Business Email Compromise (#BEC) Email Forwarding In Action

November 9, 2019, 11:16 am

≪ Previous: A Phish That Scans For Viruses

DarkTower President Robin Pugh was chatting with a friend who is the VP of Operations for her family business. She mentioned as an aside that their email had been hacked, and of course, Robin’s cybercrime-fighter ears perked up. The friend went on to explain that one of her clients, a global, Fortune 500 company, had called her to confirm email instructions from the company to start making payments into a different bank account. But, of course, those were not legitimate instructions.

The screenshot below shows part of an email thread between her customer and the criminal using the compromised account. What you cannot tell due to the redactions is that a cybercriminal had control of an account at the company; he messaged all customers to change the remittance instructions. Even when the customer responded by email to confirm that these were legitimate instructions, the criminal assured the customer that the instructions were correct.

However, the customer noticed some spelling and grammar discrepancies in the response and finally called the vendor to confirm. Once alerted to the email compromise, the VP immediately changed the password to secure the email account. This is certainly a "Best Practice" when responding to a phishing incident.

But having spent time listening to Gary and Heather talk so much about Business Email Compromise, Robin knew to advise her friend to check one more thing…forwarding rules in the email client.

After navigating in the email client to the Rules section, the VP found that a rule had been created to forward any messages mentioning the words “wire instructions,” “wire transfer,” “fund transfer,” “payment,” or “invoice” to the address blessingsalways823 at gmail dot com.

"If the message includes specific words in the subject or body 'wire instructions' or 'wire transfer' or 'funds transfer' or 'payment' or 'invoice'; forward the message to blessingalways823 at gmail.com."

Even though Robin’s friend had already changed the email account password, the criminals were able to continue viewing and intercepting the email messages that were important to them.

The next steps were then to disable the rule, have I.T. check other users in the email domain for malicious forwarding rules, and then begin the process of notifying clients.

A DarkTower investigation revealed that the Gmail account was used to register the domain name alpan.us on 9/13/18, for which the registration details reveal the name and address Anthony L. Ania, 34501 Southside Park Dr, Solon, OH, 44139, phone 813-856-5005, and fax 650-253-0000. The domain has never had a website and was probably used to impersonate an executive of Alpan Lighting Products, a company in California that uses the domain name alpan.com. The address in Ohio may belong to a Cleveland attorney who has suffered identity theft, but there are at least three Nigerian profiles on Facebook using the same name, and the Google account password recovery process reveals that a phone number ending in 05 is tied to the Gmail account.

The criminal’s Gmail account was also seen on two boat sales websites, sailboatlistings dot com and powerboatlistings dot com, in lists of suspicious email addresses.

Lessons Learned:

1) Simply changing the password did not secure the account.

2) Never confirm suspicious emails by replying to the suspicious email.

3) Regularly check rules in email accounts of your domain.

↧

'Tis the Season for SCAMS!

November 12, 2019, 4:25 pm

≫ Next: Facebook's Transparency Report: (Expert) Supervised Machine Learning Works!

≪ Previous: Business Email Compromise (#BEC) Email Forwarding In Action

A recent project that DarkTower worked on was related to fraudulent marketplaces offering too-good-to-be-true deals on electronics. DarkTower's CEO Robin Pugh took those lessons and applied them to a recent online shopping experience ... I asked her to write it up for our blog:

As I was browsing some of my favorite Instagrammers this morning, one of them posted about a great coffee system that was on price rollback at Walmart.com for $99– nearly half off the list price of $179.99. As a coffee lover AND a bargain lover, I was immediately interested and began searching for more information. Since I wasn’t familiar with how this particular coffee system worked, I typed the model name in my google search bar, intending to find some YouTube videos on how it worked, but since I left my search term fairly broad, some interesting sites popped up in my search results.

https://julishopgame.com/index.php/ninja-coffee-bar-system-cf097.html

RED FLAG #1: Prices that are TOO good

WOW! An even BIGGER BARGAIN… more than $10 less than the Walmart.com price?! But on a site I’ve never heard of “Juli Shop,” so I began to take a closer look at the site, since we all know a) it’s hard to beat a Walmart price and b) if it’s too good to be true…. Well, you can finish that sentence. (Other kitchen appliances on the site also had crazy discounts. The "DeLonghi Dedica EC680 15 Bar Stainless Steel Slim Espresso" machine is only $160.99 at Juli Shop, but $299.99 at Bed Bath & Beyond and BestBuy, and $241 at WalMart.com.)

RED FLAG #2: Same Day delivery

Among the things I notice about Juli Shop, in the list of things they promote about their site is “Same Day Delivery.” Really? Same Day? So where are they located that they can promise same day delivery?

https://julishopgame.com/index.php/contacts/

They purport to be in Citronelle, Alabama, with a local phone number; so I looked up the address on Google Maps and found that it’s a lovely 2 BR/2 BA brick ranch home that’s not currently for sale. The phone number – brace yourself – is disconnected. But they’ll definitely get me my Ninja Coffee Bar System today.

RED FLAG #3: Spelling Errors
I also notice in the menu bar that they want to tell me “Abouts Us”. Other sections of the menu are labeled "INFOMATION" and "CUSTORMER." Well, spelling errors are often a hallmark of scam sites and phishing emails, so I click to learn more “Abouts” them.

https://julishopgame.com/index.php/about-us/

RED FLAG #4: Information clearly copied from another site

Oddly, their About Us page has no mention of Juli Shop. It is 100% about a fashion apparel company called Madison Island, and Juli Shop has no apparel merchandise at all. Let’s check out Madison Island to see if it’s an affiliate, or maybe a parent company.

A quick search for Madison Island reveals that it is a fictitious demo store used to test Magento, a popular shopping cart processing plug-in, which Juli Shop uses to process its credit card transactions. By the way, Magento is targeted by one of the most prevalent malware families called Magecart. Magecart is specifically to steal credit card credentials. So let’s think of the possibilities here: a scam site that takes your money and never delivers the promised item AND steals your credit card information at the same time. That’s quite a criminal enterprise!

RED FLAG #5: Sanity check

At this point, all signs point toward a scam site, and I’m pretty sure I’m going to be paying $10 more for my Ninja Coffee Bar; but before I move on, I check out scamadviser.com.

https://www.scamadviser.com/check-website/julishopgame.com/index.php/about-us

They give Juli Shop a 66% “TrustScore”, which puts it squarely in the “green” zone; but after reading the negative/positive comments, I’m not sure I agree. First, the website was established 21 days ago. The server is used by multiple websites, which isn’t uncommon for a small site, but they are offering items and services that are not typical of a small site. Additionally, and quite concerning, the set up involves both the US and Vietnam. A multi-country set-up is not common for a small site, and somehow Vietnam doesn’t jive with Citronelle, Alabama.

Further review of the scamadviser.com data shows conflicting information around the site’s infrastructure, but also shows that there are no comments or reviews on typical review sites like Sitejabber and Trustpilot. The absence of this information is quite telling.

Scamadviser may give this site a 66% trust rating. I’m giving it a 100% SCAM rating.

As the Christmas cyber shopping season is upon us, before you shop at a new online store, take the time to thoroughly review the site. As demonstrated above, a few key checks and paying attention to red flags can quickly reveal whether you should be entering your credit card information there, and whether it may leave Santa with an empty sack on Christmas eve.

↧

Facebook's Transparency Report: (Expert) Supervised Machine Learning Works!

November 18, 2019, 12:35 pm

≫ Next: Air Peace CEO charged with millions in money laundering re-buying planes he already owns

≪ Previous: 'Tis the Season for SCAMS!

Last summer the BBC technology program "Click" came to visit the lab for a special called "Can Technology Solve the Opioid Crisis?" One of the points we stressed with @NickKwek was that when we report opiods and fentanyl-related posts to Facebook the objective is not to take down THAT POST, but rather to help Facebook's automated tools update their models of what offensive drug sales content looks like.

Last week we had an opportunity to see what that looks like in action as Facebook released their transparency report for Q3 2019. Facebook's Transparency report is divided into two major sections which each have two subsections. "Enforcement of our Standards" covers "Community Standards Enforcement" and "Intellectual Property Infringement." The other major section, "Legal Requests" is divided into "Government Requests for User Data" and "Content Restrictions Based on Local Law."

The November 2019 transparency report for Community Standards looks at ten categories of content on Facebook and four categories of content on Instagram.

In this post, we'll look primarily at the statistics for "Regulated Goods: Drugs and Firearms" but the other categories on Facebook are:

Adult Nudity and Sexual Activity
Bullying and Harassment
Child Nudity and Sexual Exploitation of Children
Fake Accounts
Hate Speech
Spam
Terrorist Propaganda
Violent and Graphic Content
Suicide and Self-injury

On Instagram, the other categories are:

Child Nudity and Sexual Exploitation of Children
Suicide and Self-injury
Terrorist Propaganda

Facebook has shared previously about our work to reduce terrorist content on their platform. See their "Hard Questions" blog post -- "Are We Winning the War on Terrorism Online." In this most recent report, they share that "Our proactive rate for detecting content related to al-Qaeda, ISIS and their affiliates remained above 99% in Q2 and Q3 2019, while our proactive rate for all terrorist organizations in Q2 and Q3 2019 is above 98%."

What does that mean? It means that through the power of machine learning, when someone posts content trying to "express support or praise for groups, leaders, or individuals involved in terrorist activities" the content is removed automagically without the need for anyone to report it 98-99% of the time!

They've also previously discussed our relationship regarding the Opioid Crisis. See their post "Supporting Our Community in the Face of the Opioid Epidemic."

As Facebook has focused on identifying drug-related content, the number of detections has risen. That's likely from two reasons -- one, they are now discovering content that previously would have remained unreported in the past; but also two, frustrated users are attempting to post their drug sales information in more ways trying to get past the blocks -- and largely failing to do so.

Drug related posts actioned:

572,400 posts in Q4 2018
841,200 posts in Q1 2019
2,600,000 posts in Q2 2019
4,400,000 posts in Q3 2019

When I attended Facebook's Faculty Summit all the way back in 2016 they had me hooked from the very beginning of the day when Facebook's Engineering Director Joaquin Quinonero Candela gave his opening keynote. All of this amazing machine learning technology that people like Dr. Candela had created to help improve online ad delivery were ALSO being used to make the platform as safe as possible against a wide variety of threats. I was especially excited to learn about the work of Wendy Mu. At the time Wendy's bio said "Wendy is an engineering manager on Care Machine Learning, which leverages machine learning to remove abusive content from the site. Over the last three years at Facebook, she has also worked on Site Integrity, Product Infrastructure, and Privacy." Wendy and her team are inventing and patenting new ways of applying machine learning to this problem space. Nektarios Leontiadis "a research scientist on the Threats Infrastructure Team" with a PhD in online crime modeling and prevention from Carnegie Mellon and Jen Weedon, previously at FireEye, were some of the other folks I met there that made such a profound impression on me! Since then, the UAB Computer Forensics Research Lab has partnered with Facebook on many projects, but quite a few have taken the form of "what would a human expert label as offending content in this threat space?"

This is where "supervised machine learning" comes into play.

The simplest version of Supervised Machine Learning is the "I am not a Robot" testing that Google uses to label the world. You may be old enough to remember when Google perfected their Google Books project by asking us to human label all of the unreadable words that their scanner lifted from old books, but which were not properly recognized by their OCR algorithm. Then we were asked to label the address numbers found on buildings and mailboxes and then later to choose cars, bicycles, traffic lights, and more recently cross walks as it seems we are not teaching future self-driving cars how to not drive over pedestrians.

This works well for "general knowledge" types of supervised learning. Anyone over the age of three can fairly reliably tell the difference between a Cat and a Dog. When people talk about supervised machine learning, that is the most common example, which comes from the concept of "Convolutional Neural Networks". Do a search on "machine learning cat dog" and you'll find ten thousand example articles, such as this image from Booz Allen Hamilton.

Booz Allen Hamilton infographic

We're working on something slightly different, in that the labeling requires more specialized knowledge than "Cat vs. not Cat". Is this chemical formula a Fentanyl variant? Is the person in this picture the leader of a terrorist organization? What hashtags are opioid sellers using to communicate with one another once their 100 favorite search terms are being blocked by Facebook and Instagram?

Facebook Research has a nice set of videos that explain some of the basics of Machine Learning that are shared as part of the "Machine Learning Academy" series:

from: https://research.fb.com/videos/field-guide-to-machine-learning-lesson-1-problem-definition/

In this chart, the data provided by UAB is primarily part of that "Data Gathering" section ... by bringing forensic drug chemists into the lab, we're able to provide a more sophisticated set of "labelers" than the general public. Part of our "Accuracy testing" then comes in on the other end. After the model built from our data (and the data from other reporters) is put into play, does it become more difficult for our experts to find such content online?

Looking at the Transparency Report's Community Standards section, the results are looking really great!

In the fourth quarter of 2018, only 78.6% of the offending drug content at Facebook was being removed by automation. 22% of it didn't get deleted until a user reported it, by clicking through the content reporting buttons. By the 3rd Quarter of 2019, 97.6% of offending drug content was removed at Facebook by applying automation!

In Q4 2018, 122,493 pieces of drug content were "manually reported" while 449,906 pieces were "machine identified."

In Q3 2019, 105,600 pieces of drug content were "manually reported", but now about 4.3 million pieces were "machine identified."

Terror Data

Twitter also produces a Transparency report and also shares information about content violations, but in most categories lags far behind Facebook on automation. Twitter's latest transparency report says that "more than 50% of Tweets we take action on for abuse are now being surfaced using technology. This compares to just 20% a year ago." The one category where they seem to be doing much better than that is terrorism. Their last report covered the period January to June 2019. Twitter does not share statistics about drug sales content, but does have Terrorism information. During this period, 115,861 accounts were suspended for violations related to the promotion of terrorism. 87% of those accounts were identified through internal tools.

Facebook doesn't share these numbers by unique accounts, but rather by the POSTS that have been actioned. In the Q3 2019 data, Twitter actioned 5.2 million pieces of terror content. 98.5% of those posts were machine identified.

↧

Air Peace CEO charged with millions in money laundering re-buying planes he already owns

December 4, 2019, 10:21 pm

≫ Next: Backdoored Phishing Kits are still popular

≪ Previous: Facebook's Transparency Report: (Expert) Supervised Machine Learning Works!

The Department of Justice announced last week that they were indicting the CEO of Air Peace for bank fraud and money laundering.

I had some difficulty finding the indictments for this case on PACER. It turns out I couldn't find it in PACER because the court system decided that "Allen Ifechukwu Athan Onyema" should be listed in PACER with the last name "Athan Onyema", not "Onyema."

A friend shared a copy of the indictment from Guardian.ng, which has had some interesting articles, such as this one:

Why we ain’t castigating Allen Onyema, by militant group

which says in part "We expect Allen Onyema to put up a good defence for himself. So far, no American bank has accused him of defrauding or absconding with its money. He is innocent until proven guilty." ... which just shows that the Joint Revolutionary Council's spokesperson also didn't read the court documents, because that is EXACTLY what he is accused of!

Onyema is well-loved by many, earning wide admiration and praise for recently using his planes to repatriate many Nigerians who found themselves being shunned by xenophobia in South Africa, as was described in this BBC Pidgin article:

https://www.bbc.com/pidgin/tori-49692424

(from @flyairpeace's Instagram account)

Reading the indictment was VERY interesting. I had previously suggested on Twitter that Onyema was buying imaginary airplanes, but that was NOT the case! The airplanes are REAL and various plane spotter types have the planes with those Manufacturer numbers listed as now being property of Air Peace, which boasts a growing fleet of planes, which are listed here:

https://www.planespotters.net/airline/Air-Peace

The problem was that fake Lines of Credit, fake Appraisals, and fake Purchase documents all claimed Onyema was buying these planes from Springfield Aviation, when in fact, he had ALREADY BOUGHT THEM FROM OTHER OWNERS! He basically bought all the planes TWICE and then bonused the money back to himself from Springfield. He paid Springfield over $20M for the planes he already owned, and then over the course of many months, Springfield sent him back $15M of the same money.

It seems that Onyema lived for a while in Atlanta, Georgia. In January 2016, he closed a Bank of America account and moved $4,000,396.43 via cashier's check to a pair of Wells Fargo accounts, opened in person in Atlanta, Georgia.

A LOT of money was then moved into that account, mostly from charities in Nigeria that Onyema controlled, including "All-Time Peace Media Communications" and "Foundation for Ethnic Harmony."

Onyema used the money to go shopping. Prada, Neiman Marcus, Macy's, Louis Vuitton, the Apple store, a $180,000 Rolls Royce, a $88,500 Mercedes. Over the course of eight years, $44.9 million was transferred from foreign accounts into Onyema's personal accounts at Bank of America, Wells fargo, and JP Morgan Chase. Mostly from the "charities" that he was running back in Africa, including Foundation for Ethnic Harmony, International Center for Non-Violence and Peace Development, All-Time Peace Media Communications Limited, and Every Child Limited.

In July 2016, Onyema opened a Wells Fargo checking account in Atlanta (WF 8621) in the name Springfield Aviation Company, LLC. He regularly spent money from that account for personal expenses, including grocery shopping at Publix, shopping at Macy's, DSW, staying at the Ritz Carlton, and eating at various restaurants.

In November 2017, Onyema opened new bank accounts in the name of "Springfield Aviation Company, LLC" but he was the sole authorized signatory.

The stories of his double-purchased planes are told in six "Letters of Credit" scenarios in the indictment.

Letter of Credit One: FB16TLL000 for Boeing MSN: 28721

On or about February 10, 2017, Wells Fargo transferred $1,982,228.46 into Springfield Aviation’s Wells Fargo account, WF 8621. According to the court documents, however, the plane he was purchasing was already owned by Air Peace! Planespotters shows that it was registered to Air Peace (new registration: 5N-BUJ ... and that the previous owner was Aurora, a Russian airline, who used the Registration number RA-73013, but notes they stored the plane at an airport in Tallin until 09JUN2016.)

https://www.planespotters.net/airframe/Boeing/737/5N-BUJ-Air-Peace/aDYGTYbg

The plane, as painted by the previous owner ...

https://www.planespotters.net/photo/970748/ra-73013-sat-airlines-boeing-737-5l9

The plane, while being repainted as Air Peace (note the tail is not yet reattached)

https://www.planespotters.net/photo/943421/5n-buj-air-peace-boeing-737-5l9

Both of those photos were taken in Tallin, Estonia, where the previous owner stored the plane before selling it to Air Peace.

Letter of Credit Two - LCITF-17-00414 for Boeing MSN: 27910

The court documents say the second plane was purchased by Air Peace from AerSale Inc on April 25, 2017 for $3,751,460 USD. This is consistent with the history of that plane, which was previously sold by AerSale to Air Nigeria, and afterwards leased several times before being sold to Air Peace:

https://www.planespotters.net/airframe/Boeing/737/5N-BUQ-Air-Peace/WKYqcQ8Q

Wells Fargo received a credit request from Fidelity Bank of Nigeria saying that Air Peace was going to buy the plane for $4,750,000 from Springfield Aviation. BUT SPRINGFIELD NEVER OWNED THE PLANE! A company with no history of aviation, JMI LLC, provided a "full aircraft appraisal" saying the plane was worth $5,500,000 and Wells Fargo transferred $4,750,000 from Onyema's accounts into Springfield Aviation's Wells Fargo account, WF 8621, on April 25, 2017.

https://www.planespotters.net/photo/search?manufacturer=Boeing&type=737&cn=27910

Letter of Credit Three - ILCCOCBG1702932 - Boeing MSN: 28561 and Boeing MSN: 28562

These two planes were bought from Texas based Jetran, LLC on May 18, 2017. $3,600,000 was the purchase price for the pair of planes. The wire transfer was sent from WF 8020 on May 15, 2017.

On October 2017, Wells received another letter of credit request, asking for $3,480,000 to be paid to Springfield Aviation's WF 8621 bank account. JMI again provided an appraisal, claiming that just the 28561 plane was being sold and that it appraised by itself for $5,400,000.

On November 29, 2017, Well Fargo transferred $4,899,690 to Springfield Aviation's Wells Fargo account WF 8621 FOR A PLANE THAT HAD ALREADY BEEN PURCHASED FROM JETRAN nine months earlier!

https://www.planespotters.net/photo/search?manufacturer=Boeing&type=737&cn=28561

Letter of Credit Four - LCITF-17-00555 - Boeing MSN: 28660

In January 2017, Onyema bought another Boeing 737-300, MSN: 28660, from Oklahoma-based Aero Acquisition. He paid $2,315,000 for the plane on January 9, 2017, wiring the money from his Wells 8020 account.

In April 2017, Wells received ANOTHER letter of credit request FOR THE SAME PLANE, but this time, claiming it would be purchased for $4,500,000 from Springfield Aviation. On June 19, 2017, Wells Fargo transferred $4,499,900 to Springfield Aviation's Wells Fargo 8621 account, FOR A PLANE THAT SPRINGFIELD NEVER OWNED and that Onyema had already purchased from Aero Acquisition SIX MONTHS EARLIER!

None of the plane spotter photos of this plane are the Air Peace version...but its also a very real plane.

https://www.planespotters.net/photo/search?manufacturer=Boeing&type=737&cn=28660

Letter of Credit Five - FB17ILC00561C - Boeing MSN: 28562

This is the second plane previously mentioned having been purchased in May 2017 from Jetran, LLC. Again, a new letter of credit arrives, this time to JPMorgan Chase Bank.

On Feb 20, 2018, JPMorgan Chase transferred $4,087,028 to Springfield Aviation's JPMC 5512 bank account, FOR A PLANE THAT Onyema had already bought 9 months earlier from Jetran!

https://www.airfleets.net/ficheapp/plane-b737-28562.htm

The plane was photographed with its Air Peace paint job and registration 5N-BUL in February 2018:

https://www.planespotters.net/photo/822183/5n-bul-air-peace-boeing-737-36nwl

Many previous photos as the Meridiana plane and as the Air Italy plane have been taken of the same airframe

https://www.planespotters.net/photo/search?manufacturer=Boeing&type=737&cn=28562

After being paid $20,218,846 for planes it never owned, what happened next?
Springfield began sending the money back to Onyema. All of the transfers listed below were sent from the Springfield Aviation bank accounts back to Onyema's personal accounts.

3/22/2017 - $1M
3/23/2017 - $1M
5/7/2017 - $500,000
5/7/2017 - $500,000
5/15/2017 - $500,000
5/15/2017 - $500,000
5/15/2017 - $500,000
5/15/2017 - $500,000
5/15/2017 - $100,000
5/15/2017 - $500,000
5/15/2017 - $150,000
6/19/2017 - $500,000
6/19/2017 - $500,000
6/19/2017 - $500,000
6/19/2017 - $500,000
6/19/2017 - $500,000
6/19/2017 - $500,000
6/19/2017 - $500,000
6/19/2017 - $500,000
6/19/2017 - $500,000
11/29/2017 - $1M
11/29/2017 - $1M
11/29/2017 - $1M
11/29/2017 - $1M
11/29/2017 - $890,000

After sending back to Onyema $15,140,000, Onyema then tries to get the money out of the United States. In August 2018, Onyema created Bluestream Aero Services and Springfield Aviation Company in Ontario, Canada. He opened accounts for the companies at Bank of Montreal and sent $10 Million (in November 2018) from his personal Wells Fargo account to those bank accounts in Canada.

Based on the timing of the court documents, moving $10 Million out of the country is likely to be what triggered the investigation. While the original Criminal Complaint is still "sealed", it was filed one month after the wire transfers to Canada. So, while the indictments and arrest warrants were only issued on November 19, 2019, the court case began in December of 2018 with the "magistrate complaint."

As my many Nigerian Twitter followers are reminding me, everyone is Innocent until proven Guilty, but what I have learned through many years of watching the American Justice system, they don't unseal federal indictments until their evidence is rock solid! When you cause charities you control to send you $44 Million dollars, and then you create fraudulent documents to pay a company you control $20 Million US Dollars for airplanes that you already own, and then send most of that money back to your private banking accounts, and then try to get that money out of the United States into Canada, I think it is plain to see crimes have been committed.

Of course this doesn't stop the Nigerian media from running stories stating that "the allegations of financial misdeeds against [Onyema] as a deliberate attempt to kill Air Peace and deepen the unemployement crisis in the country."

https://guardian.ng/news/diaspora-nigerians-urge-buhari-to-wade-into-onyemas-ordeal/

I'm sure the facts won't matter to the Concerned Diaspora Citizens, but I hope reasonable people will understand that the US Government is not persecuting businessmen. They are charging criminals with crimes.

↧

Backdoored Phishing Kits are still popular

January 2, 2020, 8:44 am

≫ Next: Iranian APT Group Overview

≪ Previous: Air Peace CEO charged with millions in money laundering re-buying planes he already owns

What did you do for the holidays? If you're a cybercrime geek you probably took advantage of some of the extra time on your hands to investigate some new phishing sites, right?

Jone Fredrick is the type of Facebook user who is quite open about his criminal activity. He boasts about his phishing skills by having a Facebook profile picture of someone taking a selfie showing their government issued ID and their credit card! He claims to live in Blida, Algeria, and probably does. Over the holidays Jone update his YouTube channel, "mr azert" with a new Chase Bank phishing kit. (Phishers don't call this phishing. They call it "bank scams" or "scam pages."

In the past two weeks, Jone, who uses the alias "Mr Azert", has uploaded several videos about his new scam pages to his YouTube channel. Chase, Spotify, Dropbox, Alibaba, and Paypal all have new scam pages courtesy of Mr Azert. How generous that he just gives them away for free!

After listening to so much bad gangster/scammer rap music, it was nice to hear some Algerian rap while I did my investigation. Mr Azert confirms this is him by replying to "Tutor Arena421" giving him his email address (foley.victoria998@gmail.com) and Facebook address ( jone.fredrick.79).

Of course, we report the offending content to YouTube. If you ever encounter the same, please use the "Report" function. The correct flow is to click the "Three Dots" ... then "Report". Then choose "Spam or misleading" and then the subcategory "Scams / fraud"

In this case, the reason Mr Azert is giving away these phishing kits is that he has backdoored all of the kits. We'll look at the Chase one first. There are five separate PHP files that send the various stolen information back to the person using the kit.

When we look at the actual "Send" command, we notice that the email command says "for each $send" ... but the instructions for the kit have told the kit downloader that they should include their own email address in a certain place, which is "import"ed into this code. What other address is being used here?

If we scroll up about we see that $send is receiving a variable called "token" from the form post that called this PHP code, and then converting it into ASCII with "hex2bin".

The calling code in this case is "myaccount.php" which seems to do some "input validation" but in reality, is also loading the "token" value:

That hex string at the bottom starting with "6665" is decoded in the "hex2bin" call into a pair of email addresses:

fenction@gmail.com and fenction@yahoo.com

So, anyone who downloads Mr Azert's kit is going to either create or hack a website, upload and unpack the kit, spam out links to that URL, and then have all of their stolen data go back to Mr Azert in Algeria, who is likely to be better at cashing out the information than someone too lame to make their own phishing kit.

We're of course reporting all of this to YouTube, Gmail, Yahoo, and Facebook ...

So how did you spend YOUR holiday?

Happy New Year everyone!

↧

Iranian APT Group Overview

January 9, 2020, 9:28 pm

≫ Next: How does a government censor the Internet? A rare peek from Jammu and Kashmir

≪ Previous: Backdoored Phishing Kits are still popular

Today the Birmingham InfraGard Chapter and the Alabama ISSA held a joint meeting featuring a presentation from the Cybersecurity & Infrastructure Security Administration, part of DHS that was formerly known as the NPPD. I learned of a ton of offerings from CISA.gov at the meeting, so I want to start by sharing a link to their CISA Insights Page, where they released earlier this week some guidelines for updating your company's Risk Assessment regarding potential cyber or physical threats from Iranian actors in light of our current political situation, and the tendency of the Iranian regime to lash out with Cyber attacks when they can't accomplish what they want with the limited reach of their military. That Insight was called Increased Geopolitical Tensions and Threats and features ten readiness steps for making sure your org is not a soft target for cyber attacks from Iran. Most of these are things you should be doing anyway, but hey, an Iran threat is possibly a good time to go check those out! One way of thinking about covering your cyber bases that I really like is actually from the Australian Government, who recommends their "Essential 8" Strategies to Mitigate Cyber Security Incidents. Start with making sure you have your Essentials covered, but then move on to "Very Good" and "Excellent" steps as your org matures your security practices.

However, we all know that Iran has many Advanced Persistent Threat (APT) Groups, and that there is much more to watching for such activity then patching your systems and telling your users to be aware. A large org will want to know more about the behaviors of documented Iranian APT Groups. Often these insights include known malware families used by the actor, or what sectors or countries this threat group historically has attacked.

I've seen several documents that share a woefully incomplete list of APT groups from Iran, so I've tried to pull together some helpful links to the main groups below. In each case, if their is a "MITRE Group #" after the main title, you will find a very robust list of TTPs (Tactics, Techniques, and Procedures) about the group and links to many more reports and resources about the group than I have provided below. However, I DO like the reports I've listed and think you might want to read them as part of "basic understanding" before following a dozen reports about the same group. One slight complaint about the MITRE data, and APT Group Naming in general, is there is a great deal of disagreement about which group names are aliases for the same groups, and which may be entirely different groups that just share some tools with one another. Hey, I'm doing the best I can here, and so is MITRE. It's tricky! If you feel I've really got something screwed up, leave a comment! Let's chat!

Most every vendor it seems likes to put their own personal spin on APT Groups. I have to confess to being a sucker for the CrowdStrike naming conventions (Hi Adam! Hi Dmitri! Hi Shawn!). They use a different Animal to label each APT Group based on the name of the country where the group is hosted. Their name for Iran is "Kitten" (as in "Persian Kitten", get it?)

While there are several excellent APT Disambiguation efforts, my favorite for ease of use is the one run by Florian Roth (Twitter @Cyb3rops ) - APT Groups and Operations. Go to the Iran tab. There are columns for malware sets and links related to each group as well.

If you prefer a much more detailed read of APT Groups, the ThaiCERT has an amazing Threat Actor Encyclopedia! A 275 page omnibus of APT! However, it is really tricky to pull out, for example, JUST the Iran stuff from it.

For now, I'll organize this by the CrowdStrike Kitten Names. Their set includes at least:

Charming Kitten/Imperial Kitten (AKA APT35, Tortoiseshell) - MITRE: G0058

ClearSky - Dec 2017 - Charming Kitten
Talos - Sep 2019 - How tortoiseshell created a fake veteran hiring website to host malware

Clever Kitten (AKA Group41)

Crowdstrike - 2013 - Who is Clever Kitten

Cutting Kitten (AKA COBALT GYPSY, AKA TG-2889)

SecureWorks - July 2017 - The Curious Case of Mia Ash

Flash Kitten ( AKA Leafminer, AKA Raspile) - MITRE: G0077

Symantec - July 2018 - Leafminer: New Espionage Campaigns Targeting Middle Eastern Regions
Dragos - Raspite

Flying Kitten / Rocket Kitten (AKA Saffron Rose AKA Group26) - MITRE: G0059

CheckPoint - Nov 2015 - ROCKET KITTEN:A CAMPAIGN WITH 9 LIVES
Trend Micro / ClearSky - Sep 2015 - The Spy KittensAre Back:Rocket Kitten 2
ClearSky - Dec 2017 - Charming Kitten (or Rocket Kitten???)

Helix Kitten / Twisted Kitten (AKA APT34, AKA OilRig) - MITRE: G0049

CrowdStrike - Nov 2018 - Helix Kitten: Threat Actor Profile
(see MITRE link for 17 additional reports)

Refined Kitten (AKA APT33, AKA Magic Hound, AKA Timberworm) - MITRE: G0058

CrowdStrike - Dec 2019 - Who is Refined Kitten?
Unit42 - Feb 2017 - Magic Hound Campaign Attacks Saudi Targets
Symantec - Shamoon: Multi-staged destructive attacks limited to specific targets

Remix Kitten (AKA APT39, AKA Cadelle, and some say AKA Chafer) - MITRE: G0087

FireEye - Jan 2019 - APT39: An Iranian Cyber Espionage Group Focused on Personal Information
Symantec - Dec 2015 - Iran-based attackers use back door threats to spy on Middle Eastern targets (Cadelle)

Slayer Kitten (AKA CopyKittens) - MITRE: G0052

Trend Micro / ClearSky - - Operation Wilted Tulip
Minerva / ClearSky - - Copykittens Attack Group
ClearSky - Mar 2017 - Jerusalem Post and other Israeli websites compromised by Iranian threat agent CopyKitten

Static Kitten (AKA MuddyWater, AKA TEMP.Zagros) - MITRE: G0069

Talos - May 2019 - Recent MuddyWater-associated BlackWater campaign shows signs of new anti-detection techniques

but there are many other companies naming other Iranian APT Groups that may or may not link up with the Kittens. FireEye is the main user of the numbered APT Groups. Many of these now have a "Kitten" name as you see above ... APT33, 34, 35, and 39 are all Iranian. There are several "less well labeled" actors who either don't really behave like traditional APT, or haven't been as widely linked as those above, but are still serious. A few of those below:

Cyber Fighters of Izz Ad-Din Al Qassam - the bank DDOS guys.
DarkHydrus (AKA Lazy Meerkat) - some say is actually also Slayer Kitten, others disagree
Gold Iowell (AKA Boss Spider) - these are the SamSam Ransomware guys

Greenbug

Symantec - Greenbug cyberespionage group targeting Middle East, possible link to Shamoon

Iridium - these are the guys that hit the Australian Parliament. A single company (ReSecurity) claims they are Iranian, but they used "China Chopper" malware, so . . . the same company tied them to 6 TB of data stolen from Citrix customers. A bit debunked.
Silent Librarian (AKA Mabna Institute)

PhishLabs - Silent Librarian: More to the Story of the Iranian Mabna Institute Indictment

If it would be helpful to just have the MITRE links all in one place, here you go!

↧

How does a government censor the Internet? A rare peek from Jammu and Kashmir

January 28, 2020, 6:56 am

≫ Next: The Guardian helpfully provides Privacy Policies for the 577 Companies with whom they may share your data

≪ Previous: Iranian APT Group Overview

From time to time we hear that a totalitarian government has locked down Internet access for a part or all of their country. Normally, that is about all we hear about the situation. In the case of India, not normally thought of as a Totalitarian government, we have a unique opportunity to look at what they are censoring as they began to relax the total lockout of Internet services that was put into place in Jammu and Kashmir.

The "lift" of total censorship began on January 14th, when Internet Service Providers were ordered to install firewalls that would only allow access to 153 government-approved websites. As was pointed out by "The Wire", "No Mainstream News in List of 153 Whitelisted Websites Under Kashmir's First Govt Firewall." TheWire.in noted that "Conspicuously absent from the list that includes Gmail, Netflix, Zomato, Oyo Rooms and Paytm are news and social media websites."

The order from the "Principal Secretary to the Government, Home Department" to the ISPs stated that the Internet shutdown was because "there have been number of reports of the use of internet in cross border terrorism/terror activities, incitement, rumour-mongering, etc. as also misuse of pre-paid mobile connections by anti-national elements."

Internet Order

The total ban of Internet services remained in effect for "the districts of Srinagar, Budgam, Ganderbal, Baramulla, Anantnag, Kulgan, Shopian, and Pulwama. But for "all the 10 districts of Jammu division and to begin with the revenue districts of Kupwara & Bandipora of the Kashmir Valley" were allowed to have access to the list of 158 websites beginning on January 18th, 2020. (That list is available via Scribd here: "Temporary Suspension of Telecom Services"

A week later, the list was amended to include not only many News sites, as TheWire had pointed out, but also a large list of "Utilities" which included movie theaters, car dealerships, shoe sales websites, and pizza delivery services.

The new expanded list is provided below in a searchable form (the original is an image-based scan.)

I would invite others to make relevant observations in the comments sections, or in your own publications linking back to this page. The list is intended to be a faithful representation of the new order, which can be found on the JK Home Office website as Home-05(TSTS) of 2020.

While the order has been commonly described as containing "300 URLs", there are a handful of duplicates, where a URL was included both with a trailing slash and without the slash. It should also be noted that there are a very large number of websites included by Top Level Domain, due to the inclusion of the TLDs: Ac.in (most academic institutions in India will be included here), Gov.in (most government offices and services in India will be included here), and Nic.in (most network infrastructure services from the Ministry of Electronics and Information Technology is included here.)

It is curious how it was decided which websites to include and not to include. For example, why include Adidas and Reebok, but not Nike? I'm sure the programmers are thrilled to see that Github and StackOverflow are included! What other observations strike you as interesting? Please comment or Tweet about them!

