and then create bots — automated computer programs — that mimic the
same actions. The bots are loaded onto servers that contain specialized software
that enables the bots to generate traffic within the specific apps.

In the case of websites in the scheme, the bots visit them using virtual web
browsers that help present this traffic as human. In both cases, the fake
traffic generates ad views, which in turn earns revenue.

The blending of real humans with bots helps defeat systems built to detect fake
traffic, because the real traffic and fake traffic look almost exactly the same.

“These bots are unique to this operation, mimicking real user behavior. The
traffic is therefore a mix of real users inside a real app, and fake traffic,”
said Greiner of Protected Media. (Googleʼs investigation also found that some of
the fake traffic directed to properties in the scheme came from a botnet called
[14]“TechSnab.”)

“It’s clear to us that the people orchestrating this scheme are both familiar
with the ad tech industry and with the mainstream data science approach to
detecting ad fraud,” he said.

Anatot previously ran a company, Install Labs LTD, that distributed adware and
other software classified as “potentially unwanted programs” (PUP) by security
and anti-virus firms due to them causing frustration for users, and often
installing other programs without permission. He’s also an investor in Montiera,
another company that distributed software classified as PUP. Like the Android
apps and websites in this scheme, these PUP offerings relied on digital
advertising to generate revenue.

Reinel and Porzelt previously ran a German hosting and server administration
company called hostimpact.de. Between those three, they possess the background
in advertising and server management necessary for this scheme.

It’s unclear what Iron did prior to Fly Apps, though as detailed below he is
part owner of a Serbian company that develops mobile apps for Android, as well
as other web products.

The scheme began to unravel this summer when data scientists at Pixalate
detected something alarming in an Android app called MegaCast. The app’s pitch
was that it enabled a user to play any video, regardless of format, on a
streaming device. But behind the scenes, MegaCast was pretending to be something
it wasn’t.

Pixalate found that MegaCast was at times displaying the unique ID of other apps
in order to attract bids for ads. This meant ad buyers thought they were, for
example, buying ads in the far more popular EverythingMe app when in reality
they were showing up in MegaCast. (This is called “spoofing,” because MegaCast
was pretending to be other apps.)

Pixalate identified roughly 60 apps being spoofed by MegaCast and estimated this
one scheme could generate $75 million per year in fraudulent ad revenue. It
documented ads from major brands such as Disney, L’Oréal, Facebook, Volvo, and
Lyft being fraudulently displayed.

Pixalate revealed its findings in [15]a June blog post, and MegaCast was soon
removed from the Google Play store.

Fly Apps told BuzzFeed News that MegaCast was a victim of the spoofing scheme,
and that it removed the app from the Play store because “its reputation has
unfortunately been tarnished by recent events. Fly Apps will be creating a new
and improved casting application.”

Soon after Pixalate went public with its findings, an email arrived in its inbox
from an email address at Mobilytics.org, an analytics company that helped
facilitate the MegaCast fraud. (It was used to track how much money was being
earned from ads placed with each spoofed app ID.)

“This email is directed to the top management team of Pixalate. For the obvious
reasons, my name is not relevant now,” read the email.

The person offered to share their inside knowledge to fully expose the scheme
and reveal how big it really is.

“I will explain you the technologies to create traffic on android, how to
distribute it, how to sell the created traffic, the business structures needed,
but most of all how to partner with the biggest partners to ensure the ongoing
flow of advertisers and money,” the email said. (Contrary to what Anatot and Fly
Apps claimed, this inside source said nothing about fraudulent app installs or a
corrupted software development kit.)

“And by the way,” the message said, “your estimation of $75 [million]
accumulated damage is probably 10% of the real numbers. But that just explains
how unaware or just cooperative the industry is with this growing ‘business.’”

Pixalate replied to ask for more information, but never heard back. Soon, all
replies to the email bounced back as a result of Mobilytics’s website being
taken offline.

By then, BuzzFeed News had begun its own investigation of the ownership
information and other details related to the spoofed apps. This dive into
corporate records, domain registration information, DNS data, and other publicly
available sources led to a startling conclusion: Rather than being victims of
the MegaCast spoofing, the apps were all connected and therefore part of the
same scheme. This aligned with what the anonymous Mobilytics employee hinted at.
Protected Media’s subsequent discovery of the fake traffic generated by bots
also confirmed what the source said.

Ultimately, this information led to the group of four men operating Fly Apps,
which owns MegaCast, EverythingMe, and other applications.