Site Number	Website URL	Category
1	www.google.com	Search Engines
2	www.apple.com	Search Engines
3	www.office.com	Search Engines
4	www.google.com > chrome	Search Engines
5	www.google.ca	Search Engines
6	ca.search.yahoo.com	Search Engines
7	search.yahoo.com	Search Engines
8	www.live.com	Search Engines
9	www.ask.com	Search Engines
10	search.msn.com	Search Engines
11	www.google.co.uk	Search Engines
12	qc.search.yahoo.com	Search Engines
13	www.hyundai.com	Automobiles
14	www.suzukimotorcycle.co.in	Automobiles
15	www.tata.com	Automobiles
16	www.marutisuzuki.com/MarutiSuzuki/Car	Automobiles
17	www.axisbank.com	Banking
18	www.hdfc.com	Banking
19	www.hdfcsec.com	Banking
20	www.icicibank.com	Banking
21	www.icicidirect.com	Banking
22	www.jkbankonline.com	Banking
23	www.onlinesbi.com	Banking
24	www.pnbindia.in	Banking
25	www.bankbazaar.com	Banking
26	www.moneycontrol.com	Banking
27	www.paisabazaar.com	Banking
28	www.paypal.com	Banking
29	www.policybazaar.com	Banking
30	www.rbi.org.in	Banking
31	www.westernunion.com	Banking
32	jammuuniversity.in	Education
33	jkpsc.nic.in	Education
34	jkssb.nic.in	Education
35	kashmiruniversity.net	Education
36	skuastkashmir.ac.in	Education
37	www.cukashmir.ac.in	Education
38	www.freejobalert.com	Education
39	mahendras.org	Education
40	mrunal.org	Education
41	www.bankersadda.com	Education
42	www.indianetzone.com	Education
43	www.insightsonindia.com	Education
44	www.iustlive.com	Education
45	www.tcyonline.com	Education
46	www.vedantu.com	Education
47	www.aakash.ac.in	Education
48	www.britannica.com	Education
49	www.burnhallschool.ac.in	Education
50	www.byjus.com	Education
51	www.damsdelhi.com	Education
52	www.dpssrinagar.com	Education
53	www.elsevier.com	Education
54	www.foundationworldschool.com	Education
55	www.gdgoenkasrinagar.com	Education
56	www.github.com	Education
57	www.gktoday.in	Education
58	www.ignou.ac.in	Education
59	www.indiankanoon.org	Education
60	www.indiaresults.com	Education
61	www.islamicuniversity.edu.in	Education
62	www.lpu.in	Education
63	www.madeeasy.in	Education
64	www.mciindia.org	Education
65	www.nature.com	Education
66	www.nitsri.ac.in	Education
67	www.pathfinderacademy.in	Education
68	www.pchssrinagar.com	Education
69	www.resonance.ac.in	Education
70	www.sciencedirect.com	Education
71	www.siu.edu.in	Education
72	www.springer.com	Education
73	www.ssmengg.edu.in	Education
74	www.stackoverflow.com	Education
75	www.udemy.com	Education
76	www.unacademy.com	Education
77	www.wikipedia.org	Education
78	www.naukri.com	Employment
79	www.jagranjosh.com	Employment
80	www.sail.co.in	Employment
81	Airtel TV	Entertainment
82	Amazon Prime	Entertainment
83	Hotstar	Entertainment
84	gaana.com	Entertainment
85	tatasky.com	Entertainment
86	tvfplay.com	Entertainment
87	www.altbalaji.com	Entertainment
88	www.dishtv.in	Entertainment
89	www.imdb.com	Entertainment
90	www.jiosaavn.com	Entertainment
91	www.spotify.com	Entertainment
92	wynk.in	Entertainment
93	Netflix	Entertainment
94	Sony Liv	Entertainment
95	Voot	Entertainment
96	www.crickbuzz.com	Entertainment
97	www.espn.in	Entertainment
98	Zee5	Entertainment
99	www.google.com > gmail	Mail
100	in.mail.yahoo.com	Mail
101	mail.rediff.com	Mail
102	outlook.live.com	Mail
103	news.statetimes.in	Mail
104	prsindia.org	Mail
105	www.earlytimes.in	Entertainment
106	www.kashmirtimes.com	News
107	www.kashmiruzma.net	News
108	www.risingkashmir.com	News
109	www.thenorthlines.com	News
110	aajtak.intoday.in	News
111	economictimes.indiatimes.com	News
112	edition.cnn.com	News
113	kashmirage.net	News
114	kashmirobserver.net	News
115	news.google.com	News
116	scroll.in	News
117	thekashmirimages.com	News
118	theprint.in	News
119	theprint.in	News	DUPLICATE
120	thewire.in	News
121	timesofindia.indiatimes.com	News
122	www.aljazeera.com	News
123	www.amarujala.com	News
124	www.bbc.com	News
125	www.business-standard.com	News
126	www.channelnewsasia.com	News
127	www.dailyexcelsior.com	News
128	www.dailypioneer.com	News
129	www.deccanchronicle.com	News
130	www.epw.in	News
131	www.financialexpress.com	News
132	www.financialexpress.com	News	DUPLICATE
133	www.forbes.com	News
134	www.greaterkashmir.com	News
135	www.hindustantimes.com	News
136	www.jagran.com	News
137	www.livemint.com	News
138	www.mid-day.com	News
139	www.moneycontrol.com	News
140	www.moneycontrol.com	News	DUPLICATE
141	www.ndtv.com	News
142	www.newindianexpress.com	News
143	www.news18.com	News
144	www.nytimes.com	News
145	www.outlookindia.com	News
146	www.outlookindia.com	News	DUPLICATE
147	www.presstv.com	News
148	www.presstv.com	News	DUPLICATE
149	www.republicworld.com	News
150	www.scoopwhoop.com	News
151	www.telegraphindia.com	News
152	www.theguardian.com	News
153	www.thehindu.com	News
154	www.thehindubusinessline.com	News
155	www.thekashmirmonitor.net	News
156	www.thelallantop.com	News
157	www.thequint.com	News
158	www.timesnownews.com	News
159	www.tribuneindia.com	News
160	www.washingtonpost.com	News
161	www.wionews.com	News
162	www.wsj.com	News
163	www.amnesty.org	NGOs
164	www.fordfoundation.org	NGOs
165	www.helpageindia.org	NGOs
166	www.savethechildren.in	NGOs
167	www.smilefoundationindia.org	NGOs
168	Ac.in	Services
169	Gov.in	Services
170	www.incometaxindiaefiling.gov.in	Services
171	www.jkpolice.gov.in	Services
172	www.passportindia.gov.in	Services
173	www.services.gst.gov.in	Services
174	enps.nsdl.com	Services
175	uidai.gov.in	Services
176	nic.in	Services
177	www.gmcs.edu.in	Services
178	www.lalpathlabs.com	Services
179	www.shifamedcenter.com	Services
180	www.skims.ac.in	Services
181	geekyranjit.com	Technology Updates
182	overdrive.in	Technology Updates
183	beebom.com	Technology Updates
184	www.androidauthority.com	Technology Updates
185	www.autocarindia.com	Technology Updates
186	www.carwale.com	Technology Updates
187	www.cnet.com	Technology Updates
188	www.digit.in	Technology Updates
189	www.engadget.com	Technology Updates
190	www.gsmarena.com	Technology Updates
191	www.pcmag.com	Technology Updates
192	www.techradar.com	Technology Updates
193	www.theverge.com	Technology Updates
194	www.zigwheels.com	Technology Updates
195	www.cleartrip.com	Travel
196	www.goibibo.com	Travel
197	www.irctc.co.in	Travel
198	www.makemytrip.com	Travel
199	www.yatra.com	Travel
200	www.airindia.com	Travel
201	www.cleartrip.com	Travel
202	www.easemytrip.com	Travel
203	www.flightstats.com	Travel
204	www.hajcommitee.gov.in	Travel	TYPO
205	www.iismgulmarg.in	Travel
206	www.incredibleindia.org	Travel
207	www.ixigo.com	Travel
208	www.jktourism.org	Travel
209	www.oyorooms.com	Travel
210	www.pawanhans.co.in	Travel
211	www.redbus.in	Travel
212	www.shriamarnathjishrine.com	Travel
213	www.trivago.com	Travel
214	www.trivago.in	Travel
215	jakemp.nic.in	Utilities
216	www.jabong.com	Utilities
217	billsahuliyat.jkpdd.net	Utilities
218	earth.google.com	Utilities
219	www.airtel.in	Utilities
220	www.amazon.in	Utilities
221	www.bhimupi.org.in	Utilities
222	www.flipkart.com	Utilities
223	www.healthkart.com	Utilities
224	www.myntra.com	Utilities
225	www.netmeds.com	Utilities
226	www.paytmbank.com	Utilities
227	JIO chat	Utilities
228	www.99acres.com	Utilities
229	www.airtel.in	Utilities	DUPLICATE
230	www.bharatpetroleum.com	Utilities
231	www.bluedart.com	Utilities
232	www.bsnl.co.in	Utilities
233	www.cardekho.com	Utilities
234	www.dtdc.in	Utilities
235	www.ebharatgas.com	Utilities
236	www.fedex.com	Utilities
237	www.firstflight.net	Utilities
238	www.freecharge.in	Utilities
239	www.gaadiwaadi.com	Utilities
240	www.gati.com	Utilities
241	www.indane.co.in	Utilities
242	www.indiamart.com	Utilities
243	www.jio.com	Utilities
244	www.jkhandicrafts.com	Utilities
245	www.jkpdd.gov.in	Utilities
246	www.jkpwdrb.nic.in	Utilities
247	www.justdial.com	Utilities
248	www.magicbricks.com	Utilities
249	www.myhpgas.in	Utilities
250	www.olx.in	Utilities
251	www.pharmeasy.in	Utilities
252	www.quikr.com	Utilities
253	www.sulekha.com	Utilities
254	www.tbmes.org	Utilities
255	www.vodafone.in	Utilities
256	www.zomato.com	Utilities
257	cleartax.in	Utilities
258	in.bookmyshow.com	Utilities
259	keep.google.com	Utilities
260	lens.google.com	Utilities
261	oppo-in	Utilities
262	support.google.com	Utilities
263	support.microsoft.com	Utilities
264	translate.google.co.in	Utilities
265	vimeo.com	Utilities
266	wikimapia.org	Utilities
267	www.adidas.co.in	Utilities
268	www.ajio.com	Utilities
269	www.aliexpress.com	Utilities
270	www.bajaauto.com	Utilities
271	www.bing.com	Utilities
272	www.decathlon.in	Utilities
273	www.dell.com	Utilities
274	www.dominos.co.in	Utilities
275	www.fabindia.com	Utilities
276	www.gingerlabs.com	Utilities
277	www.heromotocorpo.com/en-in/	Utilities
278	www.houzz.in	Utilities
279	www.indeed.co.in	Utilities
280	www.india.ford.com	Utilities
281	www.indiamart.com	Utilities
282	www.jeep-india.com	Utilities
283	www.kia.com	Utilities
284	www.kinemaster.com	Utilities
285	www.lenovo.com	Utilities
286	www.lenskart.com	Utilities
287	www.office.com	Utilities	DUPLICATE
288	www.pizzahut.co.in	Utilities
289	www.pvrcinemas.com	Utilities
290	www.quora.com	Utilities
291	www.reebok.com	Utilities
292	www.shopclues.com	Utilities
293	www.swiggy.com	Utilities
294	www.tatamotors.com	Utilities
295	www.toyotabharat.com	Utilities
296	www.upwork.com	Utilities
297	www.wavecinemas.com	Utilities
298	www.upwork.com	Utilities	DUPLICATE
299	www.zomato.com	Utilities
300	www8.hp.com	Utilities
301	www.accuweather.com	Utilities

↧

The Guardian helpfully provides Privacy Policies for the 577 Companies with whom they may share your data

February 2, 2020, 7:29 am

≫ Next: IC3.gov 2019 Internet Crime Report: Its All About that BEC

≪ Previous: How does a government censor the Internet? A rare peek from Jammu and Kashmir

(May I start by saying that this article isn't really about The Guardian. The fact that I am using them as an example is because I find them to be a wonderfully informative newspaper. A similar article could be written by nearly any GDPR-complying major media source.)

I've been trying to learn more about the General Data Protection Regulation and how it is being implemented by different companies around the globe. As every cyber crime fighter will tell you, the primary benefit of the GDPR seems to be that criminals no longer have to publish information that would help investigators determine where they are and what IP addresses and email addresses they use to create and pay for the infrastructure they use to defraud our citizens, steal their money, and traffick drugs and people. Do I sound bitter? Sorry. WHOIS is now fundamentally broken and email headers are quickly following suit.

But that isn't today's topic. Today, we look at how GDPR is being interpreted to require websites to share information about their cookie policies. This morning as I was reading the news, The Guardian popped up a little box on my iPad asking me if I'd like to consent to their Cookie Policy.

Obviously what we are supposed to do is click "I'm OK with that" and move on like happy little sheep. Do you normally sign contracts that you've never read? The Guardian has a Privacy Policy and a Cookie Policy. We should start by reading both of those.

In the Cookie Policy, it mentions that some of their Key Partners have Opt-Out policies and provides a table with links to 20 of those partners and how to Opt Out of cookies from them:

Perhaps we should see what the Options are before we blithely agree by clicking "I'm OK with that":

Let's see ... which of these shall we turn "On" or "Off" ...? There are helpful little paragraphs that are supposed to help you make an informed choice, so, as an example, the section on "Content Selection Delivery, Reporting" says:

"The collection of information, and combination with previously collected information, to select and deliver content for you, and to measure the delivery and effectiveness of such content. This includes using previously collected information about your interests to select content, processing data about what content was shown, how often or how long it was shown, when and where it was shown, and whether the you took any action related to the content, including for example clicking on content. This does not include personalisation, which is the collection and processing of information about your use of this service to subsequently personalise content and/or advertising for you in other contexts, such as websites or apps, over time."

There! Now you are informed!

But we scrolled down a bit, and there more little pull down arrows:

"Features" includes:

"Matching Data to Offline Sources" which is defined as: "Combining data from offline sources that were initially collected in other contexts."

"Linking Devices" which is defined as: "Allow processing of a user's data to connect such user across multiple devices."

"Precise Geographic Location Data" which is defined as: "Allow processing of a user's precise geographic location data in support of a purpose for which that certain third party has consent."

Third Parties?

Wait. I thought this was a policy between me and The Guardian. Who are those "Third Party" folks you refer to? Oh! There they are, under "Vendors" ... let's see how many there are ... so I began to count.

1, 2, 3, ... 10, 20, 30, 150, good God! How many are there?

I switched from my iPad to my desktop and exported the HTML code to get a better feel for it.

There are 577 Vendors to whom this policy applies.

And guess what, each of them helpfully has a Privacy Policy of their own! If you would like to see what each of THEM are going to do with your data, you need to read an additional 577 Privacy Policies.

If your lawyers are anything like my lawyers, I'm sure you will want to spend the next 120 business hours reading each of these privacy policies in detail to find out what you are agreeing to. Its several thousand pages of reading, so be sure to make a nice pot of tea before you start.

Many of these cookie providers have an Opt-Out policy of their own. Here is the VERY IMPORTANT THING TO REMEMBER though. Let's say you were take the next two months of your life and opt-out of all 577 of these tracking cookies -- perhaps especially the ones that say they provide "Precise Geographic Location Data" (Remember the NYTimes article from December 2018, "Your Apps Know Where You Were Last Night" -- they know because you gave them PERMISSION to know!)

Now consider this ... the next time you cheerfully click the "OK" button on "I accept all of your cookie policies" -- you are EXPLICITLY GRANTING PERMISSION to the company that you previously opted out from TO RESTART THE COLLECTION OF YOUR INFORMATION! One click undoes whatever privacy you think you gained for yourself.

Bottom line? GDPR is not protecting you from ANYTHING. It has created an impossible legal hurdle which guarantees that you will NEVER HAVE PRIVACY AGAIN. (While simultaneous GRANTING privacy to those drug dealers, malware distributors, and human traffickers that we are trying to identify.)

577 Privacy Policies You Just Agreed To!

Here's your list of Privacy Policies to read if you would like to be comfortable reading The Guardian, or any other GDPR-compliant news media source. I would recommend that as many readers as possible exercise your right to receive a list from every one of these vendors of what privacy information they are gathering and using about you. It is likely that every one of the privacy policies linked will have a statement similar to those I've shared for the first few below.

Emerse Sverige AB's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Content selection, delivery, reporting
Legitimate interest purpose(s): Ad selection, delivery, reporting | Measurement
Feature(s): Matching Data to Offline Sources | Linking Devices
For any questions you may have with regards to the Emerse Privacy Policy or any questions you have about personal information stored by Emerse you may contact the Emerse Data Protection Officer (DPO) by using this email: dataprotectionofficer@emerse.com. You may also contact the DPO by post to: Data Protection Officer, Emerse Sverige AB, Klostergatan 2, 222 22 Lund, Sweden.
AdMaxim Inc.'s Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Precise Geographic Location Data
If you have questions or concerns regarding this statement, you should contact us through email or by mail. You can address your general questions and comments by e-mail to privacy@admaxim.com or by mail: AdMaxim Inc., 3945 Freedom Circle, Suite 940, Santa Clara, California. CA95054. Attn: Data Protection Officer.
BeeswaxIO Corporation's Privacy policy
Consent purpose(s): Information storage and access | Ad selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Precise Geographic Location Data
Upon request to privacy@beeswax.comwe will provide you with confirmation as to whether we are processing your personal information, and have the data communicated to you within a reasonable time.
TripleLift, Inc.'s Privacy policy
Consent purpose(s): Information storage and access | Ad selection, delivery, reporting
Legitimate interest purpose(s): None
Feature(s): Precise Geographic Location Data
If you reside outside of California, the European Economic Area and Switzerland, and you would like to review, correct, update, suppress, or delete the personal information that TripleLift maintains about you, or you would like to request a copy of your personal information held by us, you may contact us at privacy@triplelift.com.
If you are a resident of the European Economic Area, including Switzerland, you have the right to access the personal information that TripleLift maintains about you, and you may be able to review, correct, update, suppress, or delete that information or the processing of that information. To exercise these rights and other data subject rights as a resident of the European Economic Area, including Switzerland, please email us and our data protection officer at privacy@triplelift.com or see access.triplelift.com.
If you are a consumer who is a resident of California, California law requires us to inform you that TripleLift may sell your personal information to third parties in connection with our Services; however, subject to certain limitations, California law also permits you to request certain information regarding our disclosures or sales of your personal information during the preceding calendar year and gives you the right to opt out of our sale of your personal information to third parties. To learn more about California residents’ rights and, if you are a California resident, to make requests about your personal information or exercise your opt-out rights, visit our Notice to California Residents.
ADventori SAS's Privacy policy
Consent purpose(s): Information storage and access | Ad selection, delivery, reporting
Legitimate interest purpose(s): None
Feature(s): None
Oath (EMEA) Limited's Privacy policy
Consent purpose(s): Information storage and access | Personalisation
Legitimate interest purpose(s): Ad selection, delivery, reporting | Measurement
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Venatus Media Limited's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): None
Exponential Interactive, Inc's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): None
AdSpirit GmbH's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): None
BidTheatre AB's Privacy policy
Consent purpose(s): Information storage and access | Personalisation
Legitimate interest purpose(s): Ad selection, delivery, reporting
Feature(s): Linking Devices | Precise Geographic Location Data
Conversant Europe Ltd.'s Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Etarget SE's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources
ADITION technologies AG's Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Quantcast International Limited's Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Matching Data to Offline Sources | Linking Devices
Adikteev / Emoteev's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): None
Roq.ad GmbH's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Linking Devices | Precise Geographic Location Data
Vibrant Media Limited's Privacy policy
Consent purpose(s): Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): Information storage and access
Feature(s): None
Captify Technologies Limited's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting
Legitimate interest purpose(s): Measurement
Feature(s): Linking Devices
NEURAL.ONE's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices
Sovrn Holdings Inc's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting
Legitimate interest purpose(s): None
Feature(s): Linking Devices | Precise Geographic Location Data
NEORY GmbH's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): Ad selection, delivery, reporting
Feature(s): None
AppNexus Inc.'s Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): Ad selection, delivery, reporting
Feature(s): Linking Devices | Precise Geographic Location Data
Index Exchange, Inc. 's Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): Ad selection, delivery, reporting
Feature(s): Linking Devices | Precise Geographic Location Data
ADARA MEDIA UNLIMITED's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices
Avocet Systems Limited's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Ad selection, delivery, reporting
Feature(s): None
xAd, Inc. dba GroundTruth's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Tradelab, SAS's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting
Legitimate interest purpose(s): Measurement
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Smart Adserver's Privacy policy
Consent purpose(s): Information storage and access | Personalisation
Legitimate interest purpose(s): Ad selection, delivery, reporting | Measurement
Feature(s): Precise Geographic Location Data
The Rubicon Project, Inc. 's Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Precise Geographic Location Data
Dataxu, Inc. 's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
MediaMath, Inc.'s Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Criteo SA's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices
Crimtan Holdings Limited's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
RTB House S.A.'s Privacy policy
Consent purpose(s): Information storage and access | Ad selection, delivery, reporting
Legitimate interest purpose(s): None
Feature(s): None
Scene Stealer Limited's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Precise Geographic Location Data
Blis Media Limited's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Simplifi Holdings Inc.'s Privacy policy
Consent purpose(s): Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): Information storage and access
Feature(s): Linking Devices | Precise Geographic Location Data
ShareThis, Inc.'s Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting
Legitimate interest purpose(s): Measurement
Feature(s): Linking Devices
N Technologies Inc.'s Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Linking Devices
Madison Logic, Inc.'s Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Sirdata's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices
OpenX's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
GroupM UK Limited's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting
Legitimate interest purpose(s): Measurement
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Justpremium BV's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): None
Intent Media, Inc.'s Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Linking Devices
Vdopia DBA Chocolate Platform's Privacy policy
Consent purpose(s): Information storage and access | Ad selection, delivery, reporting
Legitimate interest purpose(s): None
Feature(s): Precise Geographic Location Data
RhythmOne, LLC's Privacy policy
Consent purpose(s): Measurement
Legitimate interest purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Sharethrough, Inc's Privacy policy
Consent purpose(s): Ad selection, delivery, reporting | Measurement
Legitimate interest purpose(s): Information storage and access
Feature(s): None
PulsePoint, Inc.'s Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Amobee, Inc. 's Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Purch Group, Inc.'s Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): Ad selection, delivery, reporting | Measurement
Feature(s): None
LifeStreet Corporation's Privacy policy
Consent purpose(s): Information storage and access | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): Personalisation
Feature(s): None
affilinet's Privacy policy
Consent purpose(s): Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): None
Admotion SRL's Privacy policy
Consent purpose(s): Information storage and access | Ad selection, delivery, reporting
Legitimate interest purpose(s): None
Feature(s): None
realzeit GmbH's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Precise Geographic Location Data
Switch Concepts Limited's Privacy policy
Consent purpose(s): Information storage and access | Ad selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): None
Parsec Media Inc.'s Privacy policy
Consent purpose(s): Information storage and access | Ad selection, delivery, reporting
Legitimate interest purpose(s): Measurement
Feature(s): Matching Data to Offline Sources | Precise Geographic Location Data
uppr GmbH's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Ad selection, delivery, reporting | Measurement
Feature(s): None
LEMO MEDIA GROUP LIMITED's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Precise Geographic Location Data
RevLifter Ltd's Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): Personalisation
Feature(s): None
Turbo's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Linking Devices | Precise Geographic Location Data
Sizmek's Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Linking Devices
M32 Connect Inc's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Precise Geographic Location Data
Greenhouse Group BV (with its trademark LemonPI)'s Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Linking Devices
GumGum, Inc.'s Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Precise Geographic Location Data
Active Agent AG's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
PubMatic, Inc.'s Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): None
Tapad, Inc.'s Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): Personalisation | Ad selection, delivery, reporting | Measurement
Feature(s): Linking Devices
Skimbit Ltd's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting
Legitimate interest purpose(s): Measurement
Feature(s): Linking Devices
adsquare GmbH's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Impression Desk Technologies Limited's Privacy policy
Consent purpose(s): Information storage and access | Ad selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Linking Devices | Precise Geographic Location Data
Adverline's Privacy policy
Consent purpose(s): Personalisation
Legitimate interest purpose(s): Information storage and access | Ad selection, delivery, reporting
Feature(s): None
Smaato, Inc.'s Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Precise Geographic Location Data
Rakuten Marketing LLC's Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Yieldlab AG's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Ad selection, delivery, reporting
Feature(s): Precise Geographic Location Data
Adform A/S's Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Matching Data to Offline Sources | Linking Devices
NetSuccess, s.r.o.'s Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Fifty Technology Limited's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting
Legitimate interest purpose(s): Measurement
Feature(s): None
The Trade Desk's Privacy policy
Consent purpose(s): Information storage and access | Personalisation
Legitimate interest purpose(s): Ad selection, delivery, reporting | Measurement
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Hottraffic BV (DMA Institute)'s Privacy policy
Consent purpose(s): Information storage and access | Measurement
Legitimate interest purpose(s): None
Feature(s): None
Taboola Europe Limited's Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Matching Data to Offline Sources | Linking Devices
Maytrics GmbH's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): None
comScore, Inc.'s Privacy policy
Consent purpose(s): Information storage and access | Measurement
Legitimate interest purpose(s): None
Feature(s): Linking Devices
LoopMe Ltd's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Eyeota Ptd Ltd's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources
Adloox SA's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Measurement
Feature(s): None
Teads 's Privacy policy
Consent purpose(s): Information storage and access | Personalisation
Legitimate interest purpose(s): Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Matching Data to Offline Sources | Linking Devices
admetrics GmbH's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): None
SlimCut Media SAS's Privacy policy
Consent purpose(s): Information storage and access | Personalisation
Legitimate interest purpose(s): Ad selection, delivery, reporting
Feature(s): None
Rich Audience's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Precise Geographic Location Data
Widespace AB's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting
Legitimate interest purpose(s): None
Feature(s): None
Avid Media Ltd's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting
Legitimate interest purpose(s): None
Feature(s): None
LiveRamp, Inc.'s Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices
ConnectAd Realtime GmbH's Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): Ad selection, delivery, reporting
Feature(s): None
Nano Interactive GmbH's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): None
PIXIMEDIA SAS's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Content selection, delivery, reporting
Legitimate interest purpose(s): Ad selection, delivery, reporting | Measurement
Feature(s): Precise Geographic Location Data
Ströer SSP GmbH's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Measurement
Feature(s): Linking Devices | Precise Geographic Location Data
ShowHeroes GmbH's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Measurement
Feature(s): Precise Geographic Location Data
Confiant Inc.'s Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): None
Feature(s): None
Teemo SA's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Precise Geographic Location Data
YOC AG's Privacy policy
Consent purpose(s): Information storage and access | Personalisation
Legitimate interest purpose(s): Ad selection, delivery, reporting | Measurement
Feature(s): Precise Geographic Location Data
Beemray Oy's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Precise Geographic Location Data
MiQ's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
ADman Interactive SL's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting
Legitimate interest purpose(s): Measurement
Feature(s): None
Admedo Ltd's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting
Feature(s): Precise Geographic Location Data
MADVERTISE MEDIA's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Underdog Media LLC 's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): None
Seedtag Advertising S.L's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting
Legitimate interest purpose(s): None
Feature(s): None
Snapsort Inc., operating as Sortable's Privacy policy
Consent purpose(s): Information storage and access | Measurement
Legitimate interest purpose(s): None
Feature(s): None
ID5 Technology SAS's Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): None
Feature(s): None
Reveal Mobile, Inc's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Adacado Technologies Inc. (DBA Adacado)'s Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting
Legitimate interest purpose(s): None
Feature(s): None
NextRoll, Inc.'s Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Matching Data to Offline Sources | Linking Devices
IPONWEB GmbH's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
BIDSWITCH GmbH's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
EASYmedia GmbH's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Outbrain UK Ltd's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Measurement
Legitimate interest purpose(s): Content selection, delivery, reporting
Feature(s): Matching Data to Offline Sources
district m inc.'s Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): None
Bombora Inc.'s Privacy policy
Consent purpose(s): Information storage and access | Personalisation
Legitimate interest purpose(s): Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Matching Data to Offline Sources | Linking Devices
Yieldmo, Inc.'s Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices
TreSensa, Inc.'s Privacy policy
Consent purpose(s): Information storage and access | Ad selection, delivery, reporting
Legitimate interest purpose(s): Personalisation | Measurement
Feature(s): Matching Data to Offline Sources
Flashtalking, Inc.'s Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): None
Feature(s): None
Sift Media, Inc's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting
Legitimate interest purpose(s): None
Feature(s): Precise Geographic Location Data
Sublime's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting
Legitimate interest purpose(s): Measurement
Feature(s): None
FORTVISION's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): None
digitalAudience's Privacy policy
Consent purpose(s): Information storage and access | Ad selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices
Adkernel LLC's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Linking Devices | Precise Geographic Location Data
Thirdpresence Oy's Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): Ad selection, delivery, reporting
Feature(s): Precise Geographic Location Data
EMX Digital LLC's Privacy policy
Consent purpose(s): Information storage and access | Personalisation
Legitimate interest purpose(s): Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Linking Devices | Precise Geographic Location Data
33Across's Privacy policy
Consent purpose(s): Information storage and access | Ad selection, delivery, reporting
Legitimate interest purpose(s): None
Feature(s): Linking Devices
Platform161's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): None
Teroa S.A.'s Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): None
1020, Inc. dba Placecast and Ericsson Emodo's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting
Legitimate interest purpose(s): Measurement
Feature(s): Precise Geographic Location Data
Media.net Advertising FZ-LLC's Privacy policy
Consent purpose(s): Information storage and access | Personalisation
Legitimate interest purpose(s): Ad selection, delivery, reporting | Measurement
Feature(s): Precise Geographic Location Data
Delta Projects AB's Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): Personalisation | Ad selection, delivery, reporting | Measurement
Feature(s): Precise Geographic Location Data
advanced store GmbH's Privacy policy
Consent purpose(s): Personalisation
Legitimate interest purpose(s): Information storage and access | Ad selection, delivery, reporting
Feature(s): None
video intelligence AG's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): None
Semasio GmbH's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Personalisation | Content selection, delivery, reporting | Measurement
Feature(s): None
Location Sciences AI Ltd's Privacy policy
Consent purpose(s): Information storage and access | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Precise Geographic Location Data
Zemanta, Inc.'s Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources
Tapjoy, Inc.'s Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): None
Sellpoints Inc.'s Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
2KDirect, Inc. (dba iPromote)'s Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Ad selection, delivery, reporting
Feature(s): None
Centro, Inc.'s Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Matching Data to Offline Sources
Rezonence Limited's Privacy policy
Consent purpose(s): Ad selection, delivery, reporting | Measurement
Legitimate interest purpose(s): Information storage and access
Feature(s): None
Publicis Media GmbH's Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Matching Data to Offline Sources
SYNC's Privacy policy
Consent purpose(s): Information storage and access | Ad selection, delivery, reporting
Legitimate interest purpose(s): None
Feature(s): None
ORTEC B.V.'s Privacy policy
Consent purpose(s): Personalisation
Legitimate interest purpose(s): Information storage and access | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Ligatus GmbH's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Measurement
Feature(s): Precise Geographic Location Data
Adssets AB's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Ad selection, delivery, reporting | Measurement
Feature(s): None
Collective Europe Ltd.'s Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Ogury Ltd.'s Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting
Legitimate interest purpose(s): Measurement
Feature(s): Linking Devices | Precise Geographic Location Data
1plusX AG's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
AntVoice's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting
Legitimate interest purpose(s): None
Feature(s): Linking Devices
smartclip Europe GmbH's Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): Personalisation | Ad selection, delivery, reporting | Measurement
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
DoubleVerify Inc.'s Privacy policy
Consent purpose(s): Measurement
Legitimate interest purpose(s): None
Feature(s): None
Mediasmart Mobile S.L.'s Privacy policy
Consent purpose(s): Information storage and access | Ad selection, delivery, reporting
Legitimate interest purpose(s): None
Feature(s): Precise Geographic Location Data
IgnitionOne's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Matching Data to Offline Sources | Linking Devices
emetriq GmbH's Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): Personalisation | Ad selection, delivery, reporting | Measurement
Feature(s): Matching Data to Offline Sources | Linking Devices
Leadplace - Temelio's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices
adrule mobile GmbH's Privacy policy
Consent purpose(s): Personalisation | Content selection, delivery, reporting
Legitimate interest purpose(s): Information storage and access | Ad selection, delivery, reporting | Measurement
Feature(s): Precise Geographic Location Data
A Million Ads Ltd's Privacy policy
Consent purpose(s): Personalisation
Legitimate interest purpose(s): Information storage and access | Ad selection, delivery, reporting
Feature(s): None
remerge GmbH's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): None
Rockerbox, Inc's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Ad selection, delivery, reporting | Measurement
Feature(s): Precise Geographic Location Data
Bounce Exchange, Inc's Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): Personalisation | Content selection, delivery, reporting | Measurement
Feature(s): Matching Data to Offline Sources | Linking Devices
ZBO Media's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting
Legitimate interest purpose(s): Measurement
Feature(s): Matching Data to Offline Sources | Linking Devices
Smartology Limited's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Measurement
Feature(s): None
OneTag Ltd's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting
Legitimate interest purpose(s): Measurement
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
LiquidM Technology GmbH's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Measurement
Feature(s): Precise Geographic Location Data
ARMIS SAS's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting
Legitimate interest purpose(s): None
Feature(s): None
Audiens S.r.l.'s Privacy policy
Consent purpose(s): Information storage and access | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
7Hops.com Inc. (ZergNet)'s Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Content selection, delivery, reporting | Measurement
Feature(s): None
Bucksense Inc's Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Linking Devices | Precise Geographic Location Data
Bidtellect, Inc's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices
Adello Group AG's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Measurement
Feature(s): Precise Geographic Location Data
RTK.IO, Inc's Privacy policy
Consent purpose(s): Information storage and access | Content selection, delivery, reporting
Legitimate interest purpose(s): Personalisation | Ad selection, delivery, reporting | Measurement
Feature(s): Matching Data to Offline Sources | Precise Geographic Location Data
Spotad's Privacy policy
Consent purpose(s): Personalisation | Ad selection, delivery, reporting
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
AdTheorent, Inc's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Digitize New Media Ltd's Privacy policy
Consent purpose(s): Personalisation | Content selection, delivery, reporting
Legitimate interest purpose(s): None
Feature(s): None
Bannerflow AB's Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): None
Sonobi, Inc's Privacy policy
Consent purpose(s): Information storage and access | Personalisation
Legitimate interest purpose(s): Ad selection, delivery, reporting
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Unruly Group Ltd's Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): Personalisation | Ad selection, delivery, reporting | Measurement
Feature(s): Matching Data to Offline Sources | Linking Devices
Spolecznosci Sp. z o.o. Sp. k.'s Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Linking Devices | Precise Geographic Location Data
Research Now Group, Inc's Privacy policy
Consent purpose(s): Information storage and access | Ad selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): None
Goodway Group, Inc.'s Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Netsprint SA's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Intowow Innovation Ltd.'s Privacy policy
Consent purpose(s): Information storage and access | Ad selection, delivery, reporting
Legitimate interest purpose(s): None
Feature(s): Precise Geographic Location Data
Mirando GmbH & Co KG's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Precise Geographic Location Data
Sanoma Media Finland's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Viralize SRL's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Precise Geographic Location Data
Genius Sports Media Limited's Privacy policy
Consent purpose(s): Personalisation | Content selection, delivery, reporting
Legitimate interest purpose(s): Information storage and access | Ad selection, delivery, reporting | Measurement
Feature(s): Linking Devices | Precise Geographic Location Data
Collective, Inc. dba Visto's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Onnetwork Sp. z o.o.'s Privacy policy
Consent purpose(s): Personalisation | Ad selection, delivery, reporting | Measurement
Legitimate interest purpose(s): Information storage and access
Feature(s): None
Revcontent, LLC's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): None
RockYou, Inc.'s Privacy policy
Consent purpose(s): Ad selection, delivery, reporting
Legitimate interest purpose(s): Information storage and access | Personalisation | Measurement
Feature(s): Precise Geographic Location Data
LKQD, a division of Nexstar Digital, LLC.'s Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Linking Devices | Precise Geographic Location Data
Golden Bees's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Linking Devices | Precise Geographic Location Data
Spot.IM Ltd.'s Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): None
Triton Digital Canada Inc.'s Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): None
plista GmbH's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting
Legitimate interest purpose(s): Measurement
Feature(s): None
TimeOne's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting
Legitimate interest purpose(s): Measurement
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Inskin Media LTD's Privacy policy
Consent purpose(s): Personalisation | Ad selection, delivery, reporting | Measurement
Legitimate interest purpose(s): Information storage and access
Feature(s): None
Jaduda GmbH's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Precise Geographic Location Data
Converge-Digital's Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Precise Geographic Location Data
Smadex SL's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Comcast International France SAS's Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): None
Feature(s): None
McCann Discipline LTD's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): None
AdClear GmbH's Privacy policy
Consent purpose(s): Information storage and access | Measurement
Legitimate interest purpose(s): Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting
Feature(s): Matching Data to Offline Sources | Linking Devices
Codewise Sp. z o.o. Sp. k's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices
ADYOULIKE SA's Privacy policy
Consent purpose(s): Personalisation | Content selection, delivery, reporting
Legitimate interest purpose(s): Information storage and access | Ad selection, delivery, reporting | Measurement
Feature(s): None
mobalo GmbH's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Precise Geographic Location Data
A.Mob's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Steel House, Inc.'s Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): None
Improve Digital International BV's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
On Device Research Limited's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Keymantics's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting
Legitimate interest purpose(s): None
Feature(s): None
R-TARGET's Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices
mainADV Srl's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Linking Devices | Precise Geographic Location Data
Integral Ad Science, Inc.'s Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Measurement
Feature(s): None
Qwertize's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Content selection, delivery, reporting
Legitimate interest purpose(s): Ad selection, delivery, reporting | Measurement
Feature(s): None
Sojern, Inc.'s Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Linking Devices
Celtra, Inc.'s Privacy policy
Consent purpose(s): Information storage and access | Ad selection, delivery, reporting
Legitimate interest purpose(s): None
Feature(s): Precise Geographic Location Data
SpotX's Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): None
Feature(s): None
ADMAN - Phaistos Networks, S.A.'s Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): None
SMARTSTREAM.TV GmbH's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices
Knorex Pte Ltd's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Gamned's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Precise Geographic Location Data
Accorp Sp. z o.o.'s Privacy policy
Consent purpose(s): Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting
Legitimate interest purpose(s): Information storage and access | Measurement
Feature(s): None
ADUX's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
PowerLinks Media Limited's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Measurement
Legitimate interest purpose(s): Ad selection, delivery, reporting | Content selection, delivery, reporting
Feature(s): Precise Geographic Location Data
Jivox Corporation's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Connatix Native Exchange Inc.'s Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): None
Polar Mobile Group Inc.'s Privacy policy
Consent purpose(s): Information storage and access | Personalisation
Legitimate interest purpose(s): Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): None
Clipcentric, Inc.'s Privacy policy
Consent purpose(s): Information storage and access | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Precise Geographic Location Data
Readpeak Oy's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): None
Perform Media Services Ltd's Privacy policy
Consent purpose(s): Personalisation
Legitimate interest purpose(s): Information storage and access | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Matching Data to Offline Sources | Linking Devices
Fusio by S4M's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Measurement
Legitimate interest purpose(s): Ad selection, delivery, reporting
Feature(s): Matching Data to Offline Sources | Precise Geographic Location Data
Mobile Professionals BV's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Precise Geographic Location Data
usemax advertisement (Emego GmbH)'s Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): None
Adobe Advertising Cloud's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Linking Devices | Precise Geographic Location Data
The ADEX GmbH's Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Welect GmbH's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Measurement
Feature(s): None
StackAdapt's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
WEBORAMA's Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Liveintent Inc.'s Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): None
Feature(s): Linking Devices
DigiTrust / IAB Tech Lab's Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): None
Feature(s): None
zeotap GmbH's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Matching Data to Offline Sources | Linking Devices
TabMo SAS's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Precise Geographic Location Data
Adevinta Spain S.L.U.'s Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Content selection, delivery, reporting
Feature(s): None
Permodo GmbH's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
AdTiming Technology Company Limited's Privacy policy
Consent purpose(s): Ad selection, delivery, reporting | Measurement
Legitimate interest purpose(s): Information storage and access | Personalisation | Content selection, delivery, reporting
Feature(s): None
Fyber 's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Precise Geographic Location Data
ad6media's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Content selection, delivery, reporting
Legitimate interest purpose(s): Ad selection, delivery, reporting | Measurement
Feature(s): Linking Devices | Precise Geographic Location Data
The Kantar Group Limited's Privacy policy
Consent purpose(s): Information storage and access | Ad selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Rockabox Media Ltd's Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): Personalisation | Ad selection, delivery, reporting
Feature(s): None
Marfeel Solutions S.L's Privacy policy
Consent purpose(s): Information storage and access | Ad selection, delivery, reporting
Legitimate interest purpose(s): None
Feature(s): None
InMobi Pte Ltd's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Telaria, Inc's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Gemius SA's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Linking Devices
Wizaly's Privacy policy
Consent purpose(s): Information storage and access | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices
Apester Ltd's Privacy policy
Consent purpose(s): Personalisation
Legitimate interest purpose(s): Information storage and access | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): None
Adelphic LLC's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting
Legitimate interest purpose(s): None
Feature(s): Linking Devices | Precise Geographic Location Data
Aerserv LLC's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Instinctive, Inc.'s Privacy policy
Consent purpose(s): Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting
Legitimate interest purpose(s): Information storage and access | Measurement
Feature(s): None
Optomaton UG's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting
Legitimate interest purpose(s): None
Feature(s): Linking Devices
Video Media Groep B.V.'s Privacy policy
Consent purpose(s): Personalisation
Legitimate interest purpose(s): Information storage and access | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): None
Digilant Spain, SLU's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources
Vuble's Privacy policy
Consent purpose(s): Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): Information storage and access
Feature(s): None
Orion Semantics's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting
Legitimate interest purpose(s): None
Feature(s): None
Signal Digital Inc.'s Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices
Visarity Technologies GmbH's Privacy policy
Consent purpose(s): Measurement
Legitimate interest purpose(s): None
Feature(s): None
DIGITEKA Technologies's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Precise Geographic Location Data
Linicom's Privacy policy
Consent purpose(s): Personalisation
Legitimate interest purpose(s): Information storage and access | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): None
Acuityads Inc.'s Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): None
Mindlytix SAS's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): None
Permutive Technologies, Inc.'s Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access
Feature(s): Matching Data to Offline Sources | Linking Devices
Permutive Ltd.'s Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access
Feature(s): Matching Data to Offline Sources | Linking Devices
Mobfox US LLC's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Precise Geographic Location Data
MGID Inc.'s Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Meetrics GmbH's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Measurement
Feature(s): None
Yieldlove GmbH's Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): None
Seeding Alliance GmbH's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Precise Geographic Location Data
My6sense Inc.'s Privacy policy
Consent purpose(s): Information storage and access | Ad selection, delivery, reporting | Measurement
Legitimate interest purpose(s): Personalisation | Content selection, delivery, reporting
Feature(s): None
Ezoic Inc.'s Privacy policy
Consent purpose(s): Personalisation | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): Information storage and access
Feature(s): None
Bigabid Media Ltd's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Linking Devices | Precise Geographic Location Data
Free Stream Media Corp. dba Samba TV's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices
Samba TV UK Limited's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices
Somo Audience Corp's Privacy policy
Consent purpose(s): Information storage and access | Personalisation
Legitimate interest purpose(s): Ad selection, delivery, reporting
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Vidoomy Media SL's Privacy policy
Consent purpose(s): Information storage and access | Personalisation
Legitimate interest purpose(s): Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Linking Devices | Precise Geographic Location Data
communicationAds GmbH & Co. KG's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access
Feature(s): None
Getintent USA, inc.'s Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): None
Feature(s): None
mediarithmics SAS's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
VECTAURY's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Nielsen Marketing Cloud's Privacy policy
Consent purpose(s): Information storage and access | Personalisation
Legitimate interest purpose(s): Measurement
Feature(s): Matching Data to Offline Sources | Linking Devices
Digital Control GmbH & Co. KG's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting
Legitimate interest purpose(s): None
Feature(s): None
numberly's Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Qriously's Privacy policy
Consent purpose(s): Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting
Legitimate interest purpose(s): Information storage and access
Feature(s): None
Audience Trading Platform Ltd.'s Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Measurement
Feature(s): Linking Devices
Pixalate, Inc.'s Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Measurement
Feature(s): None
Triapodi Ltd.'s Privacy policy
Consent purpose(s): Information storage and access | Ad selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): None
Exactag GmbH's Privacy policy
Consent purpose(s): Information storage and access | Measurement
Legitimate interest purpose(s): None
Feature(s): None
Affectv Ltd's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): None
AddApptr GmbH's Privacy policy
Consent purpose(s): Information storage and access | Ad selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Precise Geographic Location Data
The Reach Group GmbH's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): Ad selection, delivery, reporting
Feature(s): None
Hybrid Adtech GmbH's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Mobusi Mobile Advertising S.L.'s Privacy policy
Consent purpose(s): Information storage and access | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Precise Geographic Location Data
Oracle's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting
Legitimate interest purpose(s): Measurement
Feature(s): Linking Devices
Duplo Media AS's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Measurement
Feature(s): None
twiago GmbH's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Linking Devices | Precise Geographic Location Data
Pocketmath Pte Ltd's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Effiliation's Privacy policy
Consent purpose(s): Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Linking Devices
Eulerian Technologies's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices
Whenever Media Ltd's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Linking Devices | Precise Geographic Location Data
Webedia's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): None
Yormedia Solutions Ltd's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Precise Geographic Location Data
Seenthis AB's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access
Feature(s): None
Nativo, Inc.'s Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting
Legitimate interest purpose(s): Measurement
Feature(s): None
Browsi Mobile Ltd's Privacy policy
Consent purpose(s): Information storage and access | Measurement
Legitimate interest purpose(s): None
Feature(s): None
Bidmanagement GmbH's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): None
SheMedia, LLC's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices
Brand Metrics Sweden AB's Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): None
Feature(s): None
LeftsnRight, Inc. dba LIQWID's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Precise Geographic Location Data
TradeTracker's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Ad selection, delivery, reporting | Measurement
Feature(s): Linking Devices
AudienceProject Aps's Privacy policy
Consent purpose(s): Information storage and access | Personalisation
Legitimate interest purpose(s): Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Matching Data to Offline Sources | Linking Devices
Avazu Inc.'s Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Ad selection, delivery, reporting | Content selection, delivery, reporting
Feature(s): Precise Geographic Location Data
Cloud Technologies S.A.'s Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices
iotec global Ltd.'s Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): None
dunnhumby Germany GmbH's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
IgnitionAi Ltd's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Linking Devices
Commanders Act's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
DynAdmic's Privacy policy
Consent purpose(s): Information storage and access | Ad selection, delivery, reporting
Legitimate interest purpose(s): Personalisation | Content selection, delivery, reporting
Feature(s): Matching Data to Offline Sources | Precise Geographic Location Data
SINGLESPOT SAS 's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Precise Geographic Location Data
Arrivalist Co.'s Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Ad selection, delivery, reporting | Measurement
Feature(s): Matching Data to Offline Sources | Linking Devices
Ziff Davis LLC's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Linking Devices
INVIBES GROUP's Privacy policy
Consent purpose(s): Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting
Legitimate interest purpose(s): Information storage and access | Measurement
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
R-Advertising's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): None
Myntelligence Limited's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
PROXISTORE's Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): Ad selection, delivery, reporting
Feature(s): Precise Geographic Location Data
Mobile Journey B.V.'s Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Ad selection, delivery, reporting | Measurement
Feature(s): Precise Geographic Location Data
Tradedoubler AB's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Measurement
Feature(s): Linking Devices
Signals's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Beachfront Media LLC's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): None
Publishers Internationale Pty Ltd's Privacy policy
Consent purpose(s): Information storage and access | Personalisation
Legitimate interest purpose(s): Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Proxi.cloud Sp. z o.o.'s Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Precise Geographic Location Data
Bmind a Sales Maker Company, S.L.'s Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices
Ooyala Inc's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting
Legitimate interest purpose(s): None
Feature(s): Linking Devices | Precise Geographic Location Data
Neodata Group srl's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Innovid Inc.'s Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting
Legitimate interest purpose(s): Measurement
Feature(s): Linking Devices
Playbuzz Ltd. 's Privacy policy
Consent purpose(s): Personalisation
Legitimate interest purpose(s): Information storage and access | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Precise Geographic Location Data
Cxense ASA's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): None
Adimo's Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): Measurement
Feature(s): Precise Geographic Location Data
GDMServices, Inc. d/b/a FiksuDSP's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting
Legitimate interest purpose(s): None
Feature(s): Linking Devices | Precise Geographic Location Data
Cuebiq Inc.'s Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Precise Geographic Location Data
travel audience GmbH's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): None
Demandbase, Inc. 's Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Solocal's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): None
ADRINO Sp. z o.o.'s Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Forensiq LLC's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Measurement
Feature(s): Matching Data to Offline Sources | Precise Geographic Location Data
Adludio Ltd's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Precise Geographic Location Data
Adtelligent Inc.'s Privacy policy
Consent purpose(s): Information storage and access | Ad selection, delivery, reporting
Legitimate interest purpose(s): None
Feature(s): None
mbr targeting GmbH's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting
Feature(s): None
PREX Programmatic Exchange GmbH&Co KG's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Measurement
Feature(s): None
Bidstack Limited's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Measurement
Legitimate interest purpose(s): Ad selection, delivery, reporting | Content selection, delivery, reporting
Feature(s): Linking Devices
TACTIC™ Real-Time Marketing AS's Privacy policy
Consent purpose(s): Information storage and access | Ad selection, delivery, reporting
Legitimate interest purpose(s): None
Feature(s): None
Yieldr UK's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Precise Geographic Location Data
White Ops, Inc.'s Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Measurement
Feature(s): Matching Data to Offline Sources | Precise Geographic Location Data
Telecoming S.A.'s Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting
Feature(s): Precise Geographic Location Data
Ad Unity Ltd's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Ad selection, delivery, reporting
Feature(s): None
Cybba, Inc.'s Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): None
Zeta Global's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Matching Data to Offline Sources | Linking Devices
DEFINE MEDIA GMBH's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): None
Affle International's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting
Legitimate interest purpose(s): None
Feature(s): Precise Geographic Location Data
AdElement Media Solutions Pvt Ltd's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Content selection, delivery, reporting
Legitimate interest purpose(s): Ad selection, delivery, reporting | Measurement
Feature(s): Precise Geographic Location Data
Social Tokens Ltd. 's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
TAPTAP Networks SL's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting
Legitimate interest purpose(s): Content selection, delivery, reporting | Measurement
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
hbfsTech's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Personalisation
Feature(s): None
Targetspot Belgium SPRL's Privacy policy
Consent purpose(s): Ad selection, delivery, reporting
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Internet BillBoard a.s.'s Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): None
B2B Media Group EMEA GmbH's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): None
HIRO Media Ltd's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Matching Data to Offline Sources
pilotx.tv's Privacy policy
Consent purpose(s): Personalisation | Ad selection, delivery, reporting
Legitimate interest purpose(s): Information storage and access | Content selection, delivery, reporting | Measurement
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
CerebroAd.com s.r.o.'s Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Ströer Mobile Performance GmbH's Privacy policy
Consent purpose(s): Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting
Legitimate interest purpose(s): Information storage and access | Measurement
Feature(s): Precise Geographic Location Data
Totaljobs Group Ltd 's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Madington's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Measurement
Feature(s): None
Neustar, Inc.'s Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Matching Data to Offline Sources | Linking Devices
AdColony, Inc.'s Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Matching Data to Offline Sources
YellowHammer Media Group's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting
Legitimate interest purpose(s): None
Feature(s): None
SpringServe, LLC's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Ad selection, delivery, reporting
Feature(s): None
Adledge's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Measurement
Feature(s): None
Clicksco Digital Limited's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting
Legitimate interest purpose(s): Measurement
Feature(s): Linking Devices
Arcspire Limited's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Precise Geographic Location Data
Automattic Inc.'s Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting
Legitimate interest purpose(s): None
Feature(s): None
KUPONA GmbH's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Ad selection, delivery, reporting
Feature(s): None
Fidelity Media's Privacy policy
Consent purpose(s): Personalisation
Legitimate interest purpose(s): Information storage and access | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Precise Geographic Location Data
Sub2 Technologies Ltd's Privacy policy
Consent purpose(s): Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): Information storage and access | Personalisation
Feature(s): None
Haensel AMS GmbH's Privacy policy
Consent purpose(s): Ad selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Linking Devices
Opinary GmbH's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): None
PLAYGROUND XYZ EMEA LTD's Privacy policy
Consent purpose(s): Information storage and access | Ad selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): None
Oracle AddThis's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting
Legitimate interest purpose(s): Measurement
Feature(s): Linking Devices
Triboo Data Analytics's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): None
PurposeLab, LLC's Privacy policy
Consent purpose(s): Measurement
Legitimate interest purpose(s): None
Feature(s): None
NEXD's Privacy policy
Consent purpose(s): Measurement
Legitimate interest purpose(s): Ad selection, delivery, reporting
Feature(s): None
Schibsted Product and Tech UK's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources
Little Big Data sp.z.o.o.'s Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Content selection, delivery, reporting
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
LotaData, Inc.'s Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Measurement
Feature(s): Matching Data to Offline Sources
Lucid Holdings, LLC's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
PubNative GmbH's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Precise Geographic Location Data
FlexOffers.com, LLC's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Cablato Limited's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): None
Pexi B.V.'s Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): None
AdsWizz Inc.'s Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Measurement
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
UberMedia, Inc.'s Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): None
Shopalyst Inc's Privacy policy
Consent purpose(s): Information storage and access | Personalisation
Legitimate interest purpose(s): None
Feature(s): None
SunMedia 's Privacy policy
Consent purpose(s): Information storage and access | Personalisation
Legitimate interest purpose(s): Ad selection, delivery, reporting
Feature(s): Linking Devices
Accelerize Inc.'s Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): Measurement
Feature(s): Linking Devices | Precise Geographic Location Data
Admixer EU GmbH's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
INFINIA MOBILE S.L.'s Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting
Legitimate interest purpose(s): None
Feature(s): Linking Devices | Precise Geographic Location Data
Shopstyle's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices
ATG Ad Tech Group GmbH's Privacy policy
Consent purpose(s): Information storage and access | Ad selection, delivery, reporting
Legitimate interest purpose(s): None
Feature(s): None
netzeffekt GmbH's Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): Ad selection, delivery, reporting | Measurement
Feature(s): None
nugg.ad GmbH's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Measurement
Feature(s): Matching Data to Offline Sources
ZighZag's Privacy policy
Consent purpose(s): Information storage and access | Ad selection, delivery, reporting
Legitimate interest purpose(s): Measurement
Feature(s): Matching Data to Offline Sources | Linking Devices
ChannelSight 's Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): Measurement
Feature(s): None
The Ozone Project Limited's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Linking Devices | Precise Geographic Location Data
Fidzup's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Kayzen's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources
Jampp LTD's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Precise Geographic Location Data
salesforce.com, inc.'s Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting
Legitimate interest purpose(s): None
Feature(s): Linking Devices
SmartyAds Inc.'s Privacy policy
Consent purpose(s): Information storage and access | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Linking Devices | Precise Geographic Location Data
INNITY's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): None
Uprival LLC's Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): None
Feature(s): None
Tealium Inc's Privacy policy
Consent purpose(s): Personalisation | Ad selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices
Near Pte Ltd's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Precise Geographic Location Data
AdDefend GmbH's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): None
Alliance Gravity Data Media's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices
Chargeads's Privacy policy
Consent purpose(s): Information storage and access | Personalisation
Legitimate interest purpose(s): Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
X-Mode Social, Inc.'s Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
RUN, Inc.'s Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Smartclip Hispania SL's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): None
GlobalWebIndex's Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): Ad selection, delivery, reporting | Measurement
Feature(s): Matching Data to Offline Sources | Linking Devices
Densou Trading Desk ApS's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): None
PUB OCEAN LIMITED's Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): Measurement
Feature(s): Precise Geographic Location Data
Kochava Inc.'s Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Measurement
Feature(s): None
PaperG, Inc. dba Thunder Industries's Privacy policy
Consent purpose(s): Information storage and access | Personalisation
Legitimate interest purpose(s): Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): None
Cydersoft's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting
Feature(s): Linking Devices | Precise Geographic Location Data
Illuma Technology Limited's Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): Ad selection, delivery, reporting
Feature(s): None
Tunnl BV's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): None
Video Reach's Privacy policy
Consent purpose(s): Information storage and access | Ad selection, delivery, reporting
Legitimate interest purpose(s): None
Feature(s): None
Smart Traffik's Privacy policy
Consent purpose(s): Information storage and access | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
DeepIntent, Inc.'s Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Precise Geographic Location Data
ReigNN Platform Ltd.'s Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): None
Bit Q Holdings Limited's Privacy policy
Consent purpose(s): Information storage and access | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Adhese's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
adhood.com's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Precise Geographic Location Data
Happydemics's Privacy policy
Consent purpose(s): Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Precise Geographic Location Data
Leiki Ltd.'s Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting
Legitimate interest purpose(s): Content selection, delivery, reporting
Feature(s): None
RMSi Radio Marketing Service interactive GmbH's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Dr. Banner's Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): Ad selection, delivery, reporting
Feature(s): Precise Geographic Location Data
Adobe Audience Manager's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Measurement
Legitimate interest purpose(s): None
Feature(s): None
Drawbridge, Inc.'s Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): None
Feature(s): Linking Devices
CHEQ AI TECHNOLOGIES LTD.'s Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): Measurement
Feature(s): None
ViewPay's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Precise Geographic Location Data
Jointag S.r.l.'s Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Precise Geographic Location Data
Czech Publisher Exchange z.s.p.o.'s Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices
Otto (GmbH & Co KG)'s Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Linking Devices
LBC France's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Linking Devices | Precise Geographic Location Data
Kairos Fire's Privacy policy
Consent purpose(s): Information storage and access | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Precise Geographic Location Data
Neustar on behalf of The Procter & Gamble Company's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Matching Data to Offline Sources | Linking Devices
Sourcepoint Technologies, Inc.'s Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): None
Localsensor B.V.'s Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): None
MAIRDUMONT NETLETIX GmbH&Co. KG's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Precise Geographic Location Data
Goldbach Group AG's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Programatica de publicidad S.L.'s Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Realeyes OÜ's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices
Mobilewalla, Inc.'s Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
audio content & control GmbH's Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Precise Geographic Location Data
InsurAds Technologies SA.'s Privacy policy
Consent purpose(s): Ad selection, delivery, reporting
Legitimate interest purpose(s): Measurement
Feature(s): Precise Geographic Location Data
StartApp Inc.'s Privacy policy
Consent purpose(s): Personalisation
Legitimate interest purpose(s): Information storage and access | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Precise Geographic Location Data
Colpirio.com's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): None
Bandsintown Amplified LLC's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Linking Devices
Better Banners A/S's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Ad selection, delivery, reporting | Measurement
Feature(s): None
Dynamic 1001 GmbH's Privacy policy
Consent purpose(s): Ad selection, delivery, reporting
Legitimate interest purpose(s): Information storage and access
Feature(s): None
WebAds B.V's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting
Legitimate interest purpose(s): None
Feature(s): None
Maximus Live LLC's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Linking Devices | Precise Geographic Location Data
Join's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Impactify 's Privacy policy
Consent purpose(s): Information storage and access | Personalisation
Legitimate interest purpose(s): Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): None
News and Media Holding, a.s.'s Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Online Solution Int Limited's Privacy policy
Consent purpose(s): Information storage and access | Personalisation
Legitimate interest purpose(s): Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): None
Adnami Aps's Privacy policy
Consent purpose(s): Information storage and access | Ad selection, delivery, reporting
Legitimate interest purpose(s): None
Feature(s): None
Consumable, Inc.'s Privacy policy
Consent purpose(s): Information storage and access | Ad selection, delivery, reporting
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices
Market Resource Partners LLC's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Adsolutions BV's Privacy policy
Consent purpose(s): Information storage and access | Measurement
Legitimate interest purpose(s): None
Feature(s): None
ucfunnel Co., Ltd.'s Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Precise Geographic Location Data
Predicio's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Onfocus (Adagio)'s Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): None
Feature(s): Precise Geographic Location Data
Blue's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): None
Azerion Holding B.V.'s Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Seznam.cz, a.s.'s Privacy policy
Consent purpose(s): Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting
Legitimate interest purpose(s): Information storage and access | Measurement
Feature(s): Linking Devices | Precise Geographic Location Data
Norstat Danmark A/S's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices
Adprime Media Inc. 's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting
Legitimate interest purpose(s): None
Feature(s): None
Lotame Solutions, Inc.'s Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): None
BEINTOO SPA's Privacy policy
Consent purpose(s): Information storage and access | Ad selection, delivery, reporting
Legitimate interest purpose(s): None
Feature(s): Precise Geographic Location Data
Capitaldata's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
: Tappx's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting
Legitimate interest purpose(s): None
Feature(s): Precise Geographic Location Data
Contact Impact GmbH's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Precise Geographic Location Data
Hivestack Inc.'s Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access
Feature(s): Precise Geographic Location Data
Relay42 Netherlands B.V.'s Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
D-Edge's Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): None
Feature(s): None
Passendo ApS's Privacy policy
Consent purpose(s): Information storage and access | Ad selection, delivery, reporting
Legitimate interest purpose(s): None
Feature(s): None
Gamoshi LTD's Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): None
Feature(s): None
Smile Wanted Group's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): None
WebMediaRM's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): None
Ve Global's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): None
Noster Finance S.L.'s Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Linking Devices | Precise Geographic Location Data
Smartme Analytics's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Measurement
Feature(s): Matching Data to Offline Sources
Adserve.zone / Artworx AS's Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): None
Feature(s): None
Dailymotion SA's Privacy policy
Consent purpose(s): Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): Information storage and access
Feature(s): Linking Devices
Skaze's Privacy policy
Consent purpose(s): Information storage and access | Personalisation
Legitimate interest purpose(s): Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Notify's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
TrueData Solutions, Inc.'s Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Axel Springer Teaser Ad GmbH's Privacy policy
Consent purpose(s): Personalisation
Legitimate interest purpose(s): Information storage and access | Ad selection, delivery, reporting | Measurement
Feature(s): None
GRAPHINIUM's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices
Research and Analysis of Media in Sweden AB's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Measurement
Feature(s): None
Think Clever Media's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting
Legitimate interest purpose(s): Measurement
Feature(s): None
Alive & Kicking Global Limited's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
GP One GmbH's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Ad selection, delivery, reporting | Measurement
Feature(s): Precise Geographic Location Data
Sportradar AG's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Linking Devices | Precise Geographic Location Data
Soundcast's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting
Legitimate interest purpose(s): None
Feature(s): Precise Geographic Location Data
Digital East GmbH's Privacy policy
Consent purpose(s): Information storage and access | Measurement
Legitimate interest purpose(s): None
Feature(s): Precise Geographic Location Data
Telefonica Investigación y Desarrollo S.A.U's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
BeOp's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Linking Devices | Precise Geographic Location Data
Mobsuccess's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
BLIINK SAS's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting
Legitimate interest purpose(s): None
Feature(s): None
Liftoff Mobile, Inc.'s Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Precise Geographic Location Data
WhatRocks Inc. 's Privacy policy
Consent purpose(s): Information storage and access | Measurement
Legitimate interest purpose(s): None
Feature(s): None
Timehop, Inc.'s Privacy policy
Consent purpose(s): Information storage and access | Ad selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Precise Geographic Location Data
Duration Media, LLC.'s Privacy policy
Consent purpose(s): Information storage and access | Ad selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Instreamatic inc.'s Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting
Legitimate interest purpose(s): None
Feature(s): None
BusinessClick's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Intercept Interactive Inc. dba Undertone's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): None
Schibsted Norge AS's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Linking Devices | Precise Geographic Location Data
Cedato Technologies LTD.'s Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting
Legitimate interest purpose(s): Measurement
Feature(s): Linking Devices
TTNET AS's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Precise Geographic Location Data
adMarketplace, Inc.'s Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Ad selection, delivery, reporting
Feature(s): Matching Data to Offline Sources | Precise Geographic Location Data
Mediaforce LTD's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Precise Geographic Location Data
AuDigent's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting
Legitimate interest purpose(s): None
Feature(s): None
Radio Net Media Limited's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting
Legitimate interest purpose(s): Measurement
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Blue Billywig BV's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Measurement
Feature(s): None
The MediaGrid Inc.'s Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices
Arkeero's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
MISSENA's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): None
Go.pl sp. z o.o.'s Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): None
Lifesight Pte. Ltd.'s Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Linking Devices | Precise Geographic Location Data
ADWAYS SAS's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Ad selection, delivery, reporting
Feature(s): None
VRTCAL Markets, Inc.'s Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Personalisation
Feature(s): Precise Geographic Location Data
MyTraffic's Privacy policy
Consent purpose(s): Information storage and access | Ad selection, delivery, reporting
Legitimate interest purpose(s): None
Feature(s): Precise Geographic Location Data
adality GmbH's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access | Personalisation
Feature(s): Matching Data to Offline Sources
Inspired Mobile Limited's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Effinity's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Information storage and access
Feature(s): None
Kwanko's Privacy policy
Consent purpose(s): Information storage and access | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): None
BidBerry SRL's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Linking Devices
Dataseat Ltd's Privacy policy
Consent purpose(s): Personalisation | Measurement
Legitimate interest purpose(s): Information storage and access | Ad selection, delivery, reporting | Content selection, delivery, reporting
Feature(s): None
OnAudience Ltd's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Dugout Limited 's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Audience Network's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Linking Devices
AppConsent Xchange's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
AAX LLC's Privacy policy
Consent purpose(s): Information storage and access | Personalisation
Legitimate interest purpose(s): Ad selection, delivery, reporting | Measurement
Feature(s): Matching Data to Offline Sources | Precise Geographic Location Data
Axonix Ltd's Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): None
Feature(s): Precise Geographic Location Data
Online Advertising Network Sp. z o.o.'s Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Linking Devices
Dentsu Aegis Network Italia SpA's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Beaconspark Ltd's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting
Legitimate interest purpose(s): Content selection, delivery, reporting | Measurement
Feature(s): Matching Data to Offline Sources
Between Exchange's Privacy policy
Consent purpose(s): Information storage and access
Legitimate interest purpose(s): Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Feature(s): Linking Devices | Precise Geographic Location Data
Appier PTE Ltd's Privacy policy
Consent purpose(s): Information storage and access | Personalisation | Ad selection, delivery, reporting | Content selection, delivery, reporting | Measurement
Legitimate interest purpose(s): None
Feature(s): Matching Data to Offline Sources | Linking Devices | Precise Geographic Location Data
Cavai AS & UK 's Privacy policy
Consent purpose(s): None
Legitimate interest purpose(s): Ad selection, delivery, reporting
Feature(s): None

↧

IC3.gov 2019 Internet Crime Report: Its All About that BEC

February 16, 2020, 10:07 pm

≫ Next: What sites is Trickbot targeting?

≪ Previous: The Guardian helpfully provides Privacy Policies for the 577 Companies with whom they may share your data

For years I have been encouraging people to report their instances of Cybercrime to the FBI's Internet Crime & Complaint Center, IC3.gov. Based on the number of reports, people are finally doing just that. The growth in reporting over the last two years is remarkable -- driven in part by the desperation people are facing regarding two major cybercrime trends: Ransomware and Business Email Compromise. State and local authorities seem powerless to do anything about either of these, so finally they are encouraging (and in many cases helping) to get these crimes reported to the IC3, where we can use pattern matching to identify trends that reveal top criminals.

ic3.gov annual report

Comparing 2015 to 2019, cybercrime reports are up 61% ... with 467,361 complaints received just in calendar 2019. An average of 1280 complaints per day! But while the NUMBER of complaints has gone up by 61%, the dollars lost in those complaints has more than tripled! While Ransomware is certainly an important topic, the key difference in the financial impact has been Business Email Compromise. During calendar 2019, BEC complaints only accounted for 5% of the complaint volume (23,775 out of 467,361) that 5% of complaints accounted for 48.5% of all financial losses experienced by the victims ($1.7 Billion of 3.5 Billion!)

The good news on the BEC front is that the FBI has a stream-lined internationally successful process for recovering funds. Started in February 2018, the FBI's Recovery Asset Team has been getting better and better at their process. In Calendar 2019, the RAT was invoked on 1,307 cases, and were successful at recovering funds 79% of the time. Out of $384,237,651 stolen, they recovered $304,930,696! That is an amazing improvement over times past!

ic3.gov annual report

While Phishing, a crime that I've been personally invested in chasing for at least 15 years, remains the most commonly experienced crime, with 114,702 cases reported to the ic3.gov in 2019, from a financial perspective, it just isn't even close to BEC and Romance Scams, the two categories we also called out as most important in our review of the 2018 IC3.gov Report. (See our blog post: IC3.gov: BEC Compromises and Romance Fraud 2018 from last April.)

By victim count, BEC came in as the #6 category, while Romance Scams came in at #7.
But by dollars lost, BEC is clearly #1 and Romance Scams are clearly #2.

Crime Type	# Cases	......	Crime Type	$$s Lost
Phishing	114,702		BEC	$1,776,549,688
Non-Payment	61,832		Romance Scams	$475,014,032
Extortion	43,101		Spoofing	$300,478,433
Spoofing	25,789		Investment	$222,186,195
BEC	23,775		Real Estate	$221,365,911
Romance Scams	19,473		Non-Payment/Non-Delivery	$196,563,497
...			...
Identity Theft	16,053		Credit Card Fraud	$111,491,163
...			...
Credit Card Fraud	14,378		Phishing	$57,836,379
...			...
Tech Support	13,873		Tech Support	$54,041,053
...			...
Ransomware	2,047		Ransomware	$8,965,847

While these losses seem staggering, please remember that these are ONLY THE REPORTED losses. Especially in the area of Romance Scams, we believe the number is dramatically under-reported. Often this is because the victim is an elderly person who either hides their victimization because they are embarrassed by the loss, or perhaps never realizes that they've been scammed, especially in the case of a person who may be experiencing mental decline, but has no caretaker.

The Financial Crimes Enforcement Network, FinCEN, used a far different approach to trying to identify the scale of BEC attacks, as we reported last year in our blog article: FinCEN: BEC far worse than previously believed. FinCEN performed analysis on the Suspicious Activity Reports that are required of financial institutions in the United States and looked for tell-tale signs that the activity may have been a Business Email Compromise instance, whether reported to IC3 or not. Based on FinCEN's numbers, we estimated the amount of money stolen by BEC criminals to be $8.7 Million per day -- JUST IN THE United States!

Our friends at Agari, (Hi John! Hi Crane! Hi Ronnie! Hi Patrick!), do a great deal of work in the BEC space, including running the Business Email Compromise Working Group. Ronnie shared some stats in his blog last fall about how long it would take BEC crime to surpass each of several other crime types. I encourage the interested reader to check it out here: Business Email Compromise (BEC): Putting $26 Billion in Known Losses into Context.

State By State: BEC Statistics (2019)

The 2019 Annual IC3.gov report also has a break-down of state losses. As we did last year (see: http://garwarner.blogspot.com/2019/04/ic3gov-bec-compromises-and-romance.html ) , we've tried to normalize these numbers by allowing you to compare the number of BEC victims and losses per state, but also expressing those as an average loss per victim and the number of victims per 100,000 population in that state.

To allow the reader to easily see if their state number of victims or their average victims per loss is far above or below the average, we'll share that information here.

The national average was $71,569 loss per BEC victim.
The average state had 6.8 victims per 100,000 population.

So, for example, my state, Alabama, has far less than the average loss, and also fewer victims per 100,000 than the national average.

The ten states (or territories) with the highest average BEC loss per victim were:

Ohio	$395,000
Puerto Rico	$206,004
Virgin Islands	$188,544
Arkansas	$142,841
New Mexico	$118,006
New Jersey	$107,687
Nevada	$83,777
Illinois	$83,421
Kansas	$77,160
California	$74,732

And the states (or territories) with the highest rate of victimization per 100,000 population were:

DC	25.8
Alaska	12.8
Colorado	10.6
Virgin Islands	10.3
Rhode Island	10.2
Virginia	9.8
Connecticut	9.1
Massachusetts	9.0
California	8.8
Maryland	8.2

Here is the BEC data for each state from IC3.gov (plus the population and average that we calculated here:)

State	BEC Victims	BEC Losses	Avg Loss	Vics/10,0000
Alabama	218	$7,581,736	$34,779	4.4
Alaska	94	$6,762,874	$71,945	12.8
Arizona	447	$23,530,353	$52,641	6.1
Arkansas	112	$15,998,213	$142,841	3.7
California	3523	$263,280,775	$74,732	8.8
Colorado	620	$35,640,598	$57,485	10.6
Connecticut	324	$19,084,050	$58,901	9.1
Delaware	74	$3,191,516	$43,129	7.5
DC	186	$6,870,085	$36,936	25.8
Florida	1546	$96,235,703	$62,248	7
Georgia	570	$36,817,673	$64,592	5.3
Hawaii	79	$4,948,948	$62,645	5.6
Idaho	96	$2,318,883	$24,155	5.3
Illinois	782	$65,235,477	$83,421	6.2
Indiana	298	$11,544,682	$38,741	4.4
Iowa	157	$9,910,940	$63,127	4.9
Kansas	130	$10,030,805	$77,160	4.5
Kentucky	181	$10,404,075	$57,481	4
Louisiana	230	$11,002,217	$47,836	5
Maine	62	$554,976	$8,951	4.6
Maryland	501	$24,535,672	$48,973	8.2
Massachusetts	625	$45,944,094	$73,511	9
Michigan	579	$24,733,625	$42,718	5.8
Minnesota	428	$23,256,989	$54,339	7.5
Mississippi	82	$5,846,230	$71,295	2.7
Missouri	319	$10,285,655	$32,243	5.2
Montana	55	$2,497,998	$45,418	5.1
Nebraska	110	$5,177,581	$47,069	5.6
Nevada	195	$16,336,581	$83,777	6.2
New Hampshire	109	$4,180,792	$38,356	7.9
New Jersey	680	$73,227,280	$107,687	7.6
New Mexico	106	$12,508,677	$118,006	5.1
New York	1544	$112,212,230	$72,676	7.9
North Carolina	535	$23,134,683	$43,242	5
North Dakota	42	$2,355,277	$56,078	5.5
Ohio	613	$242,135,013	$395,000	5.2
Oklahoma	161	$10,110,690	$62,799	4.1
Oregon	317	$12,231,269	$38,584	7.4
Pennsylvania	826	$53,899,517	$65,254	6.4
Puerto Rico	24	$4,944,094	$206,004	0.8
Rhode Island	108	$7,007,312	$64,883	10.2
South Carolina	270	$7,433,141	$27,530	5.2
South Dakota	34	$879,695	$25,873	3.8
Tennessee	331	$12,938,403	$39,089	4.8
Texas	2149	$124,223,441	$57,805	7.3
Utah	229	$12,631,528	$55,160	7
Vermont	51	$1,131,002	$22,177	8.1
Virgin Islands	11	$2,073,984	$188,544	10.3
Virginia	842	$53,190,542	$63,172	9.8
Washington	606	$33,304,309	$54,958	7.8
West Virginia	48	$879,043	$18,313	2.7
Wisconsin	296	$8,908,811	$30,097	5.1
Wyoming	22	$711,872	$32,358	3.9
TOTAL			$71,569	6.8

State By State: Romance Scam Statistics (2019)

For "Confidence/Romance Scams"
the national average loss was $25,911 per victim.
the average number of victims per 100,000 population was 4.9.

In my state, we were about normal for victimization rate, with a slightly lower 4.1 victims per 100,000. We were also slightly below the national average loss per victim, with $21,166 lost per victim or Romance Scams.