Back in 2015, EverythingMe was one of the most promising Android apps in the
Play store. It [16]won a Webby Award, was featured by Google, amassed [17]more
than 10 million downloads, and raised more than $35 million in venture capital.
EverythingMe is a “launcher” that helps organize apps and contacts, and surfaces
relevant information based on when you’re using your phone.

In spite of its success, at the end of 2015, the company that created it
announced it was shutting down and soon removed EverythingMe from availability.
Without a hot startup behind it, the app was largely forgotten.

In 2016, the app was quietly sold to a new owner, according to a former
EverythingMe executive who asked not to be named or quoted. They declined to say
who bought it, citing a nondisclosure agreement. In early 2017 the EverythingMe
Twitter account briefly sprung to life to [18]tweet that “EverythingMe is back!”
and promote a download link.

As of today, EverythingMe is the property of Fly Apps. On LinkedIn, Anatot, an
Israeli, lists himself as CEO of EverythingMe. Corporate ownership records
confirm that Anatot owns 25% of Fly Apps, along with three other men who each
own the same share: Thomas Porzelt and Felix Reinel, two Germans; and Michael
Arie Iron, an Israeli.

After hearing that a BuzzFeed News reporter was looking into his company, Anatot
reached out by email: “I understand that you are looking into mobile apps
advertising and assumed very wrong conclusions about me, my company and my
partners.”

In a subsequent WhatsApp chat Anatot blamed the fraud detected by Pixalate on
AdNet Express, a company that may not exist. He also downplayed his role and
ownership stake in Fly Apps.

“My holiding [sic] in fly apps is private matter, but I can tell you that Iʼm a
far minority holder,” he said, omitting the fact that he owns the same share as
his three partners.

Anatot said that after he acquired EverythingMe, “Fly apps teamed up with me to
supply the tech team and financing.” He said he does not have oversight of other
Fly Apps products.

But additional details connect Anatot in other ways to at least one of his Fly
Apps partners. Anatot runs a company called [19]TinTin Consulting that serves as
his vehicle for investing in companies. His list of portfolio companies was
removed from TinTin’s website after Anatot learned of BuzzFeed News’ interest in
him. But before it was scrubbed, [20]the site listed the Serbian-based mobile
apps and software development company Kudos as one of his investments. Maltese
corporate records show Anatot’s partner Iron owns 49% of that company.

Milos Kovacki, the founder and COO of Kudos, told BuzzFeed News the company
never worked with Fly Apps or any of the shell companies involved in the scheme.
But the LinkedIn profiles of two Kudos employees detail their work on MegaCast,
the Fly Apps Android app that Pixalate found to be at the center of the spoofing
scheme. Kovacki did not respond to subsequent questions.

BuzzFeed News also found multiple connections linking Fly Apps to other
companies, websites, and apps in the ad fraud operation.

The Play store pages for EverythingMe, Restaurant Finder, and MegaCast all list
the Malta address used by Fly Apps. That same address was also listed on the
website of Mobilytics, the company that was central to the initial fraud
discovered by Pixalate.

The letter from Fly Apps’ lawyer noted that this address is for a corporate
registration agent in Malta, not an actual business office. However, a
[21]Google search for the address the exact way it’s written on these pages
almost exclusively brings up results connected to apps owned by Fly Apps. That
initial connection is not conclusive on its own, but quickly combines with
others.

A key connector between Fly Apps and properties in the scheme is the email
address lorentsen@yandex.ru. It was used to register the domain names for the
websites of Fly Apps properties EverythingMe and Restaurant Finder. And it’s
also the email address used to register the websites for 15 other apps
implicated in the scheme, which in turn connect to eight shell companies.

A third connection between Anatot/FlyApps and companies or properties in the
scheme is the MegaCast app. Anatot acknowledged to BuzzFeed News that MegaCast
is owned by Fly Apps. But the since-removed MegaCast [22]website listed a
Bulgarian company called Messamta Project as its developer. Messamta’s corporate
records list a Bulgarian address used by more than a dozen other apps in the
scheme. It’s also the corporate registration address used by three additional
Bulgarian shell companies that were publicly listed as the owners of these apps
and websites: Osipo/Osypo, Ventus Trading, and Rasolant. As with the Malta
address, it appears to be almost exclusively associated with companies and apps
involved in the scheme.

Fly Apps’ lawyer argued this was simply another case of their client using the
same service providers as other companies. However, the websites for Osypo and
Rasolant were both taken offline after BuzzFeed News began communicating with
Anatot. And as detailed below, there is overwhelming evidence that these and
other related companies are nothing more than shells created to help execute the
fraud scheme.