The ten states that the highest average losses per victim for Romance Scams were:

Oklahoma	$70,288
Montana	$68,102
Massachusetts	$62,018
California	$48,891
Louisiana	$44,859
Washington	$33,700
Florida	$31,916
Rhode Island	$29,300
Delaware	$28,007
Colorado	$25,382

While the states with the highest number of romance scam victims per 100,000 population were:

Nevada	9.4
Wyoming	7.8
Alaska	7.1
Washington	7.0
Utah	6.9
New Hampshire	6.4
Minnesota	6.4
Florida	6.2
Maryland	6.1
Oregon	6.1
Colorado	6.0

State	Romance Scam Victims	Losses	Avg Loss	Vics/10,000
Alabama	201	$4,254,420	$21,166	4.1
Alaska	52	$621,265	$11,947	7.1
Arizona	419	$5,605,375	$13,378	5.7
Arkansas	124	$2,805,097	$22,622	4.1
California	2206	$107,853,977	$48,891	5.5
Colorado	353	$8,959,763	$25,382	6
Connecticut	176	$3,362,156	$19,103	4.9
Delaware	44	$1,232,292	$28,007	4.5
DC	36	$199,106	$5,531	5
Florida	1363	$43,500,838	$31,916	6.2
Georgia	437	$6,524,578	$14,930	4.1
Hawaii	75	$1,705,801	$22,744	5.3
Idaho	92	$1,421,497	$15,451	5
Illinois	518	$11,047,440	$21,327	4.1
Indiana	288	$3,249,354	$11,282	4.3
Iowa	107	$1,650,707	$15,427	3.4
Kansas	107	$1,710,339	$15,984	3.7
Kentucky	195	$1,941,242	$9,955	4.3
Louisiana	160	$7,177,382	$44,859	3.4
Maine	49	$187,176	$3,820	3.6
Maryland	372	$7,707,631	$20,719	6.1
Massachusetts	285	$17,675,211	$62,018	4.1
Michigan	433	$6,384,635	$14,745	4.3
Minnesota	363	$6,846,879	$18,862	6.4
Mississippi	93	$1,286,258	$13,831	3.1
Missouri	304	$5,157,304	$16,965	4.9
Montana	53	$3,609,397	$68,102	4.9
Nebraska	72	$942,695	$13,093	3.7
Nevada	294	$4,195,843	$14,272	9.4
New Hampshire	88	$1,513,143	$17,195	6.4
New Jersey	363	$7,780,273	$21,433	4.1
New Mexico	114	$1,648,758	$14,463	5.4
New York	931	$19,695,267	$21,155	4.8
North Carolina	422	$5,924,081	$14,038	4
North Dakota	36	$335,781	$9,327	4.7
Ohio	456	$5,728,118	$12,562	3.9
Oklahoma	182	$12,792,492	$70,288	4.6
Oregon	261	$4,351,573	$16,673	6.1
Pennsylvania	607	$14,126,697	$23,273	4.7
Puerto Rico	59	$357,154	$6,053	1.9
Rhode Island	55	$1,611,497	$29,300	5.2
South Carolina	212	$4,695,662	$22,149	4.1
South Dakota	27	$351,153	$13,006	3
Tennessee	293	$4,948,521	$16,889	4.2
Texas	1287	$32,414,594	$25,186	4.4
Utah	228	$4,543,173	$19,926	6.9
Vermont	23	$286,638	$12,463	3.7
Virgin Islands	4	$10,301	$2,575	3.7
Virginia	468	$8,032,153	$17,163	5.4
Washington	548	$18,467,450	$33,700	7
West Virginia	89	$1,454,180	$16,339	5
Wisconsin	291	$3,671,646	$12,617	5
Wyoming	44	$320,267	$7,279	7.8
TOTAL			$25,911	4.9

↧

What sites is Trickbot targeting?

March 5, 2020, 5:54 am

≫ Next: CAUCE Spamfighters Rally Against Corona Health Fraud Affiliate programs

≪ Previous: IC3.gov 2019 Internet Crime Report: Its All About that BEC

Its been a while since we decoded Trickbot configs to see what banks and organizations were being actively targeted. While recently most of the news about Trickbot has been how it drops the Ryuk Ransomware, and that is certainly important, we can't forget that Trickbot is first and foremost a Banking Trojan / Infostealer that is designed to steal website credentials from infected users. While there are many fascinating add-on modules that perform other actions, such as inventorying the network on which an infected machine resides, attempting to dump Windows Domain credentials, and launching remote control backdoors, THE DEFAULT BEHAVIOR IS TO STEAL WEBSITE CREDENTIALS. Every website where the user types data has the data captured and sent to the Trickbot operators, but certain websites are specified for more nuanced interactions, which could be to only steal data from particular sub-pages, or could be to alter the appearance of the website to request additional data not being asked for by the website. This latter behavior is called a "Web Inject" and on Trickbot, they are listed in an encrypted file named "dinj" for "Dynamic Injections."

Like many malware researchers, I use the fantastic tools developed by @hasherezade to help decode the configuration files of Trickbot to see what the current collection of URLs in the DINJ file is targeting.

DINJ file breakdown (04MAR2020 by @GarWarner)

The DINJ file for trickbot contain lists of URL patterns labeled with markup tags / .

In the file I used for this analysis, updated from the Command & Control on 04MAR2020, there were 84 "igroups" containing 329 URL patterns, targeting 131 named domains.

In the current DINJ file, the most common target is Japanese banks and financial institutions. Each of the 41 URLs below were for Japanese organizations:

82bank.co.jp	eposcard.co.jp	lifecard.co.jp	shinkin-ib.jp.
aeon.co.jp	fukuokabank.co.jp	michinokubank.co.jp	shinwabank.co.jp
aeonbank.co.jp	gogin.co.jp	miyagin.co.jp	shizugin.net
amazon.co.jp	gunmabank.co.jp	mizuhobank.co.jp	shizuokabank.co.jp
anser.ne.jp	higobank.co.jp	mufg.jp	shokochukin.co.jp
awabank.co.jp	hirogin.co.jp	ncbank.co.jp	tominbank.co.jp
bk.mufg.jp	hokkokubank.co.jp	orico.co.jp	tsukubabank.co.jp
chibabank.co.jp	hokuyobank.co.jp	pocketcard.co.jp	vpass.ne.jp
chugin.co.jp	jaccs.co.jp	rakuten.co.jp	yamagatabank.co.jp
chushin.co.jp	juroku.co.jp	ryugin.co.jp
daishi-bank.co.jp	keiyobank.co.jp	saisoncard.co.jp

US Banks were second in popularity

53.com	citizensbankonline.com	iccu.com	regions.com
ally.com	cu1.org	iconnectdata.com	secureinternetbank.com
amegybank.com	discover.com	key.com	suntrust.com
americanexpress.com	ebanking-services.com	mtb.com	usaa.com
bankofamerica.com	efirstbank.com	navyfederal.org	usbank.com
bmo.com	firelandsfcu.org	nbarizona.com	vancity.com
capitalone.com	huntington.com	onlinebank.com	vectrabank.com
ccservicing.com	ibanking-services.com	paypal.com	zionsbank.com
chase.com		pnc.com

Followed by German Banks

bawagpsk.com	consorsbank.de	ing-diba.de	raiffeisen.at
berliner-bank.de	deutsche-bank.de	lzo.com	santander.de
comdirect.de	haspa.de	norisbank.de	sparda.de
commerzbank.de	ing.de	postbank.de	targobank.de

Some of the other targets were especially interesting to me.

The Brokerages:
Ameritrade.com, eTrade.com, Schwab.com

The Big Retails:
Amazon.com, BestBuy.com, CostCo.com, eBay.com, Grainger.com, SamsClub.com

The CryptoCurrency Exchanges/Companies:
Binance.com, BitFinex.com, BitStamp.com, Blockchain.com, CoinBase.com, CoinMarketCap.com, CryptoCompare.com, DogeChain.info, Kraken.com, Paxful.com

And two Payroll companies, which may be especially interesting as we are in Tax Season in the USA. Curiously these two are both part of the same "igroup":
ADP.com and Paychex.com

Especially since they are targeting ADMINISTRATORS of those Payroll systems, based on the strings I'm seeing:
*runpayroll.adp.com/*
myapps.paychex.com/*_remote/*

If you are curious to see more of the current DINJ file, I've shared it as a PasteBin file here:

GarWarner's Trickbot DINJ file 04MAR2020
(updated URL: Pastebin removed the first one, trying again.)

URL Patterns in Trickbot DINJ

Some patterns do not identify a domain, such as the pattern "https://.*.de/privatkunden/*" (which says "we don't care which German Bank we're looking for, but if they have a URL that includes "private customers", go ahead and grab stuff from there. The pie chart above only maps organizations where a full domain was identified.

Remember that the default is GRAB EVERYTHING, but URLs with specific strings on a site will be sent back to the criminals "tagged for action" making it easier for them to harvest and take action on those pages. Here's an example of URLs related to NavyFederal:

So, while there may be many other places on the NavyFederal website that request user interaction, three particular URL patters are targeted for prioritized collection. The "s=" number tells which iGroup the URL belongs to (all of the URLs in 1535723065134935 belong to Navy Federal), the "id=" tells what sub-URL the visitor was on when they submitted this particular data.

The "Ignore-Mask" flag can be used to tell Trickbot not to gather particular data (for example, in the NavyFederal block above, it says Ignore everything related to Javascript and Stylesheet pages), or to say "Don't gather this data as part of the current "LM" because we already got it elsewhere, as seen in this Norris Bank block:

In this iGroup for NorisBank, there are three specific patterns that each extract data to a particular location, so when the generic pattern "*norisbank.de*" is used, it instructs the bot not to include those subURLs that have already been captured separately.

A Bit of Spam Context

As everyone probably knows by now, the top spamming botnet since the death of Kelihos has been Emotet. Emotet is involved in the distribution of several banking trojans, including TrickBot which is known to be the main source of Ryuk ransomware infections, and Qbot, which often leads to MegaCortex ransomware, and even Dridex, which sometimes leads to BitPaymer ransomware.

There are many great Emotet/Trickbot researchers out there, especially the @Cryptolaemus research group, which shares Emotet Indicators of Compromise regularly, and @pollo290987, who shared this graphic on his Twitter feed:

Trickbot is ALSO distributed by other sources, which Crowdstrike does a great job of illustrating in this diagram that maps out the relationships between spambots and malware payloads:

CrowdStrike Actor Labels for Emotet => Trickbot => Ryuk etc.

In the Crowdstrike worldview, "Mummy Spider" is the actor(s) behind Emotet, who serves his customer "Wizard Spider" by delivering Trickbot for him/them. Post infection with Trickbot, Wizard Spider may choose to infect with Ryuk Ransomware. Per Crowstrike, Lunar Spider (the operator of BokBot AKA IcedID) and Scully Spider (the operator of DanaBot) also occasionally are used to distribute Trickbot. But mostly, its Emotet.

↧

CAUCE Spamfighters Rally Against Corona Health Fraud Affiliate programs

March 22, 2020, 11:54 pm

≫ Next: Following Putin Order, FSB Cracks Down on Russian Credit Card Marketplaces

≪ Previous: What sites is Trickbot targeting?

My email box is full of Coronavirus / COVID-19 frauds and scams. I have Corona malware disguised as product catalogs. I have fake World Health Organization emails asking me to donate my Bitcoin to them. I have more than 30 fake breathing mask selling websites that my friends at ScamSurvivors and AA419 are helping to track. But you know what makes me REALLY MAD?

The monsters who are using the same fake news websites to drive their affiliate-marketing program scams to sell Immunity Oil to people who are desperate to protect their families and loved ones. As a member of the CAUCE Board (the Coalition Against Unsolicited Commercial Email) I immediately reached out to Neil Schwartzman, my personal spam fighting hero and the founder of CAUCE. Even though we both know these are the same snake oil charlatans who have been in the spam business for a decade, perhaps now that they are putting people's lives in true danger someone will finally do something to shut these scammers and spammers down. (Note, I'm not speaking for CAUCE here, I'm just mentioning that I'm proud to fight spammers with them.)

The first claim we'll face, of course, is that "we don't claim that our product fights the Corona Virus."

My first refutation would be the email subjects being used to spam their products. The first email I got yesterday was this one, with the subject "Protection From Corona Virus With Immunity Oil"

Delivery-date: Sat, 21 Mar 2020 17:06:42 -0500
Received: from [49.12.47.247] (port=47288 helo=urrmwipzqlpakl.xyz)

From:Miracle Virus Oil
Subject:Protection From Corona Virus With Immunity Oil

https://malkommal.ams3.digitaloceanspaces.com/immcoronfgdf.htm

Here's the screenshot of the email message I received this afternoon.
Please note the email subject:
"Fight back against the coronavirus outbreak! Pure Herval Total Defense Immunity Blend"

Visiting many spammed URLs will result in 404 pages, because they have to be visited through the correct chain of referring URLs, which is one defensive measure that Spamfighter Schwartzman and I are well accustomed to.

The latter email contains the URL:

https://www.coverbits.com/MD7PRSL/P4RMRH1/

which in turn forwards to

https://www.mynutritionalnews.com/fox_virusout/?CID=411328&AFID=428186&SID=11349

The "CID""AFID" and "SID" are the Campaign ID, and the Affiliate ID. Affiliate 428186 is the one who will get paid for this sale, if I were stupid enough to buy it. The Campaign ID is necessary, because the company is marketing the product with many different labels and "look and feel" packaging. For example, some of the Immunity Blend claims to be a "CBD Oil" that protects you from Corona Virus because CBD has anti-inflammatory properties ... like this ad, which claims it is a "Corona Mom Advertorial."

No matter which of the fake Immunity Blend appeals you start with, you'll end up (currently anyway) on the website Apusserum.com ... one of my click-throughs had this targeting label set:

https://apusserum.com/os-immune?client=oc34&router=33BC68E20ADE3EC44FEBB231517852543676&affid=428364&subid=435966&aff_sub=435966&s1=435966&ClickID=03_53914656_b5e9d7eb-a1b2-4572-bdbe-703787c7af4c&CID=411328&subid1=18799&subid2=oil&AffiliateReferenceID=1791440349&CustID=cid-5e78342a60e28

Notice the little pop-ups in the bottom left ... messages popping up non-stop about all
of the other customers buying this stuff non-stop!

Clicking through from a different affiliate, I end on a different looking sales page, but clearly the same product being sold in a different bottle.

https://apusserum.com/total-home?client=oc34&router=33B10BC5AC6158F8379A1FB1583427143024&affid=429966&subid=350174&aff_sub=350174&s1=350174&ClickID=03_53907140_7f1f58f0-4a15-4bd0-a3f6-301853578920&CID=432356&subid1=&subid2=&AffiliateReferenceID=3ossxjk2uia2

The claims made on the "orange cap" version are shown here, but short version. You can clean your counters, purify the air, and "boost your immunity" by using it as a skin cream. The Essential Oil Mommies will love this stuff, it has Cinnamon Leaf, Lemon, Clove Bud, Lime, Eucalyptus Globulus, Rosemary, Peppermint, Spearmint, and Oregano. None of which, last I checked, are an alcohol based disinfectant, or an anti-viral.

Of course they are carefully saying NOTHING about it treating viruses of any sort on the actual product page. We'll just put a huge coronavirus image on the page as a pretty medical picture without making any claim about that.

The stuff that sounds like science there is from the same source that was used to sell essential oil / snake oil during the H1N1 flu scare in 2010 (one such product was called "On Guard"). If you'd like to read the article, it's here: Protective essential oil attenuates influenza virus infection: An in vitro study in MDCK cells. )

Fake Fox News?

No matter which entry point you visit to get started, a link in one of the many spam messages, or a link from social media (we've found sellers on both Twitter and Facebook, and reported them for removal.) The first site you visit will be a pseudo-news site that SEEMS to be somehow related to Fox News, without EXACTLY saying that ... while it isn't saying you are on Fox News, it is giving the byline for this story to "Janine Puhak | Fox News" and at the bottom of the page, repeats this by providing Janine's Twitter handle -- @JaninePuhak, and beneath the first main photo, it says "Fox News Flash Top Headlines for March 23, 2020" and "Check out what's clicking on FoxNews.com."

www.mynutritionalnews.com/fox_virusout/ or dailyxhealth.com/us-cv-1/ as examples
(Note that you may need to be "referred" from the right URL for this content to load)

While some of the sites have hidden the Fox News logo, others have not. This one still has it, for example.

https://www.outbreakliveupdates.com/foxnews_outbreak/ . affid=428139&subid=6606

Others had gone even further to "De-Fox" themselves:

https://www.healthy-tips.life/healthytips_cor/

Healthy-Tips.life changed the logo and byline to be "World Break News" without changing a single word of the article.

The Second Scam

The first scam is that you are buying a fake product that you think will help you with Corona Virus. The second scam is that they are going to bill you more and more frequently than you think, and based on the Better Business Bureau complaints against many other companies run by the same outfit at the same address, this will probably happen to you as well.

The product Terms and Services says that if you don't cancel your order within the allotted time, you'll start being billed $89.95 per month on the credit card you provided at the time of the order. The company named in the Terms and Services is:

Finest Herbalist
PO Box 534
Pleasant Grove, UT 84062

The "Contact Us" page gives this information:

Contact Us
You can contact Finest Herbalist Customer Service for any questions, comments, or testimonials.

Phone: 1 (844) 899-2977
Email: help@finestherbalist.com
Hours of Operation: 8am to 8pm EST daily

A company named "Herbalist Oils" that coincidentally is also at PO Box 534 in Pleasant Grove, Utah, has an "F" grade from the Better Business Bureau with complaints such as these:

07/20/2019
Herbalist Oils, also known as First Class Herbalist CBD, of 4Bush Holdings, LLC is a scam. They offer a free bottle of CBD oil and latter I found out my bank account to be charged over 200.00 plus 89.99 thereafter for a subscription that I was unaware of for "Deep sleep" roll on. I contact them via email many times and they did not answer. There is nowhere on their website page that states this is a monthly subscription or that one will be charged more than the shipping fee for a free bottle of CBD oil. They ended up sending me 6 bottles of CBD oil. The oil is substandard and does not live up to its claims, however, I thought like some medications one might need to wait a few weeks for it to work....it never did. I then ended up receiving a bottle of deep sleep again and thought that this was another mistake on their behalf. I wrote them an email regarding this but I heard nothing back. After a few more months of this bottle being sent to me and not being able to get a return email from them, I finally called customer service. On the first phone call, I was told the subscription was canceled and my bank was never charged Subscription? this is the first I heard of any subscription. I then reviewed my bank statements and found indeed I was charged monthly as well as being charged over 200.00 initially. I called their customer service again and after some discussion, I was able to get two months of the 89.00 charges refunded. They stated since it's over the 30 day refund time no other refund will be allowed. The refunds never showed up in my bank account.

Curiously, there are even more businesses at PO Box 534 in Pleasant Grove, Utah. In fact, there are at least 45 Better Business Bureau complaints in the past 3 years for businesses at that address, including:

Keto Ultra Diet
Manifest Health Plan
Primal Pro Wellness
Sunshine Heath and Wellness
Plant Pure Diet and Beauty
Tru Slim Living

A summary of the 45 complaints against them is available from the Better Business Bureau website. But they all say basically the same thing. "I thought I was getting a free trial product for $4.95 shipping, but then they charged me $89.95 (or other numbers, up to $200) and I couldn't get them to stop!"

Other businesses at the same address include:

Keto Trim Diet

Keto Melt & Trim 800

Keto Pro Diet

Forskolin Trim Diet

Body Performa Keto

Healthy Rapid

Ansa Naturals Online

So how does the Affiliate program work? First, you need to sign up for a slimy affiliate program. Most of the CoronaVirus spam that you are getting right now probably comes from affiliaXe, an affiliate program that clearly doesn't care whether their affiliates are selling real products or snake oil, and don't mind paying people a commission to get caught in credit card no-refund scams. Take a look at your CoronaVirus spam ... then look at the products AffiliaXe is marketing.

That's some of my Corona Virus spam for the past day ... big spammers: Breathing masks, Germidin, and Thermosense "touchless" thermometers. Everybody has an affiliate program. H8M8. Konex.

Masks, Wipes, Germidin, SafeMasks, UV Cleaners, Smart Sanitizer Pro, Immunity Blend (as above) and the Survival CoronaVirus Pandemic Guide are the top programs looking for spammers (oops! I mean Affiliates!) at AffiliaXe right now ...

Why so many people pushing Immunity Blend right now? Well, of all the products at AffiliaXe, its the only one offering a $90 Commission for your first sale! Compare below:

If you visit the live AffPlus site, each of those lines has a "link" icon appear when you hover over it. So, yes, we can confirm that clicking the "preview link" on the Immunity Oil affiliate program from AffiliaXe really does take you to the Apus Serum website as above. ( https://apusserum.com/os-immune ). And sense every AffiliaXe affiliate has to upload a photo of their drivers license to join the program, it should be pretty easy for someone who cares about these scammers to shut them down.

↧

Following Putin Order, FSB Cracks Down on Russian Credit Card Marketplaces

March 26, 2020, 11:20 pm

≫ Next: Covid-19 / CoronaVirus Domains: a looming threat?

≪ Previous: CAUCE Spamfighters Rally Against Corona Health Fraud Affiliate programs

Earlier this week I was chatting with one of the top experts on Russian Cybercrime (who has asked to remain anonymous here). We were discussing the news that was released on 24MAR2020 that the FSB had raided 62 addresses in 11 regions of Russia arresting cybercriminals for their involvement in the online sales of stolen credit cards.

There are some GREAT videos of the FSB in action ... this first one from Gazeta.ru

According to the Gazeta articles, the FSB arrested 30 members of an online hacking group, including programmers from Ukraine and Lithuania. Twenty-five were charged with "Illegal circulation of a means of payment," which in Russia is a violation of Section 2 of Article 187. Region15.ru adds that the raids were conducted at 62 different addresses, including operations in Crimea, North Ossetia, Kaluga, Leningrad, Moscow, Pskov, Samara and Tambov, Moscow, St. Petersburg, and Sevastopol.

An embeddable image (same video) from Kuban.kp.ru shows image after image of those being arrested in the raids ..

More than $1 million USD and 3 million Rubles were seized, as well as computer equipment, firearms, drugs, gold bullion and precious coins. Many fake identity documents were also seized, including Russian Federation passports and counterfeit law enforcement officer IDs. Several of those arrested had been previously prosecuted for similar crimes. Russia Today's coverage of the story cites a December 2019 report by Sberbank saying that criminals frequently convince victims to give up their card details through social engineering by telephone. They also mention that in October at least 60 million Sberbank credit cards were being traded on the black market. The FSB arrested a criminal who used the name "Anton 2131" and lived in Volgograd with regards to some of that data.

Other coverage by Scandaly.ru indicated that at least 15 men and 1 woman among the arrested were held without bail in a Moscow court, being accused of serious crimes that would have sentences of at least 7 years. That article also mentioned that most of the 90 criminal marketplaces run by these criminals were taken offline on March 18th and March 19th. FSB investigators are now going through these servers to identify "wholesalers." They say they are interested in any customers who purchased more than 500 credit cards from the shops.

A CyberCrime Crackdown in Russia? What Happened?

When I asked my Russian Cybercrime Expert friend what was behind the large volume of raids, his reply was direct: President Putin. He shared with me this article from duma.gov.ru:

Вячеслав Володин принял участие в расширенном заседании коллегии Генеральной прокуратуры РФ (Vyacheslav Volodin took part in an expanded meeting of the board of the Prosecutor General of the Russian Federation)

As President Putin addressed the board of the Ministry of Internal Affairs, he charged them strictly that they needed to pay "constant attention to the Internet" and "work to identify the organizers and instigators who should be deservedly punished" for their crimes. The Duma article said it like this:

"[President Putin] demanded that law enforcement agencies develop a system to combat cybercrime. Speaking at an enlarged meeting of the board of the Prosecutor General’s Office of the Russian Federation, he noted that in recent years “extremely negative dynamics have been recorded in crimes related to the use of information technology”.

“I’m asking the Prosecutor General’s Office, together with the Ministry of Internal Affairs and other relevant structures, to analyze how efficiently the work in this area has been built, how the available procedural capabilities are being used, and in general I’m asking for a system, a set of measures to reduce the number of such crimes,” the head of state said.

Guess what happens when President Putin orders the Prosecutor General to do something to reduce the number of cybercrimes in Russia? The FSB gets to work arresting people!

Russian Credit Card Criminals Detained

While the names of those arrested were not listed in any article, it was fairly simple to pull them together, once my Russian colleague showed me the ropes of the "mos-gorsud" site where federal charges are tracked. By searching for "Article 187 Section 2" and limiting my scope to people arrested in March 2020, I came up with this list of likely players:

Шувалов А.В - Shuvalov A.V. - in court 20MAR2020 - 77RS0027-01-2020-004928-65
Светличный Л.И. - Svetlichny L.I. - in court 21MAR2020 - 77RS0027-01-2020-004942-23
Малинин М.А. - Malinin M.A. - 20MAR2020 - 77RS0027-01-2020-004935-44
Строганов А.Т. - Stroganov A.T. - 20MAR2020 - 77RS0027-01-2020-004934-47
Ахметов В.А. - Akhmetov V.A. - 21MAR2020 - 77RS0027-01-2020-004946-11
Селиванов Г.В. - Selivanov G.V. - 20MAR2020 - 77RS0027-01-2020-004924-77
Карпунин С.В. - Karpunin S.V. - 20MAR2020 - 77RS0027-01-2020-004936-41
Федотов И.О. - Fedotov I.O. - 20MAR2020 - 77RS0027-01-2020-004933-50
Галкин А.В. - Galkin A.V. - 20MAR2020 - 77RS0027-01-2020-004929-62
Синицын А.В. - Sinitsyn A.V. - 21MAR2020 - 77RS0027-01-2020-004944-17
Смирнов А.М. - Smirnov A.M. - 21MAR2020 - 77RS0027-01-2020-004937-38
Бобин А.С. - Bobin A.S. - 20MAR2020 - 77RS0027-01-2020-004926-71
Мерлин Э.А. - Merlin E.A. - 21MAR2020 - 77RS0027-01-2020-004925-74
Белай В.В. - Belay V.V. - 21MAR2020 - 77RS0027-01-2020-004945-14
Васильев Р.Р. - Vasiliev R.R. - 21MAR2020 - 77RS0027-01-2020-004943-20
Юшковский А.А. - Yushkovsky A.A. - 20MAR2020 - 77RS0027-01-2020-004897-61

Now my challenge, gentle reader, what were the hacker names of these individuals, and what shops did they run? Please comment below or message me if you have more details!

Updates As We Find Them

Строганов is Alexey Stroganov aka Flint24 according to this post by Brian Krebs - Russians Shut Down Huge Card Fraud Ring

Селиванов is Gerasim Silivanon aka Gabrik according to the same post.

Some of the sites known to be offline now are MrWhite[.]biz, BingoDumps, DumpsKingdom, GoldenDumps, HoneyMoney, and HustleBank.

Krebs also had the link to the FSB announcement from 24MAR2020

CyberScoop.com's piece, Rare cybercrime enforcement in Russia yields 25 arrests, shutters 'BuyBest' marketplace, mentions Flint24 as well and suggests that wuzzup[.]com, dumpsmania24[.]com were also part of the takedown. BuyBestCC and BuyBestBiz were two of the many mirror sites.

GeminiAdvisory's story "FSB Takes Down Top-Tier Marketplace, Arrests Admins" mentions that Flint24 was a character in Sergey Pavlovich's book, "How to Steal a Milion." They also list a couple additional BuyBest mirrors, BinGo and Yohoho.

↧

Covid-19 / CoronaVirus Domains: a looming threat?

April 2, 2020, 10:27 am

≫ Next: Map It. Zap It. Covid-19 and Rural America #GoodCovidDomains

≪ Previous: Following Putin Order, FSB Cracks Down on Russian Credit Card Marketplaces

I mentioned previously that CAUCE is watching for spammers who want to commit fraud or make a quick buck pumping out spam for fake products. (See: CAUCE Spamfighters Rally Against Corona Health Fraud Affiliate programs .) One of the things that project has led to is trying to figure out what other forms of fraud and abuse may be going on with regards to newly registered domains that may be "suspicious." One thing we learned long ago is that fraudsters love a good disaster!

The fine folks at DomainTools have been sharing a curated domain list but I thought it might be interesting to my readers to see the types of things being found. Our methodology is to pull the daily list of all newly registered domains, filtering on a number of suspicious terms (more than DT's list). While DomainTools has a great start, and indeed has more than 104,000 domains on their list, we wanted to come up with a theory of how to "cluster the badness."

In the "domainer" world, many people make a living by speculatively purchasing enormous numbers of domains, and either placing them for sale, or covering the domains with advertisements that generate revenue for them. Each domain may only make a few cents per day, but if you have tens of thousands of them, you can earn a living. Yesterday I was on a 100+ party conference call hosted by some FBI people when someone made the claim that "more than half" of the Covid domains that have been created are being used to spread malware and phishing. We certainly don't agree with that assessment. The vast majority of the domains we have reviewed are being used for simple "domain speculation" -- let's buy fifty domains and see if we get lucky!

While there are many forms of "shady activity" going on among these domains, there are also some BRILLIANT publicly minded projects being run by data scientists and health care workers. The truth is that we don't have time to go into all of the domains and check each one by hand. I asked a brilliant student in my lab, Zack Knight, to lend me a hand. Zack took the opportunity to intern with the UAB Security Operations Center last summer and has an interest in automating analysis of risks, so he was a great choice to work on this project. I gave Zack my "daily domains" and asked him to look up the IP address upon which one is hosted, and resolve it to an ASN and country code. It is VERY LIKELY that newly registered covid-domains that are hosted on the same IP address may be related to one another. Those that are in big batches of dozens or hundreds on the same IP are likely still in "domain speculator" hands, while those that are resolving to a single IP are more likely to be being used for some form of project -- good or malicious!

I'm sharing Two Days of newly registered domains below and would love for you to brainstorm with me on the best ways to spot goodness or badness among them. PLEASE DO NOT VISIT THE DOMAINS without using some form of "safety" precautions. (At a minimum, a Virtual Machine) as it is very likely that SOME of these domains are malicious!

If you find a domain that you think is a cool project, or a domain that you can demonstrate is malicious, feel free to comment below or tweet me about it (@garwarner). Use "#goodcoviddomains" or "#badcoviddomains" as a hashtag if you want to play along from home.

Example: @garwarner #goodcoviddomains yomamagotcorona[.]com - This domain tells "Yo Mama" jokes about Corona and invites people to donate to help fight Corona through WHO or NYC.gov

Example: @garwarner - #badcoviddomains corona-safety-masks[.]com - This domain sells medical masks from a company with no history of being a medical supplier

++++++++++++++++++++++++++++++++++++++
Domains Registered from 27MAR to 30MAR2020
++++++++++++++++++++++++++++++++++++++
Please see the list on my website: Corona-Domains from 27MAR to 30MAR
++++++++++++++++++++++++++++++++++++++
Domains Registered 31MAR2020
++++++++++++++++++++++++++++++++++++++
Please see the list on my website: Corona-Domains from 31MAR
++++++++++++++++++++++++++++++
Domains Registered on 01APR2020
++++++++++++++++++++++++++++++

198.185.159.145	ASN: 53831	Country: US	SQUARESPACE - Squarespace, Inc.
	Domain Names: 7
		86coronavirus[.]com
		covid19virussaftey[.]com
		covidhge[.]com
		covidmoney[.]net
		ma-covid-data[.]com
		sinaiimmunologycovid19[.]com
		virusrxusa[.]com

192.0.78.151	ASN: 2635	Country: US	AUTOMATTIC - Automattic, Inc
	Domain Names: 1
		adcoronavirus[.]com

184.168.221.39	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 12
		aftercoronavirus[.]life
		corona-accomplishments[.]net
		coronaviruscareact[.]com
		taxhelp4coronavictims[.]com
		thecoronacats[.]com
		covid-19suppliers[.]net
		covid-20drones[.]com
		covid19employerlawsuit[.]com
		covid19femassistance[.]com
		covida19us[.]com
		covidloanexpress[.]com
		wecleancovid-19[.]com

Not registered	ASN:	Country:
	Domain Names: 167
		aftkscoronavirus[.]com
		corona-forex[.]com
		corona-immunity-tests[.]net
		corona-immunity[.]net
		corona-meds[.]net
		corona-z[.]net
		corona4cast[.]com
		coronaboss[.]com
		coronacashusa[.]com
		coronacureglobal[.]com
		coronadesinfect[.]com
		coronadestekol[.]com
		coronaerotica[.]com
		coronafilmfest[.]com
		coronainfluenza[.]net
		coronakahani[.]com
		coronameetsquarantine[.]com
		coronaorthopedic[.]com
		coronapositives[.]com
		coronareset[.]net
		coronaresin[.]com
		coronavirusaidbill[.]com
		coronavirusaidrelief[.]com
		coronavirusantibodytest[.]net
		coronavirusdeaths[.]net
		coronavirusinfluenza[.]net
		coronavirusmasks[.]biz
		coronavirusquarantine[.]net
		foxnewscoronaviruslawsuit[.]com
		freecoronavirusloans[.]com
		gpscoronavirus[.]com
		ikilledcorona[.]com
		kickthecoronavirusring[.]com
		kits-coronavirus[.]com
		neveragaincoronavirus[.]com
		neverforgetcoronavirus[.]net
		onestopcoronavirus[.]com
		onestopcoronavirusinfo[.]com
		post-corona[.]life
		reclamacionescoronavirus[.]net
		remedioscoronavirus[.]com
		suisse-corona[.]com
		testcoronaviruscovid[.]com
		testerapidocorona[.]com
		thecoronavirusfurlough[.]com
		vaccinecoronaviruscovid[.]com
		vacunacoronaviruscovid[.]com
		0covid19[.]com
		2o2ocovid-19[.]com
		alertacovid[.]com
		amparocovid19[.]com
		apicovid[.]com
		australiacovid19[.]com
		buycovidtests[.]com
		catchcovid[.]com
		cignacovid19answers[.]com
		covid-19-pneumonia-ai-dx[.]com
		covid-19memorialday[.]com
		covid-19memory[.]com
		covid-19personalfacemask[.]com
		covid-19relieffunding[.]com
		covid-19reliefregistry[.]com
		covid-19worldwar[.]com
		covid-1nine[.]com
		covid-a-thon[.]com
		covid-hla[.]net
		covid-immunity-tests[.]com
		covid-immunity-tests[.]net
		covid-immunity[.]com
		covid-immunity[.]net
		covid-one9[.]com
		covid-widget[.]com
		covid19-antibodies[.]com
		covid19-antibodies[.]net
		covid19-clinicaltrials[.]com
		covid19-clinicaltrials[.]net
		covid19cd[.]com
		covid19discussion[.]com
		covid19f[.]com
		covid19furlough[.]com
		covid19investment[.]com
		covid19loanexperts[.]com
		covid19masks[.]biz
		covid19memory[.]com
		covid19notifications[.]com
		covid19onestop[.]com
		covid19relieffinance[.]com
		covid19reliefregistry[.]com
		covid19rescue[.]net
		covid19restart[.]com
		covid19review[.]com
		covid19rt[.]com
		covid19testri[.]com
		covid19trap[.]com
		covid19worldwar[.]com
		covid19zapp[.]com
		covid1ninevaccine[.]com
		covidbusinessprograms[.]com
		covidcarelending[.]com
		covidcashcalc[.]com
		covidcenterbarby[.]com
		covideo[.]chat
		covidgr[.]com
		covidhealthkit[.]com
		covidinmemoriam[.]com
		covidioke[.]com
		covidkey[.]com
		covidliquors[.]com
		covidlog[.]net
		covidmin[.]com
		covidnearus[.]com
		covidnearus[.]net
		covidnews[.]media
		covidpaycheckprotection[.]com
		covidpaypayrollprotection[.]com
		covidpayrollrelief[.]com
		covidreliefsupport[.]com
		covidsbaapplication[.]com
		covidtestbrasil[.]com
		covidtestresults[.]com
		covidtestri[.]com
		covidum[.]com
		covidvs[.]com
		covidwidget[.]com
		covidzapp[.]com
		fightcovidnepal[.]com
		getcovid19kit[.]com
		gouvcanada-covid19[.]com
		hidingfromcovid19[.]com
		indizen-covid19[.]com
		italiacovid-19[.]com
		italiancovid-19[.]com
		kevzara-covid19[.]com
		kevzara-covid19[.]net
		kevzaracovid19treatment[.]com
		kevzaracovid19treatment[.]net
		mdcoviddefense[.]com
		murrietacovid19[.]com
		mycovid19alert[.]com
		neveragaincovid19[.]com
		onestopcovid19[.]com
		onestopcovid19[.]net
		pandemic-covid-19[.]net
		registercovid19[.]com
		testforcovidimmunity[.]com
		unite-against-covid[.]com
		united-against-covid[.]com
		usacovidtest[.]com
		viruscovid19news[.]com
		wmasscovid[.]com
		123novirus[.]com
		calmingthevirusmindset[.]com
		cleanskinantivirus[.]club
		conqueringoverwhelmingvirusesinvasionsdaily[.]club
		conqueringoverwhelmingvirusesinvasionsdaily[.]life
		ertantivirus[.]club
		fightallvirus[.]life
		novirus[.]pro
		redvsvirus[.]com
		vgvirusattack[.]com
		virus365[.]net
		viruscombatgear[.]com
		virusdatamap[.]com
		virusmedicalsupplies[.]com
		virusmedicalsupplies[.]net
		virusponge[.]com
		virusxxi[.]com

87.98.150.35	ASN: 16276	Country: FR	OVH
	Domain Names: 3
		alert-corona[.]com
		alertecorona[.]com
		alertecorona[.]net

91.184.0.100	ASN: 197902	Country: NL	HOSTNET
	Domain Names: 1
		anti-coronadoorhandle[.]com

197.242.92.146	ASN: 37153	Country: ZA	HETZNER
	Domain Names: 1
		anti-coronavirusproducts[.]com

81.169.145.88	ASN: 6724	Country: DE	STRATO STRATO AG
	Domain Names: 1
		anticoronabeschichtung[.]com

50.63.202.47	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 7
		anticoronaglass[.]com
		coronacleanforces[.]com
		coronacomplish[.]com
		coronavirus-smart[.]com
		covid19communitycares[.]com
		covidsilver[.]com
		coronovirustestkit[.]com