The Fly Apps [23]website itself also provides a fourth connection. Its design
and some of its text is a carbon copy of the website [24]Loocrum.com, which
describes itself as a mobile apps monetization platform. The code for the Fly
Apps site even includes a reference to Loocrum, showing that at least some of
its code was literally copied from that site.

The Loocrum website was registered last year by a person named Petar Popovich
with the email address ppopovic588@gmail.com. That email address was also used
to register the domain names of two shell companies involved in the scheme,
[25]Quaret and [26]Visont. Petar Popovich is also the name of the Serbian
citizen who registered Bulgarian shell companies in the scheme. (An email sent
to that address went unanswered.)

A final connection of note is that the Restaurant Finder app, which belongs to
Fly Apps, was removed from the Play store after Google began taking action
against apps it determined had received fraudulent traffic as part of this
scheme.

After Steven Schoen sold his app, Emoji Switcher, to We Purchase Apps, the new
owner created a website for it, [27]emojiswitcher.com. And just like the
websites for EverythingMe and Restaurant Finder, that domain was originally
registered to a “Jacob Lorentsen” of London using the email address
lorentsen@yandex.ru. (An email sent to that address did not receive a reply.)

That same registration information appears in the whois records for 19 other
domain names associated with Android apps in this scheme. These apps list at
least eight different companies as their owner or developer: [28]Lyrman,
[29]Osypo, Fly Apps, [30]Morrum, [31]Visont, [32]Imoderatus, AEY Solutions, and
[33]Rasolant. And these companies in turn list addresses in Serbia, Cyprus,
Latvia, Bulgaria, and Russia.

That single domain registration email address connects a web of apps and shell
companies to one another, as well as directly to Fly Apps:

Another key connection between multiple apps and companies is the address in
Bulgaria linked to Messamta Project. It appears in the Play store pages for 21
apps spread out among four companies.

Along with being the corporate address of Messamta, it shows up in records for
Rasolant, which is publicly listed as the owner of 12 other apps involved in the
spoofing attack first identified by Pixalate, as well as seven related websites
identified by BuzzFeed News.

Osypo, which also uses the same Bulgaria address, is listed as the developer of
four apps in the Play store that are part of the scheme. The company’s
[34]website, which like several others was deleted after BuzzFeed News began
making inquiries, lists an additional seven apps in the scheme.

This single address connects multiple companies, apps, and websites, which again
connect back to Fly Apps:

Other connections abound. For example, the Android game Surprise Eggs - Kids
Game has a listing in the Play store that says it’s developed by a company
called Visont, and the app’s [35]website says the same. However, the domain
registration information for the appʼs site lists its owner as [36]Quaret
Digital, a separate company that itself is the owner of 10 websites
participating in the scheme. Its website was taken offline after BuzzFeed News
began inquiries, but can be viewed [37]here. (Visont’s [38]website was also
removed late last week. It was registered last year using the email address
lorentsen@yandex.ru.)

On LinkedIn, at least one of Quaret’s purported employees uses a profile stolen
from actor and Instagram influencer [39]Sarah Ellen.

The domain registration and other technical details of the website for Surprise
Eggs offer additional connections. The site uses an SSL certificate registered
to the website TrackMyShows.tv. Track My Shows is an Android app in the scheme
that has a website registered to lorentsen@yandex.ru. (An SSL certificate is
used to certify the identity of a website being loaded in a web browser, and it
also helps ensure a secure connection for the user. Websites typically to use a
certificate connected to their specific domain, but sometimes site owners reuse
a certificate across multiple properties.)

More than 15 additional websites involved in the scheme reused the same
TrackMyShows.tv SSL certificate. Those apps claim to be owned by companies named
Imoderatus, Morrum, Mout, AEY Solutions, Quaret Digital, Visont, and Rasolant,
respectively. All of these seemingly separate apps/websites, belonging to
different companies, are also hosted on the same server. As of this writing, 13
of the apps were recently removed from the Play store, likely as a result of
Googleʼs ongoing investigation.

In its legal letter, Fly Apps explained all of these connections by saying they
“are the practical result from application developers using the same pool of
common service providers within a specific industry.”

“They are not the result of any illicit conduct by Fly Apps in developing and
setting up an intricate web of malicious applications to create fake traffic and
steal hundreds of millions of dollar in advertising revenue,” it added.

The technical elements of the apps provide more connections and evidence that
they’re developed and managed centrally.

BuzzFeed News provided a list of apps to Armando Orozco, a senior malware
intelligence analyst at Malwarebytes. He examined a sample of 13 belonging to
different shell companies and found they “seem to be built in the same manner
and mostly have the same ad sdk’s bundled in them — likely from the same
developers/gang just submitting under different names.” (Ad SDKs, or software
development kits, are programming libraries that enable an app to run specific
types of ads in order to earn revenue. This means these apps were all using the
same types of ads and ad providers to make money.)

He also examined EverythingMe, the Fly Apps application, and found it had the
same unique ad identification code as other apps, and said it contained “very
similar code chunks and strings.”

An additional connection between Fly Apps applications and the apps operated by
shell companies can be found on their Play store pages. These supposedly
separate developers repeatedly used the exact same phrase in response to user
complaints about intrusive or overloaded ads: “we are trying to find the balance
between clean user experience and funding our project!”

It’s used by Fly Apps to respond to complaints about EverythingMe and MegaCast.
And it’s used to respond to complaints about apps in the scheme including Track
My Shows, Cat Rescue Puzzles, Surprise Eggs - Kids Game, Pix UI Icon Pack 2 -
Free Pixel Icon Pack, Surprise Eggs Vending Machine, and Twist Your Fingers,
among others.

In some cases, the websites of shell companies used in the scheme list the names
and photos of employees, and link to LinkedIn profiles for them. But BuzzFeed
News found multiple cases where stock photos were used for employees’ pictures.
In other cases, searches for employee names only turn up results related to the
companies, suggesting they are made-up names. Multiple shell company websites
also reuse the same marketing text, word for word.

One Bulgarian company called [40]Atoses Digital says on its [41]website that
it’s the developer of sites in the scheme including scandalcity.tv, webarena.tv,
healthtube.info, and dailydally.tv. (It also claims to have worked on Glam, a
once-hot fashion website that was [42]sold last summer.)

The Atoses site lists eight employees, but BuzzFeed News found that at least
half of the headshots are taken from stock image websites. The LinkedIn profiles
of those employees list no employment or education experience other than their
work at Atoses.

Many shell company sites also feature fake customer testimonials. The website
for a company called [43]TapTapVideo claims it helps monetize MegaCast, Twist
Your Fingers, and Smart Voice Assistant, three apps found in the scheme. Its
site includes customer testimonials, one of which is from a woman named
“Gabriella Byrd.” The photo used for her is, in fact, a picture of a UX designer
named Kristi Grassi.

“Yes, Iʼm aware this photo seems to be used all over,” Grassi told BuzzFeed News
in an email after being alerted to its presence on the site. Grassi said her
photo was uploaded to a site that allowed designers to use it in mock-ups. Since
then it has been misused by others.

Similarly, Osypo’s since-removed [44]website had three customer testimonials,
but BuzzFeed News could not locate any information about the people and
companies cited. (The site also uses a [45]stock photo to represent its office.)

Along with fake employees and customers, the companies recycle the same text on
their homepages. [46]Kheus, Immoderatus, and Visont all say, “Before we start
development process, we need to research subjects of the project, your
competitors, the target audience of the project. Our research results in
technical requirements and wireframes, determined together with the customer.”

The websites for Visont, [47]Ellut, and Morrum say, “To meet your campaign
objectives, our technology suite includes all forms of targeting including
re-marketing, contextual, behavioral, geographic and dayparting.”

Osypo and Morrum also have identical text, including the statement that they
provide “website development services that meet all your needs and are tailored
according to the peculiarities of your business field.”

Along with Android apps, BuzzFeed News identified more than 35 websites
connected to the shell companies. Protected Media and Pixalate both found
evidence of fraudulent traffic on a selection of the sites.

The vast majority of these websites present themselves as video content
providers in lucrative verticals such as fashion, sports, or celebrity news.
Many use the .tv domain suffix to reinforce their focus on video.

But the websites themselves rarely update their content and some displayed the
same videos. Another sign that they’re empty vessels for fake traffic is the
fact that the same sentence — “We deliver our services to to over 4 million
households with set top boxes, and providing mobile video services that reach
over 10 million subscribers” — is found on the About page of more than 20 sites
in the scheme.

Two other sites in the scheme, 24gossip.net and topstories.fun, copied their
About page text from the website [48]Gossip Cop, a celebrity fact-checking
website. (Both of those URLs were registered using an email address connected to
Rasolant, while their websites publicly list the owner as Quaret Digital,
further demonstrating how the shell companies are intertwined.)