23.227.38.65	ASN: 13335	Country: US	CLOUDFLARENET - Cloudflare, Inc.
	Domain Names: 18
		anticoronaviruscovid19[.]com
		corona-virus-normality[.]com
		coronapparel-collective[.]com
		coronastoper[.]net
		fkcoronaco[.]com
		survivingcoronatime[.]com
		anticovid[.]world
		covid-19deli[.]com
		covid-tee[.]com
		covideco[.]com
		covidgym[.]com
		covidteens[.]com
		gear4covid[.]com
		newyork-20covid-19[.]com
		preventcovid19australia[.]com
		suckitcovid19[.]com
		myantivirusmasks[.]com
		novirus[.]center

217.160.122.163	ASN: 8560	Country: DE	ONEANDONE-AS Brauerstrasse 48
	Domain Names: 1
		apothekecontracorona[.]com

200.58.111.34	ASN: 27823	Country: AR	Dattatec.com
	Domain Names: 1
		argentinalibredecoronavirus[.]com

184.168.221.52	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 13
		assistance4corona[.]com
		coronaandbeyond[.]com
		coronarviruswithalime[.]com
		coronavirusfloridalawyers[.]com
		covid-19erc[.]com
		covid19employernegligence[.]com
		covid19floridaattorneys[.]com
		covid19taxreliefnow[.]com
		covidfreebelgium[.]com
		outcomeofcovid19[.]com
		taxcreditcovid19[.]com
		usasurvivedcovid19[.]com
		jumviruscare[.]com

184.168.221.57	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 10
		ayudadecoronavirus[.]com
		coronacommandos[.]com
		coronavirusbailoutbillions[.]com
		covid19reliefcash[.]com
		coviddollars[.]com
		covidkentucky[.]com
		knockdowncovid19[.]com
		sbacovidcash[.]com
		unidoscontracovid[.]com
		mevirus[.]com

184.168.221.45	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 12
		bdcorona[.]net
		donateforcoronavirus[.]net
		babycovid-19[.]com
		covid19-medicines[.]com
		covid19enseignements[.]com
		covid19fastcashloans[.]com
		covidsstudio[.]com
		covidvermont[.]com
		monitorcovid[.]com
		myworldwithcovid[.]com
		relief4covidvictims[.]com
		virusextinguisher[.]com

94.136.40.51	ASN: 20773	Country: DE	HOSTEUROPE-AS
	Domain Names: 15
		bebecorona[.]com
		coronabebe[.]com
		coronaviruslifetips[.]com
		covid-19flu-xpress[.]com
		covid-19workplace[.]com
		covid-19workplace[.]net
		covid19houseclean[.]com
		covid19houseclean[.]net
		covid19housecleaning[.]com
		covid19housecleaning[.]net
		covid19workplace-vaccinations[.]com
		covidflukiller[.]com
		covidlifetips[.]com
		end-covid-19[.]com
		fluviruskiller[.]com

50.63.202.43	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 13
		betterthanbeforecorona[.]com
		brokefromcorona[.]com
		coronakonnect[.]com
		coronasepiccomics[.]com
		coronavcation[.]com
		nyckickcoronavirusass[.]com
		realestatemarketandcoronavirus[.]com
		covid-19vaccine[.]life
		covidarmour[.]com
		globalcovid19memorial[.]com
		hugsusacovidfund[.]net
		realestatecovid19resources[.]com
		siparadigm-covid19[.]com

50.63.202.63	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 13
		betterthanbeforecorona[.]net
		corona-virus-ppe[.]com
		coronaccomplishmentz[.]com
		coronappp[.]net
		hechoscoronavirus[.]com
		qualify4coronadollars[.]com
		covid-19-api[.]com
		covid19-media[.]com
		covidz[.]life
		igscovid19[.]com
		mycovidcheck[.]com
		chinesevirusjustice[.]com
		virusapple[.]com

184.168.221.36	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 14
		bidenoncoronavirus[.]com
		lamacchiarealtycoronavirus[.]com
		postcoronavirusparty[.]com
		austincovid19medsuppliescom[.]com
		covid-19helpcenter[.]com
		covid19-decals[.]com
		covid19costrecovery[.]com
		covidimmunitypassportonline[.]com
		coviding[.]life
		covidwiki[.]net
		facemasks-covid19[.]com
		femometercovid19[.]com
		sbacovidhelp[.]com
		timeofthevirus[.]com

145.14.145.248	ASN: 204915	Country: US	AWEX
	Domain Names: 1
		blockthecorona[.]com

162.241.253.111	ASN: 46606	Country: US	UNIFIEDLAYER-AS-1 - Unified Layer
	Domain Names: 1
		brasilcorona[.]com

184.168.221.51	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 14
		byecoronavirus[.]com
		coronavirussurvivor[.]life
		thecoronavirusrecovery[.]com
		covid-ninteenini[.]com
		covid19comfort[.]com
		covid19repair[.]com
		covid19taxhelpnow[.]com
		covid19wrapparty[.]com
		covidgreen[.]net
		covidsbacash[.]com
		generationcovid19[.]net
		getcovidloans[.]com
		isurvivedcovid19[.]pro
		wherescovid[.]com

184.168.221.33	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 9
		cash4corona[.]com
		coronacleanforce[.]com
		travelinthetimesofcorona[.]com
		wipecoronavirus[.]com
		covid19erc[.]com
		covid19forcemajeurelaw[.]com
		covidtelecare[.]com
		diyfacemasks-covid19[.]com
		savemyrealestatefromcovid19[.]com

184.168.221.43	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 14
		cash4coronabiz[.]com
		coronaloyalties[.]com
		fkucorona[.]com
		covid-19-md[.]com
		covid-19isfinished[.]com
		covid-survivor[.]club
		covid19freesigns[.]com
		covid19necessities[.]com
		hugsusacovidfund[.]com
		sbacoviddisasterrelief[.]com
		uscovid19clean[.]com
		wecleannyccovid19[.]com
		shopnovirus[.]com
		uvkillsvirus[.]com

50.63.202.56	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 16
		cash4coronasurvivers[.]com
		coronadivorce[.]net
		coronavirus-nursing-home-lawsuit[.]com
		creativecoronacoliving[.]com
		thecoronaviruswellness[.]com
		covid19fedbailout[.]com
		covid19pointofcare[.]com
		covid19survivers[.]com
		covid19vaccine[.]guru
		covid19viruslawsuits[.]com
		covidcohab[.]com
		covidconnedticut[.]com
		covidwyoming[.]com
		diycovid19[.]com
		futureaftercovid[.]com
		virusuv[.]com

184.168.221.50	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 13
		cash4coronavictims[.]com
		coronabusinessfunding[.]com
		coronalaser[.]com
		coronavirus-analysis[.]com
		drugs4corona[.]com
		covid19californiaclassactionattorneys[.]com
		covid19newyorklawyers[.]com
		covidcohabs[.]com
		effectsofcovid19[.]com
		fileacovid19claim[.]com
		lifeincovidtimes[.]com
		thecovid-19recovery[.]com
		resistvirusnews[.]net

184.168.221.47	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 6
		certifiedcoronacleaners[.]com
		covid-19costume[.]com
		covid19lawyersonline[.]com
		diycovid19facemasks[.]com
		steamcovid[.]com
		coronovirusessentials[.]com

184.168.221.32	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 15
		certifiedfreeofcoronavirus[.]com
		corona-shields[.]com
		coronafastcashloans[.]com
		coronavirus-vaccine[.]guru
		abovecovid[.]com
		bravecovidwarrior[.]com
		covid-19doctor[.]net
		covid-19isdead[.]com
		covidkitchens[.]com
		covidtude[.]com
		mycovidid[.]com
		drvirusprotect[.]com
		drvirusprotection[.]com
		virusppedistributers[.]com
		wewillkickcornavirusass[.]com

50.63.202.40	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 11
		chinascorona[.]com
		coronavictimrelief[.]com
		coronavirusvaccine[.]guru
		helpstopcoronavirus[.]net
		knockdowncoronavirus[.]com
		covid-19memorials[.]com
		covid19-nursing-home-lawsuit[.]com
		covid19theteachings[.]com
		covidnewhampshire[.]com
		covidteleconsultant[.]com
		virussud[.]com

66.96.162.140	ASN: 29873	Country: US	BIZLAND-SD - The Endurance International Group, Inc.
	Domain Names: 1
		communitycoronahelp[.]com

104.24.102.92	ASN: 13335	Country: US	CLOUDFLARENET - Cloudflare, Inc.
	Domain Names: 1
		contagiocoronavirus[.]com

216.239.32.21	ASN: 15169	Country: US	GOOGLE - Google LLC
	Domain Names: 11
		corona-19[.]life
		informationcorona[.]com
		periksacorona[.]com
		buyacarcovid[.]com
		covid[.]works
		covidantibodyproject[.]com
		covidantibodyproject[.]net
		covidapply[.]com
		monroecovid[.]com
		revealcovid[.]com
		tccovid[.]com

50.63.202.36	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 12
		corona-accomplishments[.]com
		corona-complishments[.]net
		corona-virus-cruise-lawsuit[.]com
		coronafeats[.]net
		coronavirusdoctor[.]net
		coronavirusnewyorkattorneys[.]com
		covid19homesellerbenefit[.]com
		covid19pass[.]net
		covid19wearables[.]com
		covidnebraska[.]com
		rollycovid19[.]com
		virusmy[.]com

217.160.0.247	ASN: 8560	Country: DE	ONEANDONE-AS Brauerstrasse 48
	Domain Names: 1
		corona-ambulanz[.]com

217.160.107.59	ASN: 8560	Country: DE	ONEANDONE-AS Brauerstrasse 48
	Domain Names: 1
		corona-atemschutzmasken[.]com

50.63.202.34	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 12
		corona-cleanforce[.]com
		coronaepiccomics[.]com
		coronafederalaid[.]com
		coronaslogan[.]com
		coronataxrefundnow[.]com
		coronavirushalloweencostume[.]com
		lifeincoronatime[.]com
		covid-19pins[.]com
		covidcocktailclub[.]com
		covidfirebarrier[.]com
		covidlegalinfo[.]com
		testcovidencasa[.]com

184.168.221.55	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 12
		corona-complishments[.]com
		bayswatercovid19support[.]com
		covid-19debtadvice[.]com
		covid19conscious[.]com
		covid19faq[.]net
		covid19pointofcare[.]net
		covid19wearable[.]com
		covidcashrefund[.]com
		covidct[.]com
		covidenroll[.]com
		covidnorthcarolina[.]com
		ccp-virussanitation[.]com

104.24.125.70	ASN: 13335	Country: US	CLOUDFLARENET - Cloudflare, Inc.
	Domain Names: 1
		corona-down[.]com

217.160.0.147	ASN: 8560	Country: DE	ONEANDONE-AS Brauerstrasse 48
	Domain Names: 1
		corona-geld[.]com

184.168.131.241	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 45
		corona-info[.]life
		coronacarekw[.]com
		coronadosage[.]com
		coronafundinghelpdesk[.]com
		coronavirusandhousingmarket[.]com
		coronavirusespanol[.]com
		coronavirusexperiment[.]com
		coronavirusimpactonmortgages[.]com
		coronavirusreliefopportunites[.]com
		facemasksforcoronavirus[.]net
		kwcoronachallenge[.]com
		paintforcoronavirus[.]com
		whosgotcorona[.]com
		5minutecovid-19test[.]com
		5minutecovid19test[.]com
		5minutecovidtest[.]com
		coffeeandcovid[.]com
		connectduringcovid[.]com
		covid-19rapidtestkit[.]today
		covid-funding[.]com
		covid19cashflow[.]com
		covid19donationcenter[.]com
		covid19livetv[.]com
		covid19pdxdata[.]com
		covid19realestateresources[.]com
		covid19realtorhelp[.]com
		covid19realtorresources[.]com
		covidfive[.]com
		covidreliefopportunities[.]com
		covidresp[.]com
		covidvirus19test[.]com
		cowlitzcovid19[.]com
		cowlitzcovid19[.]net
		fiveminutecovid-19test[.]com
		fiveminutecovid19test[.]com
		fiveminutecovidtest[.]com
		gainesvillecovidmasks[.]com
		home-covid19[.]com
		home-covid19[.]net
		kwcovid19resources[.]com
		protect-against-covid19[.]com
		strikedowncovid19[.]com
		togetherwefightcovid-19[.]com
		togetherwefightcovid19[.]com
		virusimmunization[.]com

178.238.33.249	ASN: 24971	Country: CZ	MASTER-AS Czech Republic / www.master.cz
	Domain Names: 1
		corona-informatie[.]com

184.168.221.54	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 14
		corona-loyalty[.]com
		coronainfohub[.]com
		coronarest[.]com
		covid19teachersupply[.]com
		covidhands[.]com
		covidpassport[.]net
		covidsbahelptoday[.]com
		covidsurvivalpack[.]com
		knockdowncovid-19[.]com
		n95mask-covid[.]com
		nyc-covid19[.]com
		protect-against-covid[.]com
		teachingscovid19[.]com
		uksurvivedcovid19[.]com

31.170.160.61	ASN: 47583	Country: LT	AS-HOSTINGER
	Domain Names: 4
		corona-mask-shop[.]com
		coronaviruscorp[.]com
		coronavirussolutions[.]net
		thecovidnineteen[.]com

3.20.85.141	ASN: 16509	Country: US	AMAZON-02 - Amazon.com, Inc.
	Domain Names: 2
		corona-president[.]com
		loveinthetmesofcovid[.]com

62.116.130.8	ASN: 15456	Country: DE	INTERNETX-AS
	Domain Names: 1
		corona-prophylaxe[.]com

94.130.122.52	ASN: 24940	Country: DE	HETZNER-AS
	Domain Names: 2
		corona-protect24[.]com
		coronaprotect24[.]com

81.169.145.68	ASN: 6724	Country: DE	STRATO STRATO AG
	Domain Names: 3
		corona-reinigung[.]com
		digital-durch-corona[.]com
		covid19flaechendesinfektion[.]com

116.203.213.72	ASN: 24940	Country: DE	HETZNER-AS
	Domain Names: 3
		corona-respirator[.]com
		corona-respiratory-protection[.]com
		coronarespiratoryprotection[.]com

50.63.202.53	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 13
		corona-scale[.]com
		emergencycoronacash[.]com
		houseofcorona[.]com
		nycwilllkickcoronavirusass[.]com
		covid-19pass[.]com
		covid19federalfunding[.]com
		covid19freebusiness[.]com
		covid19phsychologist[.]com
		covid19viruslegalteam[.]com
		covidhelptoday[.]com
		covidnailcare[.]com
		mycovidmonitor[.]com
		tampacovidlaw[.]com

81.169.145.78	ASN: 6724	Country: DE	STRATO STRATO AG
	Domain Names: 2
		corona-schutzbekleidung[.]com
		covidfreesurface[.]com

81.169.145.90	ASN: 6724	Country: DE	STRATO STRATO AG
	Domain Names: 2
		corona-schutzfolie[.]com
		we-after-corona[.]com

217.160.0.61	ASN: 8560	Country: DE	ONEANDONE-AS Brauerstrasse 48
	Domain Names: 1
		corona-sicher[.]com

217.160.0.27	ASN: 8560	Country: DE	ONEANDONE-AS Brauerstrasse 48
	Domain Names: 2
		corona-sound[.]com
		coronavirus-sound[.]com

3.224.56.216	ASN: 14618	Country: US	AMAZON-AES - Amazon.com, Inc.
	Domain Names: 1
		corona-virus-holisitic-remedies[.]com

184.168.221.34	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 14
		corona-virus-loans[.]com
		coronavirusinformationcenteroftexas[.]com
		coronavirussmallbusinessrelief[.]com
		dogsagainstcorona[.]com
		taxprep4coronavictims[.]com
		arcovid[.]com
		covid-19immune[.]net
		covid19debtadvice[.]com
		covidcrusader[.]com
		covidnewswire[.]com
		itrackcovid19[.]com
		kickcovid-19ass[.]com
		covirusol[.]com
		virusbegone[.]today

92.222.139.190	ASN: 16276	Country: FR	OVH
	Domain Names: 1
		corona-virus-news[.]net

217.198.116.188	ASN: 34222	Country: CZ	ZONER-AS
	Domain Names: 1
		corona-virus[.]city

50.63.202.55	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 18
		corona-virusgoodnews[.]com
		coronacashrefund[.]com
		coronaepiccomicbooks[.]com
		coronakitchens[.]com
		coronavaccinationcenter[.]com
		donateforcoronavirus[.]com
		nowcoronarelief[.]com
		covid[.]partners
		covid19-jobs[.]com
		covid19damageattorneys[.]com
		covid19fedbailoutloans[.]com
		covid19lawyersreviews[.]com
		covid19wisdom[.]com
		covidconnecticut[.]com
		covidmademedoit[.]com
		thecovid-19survivors[.]com
		chinabatvirus[.]com
		viruscomfort[.]com

184.168.221.41	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 11
		corona-wills[.]com
		coronafirebarrier[.]com
		coronavirus2019testing[.]com
		covid19californialawsuits[.]com
		covid19lawsuitcenter[.]com
		covidsouthcarolina[.]com
		globalcovid19clean[.]com
		nycwecleancovid-19[.]com
		taxcreditcovid-19[.]com
		chinaviruspayback[.]com
		resistvirusnews[.]com

50.63.202.59	ASN: 38726	Country: VN	VTCDIGICOM-AS-VN VTC DIGICOM
	Domain Names: 11
		corona19pledge[.]com
		coronavida[.]world
		meds4corona[.]com
		covid-19couplescounseling[.]com
		covid19-vitals[.]com
		covid19employmentlawsuits[.]com
		covid19ftest[.]com
		covidnevada[.]com
		covidwisconsin[.]com
		jacksoncovid19[.]com
		portal3dcovid19[.]com

181.214.86.147	ASN: 52284	Country: PA	Panamaserver.com
	Domain Names: 31
		coronaactnow[.]com
		coronainues[.]com
		coronarirus[.]com
		coronatxk[.]com
		coronavirousnews[.]com
		coronavirsusa[.]com
		coronaviruenow[.]com
		coronavirusimusa[.]com
		coronavirusmnow[.]com
		coronavirusnewsnowmap[.]com
		coronavirusuas[.]com
		coronavirususanow[.]com
		churchcovid[.]com
		cignacovidanswers[.]com
		covid19harvesthoc[.]com
		covid19njjobs[.]com
		covidisualizer[.]com
		covidtravking[.]com
		covidtrqcking[.]com
		covidtrscking[.]com
		covidvisualer[.]com
		covidvisualise[.]com
		phlcovid19[.]com
		sandiegocovid19[.]com
		ushealthcovid[.]com
		caronavirussd[.]com
		coranvirusnewsnow[.]com
		corinvirus-sd[.]com
		coroavirususa[.]com
		corobavirusnewsnow[.]com
		thehypnovirus[.]com

184.168.221.48	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 12
		coronabd[.]net
		covid19-smartsolutions[.]com
		covid19firebarrier[.]com
		covid19insuranceclaimsservices[.]com
		covid19txcare[.]com
		covidsbarelief[.]com
		laprescovid19[.]com
		menacovidrelief[.]fund
		sbacash4covid[.]com
		screeningcovid[.]com
		thecovid-19aftercare[.]com
		naturalvirusprotection[.]com

85.13.152.236	ASN: 34788	Country: DE	NMM-AS D - 02742 Friedersdorf Hauptstrasse 68
	Domain Names: 1
		coronabest[.]net

50.63.202.37	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 15
		coronabioweapon[.]com
		coronahandcure[.]com
		coronavi19[.]com
		kickcoronaass[.]com
		smartcorona[.]com
		covid-21drones[.]com
		covid19californiaattorneys[.]com
		covid19claim[.]net
		covid19floridaatorney[.]com
		covid19freecompany[.]com
		covid19rapidtestingnow[.]com
		coviddelaware[.]com
		covidresporator[.]com
		kickcovidass[.]com
		savemyhomefromcovid19[.]com

50.63.202.38	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 11
		coronabizhelp[.]com
		coronadisinfections[.]com
		coronataxhelpnow[.]com
		taxprep4corona[.]com
		covid-19clearinghouse[.]com
		covid19classactionlawyer[.]com
		covidnorthdakota[.]com
		getcovid19relief[.]com
		housingmarketandcovid19[.]com
		nycwecleancovid19[.]com
		workaftercovid[.]net

91.195.240.94	ASN: 47846	Country: DE	SEDO-AS
	Domain Names: 6
		coronabizopp[.]com
		coronabizopps[.]com
		getcovid19aid[.]com
		antivirusdrug[.]com
		antivirusdrugs[.]com
		virustestinfo[.]com

64.98.145.30	ASN: 32491	Country: CA	TUCOWS-3 - Tucows.com Co.
	Domain Names: 6
		coronabona[.]com
		coronavirusimmunitypassport[.]com
		completecovidkit[.]com
		covid19immunitypassport[.]com
		covidfamilykit[.]com
		ultimatecovidkit[.]com

50.63.202.48	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 17
		coronabroke[.]com
		coronataxrefundanswers[.]com
		coronavirus-co19[.]com
		coronavirus-smartsolutions[.]com
		justcoronajobs[.]com
		sbacoronadollars[.]com
		breakthroughcovid[.]com
		covid19boise[.]com
		covid19californialawsuit[.]com
		covid19dri[.]com
		covid19federalhelp[.]com
		covid19floridaattorney[.]com
		covidtaxhelpnow[.]com
		covidtennessee[.]com
		nyckickcovidass[.]com
		prisonology-covid19[.]net
		viruswall[.]net

35.208.68.137	ASN: 19527	Country: US	GOOGLE-2 - Google LLC
	Domain Names: 4
		coronacampaign[.]com
		coronavirus2019[.]life
		coronavirusswap[.]com
		covid19relieffund[.]net

198.49.23.144	ASN: 53831	Country: US	SQUARESPACE - Squarespace, Inc.
	Domain Names: 1
		coronacant[.]com

50.63.202.52	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 15
		coronacashtoday[.]com
		coronavirusfront[.]com
		diycoronafacemasks[.]com
		sbacoronamoney[.]com
		covid-19-archive[.]com
		covid-self-assessment[.]com
		covid19financialresources[.]com
		covid19viruslawyers[.]com
		covid2019wiki[.]com
		covidlearningcurve[.]com
		newyorksurvivedcovid19[.]com
		vaccination4covid-19[.]com
		beatvirusnews[.]net
		virusprotectionclub[.]net
		zero-virus[.]com

199.34.228.190	ASN: 27647	Country: US	WEEBLY - Weebly, Inc.
	Domain Names: 1
		coronacation2020[.]net

184.168.221.49	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 18
		coronaccomplish[.]com
		coronaccomplishment[.]com
		coronacomfy[.]com
		coronatwo[.]com
		covid19-coronavirus[.]net
		diycoronavirusfacemasks[.]com
		covid-19-masks[.]life
		covid-19oregon[.]com
		covid19californialawyer[.]com
		covid19cert[.]net
		covid19loanmessengers[.]com
		covid19sbasupport[.]com
		covid19widow[.]com
		covidatgims[.]com
		covidenespanol[.]com
		covidfreewithme[.]com
		viruscertify[.]com
		virusmap[.]life

198.71.232.3	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 23
		coronacide[.]biz
		coronavirus-labtest[.]com
		coronavirus-pandamic[.]com
		coronaviruslawyersatlanta[.]com
		coronaviruslawyerschicago[.]com
		coronaviruslawyersmiami[.]com
		coronaviruspandemicmarketing[.]com
		helpwithmycoronavirusloan[.]com
		igotcoronaed[.]com
		againstcovids19[.]com
		covid19cleaningcorp[.]com
		covid19detectiontest[.]com
		covid19homerapidtesting[.]com
		covidbestdeals[.]com
		covidcancerchic[.]com
		covidchange[.]com
		covids-19[.]com
		cutsforcovid[.]com
		diycovid19mask[.]com
		ihatecovids19[.]com
		la-covid[.]com
		neverlovecovid19[.]com
		testingkits-covid19[.]com

184.168.221.40	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 20
		coronacleaningforce[.]com
		coronafreemassage[.]com
		coronasepiccomicbooks[.]com
		coronastimulusguide[.]com
		coronavirusemployerlawsuits[.]com
		sbacoronarelief[.]com
		covid19hoax2020[.]com
		covid19onlinestore[.]com
		covid19reliefadvisor[.]com
		covid19s[.]life
		covid19sbahelptoday[.]com
		covidfamilyusa[.]com
		covidfog[.]com
		covidloans-now[.]com
		covidminnesota[.]com
		deathsbycovid19[.]com
		thecovid-19meetingplace[.]com
		antivirus-support-numbers[.]com
		escapevirusnews[.]com
		fearthisvirus[.]com

68.65.120.181	ASN: 22612	Country: US	NAMECHEAP-NET - Namecheap, Inc.
	Domain Names: 1
		coronacoinofficial[.]com

50.63.202.41	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 12
		coronacommando[.]com
		coronadollarsnow[.]com
		coronataxprep[.]com
		coronavirusfloridaattorney[.]com
		covid-19michigan[.]com
		covid19conscious[.]net
		covid19foodkit[.]com
		covid19freewater[.]com
		covidmaryland[.]com
		covidunemployed[.]com
		findcovidrelief[.]com
		escapevirusnews[.]net

50.63.202.50	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 11
		coronacompliancenews[.]com
		coronavirusbankruptcymass[.]com
		covid19doctors[.]net
		covid19front[.]com
		covid19reliefcoffee[.]com
		covidsbarelief[.]net
		covidvictimadvisor[.]com
		isurvivedcovid19[.]life
		lamacchiacovidresource[.]com
		opensourcecovid19[.]world
		sbacovidadvisor[.]com

50.63.202.33	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 14
		coronacomplianceusa[.]com
		taxhelp4coronasurvivers[.]com
		thecoronacalculator[.]com
		covid-19legalteam[.]com
		covid19brigade[.]com
		covid19damageattorney[.]com
		covid19rebuild[.]com
		covid19taxprep[.]com
		covidproofme[.]com
		covidvitals[.]com
		crushitinrecovidresources[.]com
		resultsofcovid19[.]com
		thecovid19brigade[.]net
		virusfreeliving[.]com

50.63.202.57	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 7
		coronacreme[.]com
		coronavirusloanassistance[.]com
		coronavirussolicitor[.]net
		covid19viruslawsuit[.]com
		covidss[.]com
		fightcovid19pandemic[.]com
		globalcovidclean[.]com

23.236.62.147	ASN: 15169	Country: US	GOOGLE - Google LLC
	Domain Names: 7
		coronacrisisuae[.]com
		coronakredit[.]net
		covidcollars[.]com
		drcccovid19[.]com
		gratitudecovid[.]com
		suite401-covid19[.]com
		virusbustercandles[.]com

184.168.221.35	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 6
		coronact[.]com
		coronavirusrealestatesolutions[.]com
		bravecovidwarriors[.]com
		covid19-mindset[.]com
		covid19medshop[.]com
		lifeafterthecovid19[.]com

81.169.145.158	ASN: 6724	Country: DE	STRATO STRATO AG
	Domain Names: 2
		coronacup[.]amsterdam
		schutz-corona[.]com

81.169.145.94	ASN: 6724	Country: DE	STRATO STRATO AG
	Domain Names: 3
		coronacups[.]amsterdam
		coronashielding[.]com
		covid19flaechendesinfektion[.]net

81.169.145.77	ASN: 6724	Country: DE	STRATO STRATO AG
	Domain Names: 2
		coronacups[.]com
		gemeinsam-durch-corona[.]com

13.226.102.21	ASN: 16509	Country: US	AMAZON-02 - Amazon.com, Inc.
	Domain Names: 1
		coronadamore[.]club

217.160.0.233	ASN: 8560	Country: DE	ONEANDONE-AS Brauerstrasse 48
	Domain Names: 1
		coronadarlehn[.]com

162.215.253.210	ASN: 46606	Country: US	UNIFIEDLAYER-AS-1 - Unified Layer
	Domain Names: 1
		coronadataroom[.]com

184.168.221.59	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 12
		coronademographics[.]com
		coronavirus-class[.]com
		mitzvotagainstcorona[.]com
		nowfindcoronarelief[.]com
		covid-19vitals[.]com
		covid19-control[.]com
		covid19-mentions-db[.]com
		covid19apres[.]com
		covid19litigationteams[.]com
		covid19testing[.]biz
		tuckercovid19[.]com
		byebyeviruses[.]com

199.34.228.59	ASN: 27647	Country: US	WEEBLY - Weebly, Inc.
	Domain Names: 1
		coronadoctoruam[.]com

213.186.33.5	ASN: 16276	Country: FR	OVH
	Domain Names: 8
		coronadrive-in[.]com
		covid-out[.]com
		covid19-immune[.]com
		covid19-out[.]com
		covidfreeafrica[.]biz
		covidorg[.]com
		waw-covid19[.]com
		wawcovid19[.]com

184.168.221.58	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 14
		coronaecon[.]com
		coronavirusisfinished[.]com
		beyondcovid19podcast[.]com
		businessalliancecovid19[.]com
		covid19-insuranceclaims[.]com
		covid19-testkit[.]club
		covid19sbahelpnow[.]com
		covid19supplies1[.]com
		covidsbahelpnow[.]com
		covidsystem[.]com
		sbacovidadvisors[.]com
		thecovid19[.]today
		wherescovid19[.]com
		ccp-virusprotection[.]com

50.63.202.46	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 14
		coronaegypttours[.]com
		coronakitlab[.]com
		coronataxadvice[.]com
		coronavirusbankruptcyny[.]com
		certifiedcovidcleaners[.]com
		covid-gear[.]com
		covid-survivor[.]world
		covid19collapse[.]com
		covid19freecompanies[.]com
		covid19insclaims[.]com
		covid19insuranceservices[.]com
		covid19nevadaattorneys[.]com
		covida19america[.]com
		galvestoncovid19[.]com

184.168.221.56	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 11
		coronaepiccomicbook[.]com
		coronageneration[.]net
		drug4coronavirus[.]com
		legaladvicerelatedtocorona[.]com
		sbacoronadvice[.]com
		covid-19drones[.]com
		covid-19immunenotcontagious[.]com
		covid19employeelawsuits[.]com
		covidbroke[.]com
		covidpointofcare[.]com
		ligacontraelcovid[.]com

104.27.188.28	ASN: 13335	Country: US	CLOUDFLARENET - Cloudflare, Inc.
	Domain Names: 1
		coronaequipments[.]com

184.168.221.61	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 9
		coronafeats[.]com
		coronapalooza2020[.]com
		craftnotcorona[.]com
		covid19supplys[.]com
		covidgeneration[.]net
		covidkonnect[.]com
		covidtestlocator[.]com
		covidwisdom[.]com
		avoidavirus[.]mobi

50.63.202.42	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 9
		coronaffect[.]com
		coronataxreliefdollars[.]com
		coronavirus-homekit[.]com
		covid-19boise[.]com
		covidcashtoday[.]com
		irshelpcovid19[.]com
		thecovid19opportunity[.]com
		currentvirus[.]com
		nowvirusrelief[.]com

192.195.77.66	ASN: 8560	Country: DE	ONEANDONE-AS Brauerstrasse 48
	Domain Names: 2
		coronafi[.]com
		virusstophere[.]com

104.16.15.194	ASN: 13335	Country: US	CLOUDFLARENET - Cloudflare, Inc.
	Domain Names: 1
		coronafightteam[.]com

217.160.0.229	ASN: 8560	Country: DE	ONEANDONE-AS Brauerstrasse 48
	Domain Names: 1
		coronaflirt[.]com

50.63.202.35	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 9
		coronafoodpack[.]com
		coronasepiccomicbook[.]com
		coronavirusnevadaattorneys[.]com
		purecoronarelief[.]com
		acovidconversation[.]com
		covid19businessrelieffund[.]com
		covid19healthcarelawyers[.]com
		covid19stories[.]life
		covid19survey[.]net

81.169.145.150	ASN: 6724	Country: DE	STRATO STRATO AG
	Domain Names: 2
		coronafreeplace[.]com
		dubistcorona[.]com

81.169.145.163	ASN: 6724	Country: DE	STRATO STRATO AG
	Domain Names: 1
		coronafreesurface[.]com

184.168.221.46	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 11
		coronafreevirus[.]net
		coronasplit[.]com
		covid19conclusion[.]com
		covid19loanmessenger[.]com
		covid19virusattorneys[.]com
		covidthriver[.]com
		theteachingscovid19[.]com
		wherewascovid[.]com
		apocalypticvirus[.]com
		virusdestroyers[.]com
		viruskitusa[.]com

104.18.59.23	ASN: 13335	Country: US	CLOUDFLARENET - Cloudflare, Inc.
	Domain Names: 1
		coronagis[.]com

217.70.184.38	ASN: 29169	Country: FR	GANDI-AS Domain name registrar - http://www.gandi.net
	Domain Names: 4
		coronahaikus[.]com
		comocovid[.]com
		covidbycountry[.]com
		kanbancovid[.]com

35.214.213.29	ASN: 19527	Country: US	GOOGLE-2 - Google LLC
	Domain Names: 1
		coronahealth[.]center

35.186.238.101	ASN: 15169	Country: US	GOOGLE - Google LLC
	Domain Names: 3
		coronakidd[.]com
		coronakidds[.]com
		coronavirus19help[.]com

52.0.217.44	ASN: 14618	Country: US	AMAZON-AES - Amazon.com, Inc.
	Domain Names: 4
		coronaliveupdate[.]net
		killviruses[.]life
		viruskiller[.]life
		viruskillers[.]life

50.63.202.49	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 7
		coronalivingwill[.]com
		covids[.]today
		covidvital[.]com
		covidwearables[.]com
		signscovid-19[.]com
		taxcreditscovid-19[.]com
		virusbeaters[.]com

87.236.16.26	ASN: 198610	Country: RU	BEGET-AS
	Domain Names: 1
		coronaloyalty[.]com

3.86.168.228	ASN: 14618	Country: US	AMAZON-AES - Amazon.com, Inc.
	Domain Names: 1
		coronamaison[.]net

136.0.111.91	ASN: 40676	Country: US	AS40676 - Psychz Networks
	Domain Names: 1
		coronaminer[.]com

81.169.145.161	ASN: 6724	Country: DE	STRATO STRATO AG
	Domain Names: 2
		coronamug[.]com
		covidfreesurfaces[.]com

81.169.145.80	ASN: 6724	Country: DE	STRATO STRATO AG
	Domain Names: 2
		coronamugs[.]amsterdam
		gemeinsamdurchcorona[.]com

107.180.51.107	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 1
		coronappp[.]com

81.169.145.160	ASN: 6724	Country: DE	STRATO STRATO AG
	Domain Names: 2
		coronaprotectionshields[.]com
		whatsmycoronarisk[.]com

67.205.14.237	ASN: 26347	Country: US	DREAMHOST-AS - New Dream Network, LLC
	Domain Names: 1
		coronaquarantineclub[.]com

162.251.160.114	ASN: 53767	Country: US	ICASTCENTER - iCastCenter
	Domain Names: 1
		coronaradios[.]com

50.63.202.45	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 14
		coronareliefcash[.]com
		coronavirusctrl[.]com
		findcoronarelief[.]com
		bopcovid-19[.]com
		covid-19is[.]com
		covid-hunter[.]com
		covid19bailoutloanagent[.]com
		covid19homebuyerbenefit[.]com
		covid19informaticsalliance[.]com
		covidalaska[.]com
		covidmassachusetts[.]com
		covidtaxcredit[.]com
		covidtestlocator[.]net
		theantidotecovid-19[.]com

162.241.219.128	ASN: 46606	Country: US	UNIFIEDLAYER-AS-1 - Unified Layer
	Domain Names: 1
		coronarelieftigerforce[.]com

192.64.119.235	ASN: 22612	Country: US	NAMECHEAP-NET - Namecheap, Inc.
	Domain Names: 1
		coronasafebusinesses[.]com

44.227.65.245	ASN: 16509	Country: US	AMAZON-02 - Amazon.com, Inc.
	Domain Names: 4
		coronasafetycenter[.]com
		is-coronavirus-still-spreading[.]com
		covidgilance[.]com
		medicovid19[.]com

5.157.87.204	ASN: 48635	Country: NL	ASTRALUS
	Domain Names: 3
		coronaschoon[.]com
		thisisnotaboutthevirus[.]com
		worldhumanvirus[.]com

81.169.145.162	ASN: 6724	Country: DE	STRATO STRATO AG
	Domain Names: 1
		coronaschutzfolie[.]com

217.160.0.213	ASN: 8560	Country: DE	ONEANDONE-AS Brauerstrasse 48
	Domain Names: 1
		coronaschutzfuerkinder[.]com

67.217.34.72	ASN: 22458	Country: US	NETSOURCE - NetSource Communications, Inc.
	Domain Names: 1
		coronasdereinas[.]com

50.63.202.90	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 1
		coronasingoff[.]com

142.93.210.73	ASN: 14061	Country: US	DIGITALOCEAN-ASN - DigitalOcean, LLC
	Domain Names: 1
		coronastatusnp[.]com

162.255.119.161	ASN: 22612	Country: US	NAMECHEAP-NET - Namecheap, Inc.
	Domain Names: 1
		coronasupportresource[.]com

50.63.202.54	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 15
		coronataxdollars[.]com
		coronavirusnewyorklawsuits[.]com
		coronawarfare[.]com
		covid-19certifiedimmune[.]com
		covid-19green[.]com
		covid-ing[.]com
		covid19bailoutloans[.]com
		covid19californiaclassactionlawyers[.]com
		covid19consulting[.]today
		covid19costume[.]com
		covidandcoffee[.]com
		covidwuhan[.]com
		helpwithcovid19depression[.]com
		worldwildecovid19[.]com
		kronavirus[.]com

184.168.221.42	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 12
		coronataxexpert[.]com
		coronavirus19s[.]com
		coronavirus2020pandemic[.]com
		coronavirusclearance[.]com
		bybycovid[.]com
		covid19boardgame[.]com
		covid19green[.]net
		covid19isdead[.]com
		covidmontana[.]com
		hlbcovid19[.]com
		viruskitus[.]com
		virusmedian[.]net

50.63.202.39	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 6
		coronataxmoney[.]com
		coronavirusaidconsultants[.]com
		covid19business[.]net
		covids[.]world
		mycovidbaby[.]com
		virusthemusical[.]com

127.0.0.1	ASN: 0	Country: None	Not routed
	Domain Names: 2
		coronatel[.]com
		covidex[.]net

35.172.94.1	ASN: 14618	Country: US	AMAZON-AES - Amazon.com, Inc.
	Domain Names: 2
		coronatokyo[.]com
		pasifikacovid19[.]com

162.241.85.70	ASN: 46606	Country: US	UNIFIEDLAYER-AS-1 - Unified Layer
	Domain Names: 1
		coronatollfreenumber[.]com

134.122.113.193	ASN: 14061	Country: US	DIGITALOCEAN-ASN - DigitalOcean, LLC
	Domain Names: 1
		coronatownhallprayer[.]com

37.152.88.55	ASN: 57910	Country: ES	SCIP-AS Soluciones Corporativas IP (SCIP)
	Domain Names: 4
		coronatuvida[.]com
		despidocovid[.]com
		ejecucionhipotecariacovid[.]com
		perdidasinversioncovid[.]com

81.88.57.68	ASN: 39729	Country: IT	REGISTER-AS
	Domain Names: 5
		coronavenu[.]com
		coronavenue[.]com
		coronavenus[.]com
		amende-covid[.]com
		amende-covid19[.]com

91.195.240.126	ASN: 47846	Country: DE	SEDO-AS
	Domain Names: 3
		coronavicide[.]net
		loveinthetimesofcorona[.]net
		loveinthetimesofcovid[.]net

35.214.223.226	ASN: 19527	Country: US	GOOGLE-2 - Google LLC
	Domain Names: 1
		coronavid[.]net

151.236.216.5	ASN: 63949	Country: US	LINODE-AP Linode, LLC
	Domain Names: 1
		coronavirlab[.]net

13.248.155.104	ASN: 16509	Country: US	AMAZON-02 - Amazon.com, Inc.
	Domain Names: 1
		coronavirus-il[.]com

37.140.192.112	ASN: 197695	Country: RU	AS-REG
	Domain Names: 2
		coronavirus-online24[.]com
		covid19-today[.]com

80.74.149.13	ASN: 21069	Country: CH	ASN-METANET Routing/peering issues: noc@metanet.ch
	Domain Names: 1
		coronavirus-openhardware[.]net

66.96.162.128	ASN: 29873	Country: US	BIZLAND-SD - The Endurance International Group, Inc.
	Domain Names: 1
		coronavirus-rapid-test-kits[.]com

206.188.192.84	ASN: 55002	Country: US	DEFENSE-NET - Defense.Net, Inc
	Domain Names: 1
		coronavirus-stimulu-package[.]com

173.212.206.46	ASN: 51167	Country: DE	CONTABO
	Domain Names: 1
		coronavirus-syria[.]com

92.119.115.38	ASN: 204601	Country: NL	ON-LINE-DATA Server location - Netherlands, Dronten
	Domain Names: 1
		coronavirus-vaccine-covid19[.]com

50.63.202.44	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 10
		coronavirus-vaccine[.]life
		coronavirus19health[.]com
		coronavirusindead[.]com
		directcoronakiller[.]com
		avislovescovid[.]com
		covid-19vancouver[.]com
		covid19floridalawyers[.]com
		covidsouthdakota[.]com
		diyfacemaskscovid19[.]com
		notovirus[.]com

184.168.221.62	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 9
		coronavirusaidassistance[.]com
		taxrelief4corona[.]com
		viajandoenlostiempodelcorona[.]com
		covid-19battle[.]com
		covid19ethio[.]com
		covid19virtualcare[.]com
		impactcovid[.]com
		letsbeatthevirus[.]com
		virus-med[.]com

81.17.18.197	ASN: 51852	Country: CH	PLI-AS
	Domain Names: 4
		coronavirusanow[.]com
		contra-covid19[.]com
		conornavirus[.]com
		coronusvirususa[.]com

66.96.162.138	ASN: 29873	Country: US	BIZLAND-SD - The Endurance International Group, Inc.
	Domain Names: 1
		coronavirusattorneyny[.]com

184.168.221.37	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 14
		coronavirusbankruptcylawyerca[.]com
		covid19californiaattorney[.]com
		covid19femahelp[.]com
		covid19litigationteam[.]com
		covid19rebates[.]com
		covid19summary[.]com
		covidaccountable[.]com
		covidconsole[.]com
		covidfreewater[.]com
		covidprotectme[.]com
		covidwestvirginia[.]com
		covidwuhansurvivor[.]com
		sbacovidadvice[.]com
		thecovid-19symptoms[.]com

50.63.202.60	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 9
		coronavirusbankruptcyri[.]com
		covid19helptoday[.]com
		covid19killer[.]biz
		covid19taxadvice[.]com
		covide19symtoms[.]com
		covidindiana[.]com
		relief4covid[.]com
		workaftercovid[.]com
		beatvirusnews[.]com

50.63.202.51	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 9
		coronavirusbusiness[.]net
		disinfectcoronas[.]com
		sbacoronahelp[.]com
		covid19dfwcare[.]com
		covid19psychologist[.]com
		covids[.]life
		mycovid-19risk[.]com
		healthcareworkervirusinjury[.]com
		viruscreme[.]com

162.241.2.39	ASN: 46606	Country: US	UNIFIEDLAYER-AS-1 - Unified Layer
	Domain Names: 1
		coronaviruscasosmexico[.]com

50.63.202.32	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 13
		coronavirusclassactionattorney[.]com
		coronavirusdisease2019pandemic[.]com
		savemyhomefromcoronavirus[.]com
		the-corona-busters[.]com
		covid19hands[.]com
		covid19survivor2020[.]com
		covid19viruslegalteams[.]com
		covidcupcakes[.]com
		covidz[.]world
		i-trackcovid19[.]com
		virusbarriers[.]com
		virussuds[.]com
		virusverify[.]com

50.63.202.61	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 19
		coronaviruscleaningexperts[.]com
		selectcoronarelief[.]com
		uscoronavirusptsd[.]com
		wildcorona[.]com
		buycovid19mask[.]com
		certifiedfreeofcovid19[.]com
		covid-19immunetest[.]com
		covid-19isgone[.]com
		covid19-cruise-lawsuit[.]com
		covidassistancenow[.]com
		covidcashnow[.]com
		covidreliefnow[.]com
		covidresponse[.]team
		decalscovid-19[.]com
		nowcovid19relief[.]com
		phtcccovid19[.]com
		wecleannyccovid-19[.]com
		virusmedian[.]com
		virusprotectionclub[.]com

50.63.202.58	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 13
		coronaviruscoalition[.]com
		coronavirusmaps[.]world
		coronavirussurivor[.]com
		covid-19suppliers[.]com
		covid19classactionattorneys[.]com
		covid19deniedclaim[.]com
		covid19employerlawsuits[.]com
		covidnewmexico[.]com
		cuts4covid[.]com
		ourprojectcovid[.]com
		thecovid-19forum[.]com
		uscovid19memorial[.]com
		wtfcovid-19[.]com

160.153.133.162	ASN: 21501	Country: DE	MAINLAB-AS Autonomous System formerly Mainlab GmbH, Germany
	Domain Names: 1
		coronaviruscovid-19prevention[.]com

78.141.193.184	ASN: 20473	Country: US	AS-CHOOPA - Choopa, LLC
	Domain Names: 1
		coronaviruscy[.]com

67.225.165.30	ASN: 32244	Country: US	LIQUIDWEB - Liquid Web, L.L.C
	Domain Names: 1
		coronavirusdiaries[.]net

41.203.18.177	ASN: 37153	Country: ZA	HETZNER
	Domain Names: 1
		coronavirusdojo[.]com

184.168.221.60	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 12
		coronavirusfloridaattorneys[.]com
		help4coronavictims[.]com
		laidoffcoronahelp[.]com
		covid-19attorney[.]net
		covid-19realtor[.]com
		covid-fix[.]com
		covid19workerslawsuits[.]com
		covidpointofcare[.]net
		covidslogan[.]com
		covidz[.]today
		mycovidskill[.]com
		recoverfromcovid19[.]com

184.168.221.53	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 10
		coronavirusforcemajeurelaw[.]com
		uscoronamask[.]com
		covid19bailoutloanagents[.]com
		covid19disasterloanassistance[.]com
		covid19employeelawsuitscom[.]com
		covid19helpnow[.]com
		covid19releaf[.]com
		covidboise[.]com
		covidfactory[.]com
		covidproofed[.]com

192.64.119.243	ASN: 22612	Country: US	NAMECHEAP-NET - Namecheap, Inc.
	Domain Names: 1
		coronavirusholiday[.]com

184.168.221.63	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 12
		coronavirusisgone[.]com
		kickcoronastache[.]com
		rehabcoronavirus[.]com
		brokefromcovid[.]com
		covid-19marriagecounseling[.]com
		covid19claimhelp[.]com
		covid2020relief[.]com
		covidmalls[.]com
		covids[.]solutions
		covidtaxdollars[.]com
		lubbockcovid19[.]com
		prisonology-covid19[.]com

81.17.18.196	ASN: 51852	Country: CH	PLI-AS
	Domain Names: 2
		coronaviruslivenow[.]com
		covidivisualizer[.]com

198.57.189.35	ASN: 46606	Country: US	UNIFIEDLAYER-AS-1 - Unified Layer
	Domain Names: 1
		coronavirusmag[.]com

217.76.156.252	ASN: 8560	Country: DE	ONEANDONE-AS Brauerstrasse 48
	Domain Names: 1
		coronavirusmakers-cr[.]com

173.236.226.161	ASN: 26347	Country: US	DREAMHOST-AS - New Dream Network, LLC
	Domain Names: 1
		coronavirusmeditation[.]club

91.195.240.103	ASN: 47846	Country: DE	SEDO-AS
	Domain Names: 4
		coronavirusmillionaire[.]com
		covid-19millionaire[.]com
		covid19millionaire[.]com
		wuhanvirusmillionaire[.]com

173.236.176.216	ASN: 26347	Country: US	DREAMHOST-AS - New Dream Network, LLC
	Domain Names: 1
		coronaviruspreparers[.]com

54.84.104.245	ASN: 14618	Country: US	AMAZON-AES - Amazon.com, Inc.
	Domain Names: 1
		coronaviruspropertyservices[.]com

38.113.1.97	ASN: 174	Country: US	COGENT-174 - Cogent Communications
	Domain Names: 2
		coronavirusradio[.]net
		covid19radio[.]net

50.76.127.155	ASN: 7922	Country: US	COMCAST-7922 - Comcast Cable Communications, LLC
	Domain Names: 1
		coronavirusscrubbers[.]com

192.64.119.202	ASN: 22612	Country: US	NAMECHEAP-NET - Namecheap, Inc.
	Domain Names: 1
		coronavirustestschedule[.]com

50.63.202.72	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 1
		coronavirustestsondemand[.]com

208.91.197.91	ASN: 40034	Country: VG	CONFLUENCE-NETWORK-INC - Confluence Networks Inc
	Domain Names: 3
		coronaviruzindia[.]com
		combatcovid[.]net
		covid19smbsurvey[.]com

81.17.18.194	ASN: 51852	Country: CH	PLI-AS
	Domain Names: 3
		coronaviusa[.]com
		covid19assistanceatmortgagefamily[.]com
		covid19vizualizer[.]com

67.225.222.21	ASN: 32244	Country: US	LIQUIDWEB - Liquid Web, L.L.C
	Domain Names: 1
		coronawaitress[.]com

150.95.255.38	ASN: 7506	Country: JP	INTERQ GMO Internet,Inc
	Domain Names: 5
		coronawari[.]com
		covid19-2021[.]com
		covid19-tokyo[.]com
		covid19-who[.]com
		covid19-who[.]net

82.194.68.40	ASN: 16371	Country: ES	ACENS_AS (Spain) Hosting, housing and VPN services
	Domain Names: 1
		coronayudas[.]com

31.11.33.88	ASN: 31034	Country: IT	ARUBA-ASN
	Domain Names: 4
		dannicoronavirus[.]com
		dannicovid19[.]com
		difesamedicicovid19[.]com
		risarcimentodannicovid19[.]com

195.149.114.22	ASN: 31044	Country: UA	NICUA-AS
	Domain Names: 1
		decoronameron[.]com

52.7.5.208	ASN: 14618	Country: US	AMAZON-AES - Amazon.com, Inc.
	Domain Names: 1
		djibouti-coronavirus[.]com

62.149.128.166	ASN: 31034	Country: IT	ARUBA-ASN
	Domain Names: 4
		drugscoronavirus[.]com
		19viruscovid[.]com
		curemycovid[.]com
		victimscovid19memorial[.]cloud

52.54.67.235	ASN: 14618	Country: US	AMAZON-AES - Amazon.com, Inc.
	Domain Names: 1
		epidemiccorona[.]com

195.110.124.133	ASN: 39729	Country: IT	REGISTER-AS
	Domain Names: 16
		fastestcoronavirus[.]com
		newtestcoronavirus[.]com
		safetytestcoronavirus[.]com
		safetyvaccinecoronavirus[.]com
		securevaccinecoronavirus[.]com
		aiutocovid[.]club
		covidexitstrategy[.]com
		covidiciannove[.]com
		incentivicovid19[.]com
		mistercovid[.]club
		mistercovid[.]com
		newtestcovid-19[.]com
		swabscovid-19[.]com
		swabscovid19[.]com
		waycovid[.]com
		fastestcorinavirus[.]com

107.161.23.204	ASN: 3842	Country: US	RAMNODE - RamNode LLC
	Domain Names: 3
		flatcorona[.]com
		covidtask[.]com
		fearisavirus[.]com

217.76.128.34	ASN: 8560	Country: DE	ONEANDONE-AS Brauerstrasse 48
	Domain Names: 4
		formacioncoronavirus[.]com
		gripecoronavirus[.]net
		indemnizacionesafectadoscoronavirus[.]com
		indemnizacionesafectadoscovid19[.]com

151.101.1.195	ASN: 54113	Country: US	FASTLY - Fastly
	Domain Names: 2
		gocoronago[.]run
		covid19byday[.]com

217.76.142.203	ASN: 8560	Country: DE	ONEANDONE-AS Brauerstrasse 48
	Domain Names: 1
		gripecoronavirus[.]com

192.0.78.25	ASN: 2635	Country: US	AUTOMATTIC - Automattic, Inc
	Domain Names: 5
		infocoronavirusindustriamusical[.]net
		2072covid[.]net
		heartofcovid[.]com
		lagunawoodsvillagecovid19[.]com
		sjmocovid[.]com

45.39.158.166	ASN: 18779	Country: US	EGIHOSTING - EGIHosting
	Domain Names: 1
		infraredthermometercoronavirus[.]com

91.216.107.49	ASN: 16347	Country: FR	RMI-FITECH
	Domain Names: 1
		initiativecoronavirusisolation[.]com

176.126.172.102	ASN: 5588	Country: CZ	GTSCE GTS Central Europe / Antel Germany
	Domain Names: 1
		itscoronatime[.]wtf

94.152.13.55	ASN: 29522	Country: PL	KEI
	Domain Names: 1
		ivonacorona[.]com

103.241.24.98	ASN: 58820	Country: ID	IDNIC-PTAMI-AS-ID PT Apik Media Inovasi
	Domain Names: 1
		jeparalawancorona[.]com

184.168.221.44	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 11
		kickcoronasstache[.]com
		covid-survey[.]com
		covid19brigade[.]net
		covid19freebusinesses[.]com
		covid19law[.]biz
		covid19percapita[.]com
		covid19smallbiz[.]com
		covidrhodeisland[.]com
		dollars4covidvictims[.]com
		shcovid[.]com
		testforcovid19now[.]com

134.209.157.211	ASN: 14061	Country: US	DIGITALOCEAN-ASN - DigitalOcean, LLC
	Domain Names: 1
		kickoffcorona[.]com

62.149.128.160	ASN: 31034	Country: IT	ARUBA-ASN
	Domain Names: 1
		lockdowncoronavirus[.]com

81.169.145.74	ASN: 6724	Country: DE	STRATO STRATO AG
	Domain Names: 1
		maparealdelcoronavirus[.]com

130.185.109.77	ASN: 51191	Country: DE	XIRRA
	Domain Names: 3
		mc-corona[.]com
		mc-covid-19[.]com
		mc-covid[.]com

185.104.28.238	ASN: 206281	Country: NL	AS-ZXCS
	Domain Names: 1
		moveagainstcorona[.]com

134.119.234.216	ASN: 8972	Country: DE	GD-EMEA-DC-SXB1
	Domain Names: 1
		mundschutz-corona[.]com

217.26.50.131	ASN: 29097	Country: CH	HOSTPOINT-AS
	Domain Names: 1
		mycoronatrades[.]com

217.160.0.127	ASN: 8560	Country: DE	ONEANDONE-AS Brauerstrasse 48
	Domain Names: 1
		oneforfreevscorona[.]com

35.236.68.234	ASN: 15169	Country: US	GOOGLE - Google LLC
	Domain Names: 1
		onlinecoronavirushelpline[.]com

74.208.236.120	ASN: 8560	Country: DE	ONEANDONE-AS Brauerstrasse 48
	Domain Names: 1
		onlinecoronavirusmap[.]com

104.28.18.106	ASN: 13335	Country: US	CLOUDFLARENET - Cloudflare, Inc.
	Domain Names: 1
		ophthalmology-coronado[.]com

198.38.86.172	ASN: 23352	Country: US	SERVERCENTRAL - Server Central Network
	Domain Names: 1
		pakcorona[.]com

194.9.94.85	ASN: 39570	Country: SE	LOOPIA
	Domain Names: 1
		pandemiccorona2020[.]com

209.99.64.33	ASN: 40034	Country: VG	CONFLUENCE-NETWORK-INC - Confluence Networks Inc
	Domain Names: 2
		pimpmycorona[.]com
		postcoronavirussyndrome[.]com

35.208.99.44	ASN: 19527	Country: US	GOOGLE-2 - Google LLC
	Domain Names: 1
		planetcoronavirus[.]com

104.27.145.189	ASN: 13335	Country: US	CLOUDFLARENET - Cloudflare, Inc.
	Domain Names: 1
		poker-corona[.]com

23.227.38.32	ASN: 13335	Country: US	CLOUDFLARENET - Cloudflare, Inc.
	Domain Names: 15
		preventcoronakit[.]com
		covid-bedarf[.]com
		covid95mask[.]com
		covidrebel[.]com
		cubrebocascovid[.]com
		customcovid[.]com
		postcovidfest[.]com
		storecovid[.]com
		supplycovid-19[.]com
		thecovid19essentials[.]com
		tobyspreadcovid19[.]com
		getvirusfree[.]com
		sabaoantivirus[.]com
		shopantivirusmasks[.]com
		virusgenix[.]com

104.27.148.126	ASN: 13335	Country: US	CLOUDFLARENET - Cloudflare, Inc.
	Domain Names: 1
		rassdcorona[.]com

217.160.0.78	ASN: 8560	Country: DE	ONEANDONE-AS Brauerstrasse 48
	Domain Names: 1
		reclamacioncoronavirus[.]net

192.0.78.24	ASN: 2635	Country: US	AUTOMATTIC - Automattic, Inc
	Domain Names: 4
		rochestercoronavirusinfo[.]com
		soscorona[.]net
		covid-19sanitizers[.]com
		covidkw[.]com

217.160.0.123	ASN: 8560	Country: DE	ONEANDONE-AS Brauerstrasse 48
	Domain Names: 2
		salvoconductocoronavirus[.]com
		salvoconductocovid19[.]com

185.30.32.176	ASN: 48324	Country: DE	PROTECTED
	Domain Names: 2
		schutz-gegen-corona[.]com
		covid-19-schutz[.]com

81.169.145.148	ASN: 6724	Country: DE	STRATO STRATO AG
	Domain Names: 1
		schutzmittel-corona[.]com

173.236.170.8	ASN: 26347	Country: US	DREAMHOST-AS - New Dream Network, LLC
	Domain Names: 1
		storiesfromcorona[.]com

192.185.0.218	ASN: 46606	Country: US	UNIFIEDLAYER-AS-1 - Unified Layer
	Domain Names: 4
		swdenanticorona[.]net
		covidkn95[.]com
		ppecovid[.]com
		ricovidarchive[.]com

195.201.179.80	ASN: 24940	Country: DE	HETZNER-AS
	Domain Names: 1
		thecorona[.]world

104.27.134.218	ASN: 13335	Country: US	CLOUDFLARENET - Cloudflare, Inc.
	Domain Names: 1
		thecoronadata[.]com

37.202.4.189	ASN: 15817	Country: DE	MITTWALD-AS Mittwald CM Service GmbH und Co. KG
	Domain Names: 1
		thecoronaoptimist[.]com

104.248.13.28	ASN: 14061	Country: US	DIGITALOCEAN-ASN - DigitalOcean, LLC
	Domain Names: 1
		thecoronavirusinsider[.]com

160.153.73.162	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 1
		thecovid-19coronavirus[.]com

74.220.199.14	ASN: 46606	Country: US	UNIFIEDLAYER-AS-1 - Unified Layer
	Domain Names: 1
		thepeoplescoronadiary[.]com

104.24.124.39	ASN: 13335	Country: US	CLOUDFLARENET - Cloudflare, Inc.
	Domain Names: 1
		thermometer-coronavirus[.]com

217.76.128.47	ASN: 8560	Country: DE	ONEANDONE-AS Brauerstrasse 48
	Domain Names: 1
		trendsincoronavirus[.]com

52.58.78.16	ASN: 16509	Country: US	AMAZON-02 - Amazon.com, Inc.
	Domain Names: 1
		un-corona[.]com

104.31.89.14	ASN: 13335	Country: US	CLOUDFLARENET - Cloudflare, Inc.
	Domain Names: 1
		withoutcoronavirus[.]com

13.249.127.18	ASN: 16509	Country: US	AMAZON-02 - Amazon.com, Inc.
	Domain Names: 1
		xocoronavirus[.]com

217.76.128.35	ASN: 8560	Country: DE	ONEANDONE-AS Brauerstrasse 48
	Domain Names: 1
		alianzacovid19[.]com

104.27.160.44	ASN: 13335	Country: US	CLOUDFLARENET - Cloudflare, Inc.
	Domain Names: 1
		amisurvivingcovid19[.]com

66.96.162.132	ASN: 29873	Country: US	BIZLAND-SD - The Endurance International Group, Inc.
	Domain Names: 1
		angelscovid19[.]com

217.198.114.186	ASN: 34222	Country: CZ	ZONER-AS
	Domain Names: 1
		anticovidrespiration[.]com

217.160.0.66	ASN: 8560	Country: DE	ONEANDONE-AS Brauerstrasse 48
	Domain Names: 2
		asacovid-19[.]com
		asacovid19[.]com

116.90.59.144	ASN: 55803	Country: AU	DIGITALPACIFIC-AU Digital Pacific Pty Ltd Australia
	Domain Names: 1
		aukiwi-covid19-help[.]center

72.249.57.170	ASN: 36024	Country: US	AS-TIERP-36024 - TierPoint, LLC
	Domain Names: 1
		autoevaluacioncovid19[.]com

192.185.57.77	ASN: 46606	Country: US	UNIFIEDLAYER-AS-1 - Unified Layer
	Domain Names: 1
		azcovidproject[.]com

170.249.143.133	ASN: 30102	Country: US	BALDWIN - Baldwin County Commission
	Domain Names: 1
		baldwincovid[.]com

208.113.184.63	ASN: 26347	Country: US	DREAMHOST-AS - New Dream Network, LLC
	Domain Names: 1
		begonecovid19[.]com

74.208.236.41	ASN: 8560	Country: DE	ONEANDONE-AS Brauerstrasse 48
	Domain Names: 1
		bestcovidfacemask[.]com

66.96.162.146	ASN: 29873	Country: US	BIZLAND-SD - The Endurance International Group, Inc.
	Domain Names: 23
		bookmycovid19test[.]com
		bookmycovid19testkit[.]com
		bookmytestcovid19[.]com
		euro2020-covid19[.]com
		fifa-covid19[.]com
		fifacovid19[.]com
		formula1-covid19[.]com
		formula1covid19[.]com
		mlb-covid19[.]com
		mlbcovid19[.]com
		nba-covid19[.]com
		nfl-covid19[.]com
		nflcovid19[.]com
		olympics-covid19[.]com
		olympicscovid19[.]com
		pgatour-covid19[.]com
		pgatourcovid19[.]com
		rolandgarros-covid19[.]com
		rolandgarroscovid19[.]com
		tomorrowland-covid19[.]com
		tomorrowlandcovid19[.]com
		uefa-covid19[.]com
		uefacovid19[.]com

81.16.28.165	ASN: 47583	Country: LT	AS-HOSTINGER
	Domain Names: 1
		cameroonhelpcovid19[.]com

50.63.202.62	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 11
		canadasurvivedcovid19[.]com
		covid-19bc[.]com
		coviddoctor[.]net
		covidfine[.]com
		covidmississippi[.]com
		covidpennsylvania[.]com
		sbarelief4covid[.]com
		taxcreditscovid19[.]com
		thecovid-19blog[.]com
		bybyvirus[.]com
		virusdoor[.]com

199.34.228.79	ASN: 27647	Country: US	WEEBLY - Weebly, Inc.
	Domain Names: 1
		ccfcovid19resources[.]com

104.16.13.194	ASN: 13335	Country: US	CLOUDFLARENET - Cloudflare, Inc.
	Domain Names: 1
		cffcovidspecial[.]net

47.241.1.184	ASN: 45102	Country: CN	CNNIC-ALIBABA-US-NET-AP Alibaba (US) Technology Co., Ltd.
	Domain Names: 1
		claimback-covid-19[.]com

66.96.132.100	ASN: 29873	Country: US	BIZLAND-SD - The Endurance International Group, Inc.
	Domain Names: 4
		cleaningcovid-19orlando[.]com
		covid-19disinfectingorlando[.]com
		covid-19floridacleaning[.]com
		floridacovid-19[.]com

203.151.233.116	ASN: 4618	Country: TH	INET-TH-AS Internet Thailand Company Limited
	Domain Names: 1
		clearcovid19huahin[.]com

109.234.164.76	ASN: 50474	Country: FR	O2SWITCH
	Domain Names: 1
		coopcovid19[.]net

198.143.149.147	ASN: 32475	Country: US	SINGLEHOP-LLC - SingleHop, Inc.
	Domain Names: 1
		corpuscovidsupplies[.]com

188.40.223.86	ASN: 24940	Country: DE	HETZNER-AS
	Domain Names: 1
		covid-19-af[.]com

31.24.129.53	ASN: 29486	Country: DE	WEBHUSET-AS
	Domain Names: 1
		covid-19-atsea[.]com

185.151.30.148	ASN: 48254	Country: GB	OSS-URAL-AS
	Domain Names: 1
		covid-19-bolivia[.]com

95.173.102.23	ASN: 15657	Country: DE	SPEEDBONE-AS
	Domain Names: 1
		covid-19-infos[.]com

31.24.129.59	ASN: 29486	Country: DE	WEBHUSET-AS
	Domain Names: 2
		covid-19-onboard[.]com
		covid-19atsea[.]com

2.57.89.36	ASN: 47583	Country: LT	AS-HOSTINGER
	Domain Names: 1
		covid-19-support[.]com

188.93.150.34	ASN: 59980	Country: NL	MIJNDOMEIN
	Domain Names: 1
		covid-19-tax[.]com

176.31.149.194	ASN: 16276	Country: FR	OVH
	Domain Names: 3
		covid-19-virusdellapaura[.]com
		covid-19psicosivirale[.]com
		covid-19virusdellapaura[.]com

31.24.129.62	ASN: 29486	Country: DE	WEBHUSET-AS
	Domain Names: 1
		covid-19onboard[.]com

74.220.199.6	ASN: 46606	Country: US	UNIFIEDLAYER-AS-1 - Unified Layer
	Domain Names: 1
		covid-19physdis[.]com

206.188.192.251	ASN: 55002	Country: US	DEFENSE-NET - Defense.Net, Inc
	Domain Names: 1
		covid-19unionrights[.]com

66.96.162.129	ASN: 29873	Country: US	BIZLAND-SD - The Endurance International Group, Inc.
	Domain Names: 1
		covid-19viruslitigation[.]com

91.239.200.38	ASN: 43541	Country: CZ	VSHOSTING
	Domain Names: 1
		covid-bubbles[.]com

185.199.108.153	ASN: 54113	Country: US	FASTLY - Fastly
	Domain Names: 1
		covid-factsheet[.]com

208.91.197.27	ASN: 40034	Country: VG	CONFLUENCE-NETWORK-INC - Confluence Networks Inc
	Domain Names: 2
		covid-kids[.]net
		covid19loansupport[.]com

64.90.51.87	ASN: 26347	Country: US	DREAMHOST-AS - New Dream Network, LLC
	Domain Names: 1
		covid-line[.]com

66.165.248.146	ASN: 29802	Country: US	HVC-AS - HIVELOCITY VENTURES CORP
	Domain Names: 1
		covid-taskforce[.]com

27.254.67.75	ASN: 9891	Country: TH	CSLOX-IDC-AS-AP CS LOXINFO Public Company Limited.
	Domain Names: 1
		covid-th[.]com

3.19.155.149	ASN: 16509	Country: US	AMAZON-02 - Amazon.com, Inc.
	Domain Names: 3
		covid-trump[.]com
		covidpresident[.]com
		love-in-the-time-of-covid19[.]com

165.160.15.20	ASN: 19574	Country: US	CSC - Corporation Service Company
	Domain Names: 4
		covid-unicredit[.]com
		covidunicredit[.]net
		unicredit-covid[.]com
		unicreditcovid[.]net

165.160.13.20	ASN: 19574	Country: US	CSC - Corporation Service Company
	Domain Names: 4
		covid-unicredit[.]net
		covidunicredit[.]com
		unicredit-covid[.]net
		unicreditcovid[.]com

35.196.196.42	ASN: 15169	Country: US	GOOGLE - Google LLC
	Domain Names: 2
		covid[.]sydney
		covidstatsus[.]com

87.98.239.5	ASN: 16276	Country: FR	OVH
	Domain Names: 1
		covid19-fighters[.]com

204.93.197.59	ASN: 23352	Country: US	SERVERCENTRAL - Server Central Network
	Domain Names: 1
		covid19-flulogger[.]com

217.26.48.101	ASN: 29097	Country: CH	HOSTPOINT-AS
	Domain Names: 1
		covid19-history[.]com

69.163.233.61	ASN: 26347	Country: US	DREAMHOST-AS - New Dream Network, LLC
	Domain Names: 2
		covid19-lending[.]com
		covid19-unemployment[.]com

78.47.43.116	ASN: 24940	Country: DE	HETZNER-AS
	Domain Names: 1
		covid19-plano-contingencia[.]com

66.206.24.242	ASN: 29802	Country: US	HVC-AS - HIVELOCITY VENTURES CORP
	Domain Names: 1
		covid19-pro[.]com

104.18.37.3	ASN: 13335	Country: US	CLOUDFLARENET - Cloudflare, Inc.
	Domain Names: 1
		covid19-sxm[.]com

92.222.139.156	ASN: 16276	Country: FR	OVH
	Domain Names: 1
		covid19-temoignages[.]com

66.235.200.145	ASN: 13335	Country: US	CLOUDFLARENET - Cloudflare, Inc.
	Domain Names: 1
		covid19-updated[.]com

37.97.254.27	ASN: 20857	Country: NL	TRANSIP-AS Amsterdam, the Netherlands
	Domain Names: 2
		covid19-vrij[.]com
		meetcovid[.]com

217.116.0.182	ASN: 16371	Country: ES	ACENS_AS (Spain) Hosting, housing and VPN services
	Domain Names: 1
		covid19afectados[.]com

54.72.9.51	ASN: 16509	Country: US	AMAZON-02 - Amazon.com, Inc.
	Domain Names: 2
		covid19analyser[.]com
		covid19analyzer[.]com

31.24.129.48	ASN: 29486	Country: DE	WEBHUSET-AS
	Domain Names: 1
		covid19atsea[.]com

104.26.8.145	ASN: 13335	Country: US	CLOUDFLARENET - Cloudflare, Inc.
	Domain Names: 1
		covid19bakersfield[.]com

66.96.160.157	ASN: 29873	Country: US	BIZLAND-SD - The Endurance International Group, Inc.
	Domain Names: 2
		covid19buysupplies[.]com
		covidnorth[.]com

217.160.0.250	ASN: 8560	Country: DE	ONEANDONE-AS Brauerstrasse 48
	Domain Names: 1
		covid19carservice[.]com

50.63.202.88	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 1
		covid19chek[.]com

104.28.27.106	ASN: 13335	Country: US	CLOUDFLARENET - Cloudflare, Inc.
	Domain Names: 1
		covid19cm[.]com

166.62.28.95	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 1
		covid19count[.]life

64.20.63.204	ASN: 19318	Country: US	NJIIX-AS-1 - NEW JERSEY INTERNATIONAL INTERNET EXCHANGE LLC
	Domain Names: 1
		covid19crisishelp[.]com

13.249.102.102	ASN: 16509	Country: US	AMAZON-02 - Amazon.com, Inc.
	Domain Names: 1
		covid19cuisines[.]com

145.131.10.247	ASN: 8315	Country: NL	AMSIO
	Domain Names: 1
		covid19cyber[.]com

34.193.204.92	ASN: 14618	Country: US	AMAZON-AES - Amazon.com, Inc.
	Domain Names: 2
		covid19emergencyfacemask[.]com
		masscovidtracker[.]com

185.114.108.15	ASN: 24961	Country: DE	MYLOC-AS
	Domain Names: 1
		covid19frequency[.]com

163.43.87.180	ASN: 9370	Country: JP	SAKURA-B SAKURA Internet Inc.
	Domain Names: 1
		covid19jc[.]com

34.90.76.137	ASN: 15169	Country: US	GOOGLE - Google LLC
	Domain Names: 1
		covid19last[.]com

104.27.130.73	ASN: 13335	Country: US	CLOUDFLARENET - Cloudflare, Inc.
	Domain Names: 1
		covid19live[.]today

192.185.226.160	ASN: 46606	Country: US	UNIFIEDLAYER-AS-1 - Unified Layer
	Domain Names: 1
		covid19live[.]world

45.56.114.98	ASN: 63949	Country: US	LINODE-AP Linode, LLC
	Domain Names: 1
		covid19lookup[.]com

108.167.172.191	ASN: 46606	Country: US	UNIFIEDLAYER-AS-1 - Unified Layer
	Domain Names: 1
		covid19news[.]network

31.24.129.40	ASN: 29486	Country: DE	WEBHUSET-AS
	Domain Names: 1
		covid19onboard[.]com

35.214.51.171	ASN: 19527	Country: US	GOOGLE-2 - Google LLC
	Domain Names: 1
		covid19openforbusiness[.]com

103.67.235.120	ASN: 38719	Country: AU	DREAMSCAPE-AS-AP Dreamscape Networks Limited
	Domain Names: 3
		covid19rapidtestsydney[.]com
		rapidtestcovid19sydney[.]com
		rapidtestingcovid19[.]com

198.54.126.75	ASN: 22612	Country: US	NAMECHEAP-NET - Namecheap, Inc.
	Domain Names: 1
		covid19responsfund[.]com

157.112.176.2	ASN: 9371	Country: JP	SAKURA-C SAKURA Internet Inc.
	Domain Names: 1
		covid19sci[.]com

52.5.34.110	ASN: 14618	Country: US	AMAZON-AES - Amazon.com, Inc.
	Domain Names: 1
		covid19secrets[.]com

62.149.128.74	ASN: 31034	Country: IT	ARUBA-ASN
	Domain Names: 1
		covid19serum[.]net

66.96.162.144	ASN: 29873	Country: US	BIZLAND-SD - The Endurance International Group, Inc.
	Domain Names: 2
		covid19testprevention[.]com
		covidclaimsa[.]com

50.63.202.73	ASN: 38726	Country: VN	VTCDIGICOM-AS-VN VTC DIGICOM
	Domain Names: 1
		covid19testsondemand[.]com

98.124.199.50	ASN: 21740	Country: US	ENOMAS1 - eNom, Incorporated
	Domain Names: 1
		covid19teststudy[.]com

107.180.50.231	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 1
		covid19tracker[.]today

13.249.102.119	ASN: 16509	Country: US	AMAZON-02 - Amazon.com, Inc.
	Domain Names: 1
		covid19watch[.]net

217.160.0.3	ASN: 8560	Country: DE	ONEANDONE-AS Brauerstrasse 48
	Domain Names: 1
		covid19yahoraque[.]com

192.161.187.200	ASN: 8100	Country: US	ASN-QUADRANET-GLOBAL - QuadraNet, Inc
	Domain Names: 2
		covid20plus[.]com
		covidtasks[.]com

104.18.39.3	ASN: 13335	Country: US	CLOUDFLARENET - Cloudflare, Inc.
	Domain Names: 1
		covid4d[.]club

104.18.51.68	ASN: 13335	Country: US	CLOUDFLARENET - Cloudflare, Inc.
	Domain Names: 1
		covid4d[.]com

104.31.91.191	ASN: 13335	Country: US	CLOUDFLARENET - Cloudflare, Inc.
	Domain Names: 1
		covid4d[.]net

209.141.38.71	ASN: 53667	Country: US	PONYNET - FranTech Solutions
	Domain Names: 4
		covid4dummies[.]com
		covidsbafunding[.]com
		covidsbalending[.]com
		foxvirus[.]com

185.61.154.215	ASN: 22612	Country: US	NAMECHEAP-NET - Namecheap, Inc.
	Domain Names: 2
		covid939[.]com
		covidproject894[.]com