Almost all of the websites listed in BuzzFeed News’ email to Anatot have since
been taken offline.

A final sign that they’re fraudulent properties was noticed by Ian Trider, the
director of real-time bidding operations for Centro, a platform used by brands
and agencies to buy digital ads.

He told BuzzFeed News he banned several Quaret properties last year after
noticing they included instructions in their website code that would stop Google
from indexing the sites. This would have prevented the sites from attracting
traffic from search. Less traffic means less revenue, so no legitimate
ad-supported website would want that.

“Asking search engines to avoid indexing your site is not something you normally
do as a for-profit publisher. You want the public to visit so you can make money
through advertising," Trider said.

But search traffic seems less important when you can simply fabricate an
audience. ●

References

Visible links

1. https://web.archive.org/web/20181016170654/http://wepurchaseapps.com/
2. https://docs.google.com/spreadsheets/d/1BMJAHOASdeOOYgomSva9URZnPZ4ZdPbnyxdpqQH9KgI/edit?usp=sharing
3. http://blog.pixalate.com/mobile-app-laundering-bundle-id-megacast-alleged-sophisticated-invalid-traffic-ad-fraud
4. https://venturebeat.com/2018/04/02/appsflyer-mobile-app-fraud-hit-800-million-in-q1-up-30/
5. https://www.businesswire.com/news/home/20170926005177/en/Juniper-Research-Ad-Fraud-Cost-Advertisers-19
6. https://libertycraze.com/blogs/news/online-ad-fraud-is-off-the-charts-28-of-all-web-traffic-comes-from-click-farms
7. https://gizmodo.com/top-apple-mac-app-secretly-sends-your-browser-history-t-1828881137
8. https://play.google.com/about/developer-content-policy/#!?modal_active=none
9. https://security.googleblog.com/2018/10/google-tackles-new-ad-fraud-scheme.html
10. https://android-developers.googleblog.com/2018/01/how-we-fought-bad-apps-and-malicious.html
11. https://web.archive.org/web/20181011181907/http://adnetexpress.net/?utm_source=Thalamus.co&utm_medium=AdVendorPage&utm_content=https://www.thalamus.co/ad_partners/adnetexpress
12. http://www.fakemailgenerator.com/
13. https://www.documentcloud.org/documents/5014185-Fly-Apps-LTD-Letter-to-BuzzFeed-News.html
14. https://blog.malwarebytes.com/puppum/2016/04/safesoft-protector-abuses-privoxy/
15. http://blog.pixalate.com/mobile-app-laundering-bundle-id-megacast-alleged-sophisticated-invalid-traffic-ad-fraud
16. https://mobiforge.com/news-comment/the-webby-awards-2014-award-winning-mobile-campaigns-with-video-case-studies
17. http://archive.is/ByIs0
18. http://archive.is/erzpa
19. https://web.archive.org/web/20180830020443/https://tintininvest.com/
20. https://web.archive.org/web/20180830020443/https://tintininvest.com/
21. https://www.google.ca/search?q="45/1,+Triq+L-Isqof+F.S.+Caruana,+Msida,+MSD+1412,+Malta"&ei=nwLJW77zE_CN_QblzKj4DQ&start=0&sa=N&biw=1636&bih=917
22. https://web.archive.org/web/20180805140503/http://megacastplayer.com/
23. http://archive.is/lG6hf
24. https://web.archive.org/web/20181022122327/http://loocrum.com/
25. https://www.documentcloud.org/documents/5014727-Quaret-Digital-Com.html
26. http://archive.is/4O8Ax
27. http://emojiswitcher.com/
28. http://archive.is/Japsb
29. https://web.archive.org/web/20180825124953/https://osypo.com/
30. https://web.archive.org/web/20181022122915/http://morrumcorp.com/
31. http://archive.is/4O8Ax
32. https://web.archive.org/web/20181015224306/https://imoderatus.com/
33. https://www.documentcloud.org/documents/5014584-Rasolant-Website.html
34. https://web.archive.org/web/20180919171128/https://osypo.com/
35. http://surprise-eggs-game.com/
36. https://www.documentcloud.org/documents/5014727-Quaret-Digital-Com.html
37. https://web.archive.org/web/20180829175452/https://quaret-digital.com/
38. http://archive.is/4O8Ax
39. https://www.instagram.com/sarahellen/?hl=en
40. https://opencorporates.com/companies/bg/204852700
41. http://archive.is/8W5tW
42. https://variety.com/2017/digital/news/mode-media-bankruptcy-acquired-brideclick-glam-1202468816/
43. https://web.archive.org/web/20181015205442/http://taptapvideo.com/index.html
44. https://web.archive.org/web/20180825124953/https://osypo.com/
45. https://www.gettyimages.com/detail/photo/colleagues-working-in-a-busy-high-tech-high-res-stock-photography/545163497
46. https://web.archive.org/web/20180816064534/https://kheus.com/
47. https://www.documentcloud.org/documents/5014741-Ellut-Website.html
48. https://www.gossipcop.com/