88.214.207.96	ASN: 46636	Country: US	NATCOWEB - NatCoWeb Corp.
	Domain Names: 1
		covidappeal[.]com

81.17.18.198	ASN: 51852	Country: CH	PLI-AS
	Domain Names: 4
		covidaxtnow[.]com
		covidreacking[.]com
		covidvidualizer[.]com
		pccoviduodate[.]com

66.96.162.147	ASN: 29873	Country: US	BIZLAND-SD - The Endurance International Group, Inc.
	Domain Names: 1
		covidbabiesboom[.]com

40.86.86.144	ASN: 8075	Country: US	MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation
	Domain Names: 1
		covidbits[.]com

62.149.128.157	ASN: 31034	Country: IT	ARUBA-ASN
	Domain Names: 2
		covidblock[.]biz
		vaccinocovid[.]com

72.167.225.21	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 1
		covidbuzz[.]com

3.20.70.240	ASN: 16509	Country: US	AMAZON-02 - Amazon.com, Inc.
	Domain Names: 1
		covidcaregroup[.]com

5.39.10.93	ASN: 16276	Country: FR	OVH
	Domain Names: 1
		covidcause[.]com

184.168.221.75	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 1
		covidchek[.]com

206.189.178.173	ASN: 14061	Country: US	DIGITALOCEAN-ASN - DigitalOcean, LLC
	Domain Names: 1
		covidcoalition[.]net

157.245.130.6	ASN: 14061	Country: US	DIGITALOCEAN-ASN - DigitalOcean, LLC
	Domain Names: 1
		covidcount[.]club

51.15.75.238	ASN: 12876	Country: FR	AS12876
	Domain Names: 1
		covidcyphers[.]com

217.160.0.26	ASN: 8560	Country: DE	ONEANDONE-AS Brauerstrasse 48
	Domain Names: 1
		coviddentistry[.]com

64.37.62.203	ASN: 33182	Country: US	DIMENOC - HostDime.com, Inc.
	Domain Names: 1
		covidenmexico[.]com

68.65.122.205	ASN: 22612	Country: US	NAMECHEAP-NET - Namecheap, Inc.
	Domain Names: 1
		covidfreecheck[.]com

74.208.236.23	ASN: 8560	Country: DE	ONEANDONE-AS Brauerstrasse 48
	Domain Names: 1
		covidfreelove[.]com

98.137.244.37	ASN: 36647	Country: US	YAHOO-GQ1 - Yahoo
	Domain Names: 1
		covidgamers[.]net

3.19.116.243	ASN: 16509	Country: US	AMAZON-02 - Amazon.com, Inc.
	Domain Names: 1
		covidglobalstats[.]com

74.208.215.125	ASN: 8560	Country: DE	ONEANDONE-AS Brauerstrasse 48
	Domain Names: 1
		covidgradesanitizer[.]com

13.127.151.145	ASN: 16509	Country: US	AMAZON-02 - Amazon.com, Inc.
	Domain Names: 1
		covidheatmaps[.]com

81.88.48.71	ASN: 39729	Country: IT	REGISTER-AS
	Domain Names: 4
		covidiane-20[.]com
		covidiane-20[.]net
		covidiane20[.]com
		covidiane20[.]net

192.64.147.249	ASN: 19867	Country: US	VOODOO1 - Voodoo.com, Inc
	Domain Names: 1
		covidill[.]com

66.96.147.102	ASN: 29873	Country: US	BIZLAND-SD - The Endurance International Group, Inc.
	Domain Names: 1
		covidinfo[.]center

69.163.162.143	ASN: 26347	Country: US	DREAMHOST-AS - New Dream Network, LLC
	Domain Names: 1
		covidiot-count[.]com

74.208.43.66	ASN: 8560	Country: DE	ONEANDONE-AS Brauerstrasse 48
	Domain Names: 1
		covidiotsthemovie[.]com

62.233.121.61	ASN: 20860	Country: GB	IOMART-AS
	Domain Names: 2
		covidlifesurvey[.]com
		covidlifesurvey[.]net

184.168.221.38	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 4
		covidmaine[.]com
		covidvirusppe[.]com
		thecovid19brigade[.]com
		b2bvirussolutionscpm[.]com

103.42.108.46	ASN: 45638	Country: AU	SYNERGYWHOLESALE-AP SYNERGY WHOLESALE PTY LTD
	Domain Names: 1
		covidmedbot[.]com

198.50.252.64	ASN: 16276	Country: FR	OVH
	Domain Names: 2
		covidmedcheck[.]com
		hkcovid-19[.]com

94.254.58.36	ASN: 8473	Country: SE	BAHNHOF http://www.bahnhof.net/
	Domain Names: 1
		covidmeeting[.]com

185.243.183.13	ASN: 43260	Country: TR	DGN
	Domain Names: 1
		covidmetin2[.]com

78.142.210.2	ASN: 209853	Country: TR	AS209853
	Domain Names: 1
		covidmetric[.]com

81.169.145.95	ASN: 6724	Country: DE	STRATO STRATO AG
	Domain Names: 1
		covidnyl[.]com

108.179.243.219	ASN: 46606	Country: US	UNIFIEDLAYER-AS-1 - Unified Layer
	Domain Names: 1
		covidol-3[.]com

74.208.236.233	ASN: 8560	Country: DE	ONEANDONE-AS Brauerstrasse 48
	Domain Names: 1
		covidosed[.]com

184.168.221.68	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 1
		covidpoct[.]com

122.201.127.81	ASN: 38719	Country: AU	DREAMSCAPE-AS-AP Dreamscape Networks Limited
	Domain Names: 1
		covidproject965[.]com

81.17.18.195	ASN: 51852	Country: CH	PLI-AS
	Domain Names: 1
		covidracking[.]com

119.59.120.132	ASN: 56067	Country: TH	METRABYTE-TH 453 Ladplacout Jorakhaebua
	Domain Names: 1
		covidsakidthai[.]com

43.225.53.108	ASN: 394695	Country: US	PUBLIC-DOMAIN-REGISTRY - PDR
	Domain Names: 1
		covidsimpact[.]com

104.27.139.121	ASN: 13335	Country: US	CLOUDFLARENET - Cloudflare, Inc.
	Domain Names: 1
		covidsro[.]com

184.164.141.130	ASN: 20454	Country: US	SSASN2 - SECURED SERVERS LLC
	Domain Names: 1
		covidstimuluscalc[.]com

198.185.159.144	ASN: 53831	Country: US	SQUARESPACE - Squarespace, Inc.
	Domain Names: 2
		covidstriketeam[.]com
		innovationforcovid[.]com

108.179.194.9	ASN: 46606	Country: US	UNIFIEDLAYER-AS-1 - Unified Layer
	Domain Names: 1
		covidsuministrosmedicos[.]com

50.63.202.81	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 1
		covidtestsondemand[.]com

199.59.242.153	ASN: 395082	Country: US	BODIS-NJ - Bodis, LLC
	Domain Names: 1
		covidtrackig[.]com

208.113.168.235	ASN: 26347	Country: US	DREAMHOST-AS - New Dream Network, LLC
	Domain Names: 1
		covidtxt[.]com

185.34.194.235	ASN: 197712	Country: ES	CDMON sistemes@cdmon.com
	Domain Names: 1
		covidvallescolabora[.]com

208.76.249.34	ASN: 21769	Country: US	AS-COLOAM - Colocation America Corporation
	Domain Names: 1
		cpapforcovid[.]com

162.255.119.202	ASN: 22612	Country: US	NAMECHEAP-NET - Namecheap, Inc.
	Domain Names: 1
		curacaocovid19[.]com

104.24.112.168	ASN: 13335	Country: US	CLOUDFLARENET - Cloudflare, Inc.
	Domain Names: 1
		datacovid-19[.]com

3.13.31.214	ASN: 16509	Country: US	AMAZON-02 - Amazon.com, Inc.
	Domain Names: 1
		dearcovid[.]com

165.22.230.124	ASN: 14061	Country: US	DIGITALOCEAN-ASN - DigitalOcean, LLC
	Domain Names: 1
		didcovidstop[.]com

162.241.218.214	ASN: 46606	Country: US	UNIFIEDLAYER-AS-1 - Unified Layer
	Domain Names: 2
		duringcovid19[.]com
		gethelpcovidoregon[.]com

217.160.0.21	ASN: 8560	Country: DE	ONEANDONE-AS Brauerstrasse 48
	Domain Names: 1
		equipoanticovid[.]com

103.145.227.118	ASN: 139456	Country: ID	AS139456
	Domain Names: 1
		exitcovid[.]com

103.224.182.246	ASN: 133618	Country: AU	TRELLIAN-AS-AP Trellian Pty. Limited
	Domain Names: 1
		facebookcovid19[.]com

35.208.104.111	ASN: 19527	Country: US	GOOGLE-2 - Google LLC
	Domain Names: 1
		flcovidupdates[.]com

217.160.0.103	ASN: 8560	Country: DE	ONEANDONE-AS Brauerstrasse 48
	Domain Names: 1
		foro-covid19[.]com

34.82.119.32	ASN: 15169	Country: US	GOOGLE - Google LLC
	Domain Names: 1
		forocovid19[.]com

104.24.98.197	ASN: 13335	Country: US	CLOUDFLARENET - Cloudflare, Inc.
	Domain Names: 1
		helpendcovid19[.]com

198.71.233.65	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 1
		helpinghand4covid19[.]com

81.171.195.201	ASN: 8426	Country: GB	CLARANET-AS ClaraNET LTD
	Domain Names: 1
		helpstopcovid19[.]life

103.131.50.226	ASN: 136851	Country: ID	IDNIC-COLO-AS-ID PT ARDETAMEDIA GLOBAL KOMPUTINDO
	Domain Names: 1
		herbalcovid19[.]com

184.168.221.77	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 1
		hometestforcovid19[.]com

116.202.200.182	ASN: 24940	Country: DE	HETZNER-AS
	Domain Names: 1
		hotline-covid-19[.]net

102.133.224.201	ASN: 8075	Country: US	MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation
	Domain Names: 1
		illovocovid19[.]com

144.208.64.173	ASN: 22611	Country: US	IMH-WEST - InMotion Hosting, Inc.
	Domain Names: 1
		killcovidqaltek[.]com

13.229.38.226	ASN: 16509	Country: US	AMAZON-02 - Amazon.com, Inc.
	Domain Names: 1
		kittestcovid19[.]com

104.18.62.63	ASN: 13335	Country: US	CLOUDFLARENET - Cloudflare, Inc.
	Domain Names: 1
		liveupdatecovid19[.]com

198.71.233.96	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 1
		majlcovid[.]com

185.81.4.203	ASN: 52030	Country: IT	SERVERPLAN-AS
	Domain Names: 2
		mascherineanticovid[.]com
		mascherineanticovid19[.]com

107.180.25.163	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 1
		mastercovidactualizacion[.]com

93.174.4.8	ASN: 48348	Country: ES	CLOUDBUILDERS
	Domain Names: 1
		mediadorescovid19[.]com

62.149.128.154	ASN: 31034	Country: IT	ARUBA-ASN
	Domain Names: 1
		medicalcovidsupplier[.]com

103.28.100.4	ASN: 132117	Country: TH	MOINET-AS-AP Ministry of Interior
	Domain Names: 1
		moicovid[.]com

167.114.126.57	ASN: 16276	Country: FR	OVH
	Domain Names: 1
		mu-covid[.]com

104.24.121.125	ASN: 13335	Country: US	CLOUDFLARENET - Cloudflare, Inc.
	Domain Names: 1
		mycovidodds[.]com

62.116.169.161	ASN: 15456	Country: DE	INTERNETX-AS
	Domain Names: 1
		nadal-covid[.]com

192.185.139.6	ASN: 46606	Country: US	UNIFIEDLAYER-AS-1 - Unified Layer
	Domain Names: 2
		ngtest-covid19-info[.]com
		statcovid[.]com

194.58.112.174	ASN: 197695	Country: RU	AS-REG
	Domain Names: 1
		nocovidvirus[.]com

199.34.228.159	ASN: 27647	Country: US	WEEBLY - Weebly, Inc.
	Domain Names: 1
		nyccovidrelief[.]com

104.19.240.93	ASN: 13335	Country: US	CLOUDFLARENET - Cloudflare, Inc.
	Domain Names: 1
		okccovid[.]com

156.67.222.128	ASN: 47583	Country: LT	AS-HOSTINGER
	Domain Names: 1
		pedulicovid19[.]net

112.78.2.48	ASN: 45538	Country: VN	ODS-AS-VN Online data services
	Domain Names: 1
		phongdichcovid[.]com

216.40.47.17	ASN: 15348	Country: CA	TUCOWS - Tucows.com Co.
	Domain Names: 1
		postcovid19ocs[.]com

162.241.61.23	ASN: 46606	Country: US	UNIFIEDLAYER-AS-1 - Unified Layer
	Domain Names: 1
		quarentenacovid-19[.]com

216.104.165.88	ASN: 10732	Country: US	TIERRANET - TierraNet Inc.
	Domain Names: 2
		quit4covid[.]com
		quitforcovid[.]com

217.160.0.116	ASN: 8560	Country: DE	ONEANDONE-AS Brauerstrasse 48
	Domain Names: 1
		rechtsberatung-covid19[.]com

87.239.8.18	ASN: 207647	Country: NL	INTENTION-AS
	Domain Names: 1
		saas4covid[.]com

185.199.111.153	ASN: 54113	Country: US	FASTLY - Fastly
	Domain Names: 1
		saasforcovid[.]com

166.62.27.148	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 1
		sarscov2-covid[.]com

173.236.225.31	ASN: 26347	Country: US	DREAMHOST-AS - New Dream Network, LLC
	Domain Names: 1
		sincasacovid19[.]com

206.188.192.60	ASN: 55002	Country: US	DEFENSE-NET - Defense.Net, Inc
	Domain Names: 1
		smallbusinesscovid19disasterrelief[.]com

162.210.70.23	ASN: 394695	Country: US	PUBLIC-DOMAIN-REGISTRY - PDR
	Domain Names: 1
		smartcovid19[.]com

23.111.145.18	ASN: 29802	Country: US	HVC-AS - HIVELOCITY VENTURES CORP
	Domain Names: 1
		socialvisacovid[.]com

77.104.132.234	ASN: 36351	Country: US	SOFTLAYER - SoftLayer Technologies Inc.
	Domain Names: 1
		solutionsforcovid-19[.]com

91.216.107.147	ASN: 16347	Country: FR	RMI-FITECH
	Domain Names: 1
		stop-covid19-ci[.]com

217.160.0.155	ASN: 8560	Country: DE	ONEANDONE-AS Brauerstrasse 48
	Domain Names: 1
		stopviruscovid19[.]com

132.148.230.42	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 1
		studentagainstcovid19[.]com

198.71.232.4	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 1
		supplyforcovid19[.]com

192.185.199.117	ASN: 46606	Country: US	UNIFIEDLAYER-AS-1 - Unified Layer
	Domain Names: 1
		survivingcovid2020[.]com

78.142.211.39	ASN: 209853	Country: TR	AS209853
	Domain Names: 1
		terapicovid19[.]com

89.40.174.146	ASN: 60087	Country: IT	ASSUPERNOVA
	Domain Names: 1
		test-covid19[.]net

185.253.212.22	ASN: 48707	Country: PL	GREENER-AS
	Domain Names: 1
		testsforcovid19[.]com

43.252.88.207	ASN: 17439	Country: IN	NETMAGIC-AP Netmagic Datacenter Mumbai
	Domain Names: 1
		thecovid19info[.]com

35.209.62.13	ASN: 19527	Country: US	GOOGLE-2 - Google LLC
	Domain Names: 1
		thecovid19lawgroup[.]com

35.232.188.105	ASN: 15169	Country: US	GOOGLE - Google LLC
	Domain Names: 1
		thecovidclaimer[.]com

70.40.220.135	ASN: 46606	Country: US	UNIFIEDLAYER-AS-1 - Unified Layer
	Domain Names: 1
		thecoviddashboard[.]com

23.92.22.245	ASN: 63949	Country: US	LINODE-AP Linode, LLC
	Domain Names: 1
		togetherwefightcovid[.]com

94.237.3.129	ASN: 202053	Country: FI	UPCLOUD
	Domain Names: 1
		trackcovid19ph[.]com

98.129.229.114	ASN: 53824	Country: US	LIQUIDWEB - Liquid Web, L.L.C
	Domain Names: 1
		txcovid[.]com

217.160.230.219	ASN: 8560	Country: DE	ONEANDONE-AS Brauerstrasse 48
	Domain Names: 1
		ukcovid19help[.]com

217.160.0.110	ASN: 8560	Country: DE	ONEANDONE-AS Brauerstrasse 48
	Domain Names: 1
		ukcovid19support[.]com

74.117.219.198	ASN: 53997	Country: US	DNC-HOLDINGS-INC - DNC Holdings, Inc.
	Domain Names: 3
		vasculitiscovid[.]com
		vasculitiscovid[.]net
		realpandemicviruses[.]com

104.248.50.87	ASN: 14061	Country: US	DIGITALOCEAN-ASN - DigitalOcean, LLC
	Domain Names: 1
		visualizecovid19[.]com

217.160.0.173	ASN: 8560	Country: DE	ONEANDONE-AS Brauerstrasse 48
	Domain Names: 1
		yosobrevivialcovid[.]com

52.9.66.109	ASN: 16509	Country: US	AMAZON-02 - Amazon.com, Inc.
	Domain Names: 1
		zipcovid[.]com

195.211.74.112	ASN: 51696	Country: NL	ANTAGONIST-AS
	Domain Names: 1
		antivirusproviders[.]com

217.160.223.203	ASN: 8560	Country: DE	ONEANDONE-AS Brauerstrasse 48
	Domain Names: 1
		antivirusscheibe[.]com

66.225.201.55	ASN: 23352	Country: US	SERVERCENTRAL - Server Central Network
	Domain Names: 4
		b2bvirussafesolutions[.]com
		virusbusterprograms[.]com
		virusfreeprograms[.]com
		virusfreesolution[.]com

184.168.221.71	ASN: 38726	Country: VN	VTCDIGICOM-AS-VN VTC DIGICOM
	Domain Names: 1
		beyondvirus[.]com

162.241.252.74	ASN: 46606	Country: US	UNIFIEDLAYER-AS-1 - Unified Layer
	Domain Names: 1
		ccp-virus[.]net

116.202.132.34	ASN: 24940	Country: DE	HETZNER-AS
	Domain Names: 1
		datavsvirus[.]com

54.154.44.39	ASN: 16509	Country: US	AMAZON-02 - Amazon.com, Inc.
	Domain Names: 1
		diariodeumvirus[.]com

102.134.56.89	ASN: 328543	Country: Unknown	AS328543
	Domain Names: 1
		fake-antivirus[.]com

69.172.201.153	ASN: 19324	Country: US	DOSARREST - Dosarrest Internet Security LTD
	Domain Names: 1
		mutatingvirus[.]com

77.32.223.236	ASN: 200484	Country: FR	SENDINBLUE-ASN
	Domain Names: 1
		myvirustesting[.]email

74.117.219.199	ASN: 53997	Country: US	DNC-HOLDINGS-INC - DNC Holdings, Inc.
	Domain Names: 2
		pandemic-virus[.]com
		viruskitsusa[.]com

162.255.119.222	ASN: 22612	Country: US	NAMECHEAP-NET - Namecheap, Inc.
	Domain Names: 1
		postvirusera[.]com

81.19.154.98	ASN: 38955	Country: AT	WORLD4YOU
	Domain Names: 2
		stop-virus-shop[.]com
		stopvirus-shop[.]com

176.126.165.32	ASN: 59684	Country: KG	ASHOSTER
	Domain Names: 1
		stopvirus[.]biz

176.122.159.103	ASN: 25820	Country: CA	IT7NET - IT7 Networks Inc
	Domain Names: 1
		treatmentvirus[.]com

192.64.119.123	ASN: 22612	Country: US	NAMECHEAP-NET - Namecheap, Inc.
	Domain Names: 1
		trumppvirus[.]com

50.63.202.91	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 1
		vanquishthevirus[.]com

87.236.16.9	ASN: 198610	Country: RU	BEGET-AS
	Domain Names: 1
		virus-antiseptik[.]com

50.63.202.68	ASN: 26496	Country: US	AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
	Domain Names: 1
		virusafeplace[.]com

35.214.181.191	ASN: 19527	Country: US	GOOGLE-2 - Google LLC
	Domain Names: 1
		virusalarms[.]com

173.231.209.32	ASN: 54641	Country: US	INMOTI-1 - InMotion Hosting, Inc.
	Domain Names: 1
		virusdatamaps[.]com

206.189.254.171	ASN: 14061	Country: US	DIGITALOCEAN-ASN - DigitalOcean, LLC
	Domain Names: 1
		virussanitizingproducts[.]com

162.255.119.160	ASN: 22612	Country: US	NAMECHEAP-NET - Namecheap, Inc.
	Domain Names: 1
		virusshow[.]com

192.185.20.88	ASN: 46606	Country: US	UNIFIEDLAYER-AS-1 - Unified Layer
	Domain Names: 1
		virustaticusa[.]com

35.214.141.28	ASN: 19527	Country: US	GOOGLE-2 - Google LLC
	Domain Names: 1
		virusypandemias[.]com

109.70.26.37	ASN: 48287	Country: RU	RU-SERVICE-AS
	Domain Names: 1
		withoutvirus[.]com

204.44.192.34	ASN: 8100	Country: US	ASN-QUADRANET-GLOBAL - QuadraNet, Inc
	Domain Names: 1
		worsethanvirus[.]com

++++++++++++++++++++++++++++++
Domains Registered on 31MAR2020
++++++++++++++++++++++++++++++

↧

Map It. Zap It. Covid-19 and Rural America #GoodCovidDomains

April 4, 2020, 7:36 am

≫ Next: SEC Suspends CoronaVirus Stock Pump-n-Dump Scammers

≪ Previous: Covid-19 / CoronaVirus Domains: a looming threat?

This post may seem off-topic for my regular cybercrime and cyber security readers, but these are unusual times. Regular readers know that part of what my team at the UAB Computer Forensics Research Lab has been working on is looking for scams and fraud related to Covid-19 / CoronaVirus. Part of that process has been watching for malicious or scammy emails (see "CAUCE Spamfighters Rally Aainst Corona Health Fraud Affiliate Programs") and part has been monitoring the creation of new domain names which MIGHT be used for fraud or scams ( see "Covid-19 / CoronaVirus Domains: A looming threat?") In that latter article, I encouraged people to share #GoodCovidDomains or #BadCovidDomains that they found.

Today I wanted to highlight a #GoodCovidDomain that is used by a project launched by some amazing UAB researchers.

HelpBeatCovid19.org :: MAP IT. ZAP IT.

The project asks people to complete a simple survey to determine if they have COVID-19 symptoms. Then it maps their responses to help identify areas where there may be an emerging cluster of COVID-19.

Dr. Sue Feldman directs the Health Informatics program at UAB, and is a fantastic leader in her space. She's been an R.N. for 30 years in some of the coolest and most high pressure environments in the US (I was joking with her once about how silly television shows were where doctors and nurses fly out in helicopters to accident scenes ... she said "no, that's what I used to do in Los Angeles!), and she has PhDs in both Information Technology and Education! We've worked together on some of her creative projects, such as teaching a cyber security tabletop exercise for future health care administrators as part of one of her classes.

Dr. Sarah Parcak is one of UAB's most famous scientists, best known as "the Space Archaeologist" for her ground-breaking work in using satellite imagery to uncover buried remnants of ancient civilizations. After being featured on BBC specials and winning the TED Prize and publishing an award-winning science book "Archaeology from Space" I was shocked to hear her say of this Covid-19 project "Its the coolest and most important thing I've ever done!" She brings her expertise in all things geo-spatial and Geographic Information Systems to a new focus area with this project. (@IndyFromSpace)

Their colleague Mohanraj Thirumalai worked for more than a decade as the Senior Web Developer at University of Illinois Chicago before getting a PhD in Management and Information Systems and moving to Alabama to be the Director of ICT at UAB/Lakeshore Research. He's also an Assistant Professor in the School of Health Professions.

In a state like mine, Alabama, we have a great disparity in ease-of-access to medical care and as a citizen, I am concerned about whether that may be allowing Covid-19 to spread without detection in rural parts of our state. When I look at this map, I ask myself "does this say that rural counties have a form or natural social distancing? Or does this say that they are entirely lacking in basic medical infrastructure and testing capability?"

Alabama Public Health on ArcGIS

I used the Alabama Department of Public Health’s data to see what testing and infection rates looked like on a county-by-county basis in Alabama. In our ten most populous counties, we have 965 cases with 5,658 people tested (as of 10PM 3APR2020).

In our thirty smallest counties, we have 133 cases with 858 people tested. Population-wise that isn’t as bad as it sounds. The combined population of our ten largest counties is 2.6 million people, while the thirty smallest counties have 534,000 people.

But it does point to scarcity of testing. Of those thirty smallest counties, most have had less than fifty people tested IN THE WHOLE COUNTY. (Bibb = 76, very likely in the prison there! Marion = 60, and Marengo = 65.) Ten counties have had LESS THAN TWENTY PEOPLE tested in their county.

Encourage your friends to go to HELPBEATCOVID19.org and report “how they are feeling” - whether sick or healthy! ESPECIALLY if you have contacts in our more rural parts of our state.

The project actually hopes to gather data from across the SouthEast, so despite my focus on Alabama, please do encourage anyone in "the SouthEast" to share information about this project with their friends.

As more data is gathered, UAB and their partners will be able to provide a more targeted response to Covid-19 in Alabama and across the SouthEast ... looking forward to seeing what emerges as we go from 10,000 participants to 100,000, to 200,000, to a million!

County statistics as of 03APR2020

County	Population	Infected	Tested	Dead	% Infected	% tested
Jefferson	658327	356	1920		.0541%	.2916%
Mobile	413590	103	652	5	.0249%	.1576%
Madison	342762	122	588	1	.0356%	.1715%
Montgomery	229293	61	448	1	.0266%	.1954%
Shelby	200983	112	535	4	.0557%	.2662%
Tuscaloosa	198694	41	556		.0206%	.2798%
Baldwin	190675	28	430	1	.0147%	.2255%
Lee	147808	99	190	3	.067%	.1285%
Morgan	120157	24	224		.02%	.1864%
Calhoun	117253	19	115		.0162%	.0981%
Etowah	104311	21	133	2	.0201%	.1275%
Houston	103298	12	118	1	.0116%	.1142%
Marshall	94413	17	134		.018%	.1419%
Lauderdale	92682	14	271	2	.0151%	.2924%
Limestone	87384	30	348		.0343%	.3982%
St. Clair	85167	23	134		.027%	.1573%
Talladega	81666	12	154		.0147%	.1886%
Elmore	80417	19	284		.0236%	.3532%
Cullman	80409	15	112	1	.0187%	.1393%
DeKalb	70977	10	109		.0141%	.1536%
Walker	66169	48	133		.0725%	.201%
Blount	57807	9	48		.0156%	.083%
Russell	57721	4	32		.0069%	.0554%
Autauga	55265	12	102		.0217%	.1846%
Colbert	54424	5	133		.0092%	.2444%
Jackson	53048	12	90	1	.0226%	.1697%
Coffee	51276	6	54		.0117%	.1053%
Dale	50348	1	51		.002%	.1013%
Chilton	43800	15	83		.0342%	.1895%
Dallas	42692	7	44		.0164%	.1031%
Tallapoosa	41157	20	46	1	.0486%	.1118%
Escambia	38070	2	50		.0053%	.1313%
Covington	37856	4	44		.0106%	.1162%
Chambers	34074	80	82	5	.2348%	.2407%
Lawrence	33777	4	91		.0118%	.2694%
Pike	33113	10	110		.0302%	.3322%
Franklin	31685	5	95		.0158%	.2998%
Marion	30538	16	60	2	.0524%	.1965%
Barbour	27232	1	21		.0037%	.0771%
Geneva	26969				.%	.%
Cherokee	26056	5	44		.0192%	.1689%
Clarke	25220	3	44		.0119%	.1745%
Winston	24153	3	39		.0124%	.1615%
Randolph	22720	10	25	1	.044%	.11%
Bibb	22662	4	76		.0177%	.3354%
Monroe	22629	5	36		.0221%	.1591%
Marengo	20389	8	65		.0392%	.3188%
Butler	20384	1	38		.0049%	.1864%
Macon	20383	5	27		.0245%	.1325%
Pickens	19331	11	29		.0569%	.15%
Henry	17285	2	20		.0116%	.1157%
Washington	17115	5	19	1	.0292%	.111%
Fayette	17005	1	38		.0059%	.2235%
Hale	15420	3	23		.0195%	.1492%
Cleburne	14885	7	19		.047%	.1276%
Lamar	14265	1	26		.007%	.1823%
Crenshaw	13981	1	46		.0072%	.329%
Choctaw	13585	4	15		.0294%	.1104%
Clay	13458	8	34		.0594%	.2526%
Sumter	13407	7	19		.0522%	.1417%
Conecuh	13009	1	21		.0077%	.1614%
Wilcox	11406	6	20		.0526%	.1753%
Coosa	11000	6	17		.0545%	.1545%
Lowndes	10846	2	15		.0184%	.1383%
Bullock	10605	2	10		.0189%	.0943%
Perry	10194				.%	.%
Greene	8848	5	12		.0565%	.1356%
					.%	.%
TOTALS	4817528	1515	9601	32	.0314%	.1993%

↧

SEC Suspends CoronaVirus Stock Pump-n-Dump Scammers

April 11, 2020, 7:07 am

≫ Next: Scam Everything - Opioids, NetFlix, Phish, Covid Charities, and Government Refunds in one network neighborhood

≪ Previous: Map It. Zap It. Covid-19 and Rural America #GoodCovidDomains

Last month we shared information on the blog about spam-driven affiliate programs who were selling a variety of shady "anti-Coronavirus" products, including immunity oils, masks, disinfectants, and no-touch thermometers. (See: CAUCE Spamfighters Rally Against Corona Health Fraud Affiliate programs ). Today I wanted to share an update regarding another type of spam and the SEC's actions related to stock market symbols being manipulated through "pump-n-dump" scams.

Over the past several weeks, the SEC announced the suspension of trading of several stock symbols due to illegal attempts to manipulate the value of those stocks, often by driving the stock value up ("pumping") by making untrue claims about how the company was involved in helping fight the Coronavirus, Covid19. We'll just dive into two of the most recent ones here.

Turbo Global Partners, Inc ("TRBO")

On April 9, 2020, the SEC suspended trading of Turbo Global Partners, Inc ("TRBO"), a company based in Tampa, Florida. The suspension is due to claims made by the company that it had entered into agreement with BeMotino, Inc to provide non-contact human temperature screening and facial recognition technology, and that it had the ability to ship the technology to customers within five days of receiving an order. Press Releases on March 30th and April 3rd made these claims.

The small spike to .0074 cents per share on February 7th corresponded with the announcement that the company was doing a pilot to place indoor digital billboards in 100 pharmacies in Florida in 2020 with aggressive expansion predicted:

Singerman continues, "BeMotion's Mobile Commerce Network 'MCN' and the DCN Vending & Marketplace 'DCN-V' is the solution we are bringing to the global market under our joint TURBO - BeMotion brand. Our initial effort will be integrating both MCN and DCN-V technologies into our independent pharmacy silo in 3 Phases of our 2020 Strategic and Tactical Plan:

"Phase 1: Integrating our Co-Brand Solutions into our 100-Pilot pharmacy locations in Florida to be deployed during Quarter 2, 2020.

"Phase 2: Deploying the DCN Vending into 1,000+ pharmacy locations in the U.S. deployed with the TURBO - BeMotion Co-Brand by 2021.

"Phase 3: Deploying the DCN Vending into 5,000+ pharmacy locations by 2023."

On March 14th someone buys nearly 120 million shares of the company for between .0016 and .0055 cents per share. Then this press release is splashed around the Internet in penny stock forums and "investor tip" messages:

The company that was previously saying it was a marketing company selling indoor billboards is suddenly selling "non-contact human body scanning technology" that can scan "up to 320 people per minute" saying "Imagine Law Enforcement with our Technology version for vehicles being able to scan like RADAR a cluster of people or a homeless encampment in minutes for elevated temperatures." and that "THIS IS THE KEY TOOL ... THAT CAN HELP BREAK THE CHAIN OF VIRUS TRANSMISSION."

If we guess that the average purchase price for that stock was .003 cents per share, immediately after this press release, the stock booms to six times that value. The investors who are "in on the deal" and bought 120 million shares on March 16th to March 18th and sold on April 4th and 5th would have paid around $360,000 and sold for right at $2 Million. This is how Stock Pump n Dump works.

Where did that garish and false ad come from? This copy was posted in an investment board run by "SHEEPWOLF"

But was Sheepwolf heavily pushing this stock? Let's look at his recent posts on the site:

Do you get the feeling that SHEEPWOLF really wants the value of $TRBO to increase? Hmmm... I wonder why. Between March 27, 2020 and April 7, 2020, SHEEPWOLF posted EIGHTY-ONE MESSAGES about this stock!

There was a clear change in marketing via Press Releases that occurred beginning March 13th, according to OTC Markets:

https://www.otcmarkets.com/stock/TRBO/news

And that was just ONE of the recent SEC Suspensions. If you have more information about this case, please contact Justin Jeffries, Associate Regional Director for the SEC, at (404) 842-5750.

BioELife Corp f/k/a U.S. Lithium Corp ("LITH")

On April 8, 2020, the SEC suspended trading of BioELife Corp f/k/a U.S. Lithium Corp ("LITH"). The SEC has "questions and concerns regarding the accuracy and adequacy of publicly available information concerning LITH, including public statements made by LITH in press releases issued on March 12, 2020 and March 16, 2020 and reinforced by third-party stock promoters, regarding a purported new Coronavirus (COVID-19) Prevention Products Line, together with potentially manipulative trading activity between October 2019 and present."

That is certainly an understatement! Let's look at the recent press releases, indicating that BioELife had a sudden change in product direction, from selling CBD Pain treatments, to suddenly preventing the spread in CoronaVirus.

https://www.otcmarkets.com/stock/LITH/news

Some of those recent statements were things like this:

The initial purchase order from Group Buying Club- GPOCBD, covers all current BioELife products – lotions, tinctures, flower and gummies as well as the BioEDefense product line: Sanitizers, RespiPro Virus Killer Masks, and the R-Shield (a reusable nanofiber scarf designed for 50 wash cycles). GPOCBD is marketing CBD products directly to wholesalers, consumers and affiliates looking to supplement their sales of BioELife products which offer natural products to fight pain and infection, as well as help defend against the growing global concerns regarding bacteria and virus’s contamination.

That's funny. Respilon R Shield is a Czech mask created for fighting smog and marketed primarily through their Instagram page: https://www.instagram.com/respilon_r_shield/. They have converted Czech prisons into mask factories, because it seems the masks are in high demand. Definitely a more "Lit" mask than most people are wearing these days. But since they are still in KickStarter mode, I don't think there is much chance that US Lithium is involved with them. I don't believe they are at any way to fault for $LITH's bad marketing!

Here's an example of how these press releases are then turned into "BUZZ" by newsletters, such as this one from "Make Penny Stocks Great Again" one of many such services that provide "free" newsletters to people who are trying to make a quick buck daytrading.

Ooh! CBD-fortified hand-sanitizer! Where do I sign up?

If anyone has more information about the $LITH pump, "they should immediately contact Celeste A. Chase, Assistant Regional Director, at (212) 336-0049, or Jason R. Berkowitz, Assistant Regional Director, at (305) 982-6309." (from: https://www.sec.gov/litigation/suspensions/2020/34-88607.pdf )

Spotting the Scammers

There are some members of these "stock promotion" investor boards that try to warn others. My favorite right now is "reverse_long" who shares information about stocks that are in "PAID PUMP N DUMP" scams ... I love the tagline he uses on his profile! "Shorting Paid Pump and Dumps to Make The World A Better Place" (He also has a great Twitter feed: @reverse_long)

And, sure enough, one of the 80 Paid Pump And Dump scams he has been warning his fellow investors about was $LITH:

Which was also on his Twitter feed back on March 4th:

Honestly, I believe if we wanted to find more of these, it would probably be as easy as doing this Google Search:

site:www.otcmarkets.com inurl:news inurl:stock COVID-19

Then I would take the resulting symbols and check them against these bogus stock promoter sites. Let me assure you there are some DOOZIES in there! But subscribing to many of these Stock Tip Newsletters might be another way to do so.

Other SEC Actions

(Quoting from the SEC Suspension Orders, linked to each company's name below: )

Feb 7, 2020 = $AEMD - Aethlon Medical - Concerns regarding the accuracy and adequacy of information in the marketplace since at least January 22, 2020 that appears to be disseminated by third party promoters that are purportedly not affiliated with AEMD about, among other things the viability of the company's products to treat the coronavirus.

Feb 24, 2020 = $ETBI - Eastgate Biotech Corp - Concerns about the adequacy and reliability of publicy available information concerning ETBI since at least January 30, 2020, among other things, statements about the company's purported international marketing rights to an approved coronavirus treatment to potentially combat the Wuhan Coronavirus.

Mar 25, 2020 - $ZOOM - Zoom Technologies, Inc - This one seems to be because of the name confusion of their stock symbol and the "similarly-named NASDAQ-listed" video conferencing company.