HackerNewsBot debug: Calculated post rank: 92 - Loop: 310 - Rank min: 80 -
Author rank: 53

Apps Installed On Millions Of Android Phones Tracked User Behavior To Execute A
Multimillion-Dollar Ad Fraud Scheme

A BuzzFeed News investigation uncovered a sophisticated ad fraud scheme
involving more than 125 Android apps and websites, some of which were targeted
at kids.

Mehr zeigen

3 Personen gefällt das

Zeige -3 weitere Kommentare

Hacker News ( unofficial ) - vor 3 Jahren
#NSFW | Beitrag anzeigen | Alle zeigen
#NSFW | #nsfw-Beiträge verstecken

HOW A WEBSITE EXPLOITED AMAZON S3 TO OUTRANK EVERYONE ON GOOGLE

Quick Intro to the World of SEO, Affiliate Marketing, and Amazon S3
Article word count: 1693

HN Discussion: https://news.ycombinator.com/item?id=18094328
Posted by poof_he_is_gone (karma: 123)
Post stats: Points: 242 - Comments: 56 - 2018-09-28T15:46:44Z

#HackerNews #amazon #everyone #exploited #google #how #outrank #website

--------------------------------------------------------------------------------

Article content:

This is the shortest summary I could think of to help you can understand a
little more about this fun discovery.

The world of trying to share coupons with you online is one of the single most
competitive areas of SEO (search engine optimization… aka, getting search
engines like Google to list your website higher in the search results then than
other people’s websites). Other extremely competitive SEO areas are industries
like insurance, loans, and real estate.

Thousands of websites try to outrank each other on Google to make sure they are
the #1 result when you type in “wallgreens coupon code”.

Since most of the coupons you find on these pages don’t work, you may have
wondered why do these coupon sites even exist? Their primary goal has been and
will always remain to attach a [1]browser cookie to your web browser (Chrome,
Safari, etc…) so they can get a commission on anything you buy from that
retailer. This is called [2]affiliate marketing. The cookie contains information
that let’s the retailer know that which coupon website sent you and reward them
with a commission. These commissions typically range from 1% to 15% of your
total shopping cart, but they vary greatly from one retailer to another.

Just in case you wondered why the coupon code is always hidden and requires you
to “click” to view it; that’s so they can open a new browser tab (normally in
the background) that launches the retailer’s website (like wallgreens.com) and
adds their affiliate marketing cookie to your browser and then rewards them for
any purchase you make. Even if the code doesn’t work (which it normally
doesn’t), if you still checkout and buy something, you have just provided them
with a nice commision. Yay!

BTW: The web browser extensions you use to auto-apply coupons at checkout do the same thing.

Now you know how the world of coupon based affiliate marketing works.

As for [3]Amazon S3, it’s nothing more than cheap file storage and hosting for
files. Really boring old-school stuff, but super useful and extremely popular
among web developers everywhere. You upload a file and Amazon S3 serves that
file up to people all around the world (think… images, videos, mp3s, PDFs,
documents of all kinds, etc…).

Anyway, back to the Amazon S3 SEO hack that a very clever affiliate marketer
figured out.

Amazon.com employs one of the best SEO teams in the world. Some of the best
minds in the search marketing industry spend all day trying to figure out how
Amazon can outrank every other website (including many times the actually
manufacturer’s website) for any product. Whether it’s a turtleneck sweater or a
new Weber grill, Amazon wants to rank #1 when you search for it.

Amazon.com has such an amazing power to rank for anything (known in the industry
as [4]Domain Authority), that even the other websites they own and link to (like
amazonaws.com) have built up incredible Domain Authority of their own.

According to [5]Ahrefs, amazonaws.com has 410M backlinks from 376,000 different
domain names. That’s a surreal amount of backlinks, making it one of the top
websites in the entire Ahrefs system.

For non-SEO people, that simply means a bunch of different websites link to a bunch of web pages on amazonaws.com. Google’s ranking algorithm looks at the number of websites linking to a certain page as one of many indicators it considers to decide if a web page is worthy of being ranked higher for a certain term you search for. So, 410M backlinks pointing to various web pages on amazonaws.com is a big deal.

Knowing that I’d seen PDF’s uploaded to Amazon S3 in the Google serps (search
engine results pages) for years, it was obvious that Google indexed S3 files
just like any other webpage. I was curious what were some of the most popular
PDF’s that not only ranked well, but were linked to the most. I figured that
PDFs that had tremendous amounts of websites linking to them would be indicative
that those PDF’s have valuable information in them. Thus, maybe something to
create interesting content around for one of my sites.

I click over to the Ahrefs keyword report out of curiosity to see what S3 files
are ranking for what keywords and notice the entire first page of results is
almost all coupon code related.

Ok… that’s weird and unexpected.

I click a few of the results and they take me to pages like this
([6]https://s3.amazonaws.com/walgreens-photo-coupon/walgreens/index.html)

Things get even weirder.

I check the backlinks for the first ten coupon pages and none of them have any
[7]backlinks from an external website.

To rank for a search query like “macys promo code” with zero websites linking to
your page and practically no content on the page other than affiliate links, is
beyond ridiculous.

That’s so ridiculous, you could compare it to me turning off Netflix, dragging my body off my couch, and taking the silver medal in the 100 meter dash at the Olympics.

This chart above is an example of a web page, dragging itself off the couch and
taking the silver medal. Imagine Usain Bolt looking back as he runs the 100
meter dash and seeing you covered in sweat, screaming up behind him. Imagine the
look on his face. That’s my face when I saw this page went from total obscurity
to top ranking for “g2a discount code” in one month and generating an estimate
30,000+ visitors to that one page.

So, something is obviously off here. I naturally had to dig a little bit deeper.

First off, the site seems completely bare. For something ranking so high for
massively competitive keywords, there is practically no information on the page,
no links to things like Categories, About, Blog, Contact, Privacy Policy, Terms
of Use, etc… That’s practically unheard of for a site in this type of position.

Second, I notice the company logo links to the root domain of
(https://s3.amazonaws.com) and I find a About link buried in the footer that I’m
guessing is supposed to the appear like it’s the real AWS about page
[8]https://s3.amazonaws.com/pages/about-us.html (now a 404 error). Both of those
are immediate red flags that something is really off here.

Third, I notice all the links are routing through (promocodefor.org via 301 and
302 redirects) and upon looking at into it, the domain has experienced [9]quite
the traffic spike recently. Looking into its Google rankings, that website
doesn’t rank for anything other than a few obscure terms. So, that traffic isn’t
coming organically. It’s all coming via direct visitors or referrals (which in
this case would be people clicking these links from these thousands of coupon
pages).

Most likely, that massive traffic spike is all people clicking links on these
Amazon S3 uploaded coupon pages. Meaning, whoever this person is, they are
getting hundreds of thousands of clicks on their affiliate links, appending
hundreds of thousands of their tracking cookies onto people’s web browsers, and
making serious $$$$.

There is no way to estimate how much they are earning, but let me put it this way. I have a friend who runs a review site, that ranks for various web hosting related search queries like “web hosting reviews” and “godaddy hosting review” etc… He’s not the #1 result and he’s one of many sites that rank for the same terms, so it’s not like he is getting 100% of the traffic. He still pulled in over $140,000 in affiliate commissions in 2017. PS — Don’t quit your day job. It took him years to get those rankings and it’s only last year it finally started to pay off.

Fourth, I jump over to the source code of the site to find some super bare code.
It’s nothing more than simple pure html, using only locally uploaded resources
(css, js, etc…) and it doesn’t appear to have a single externally loaded
resource (including Google Analytics which is practically a default for most
websites).

Fifth, almost all the info on the page is faked. The counters, visitors, rating
are all hard coded onto the page and haven’t changed in days. The search doesn’t
work, the filtering is broken on most of the, and various elements like Load
More are broken. They are static elements, made to look like real activity is
going on, so the visitor believes these pages are on an active and useful
website.

Sixth, I can see that there are thousands of these pages. Each one is sitting in
its own [10]Amazon S3 bucket, one page per bucket. Each bucket dedicated to a
different retailer.

There is a lot more going on here, so before I jump to any final conclusions,
I’m going to continue talking to some SEO experts I’ve known for years to get
their ideas on how they got all of these indexed and why Google seems to be
ranking them as if they were a part of the main amazonaws.com website.

Hold off on those world domination plans. This is the definition of what is
called [11]Black Hat SEO. There is a zero percent chance that this doesn’t both
violate the [12]Terms of Use for Amazon AWS and that the Google SPAM team
wouldn’t consider this to be a blatant violation of their [13]Webmaster
Guidelines. Meaning, these amazing Google rankings are soon to go “poof!” into
the ether.

Let’s go back to that sprinting analogy. You ran your heart out, you took the silver medal, you get to stand on the podium, and return to your country a hero. Black Hat SEO is that, but the only thing is… you get called out for doping, stripped of your medals, and all your work was for nothing. Black-hat SEO, like this coupon site, only last for temporary periods of time, they get caught, it all becomes worthless, and you are forced to try to find the next scheme. It’s always better to stick with [14]White Hat, put in the work, and reap the long term benefits.

[15]Seth Kravitz is the CEO of [16]PHLEARN, the world’s #1 Photoshop & Lightroom
training company online. He is an avid writer, photographer, rock climber, and
Chicagoan.

This story is published in [17]Noteworthy, where thousands come every day to
learn about the people & ideas shaping the products we love.

Follow our publication to see more product & design stories featured by the
[18]Journal team.

References

Visible links

1. https://us.norton.com/internetsecurity-how-to-what-are-cookies.html
2. https://www.quora.com/What-is-affiliate-marketing-How-does-it-work
3. https://docs.aws.amazon.com/AmazonS3/latest/dev/Welcome.html
4. https://en.wikipedia.org/wiki/Domain_Authority
5. https://ahrefs.com/
6. https://s3.amazonaws.com/walgreens-photo-coupon/walgreens/index.html
7. https://www.seoclarity.net/resources/knowledgebase/what-are-backlinks-and-how-do-they-work
8. https://s3.amazonaws.com/pages/about-us.html
9. https://www.alexa.com/siteinfo/promocodefor.org
10. https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html
11. https://www.wordstream.com/black-hat-seo
12. https://aws.amazon.com/agreement/
13. https://support.google.com/webmasters/answer/35769?hl=en
14. https://www.wordstream.com/white-hat-seo
15. http://sethkravitz.com/
16. https://phlearn.com/
17. http://blog.usejournal.com/
18. https://usejournal.com/?utm_source=usejournal.com&utm_medium=blog&utm_campaign=guest_post

HackerNewsBot debug: Calculated post rank: 180 - Loop: 233 - Rank min: 100 -
Author rank: 76

Mehr zeigen

Zeige -3 weitere Kommentare

Katharsisdrill - vor 4 Jahren
#NSFW | Beitrag anzeigen | Alle zeigen
#NSFW | #nsfw-Beiträge verstecken

PHILL FROM GCHQ - PAGE 30

--------------------------------------------------------------------------------

Drawing - 966 × 1350 px - 567 kb PNG - Page 30 of Phill from GCHQ in which we
learn of the youth of Judith Gunn - the modern double-O agent - and about her
clan: The Gunns. Made with Krita

--------------------------------------------------------------------------------

Please consider to support the comic. Re-sharing it on mainstream social media
will also be a big help.

--------------------------------------------------------------------------------

Licensed CC-by like all other works on this profile

#art #krita #drawing #Illustration #comic #bd #bande-dessinée #Phill
#Phillfromgchq #GCHQ #surveillance #CIA #MI6 #gunn #threat #war #peace #doom
#exploited
#mywork #ownwork #cc #creativecommons #cc-by

Phill from GCHQ - episode 30: Aut Pax, Aut Bellum

The ongoing webcomic about the suave, sophisticated British agent and
cryptographer Phill Philby. This weeks episode: Aut Pax, Aut Bellum

Mehr zeigen

3 Personen gefällt das

Zeige einen weiteren Kommentar

fborgen@datataffel.dk - vor 4 Jahren

Great page - good work

Katharsisdrill - vor 4 Jahren

Thank you! And also some good news on my other profile. (that you might want to
follow too).

spyurk.am Open in urlscan Pro 37.252.78.253 Public Scan

Form analysis 0 forms found in the DOM

Text Content

spyurk.am Open in urlscan Pro
37.252.78.253 Public Scan

Form analysis
0 forms found in the DOM