Mar 25, 2020 - $PXYN - Praxsyn Corporation - Questions regarding the accuracy and adequacy of information in the marketplace since at least February 27, 2020. Statements about PXYN having and being able to obtain large quantities of N95 masks used to protect wearers from COVID-19.

https://www.karmadata.com/Entity/Sponsor/praxsyn.com

One of the places $PXYN was being pumped was "Investors Hangout" ... "hotforpenny" was pumping the Corona run, but a review of messages shows that the company had been pumped before as a medical marijuana company in 2018:

HotforPenny also participates on "Sheepwolf's 1,000,000.00 Journey" that was referenced above. He's currently pumping (excuse me, "discussing") $GRYN, $SING, $BCCI, $BTFH, $AYTU, $BWVI, and $RJDG ...

https://investorshangout.com/profile/latestposts/id/14192

April 3, 2020 - $NBDR - No Borders, Inc - Questions and concerns regarding the adequacy and accuracy of publicly available information concerning NBDR. STatements about NBDR's products and business activities related to the COVID-19 pandemic, including NBDR's COVID-19 specimen collection kits, an agreement to bring COVID-19 test kits to the United States, and NBDR's activities related to the distribution of personal protective equipment.

Example:

https://investorshub.advfn.com/No-Borders-Inc-NBDR-3988/

April 3, 2020 - $SSTU - Sandy Steele Unlimited Inc - questions regarding the accuracy and adequacy of information in the marketplace since at least March, 2020. Those questions relate to apparent promotional activity, including e-mail stock promotions from unknown sources directed to investors, which claim that Sandy Steele is an operational garment manufacturer producing various clothing items and that it has the ability to produce protective masks that are in high demand due to the COVID-19 crisis.

InvestorsHub has over 700 messages related to this company, with many referring to the pump and dump. See: https://investorshub.advfn.com/Sandy-Steele-SSTU-3697/

April 7, 2020 - $WMGR - Wellness Matrix Group, Inc - questions regarding the accuracy and adequacy of information in the marketplace since at least March 19, 2020. Those questions relate to statements WMGR made through affiliated websites and a company consultant about selling at-home COVID-19 testing kits that had been approved by the FDA.

NPR reported on this company's fraudulent behavior - See: SEC Suspends Trading of Company That Sold 'At-Home' COVID-19 Tests

Ten months ago, they named a new VP of marketing (David Saltrelli) and a new president (Joshua Patterson) and a change in direction - developing "technologically advanced health care models in a Virtual Reality, Augmented Reality, and Creative Artificial Intelligence Platform." Kind of a jump from their origins as Fuhuiyuan International Holdings, which was mostly a real estate management company working with KWest Alberta in Canada. When you issue 190,000,000 shares of stock to be valued at $0.0001 each and switch from real estate to Artificial Intelligence Health Care, something odd may be afoot.

April 7, 2020 - $PGEC - Prestige Capital Corp. - concerns about the adequacy and accuracy of publicly available information concerning PGEC, including its financial condition and its operations, if any, in light of concerns about investors confusing this issuer with a similarly-named private company that is a manufacturer of N95 masks and the subject of increased media attention during the ongoing COVID-19 pandemic.

April 7, 2020 - $KCPC - Key Capital Corporation - questions regarding the accuracy and adequacy of information in the marketplace since at least March 5, 2020. Those questions relate to statements KCPC made about developing, and being able to make available to the mass market within three to six months, a vaccine to treat COVID-19 in press releases issued by the Company on March 5, 2020 and March 10, 2020.

Another company with a very interesting change in focus. Recently this was a company who had announced a "Unique Digital Gold Standard Cryptocurrency" ... and now they have a vaccine for Corona?

https://finance.yahoo.com/news/key-capital-seeks-partners-development-194915606.html

Quite a change from being the gold mining company behind the GoldCrypto ICO!

https://www.otcmarkets.com/stock/KCPC/news/GoldCrypto-Launching-Worlds-First-Hackproof-Cryptocurrency-Tokens?id=195885

↧

Scam Everything - Opioids, NetFlix, Phish, Covid Charities, and Government Refunds in one network neighborhood

April 23, 2020, 7:30 am

≫ Next: More Covid Charity Scammers (hosted by Shinjiru Technologies AS45839)

≪ Previous: SEC Suspends CoronaVirus Stock Pump-n-Dump Scammers

There's a famous line in the movie Jerry McGuire where Tom Cruise's character says "Show me the Money!" In online investigations, I prefer the line "Show me the Data!" This morning I was doing just that and found an interesting cluster of badness.

Dr. Elizabeth Gardner at UAB leads our Forensic Sciences program in the Department of Criminal Justice. She and I have partnered on many projects in the past by mixing our expertise. She's a forensic drug chemist, and I chase bad guys on the Internet. 8-). Our current project follows up on some of the work we shared with the BBC Click episode "Can Technology Solve the Opioid Crisis?"

Last night we threw 586 Opioid and Fentanyl selling websites into our clustering-by-location program that Zack Knight (one of my student malware analysts) had developed for another project. Our goal was to find clusters of drug-selling websites "in the same place" and then use other tools to explore what else is hosted in the same location. The tool sorts first by country, then by ASN, and then by NetBlock. There was a nice cluster that revealed itself, consisting of six websites all on the same Class C NetBlock:

Country: BZ
Company: VERDINA
111.90.156.117
thepleasantproducts[.]com
111.90.156.170
pharm-rx[.]to
111.90.156.173
globalheadshop[.]com
nembutalonlineshops[.]com
111.90.156.61
richmed-pharma[.]com
111.90.156.64
researchkem[.]com

Why were these sites in our database? Well, they offer some overtly bad stuff for sale. Here's an example:

thepleasantproducts[.]com

pharm-rx[.]to

nembutalonlineshops[.]com

You can clearly see why our Opioids project is interested in these sites! But what we wanted to know was, given that there were six very clearly objectionable sites on the same Class C Subnet, might there be other sites there as well. That's where the Zetalytics "ZoneCruncher" tool came into place. We asked ZoneCruncher what other sites were recently resolved to this Netblock, fully expecting it to give us a list back of additional drug sales websites! What we got back was much more interesting!

111.90.156.0/24 via ZoneCruncher from Zetalytics

As soon as I saw the results, I knew exactly what scammers were behind these sites, as we were well familiar with the group from the work I've done with the excellent Business Email Compromise researchers at Artists Againt 419 (AA419) in South Africa! The "signature" of this group is their reliance on a set of nameservers running on domains "steeldns[.]com""metaldns[.]com" and "argondns[.]com" hosted on the Malaysian hosting company Shinjiru MSC. Verdina Ltd. is the owner of this particular netblock, which uses the Autonomous System Number AS201133.

Verdina has a few other Netblocks that we'll be exploring later, but this one has plenty of badness on its own! Some of the most recent sites we have on this same Netblock include:

A fake Bank of Ireland site, indicating they would like to refund a suspicious transaction to your Visa card:

boi365refunds[.]com

of course, first you have to login . . .

An alert that your NETFLIX payment has been declined, which of course also requires a bit more information to "RESTART MEMBERSHIP" ...

netflx9-msg101[.]com

netflx9-msg101[.]com / alldetails.html

Many of the sites identified by ZoneCruncher have either already been remedied by security researchers working with registrars, are have not yet been deployed by the scammers. The domain names themselves indicate the range of their creative scamming:

Covid Charity Scams

=============================

e-media-covid19-relief[.]ibonline[.]digital

e-media-covid-19-relief-fund-donations[.]ibonline[.]digital

e-media-covid-19-relief-fund-donations-for-food-parcel[.]ibonline[.]digital

emedia-givedirectly-covid-19-reliefprogram[.]ibonline[.]digital

givedirectly-covid19-emergency-fund[.]ibonline[.]digital

www.1covid-19-d[.]com

www.1covid9-cerb[.]com

Netflix Phish
=============================

n3tflix-billupdate1[.]com

netfl1x-accupdate3[.]com

netfloux474[.]com

netflx1-sms98[.]com

netflx9-msg101[.]com

Paypal phish, Scotia Bank phish, RBC phish, ANZ phish
============================

paypai[.]restringido[.]org

paypal[.]restringido[.]org

rbcsecu1ces32[.]com

scotia1ban2k1-info[.]com

"Secure" Messaging portals
====================

msg-integrity[.]com

report-payments[.]net

threessl[.]com

and so many more ... 112 different "scammy" domains were hosted on this single Class C just in the past ten days!

UK Government Refund Scam

The most interesting of the current batch, however, was this one which was a means to update payment details in order to receive a refund from the UK Government via the website www[.]govuk-proceed-application[.]com, pictured below:

shall we begin the process?

Give us all your personal data . . .

Don't worry! Everything is "secured with 256-BIT SSL Layer!"

Give us all of your Banking Details!

And at the conclusion, you'll get a nice confirmation number!
(before a bit.ly link forwards you to the real UK Government)

Other Examples of Live Badness

Just a few more examples . . . all live as of this writing . . .

volksign[.]bausp[.]com

Gold Investing anyone?

Paypal Phish

Bottom line? Exploring the Network Neighborhood of a cluster of bad sites can lead to some very interesting findings! I'm looking forward to learning more from Zetalytics!

↧

More Covid Charity Scammers (hosted by Shinjiru Technologies AS45839)

May 3, 2020, 3:33 pm

≫ Next: College Students Beware

≪ Previous: Scam Everything - Opioids, NetFlix, Phish, Covid Charities, and Government Refunds in one network neighborhood

Last week we shared information about a particularly interesting cluster of scams that focus on their shared use of a set of nameservers where all of the related content seems to be criminal in nature. Working with CAUCE (The Coalition Against Unsolicited Commercial Email) and the ZETAlytics "Massive Passive DNS" we have continued to monitor the hostnames associated with these DNS servers for additional Covid-19 related fraud. The criminals certainly did not disappoint!

A Fraudulent GiveDirectly Donations site

The first website that we chose to look at claims to be a 501(c)3 Non-Profit called "GiveDirectly, Inc." We certainly agree that GiveDirectly is a 501(c)3. According to their publicly available information, they gave out $59 Million USD in support to those in need during calendar year 2018. The problem is that THIS website has nothing to do with the actual charity. The real charity is supported by organizations including NBA Cares, Google.org The Late Show, and the Schusterman Family Foundation and they have provided financial support to 65,600 American families, as well as families in Kenya, Rwanda, Malawi, Morocco, DRC, and Uganda. Again - the REAL charity is rated 100/100 by Charity Navigator and others. But this website is NOT the real charity.

The real site: GiveDirectly.org

givedirectly[.]org's Real website - a real charity doing good work!

The FAKE website: givedirectly-covid19-emergency-fund[.]ibonline[.]digital

FAKE website: givedirectly-covid19-emergency-fund[.]ibonline[.]digital

Hitting the "Give Now" button on the fake website transfers the user to a PayPal Donate page - a real PayPal page, but falsely claiming to be funding GiveDirectly.

The Scammer's Paypal page

eMedia COVID-19 Relief Fund targeted by Scammers

The second fraudulent charity website we see is stealing a campaign from eMedia. eMedia got a great deal of media attention in South Africa, where many websites, such as "ibusiness.co.za" ran stories like this one:

https://www.ibusiness[.]co[.]za/community/coronavirus/donate-to-the-emedia-covid-19-relief-fund/

The eMedia group's websites all provided a prominent link to the donation page, such as this one found on the homepage of eNCA.com:

Valid website: eNCA[.]com asks for donations ...

When the Donate page is visited, we find information about donating to the HCI Foundation Trust's covid fund at ABSA Bank.

Directions for donating to the REAL Charity Fund - via ABSA Bank in South Africa - donate.enca[.]com

The Scammers version of the same page offers both a Bitcoin and a Paypal donation capability, but doesn't mention the real Foundation Bank account. The URL of the fake website is "emedia-givedirectly-covid-19-reliefprogram[.]ibonline[.]digital" the same domain (ibonline[.]digital) as the other scam above.

Fake Website: www.emedia-givedirectly-covid-19-reliefprogram[.]ibonline[.]digital

The Bitcoin address has thankfully received no payments thus far:

185M9pKN3wPy86YiAiY5LsMpsfLnEv4XH5

Nameserver MetalDNS and SteelDNS used in more scams

The nameservers in question here, which we continue to monitor, are tied to thousands of suspicious domains. Here is our evidence that they are being used in the two scams above. Anyone could imitate our query from a Windows CMD prompt or a Mac/Linus terminal window. (We've added square brackets around dots for safety, you would remove them to make your own query.)

In the query below, we first set our query type to "ns" to show the authoritative Nameservers for the domain the fraudster is using - ibonline[.]digital. We then change our query type to show "A Records" (the resolution of a hostname to the IP address where that machine can be found on the Internet.)

> nslookup

> set type=ns

> server ns1.metaldns[.]com

Default Server: ns1.metaldns[.]com

Address: 111.90.144[.]251

> ibonline[.]digital

Server: ns1.metaldns[.]com

Address: 111.90.144[.]251

ibonline[.]digital nameserver = ns2.steeldns[.]com

ibonline[.]digital nameserver = ns1.steeldns[.]com

ibonline[.]digital nameserver = ns2.metaldns[.]com

ibonline[.]digital nameserver = ns1.metaldns[.]com

ns1.steeldns[.]com internet address = 101.99.72[.]47

ns2.steeldns[.]com internet address = 111.90.144[.]253

ns1.metaldns[.]com internet address = 111.90.144[.]251

ns2.metaldns[.]com internet address = 185.70.107[.]110

> set type=A

> www.emedia-givedirectly-covid-19-reliefprogram[.]ibonline[.]digital

Server: ns1.metaldns[.]com

Address: 111.90.144[.]251

Name: www.emedia-givedirectly-covid-19-reliefprogram[.]ibonline[.]digital

Address: 111.90.156[.]73

> givedirectly-covid19-emergency-fund[.]ibonline[.]digital

Server: ns1.metaldns[.]com

Address: 111.90.144[.]251

Name: givedirectly-covid19-emergency-fund[.]ibonline[.]digital

Address: 111.90.156[.]73

Readers will recall that "111.90.156.0/24" was the scammy host block where we found the UK Government fake tax refund website in our previous post, "Scam Everything - Opioids, Netflix, Phish, Covid Charities, and Government Refunds in one network neighborhood."

When we posted the previous article, the Covid-19 charities hostnames resolved, but they did not have any web content yet at that time. We had found the scammer's site before he finished creating it through the power of Passive DNS! As you can see, the sites are complete now, and beginning to be used to scam victims who believe they are helping a Covid-19 person in need!

The webserver at 111.90.144[.]251 is also hosting a fake loan services (zocaloans[.]co[.]com)

That Class C subnet (111.90.144.0/24) is also a mess. Yesterday Zetalytics saw the first resolution of the webserver "usaid-who[.]org" -- shall we go ahead and take bets on whether that will be a full blown charity fraud website by tomorrow?

Based on recent resolutions, we can also expect to see some HP Fraud here ... new resolutions to 111.90.144[.]67 include hp.support-numberireland[.]com and hp.supportnumbercanada[.]ca and hp.supportnumber[.]com[.]au.

There are also some interesting websites providing information for completing Wire Transfers, cuh as "onlinebanking[.]su" (su = Soviet Union) with directions for how to do wire transfers to many common American, Canadian, Australian, and European banks! Again, early DNS is helpful! One of the other websites that is still being built to help with Wire Fraud holds only a single file - a 40 MB zip file called "onlinebanks.cc.zip" containing all of the web content for creating the website!

A Reverse Lookup of the Google Analytics code found on that page shows that three other websites using "metalDNS" as their nameserver are using the same Google Analytics code (ua-157551747):

hackertools[.]su

onlinebanks[.]cc

wuhancoronavirus[.]me

What an interesting combination of websites to be created by the same webmaster!

Hackertools[.]su makes this claim about their services:

The website claims that they will wire transfer you funds from one of the thousands of accounts for roughly a 10% commission on the money stolen. Of course, like most of the scam sites run by these guys, they're just going to pocket the commission and you receive nothing. Other interesting recent scam sites:

anaairlinesfirstclass[.]com - promises 50% discount on first class air from Japan's ANA.

related: anacustomerservicecenter[.]com
related: anaairlinesreservationnumber[.]com

expresscards[.]net - claims to sell pre-paid VISA cards purchased with Bitcoin.
glosscommercialbk[.]com - phishing site for Gloss Commercial Bank
zabitpharmaceutical[.]com - claims to sell FDA-cleared "rapid platelet analyzers"
and so many many more ...

↧

College Students Beware

May 18, 2020, 7:19 pm

≫ Next: Nigerian Scam Spree stopped by Alert Bank Employees

≪ Previous: More Covid Charity Scammers (hosted by Shinjiru Technologies AS45839)

by Robin Pugh
President, DarkTower

Fraudsters are always quick to leverage a crisis for the purposes of cybercrime, and COVID19 has created a new target demographic of 14 million college students. As over 1,100 colleges and universities across the United States have closed their doors, forcing students to leave their college housing, many have been actively pursuing a sub-lease of their off-campus housing to try to alleviate the financial burden of a semester now forced to go virtual.

Anatomy of a Rental Fraud

Most campuses have official or unofficial online bulletin boards where students can look for roommates, apartments, sub-lessors, etc., and these places are target-rich environments for fraudsters. Take the case of my friend whose son, like millions of others, is now living at home, finishing out his semester online. There’s no refund for his fees, tuition, or meal plan, and to continue to pay for his off-campus housing is yet another financial burden. So, like millions of others, he and his parents have been looking for someone to sub-lease his apartment. When they finally got a bite, it was from someone in a Facebook Group where he had posted his apartment for rent. The person who contacted him was “Anthony S Felix” who did so on behalf of his ‘friend’ Liang—a nice, quiet, single woman with no kids and no pets – who was very interested in his place. We’re going to call my friend’s son “Austin.”

Figure 1: hxxps://www.facebook[.]com/groups/NCSUOffCampusHousing/

Exactly as “Anthony” promised, his friend Liang texted Austin with her interest in sub-leasing his apartment.

Figure 2: Initial contact from Anthony introducing "Liang"

Liang built rapport and trust, sharing details of her job, the timeline of her move, and both her phone number and email address. Since she is a traveling nurse, she wouldn’t be able to come see the apartment in person, which worked well, since the property managers weren’t allowing in-person showings anyway. It seemed like a match made in heaven!

Figure 3: First communication from Liang

Liang’s move was being funded by her employer; so, she told Austin she was going to get them to approve her relocation costs and get back to him. And she did – she committed to sub-leasing the apartment and promised to send her first partial-month’s rent right away.

Very soon, Liang texted Austin with the tracking number for the rent check, but there was just one little problem. The check was actually for quite a bit more than just her first partial-month’s rent of $386. Her employer had mistakenly issued the check for all of her relocation costs, but she trusted Austin completely; so, she just asked that he keep the rent payment, and transfer the rest to her via Zelle. As a matter of fact, she was so flexible that she didn’t even mind if he broke it into two payments of $1,000 each.

Figure 4: Communication with Liang, continued

Figure 5: Liang constructs the fraud

As Liang promised, the check arrived via USPS, and Austin’s parents deposited it into their Bank of America Wealth Management account. Because they are long-time customers of Bank of America, the funds were available quickly, giving Austin’s parents confidence because a) it was a Cashier’s check, and b) since the funds were available, the check must have cleared. They kept their end of the bargain, retaining $386 for the partial month’s rent and sending $2,249 via Zelle to the recipient Liang had directed.

A few days later, the bank notified Austin’s parents that the check had NOT, in fact, cleared, and they were now left with no renter, no first month’s rent, and a bank account balance $2,249 less than it should have been. Due to the fact that Zelle transfers happen within minutes, there was no recourse to retrieve the funds that were now in the scammers hands.

Figure 6: Cashier's Check from Liang

Will the Real Anthony S. Felix Please Stand Up?

A review of Anthony’s Facebook profile shows no public posts since 2017; however, his Facebook URL reveals the name “Osunday Adekunle,” and a Facebook search reveals many profiles under the name Sunday Adekunle. The “O” could possibly refer to the title “Oba” which, in West Africa, means “Ruler.” Additionally, there are a few “friendversary” Facebook videos showing Adekunle and his Nigerian friends. Regardless, his Facebook profile says that he is an employee at Oklahoma State University, living in Seattle, Washington. That’s quite a commute! His profile photo is a quote attributed to Bill Gates about his wish to become involved in Network Marketing.

Figure 7: hxxps://www.facebook[.]com/osundayadekunle

His Likes include sketchy financial investment firms and Nigerian companies.

Figure 8: hxxps://www.facebook[.]com/osundayadekunle/likes

Austin is not alone

From reviewing the interactions between the scammers and Austin, I knew that this wasn’t the scammers’ first rodeo. They had a well-crafted script that was designed to build trust with the victim until the very last minute when they realized their money had been stolen. I reached out to the administrator of the Facebook Group “NCSU Off Campus Housing” to see if she’d be willing to speak with us. While she declined to be interviewed, she allowed me to post in the Group, asking others who had been victimized to reach out to me with details. Within a day of posting, I received another story identical to Austin’s. Same actors (“Anthony Felix” and “Liang Quain”) and the same story – traveling nurse, won’t be able to see the apartment first, but it’s PERFECT! And whoops – my company accidentally sent all of my relocation funds to you, so I need you to keep $375 and send the rest to me via Zelle.

Figure 9: Liang texts to Victim 2

From Victim #2 – let’s call her Gabby – we learned a couple additional things. She had saved a copy of the shipping label from the envelope containing the counterfeit check. We knew from Austin’s tracking number that the check had been mailed from Newington, Connecticut, but with Gabby’s mailing label, we learned that the shipping label was from a legitimate company located in Hartford. Fraudsters commonly use stolen shipping labels – it further covers their tracks and keeps their costs down!

Figure 10: Stolen Mailing Label addressed to Victim 2

Further, Gabby had a hard time sending the total amount via Zelle; so, she ended up sending part of the payment through Zelle and then was provided a CashApp ID to send the remainder. She was given the name Christopher Brown and the associated ID to process the payment.

Because DarkTower has a good working relationship with the team at Early Warning, the owners of Zelle, we immediately reached out with the Zelle ID that the fraudsters were using to move money, and the team was able to notify the associated bank (Citizens Bank) and shut down the account.

Recommendations

Let’s talk briefly about the Facebook Group where these apartment sub-leases were shared. The Administrator had actually done a very good job of trying to raise awareness in the Group about the fact that fraudsters and scammers would potentially target individuals posting there. She has an ongoing list of names that she shares with the Group and updates regularly. She also posted tips about identifying scams, not sending money to someone you don’t know, etc. The Group requires approval to become a member, and you had to be a member to post. However, you don’t have to be a member to SEE the posts and the names of the posters. So, in this case, Anthony Felix could peruse the postings, identify a situation that was ripe for their scam, send a direct message to the poster, and then direct them off-platform to the next step of the scam.

Instant payment platforms are a wonderful thing for transactions with PEOPLE YOU KNOW and trust. Many of them, including Zelle, even post warnings in their apps about not sending funds to people you don’t know. Nevertheless, the scammers are really good at building trust with their victims and creating plausible scenarios that give a false comfort level to ignore those warnings and send out funds that can never be recovered.

↧

Nigerian Scam Spree stopped by Alert Bank Employees

July 2, 2020, 3:21 pm

≫ Next: Hushpuppi and Mr.Woodbery, BEC scammers: Welcome to Chicago!

≪ Previous: College Students Beware

If you watch criminal press releases you may be noticing the same trend we are -- career criminals are getting busted when they mess with COVID-19 Fraud. Consider the case of Nosayamen Iyalekhue and Esogie Osawaru. Iyalekhue had an insider's knowledge of the banking indeustry, as he was a teller at TD Bank. From at least 2016 the pair participated in a series of frauds, but it wasn't until they started having unemployment benefits deposited into their account on May 21, 2020 that someone stopped their crime spree!

The investigator on the case believes there are violations of:
18 USC section 371 (Conspiracy)
1028 (Identification Fraud)
1030 (Computer Fraud)
1343 (Wire Fraud)
1344 (Bank Frau)
1546 (Passport Fraud)
1956 (Money Laundering)
and 1957 (Unlawful Monetary Transactions)

The Thieves

Nosa Iyalekhue (the name he used on his LinkedIn account) worked at TD Bank in Norwood, Massachusetts from 13AUG2018 to 12AUG2019. He got fired when the bank became aware he was accessing the accounts of customers when they were not present. In particular, TD Global Security shared with the FBI that he had accessed accounts belonging to Jude Ekanem, Milk Anthony, and Franklin Edward.

Nosa had a curious habit of having his photograph show up on other people's Passports. On the right is his Massachusetts Driver's License photo. On the left is a Liberian passport in the name of Mathew Lungelo. Mr. Lungelo used that passport to open bank accounts at Santander Bank (an account ending in 1157), Bank of America (2816), and Eastern Bank (4974), however DHS records show that no one has ever entered the country with a matching identity.

Lungelo used the same email address and address for each of these accounts:

jennyrbts11@outlook.com with the address 49 Dana Ave, #2, Hyde Park, MA.

Another passport with Iyalekhue's photo on it was that of Ofo Jude Ekanem, supposedly from Accra Ghana. This passport was used to open bank accounts at TD Bank (0535), Bank of America (9968), and Santander Bank (2284) in the name of Jude Ekanem. The same email, jennyrbts11@outlook.com, was used to open all three accounts, but this time with the address 11 Wilcock St., Dorchester Center, MA. The Santander account was opened in August 2017, the same month as the BofA account. The TD account was opened six months later, in February 2018.

His next round of accounts were opened using a South African passport in the name of Howard Bhekani. The Bhekani passport also was never used to enter the United States. It was used to open a Santander Bank account (5621) in October 2018, a Bank of America account (2614) also October 2018, a Rockland Trust account (1824) in May 2019. and a Citizen's Bank account (3368) in July 2019. For the last one, he used the 49 Dana Avenue address again, and continued to use the jennyrbts11@outlook.com account.

When TD Bank looked into the other accounts that Nosa was accessing, they found that two of the other account holders seemed to be the same person. Franklin Edward, and Milk Anthony looked the same, sometimes appeared on surveillance with the same clothes, and in particular, had a distinctive cross-shaped earing.

Franklin Edward had accounts at both TD Bank (7048) and Bank of America (9385) opened in 2018. Both were opened using a UK Passport in the name Franklin Edward -- again, the passport had no matching travel records or Visa records. The BOA account used the same street address as the Jude Ekahem account above -- 11 Wilcock St., Dorchester Center, MA.

The person withdrawing funds from the TD Bank account of Franklin Edward seems to be a facial match (and an earring match) for Esogie Osawaru.

Osawaru also turned out to be "Milk Anthony" who had accounts at TD Bank (9224), Citizen's Bank (4264) and Santander Bank (1949) all opened in 2019. The Milk Anthony accounts were all opened using a Nigerian passport (A02308508).

"Milk Anthony" has the same earrings as Osawaru also . . .

The Milk Anthony accounts were opened using the 49 Dana Avenue address previously associated with the Howard Bhekani and Mathew Lungelo accounts.

The Scam Victims

There were 12 victims of this pair named in the FBI report.

Victim 1 received an email that she believed came from a high school friend. The friend said he now ran a very successful company and that he wished her to help him distribute funds for philanthropic purposes. She should keep 5% of the funds for her efforts. She believed she was working for a non-profit. Checks were received by Victim 1, who deposited them and wired the money (minus her commission) to the Bank of America and Santander accounts of Matthew Lungelo. She deposited $240,000. Withdrawals were made at least six times from the BofA account, totaling $11,900, and five times from the Santander account, totaling $22,400.

Victim 2 was a 64 year old woman from Panna Maria, Texas. She was involved in an online only relationship from 2016 to 2020 with a man from South Africa, and regularly sent him money to assist him with legal fees and other personal needs. She wired money to both Mathew Lungelo and Jude Ekanem at the direction of her online boyfriend. $11,000 and $9,000 in November and December of 2019. Prior to that, however, she had sent over $125,000 between September of 2017 and January of 2019!

Victim 3 was from Wyandotte, Michigan. She met a man online while playing a game in 2018. They developed a relationship. Believing that her boyfriend was living on an oilrig, Victim 3 sent him over $100,000 between 2018 and 2019, including $83,900 the Edward TD Bank account. TD Bank questioned "Edwards" about the large transactions, and he claimed to be in the automobile export business, buying cars here, and selling them in Africa.

TD was able to get a license plate number from his vehicle, which turned out to be registered to the brother of Esogie Osawaru, who lived at 49 Dana Ave, Hyde Park, Massachusetts!

Victim 3 also reported that she had mailed cash to that address.

Victim 4 lived in Long Beach, California She was recruited via email for an online job and believed she would be reviewing documents related to interior design. Victim 4 ended up wiring two deposits to Bhekani's Citizen's Bank account, totaling more than $34,000.

Victim 5, from Alabama, believed that she was in a relationship with a soldier who she met on an online dating site. Her family members told the FBI that she had sent more than $150,000 to various people at the request of her online boyfriend. At least $45,000 of those funds were sent to the Edward account.

Victim 6, from Canton, Ohio, met a man on Facebook who claimed to be a soldier working on a United Nations mission in Syria. When she told her online boyfriend that she was about to have a surgery and had no one to care for her afterwards, the "soldier" said that he had arranged that she could buy out his contract from the United Nations and he could fly home to help her recuperate. In June 2019, she sent $20,000 of a total $60,000 to the Milk Anthony Santander account.

Victim 7, from Newbury, Oregon, was also a romance scam victim, who was previously identified in another FBI case. the man she had met had asked her on six separate occasions to send $1,000 money orders to the address 1055 Southern Artery, Apt 707, Quincy, Mass, where Osawaru was living at the time. In December 2019 those money orders were deposited into Osawuru's personal Santander account (7080).

Victim 8, from Jamaica, New York, met a man on Facebook named "Peter Loblock." Loblock promised her he could help her complete her immigration paperwork to become a citizen. She wired him $1,280 to a Rockland Trust account (5027) in the name of "Esogie Osawaru.

The REAL Peter Loblack (I believe there is a mis-spelling in the Affidavit) actually posted a warning on his Facebook page on May 27, 2020, warning people of a fake Peter Loblack pretending to be an Immigration Attorney who had stolen his likeness from social media posts:

https://www.facebook.com/PeterLoblack/posts/10158290616113077

Victim 9, an elderly woman from Scurry, Texas, banked with BBVA USA. When a cashier's check for $20,800 was deposited into the Eastern Bank account of Mathew Lungelo, the Eastern Bank investigator reached back to BBVA, concerned about the source of funds. The BBVA Investigator spoke to the victim and confirmed to Eastern Bank that it seemed to be a scam. Eastern put a hold on the account. The person claiming to be Lungelo became concerned about the availability of the funds, and was informed by Eastern Bank that the funds would likely be available on 24FEB2020.

When Iyalekhue showed up at the bank, he claimed to be a construction worker and said the funds were for a job he had completed in Texas. When questioned about his identity, he provided the Mathew Lungelo name and the birthdate from the Lungelo Liberian passport. Eastern Bank had the Dedham Police on site and he was interrogated by the Dedham PD in the bank's offices and eventually confessed and provided his true identity.

Iyalekhue was held while officers sought a warrant for his white Mercedes (Mass 7CK325) and found several additional identity documents both on his person and in his vehicle, including documents in the name of Mathew Lungelo.

Victim-9 was also approached by a "Charlie Clifford" who played the classic "I have a box of valuables but its stuck in customs" ruse on her. She says she sent the cashier's check to Lungelo at Clifford's direction.

Even after Iyalekhue got arrested, Osawaru kept going. On 10APR2020, he opened an account in his own name, and on 18MAY2020, received a check for $9,200 from Victim 10 - a 76-year old women living in Puerto Rico. Surveillance shows that the car that was driven to make the deposit was registered to Osawaru's brother, at the 49 Dana Avenue address. Three days later, a stop payment was placed on the check.

Victim 10 told the FBI she had been in an online relationship with a US Army soldier for 2 years and 4 months, and that he had been deployed overseas and was in financial need. They had met on Facebook. Since at least early 2018, she had sent over $71,000 to the "Franklin Edward" accounts at BofA and TD, as well as wiring money to Nigeria. She also sent a $9,500 check to a Walgreens in Rhode Island. The package was delivered and signed for by "E. Osawaru" on 15MAY2020. He tried to use Mobile Deposit to deposit the check, but Eastern Bank denied the deposit, which was attempted from an AT&T IP address.

Victim 11 was a resident of Washington State. A Washington State unemployment insurance check was deposited into Osawaru's Eastern Bank account on 19MAY2020. Victim 11 had never applied for unemployment and had no idea how his check was sent to Osawaru.

Victim 12 was a resident of Pennsylvania. That victim also had an unemployment insurance check in their name deposited to Osawaru's account.

Osawaru attempted to withdraw the funds, but learned a hold had been placed on them. The Dedham Police were again called, and he was arrested for "Uttering False or Forged Records" and "Attempted Larceny over $1,200." He posted a $5,000 bond and was released the same day.

The two were arrested by the FBI on 12JUN2020 and charged with all of the above scams.

https://www.justice.gov/usao-ma/pr/two-nigerian-nationals-charged-defrauding-victims-using-online-scams

↧

Hushpuppi and Mr.Woodbery, BEC scammers: Welcome to Chicago!

July 5, 2020, 12:34 pm

≫ Next: Chinese "COVID-19" Hackers indicted after 11 year hacking spree

≪ Previous: Nigerian Scam Spree stopped by Alert Bank Employees

There are quite a few West African scammers who try to explain away their wealth by claiming they are a "bitcoin entrepreneur" or "real estate investor" when in fact they conduct Business Email Compromise scams against American companies, and Romance Scams against vulnerable women, and steal their money. Back in October, one such criminal, Ismaila Mustapha, who went by the Instagram nickname Mompha, was arrested and I mentioned it in a tweet:

https://twitter.com/GarWarner/status/1186816176019648513

Replying to my own tweet, I said "Maybe they'll get his friend #Hushpuppi next ??" and linked to his Instagram account, tagging @officialEFCC in the post. My posts received the most attention of anything I had ever shared on Twitter, which I learned was because of some headlines in Nigerian media such as these:

Mompha is a Top 10 BEC Scammer

With all of the attention of 4,000+ new Nigerian Twitter followers, I have to admit it felt a bit prophetic when we learned of Hushpuppi's arrest on June 10th. I shared these images from their respective Instagram accounts that day.

Ever since their arrest by Dubai Police on June 10, 2020 in the UAE, Nigerian media has been going crazy with theories on what was going to happen to Hushpuppi and Mr.Woodbery. The original posts said that Hushpuppi was arrested in the UAE "by Interpol" (who has no arresting authority) for his role in a $35 Million ventilator scam. Other versions say he was involved in "fraud and money laundering of over $100million which was supposed to be given to Native Americans during the Coronavirus Pandemic. More recently, Nigerian media claimed that the pair were already in the United States in Moshannon prison and that Woodbery had fallen sick there.

The EFCC, Nigeria's government anti-corruption agency, put out a thread of Tweets on June 18th confirming that they were cooperating with the FBI to try to identify additional victims and to investigate parts of his money laundering empire that are still in Nigeria. In the thread they called him "Nigerian most-wanted hacker, Ramoni Igbalode, alias Ray Hushpuppy."

The Dubai police called their case against Hushpuppi "Operation Fox Hunt 2"-- in the video they mention seizing 21 laptops, 47 phones, 15 USB drives, 5 hard drives, 119,580 files, and 13 cars!

An English version of the Fox Hunt 2 video is available on Vimeo here (click to play):

The video also makes clear that while only two "celebrity-level" hackers were arrested, there were actually at least twelve other people arrested in Dubai that night during six raids. The video claims that they had information on 1,926,400 victims!

Who knows their names? Please answer in the comments below ...

Hushpuppi and MrWoodbery Charged in the United States

In the United States when charges are brought, the charges are made for victims within the jurisdiction where the charges are brought. Rather than listing every possible crime, the staff of the top prosecutor in that district, known as Assistant United States Attorneys, brings charges for crimes where the victims or the activities occurred within their jurisdiction. Because of the prominence of these case, a cybercrime special prosecutor from the Cyber and Intellectual Property Crimes Section of the Department of Justice is assisting in prosecuting these cases. In these cases, Hushpuppi is being charged in Los Angeles, California, and Mr. Woodberry (Jacob Olalekan Ponle) is being charged in Chicago, Illinois. Both men arrived in Chicago, on 02JUL2020 after being expelled from the United Arab Emirates.

Click to read Northern District of Illinois Press Release

Click to read Central District of California Press Release

Chicago Case vs. Mr.Woodbery

In the Chicago case, there are two primary victims that establish venue there. Victim Company A lost $2,300,000 USD. Victim Company K lost $15,268,000 USD. Jacob Olalekan, who the FBI refers to as "PONLE" says that in the latter operation Ponle received at least 1494 Bitcoins from that case, which at the time would have had a value of $6,599,499 USD!

In their investigation, they found that Ponle used US-based "money mules" -- criminals who are paid to open bank accounts on behalf of a scammer. One of these mules said that he received his instructions from someone that he knew as "Mark Kain." Mark Kain used a voice over IP telephone number that was issued from the company Dingtone. Since Dingtone fully cooperates with law enforcement, they were able to quickly learn that this number was paid for by someone using the South African telephone number +27 793 837 890.

The Money Mule also indicated that he made transfers to a Bitpay bitcoin account with the wallet id 16AtGJbaxL2kmzx4mW5ocpT2ysTWxmacWn. Bitpay, who also cooperated with law enforcement, was able to show this account was created in September 2015 and that the account owner used the email address "hustleandbustle@gmail.com."

The next step in the investigation was to ask Apple about those telephone numbers and email addresses. Apple, who can provide law enforcement with all information about any iPhone, shared with the FBI that the telephone number +27 793 837 890 belonged to Jacob Olalekan, who used the hustleandbustle email while logged in from that telephone. Apple was also able to provide a photo of a Nigerian passport in the name "Olalekan Jacob Ponle" born May 1991 in Lagos, Nigeria, and also a photo of a UAE Visa and a UAE Resident Identity Card in the same name.

Ponle Nigerian
Passport

Ponle UAE
Resident Card

Ponle USA
Visa

The FBI has contents of many WhatsApp chats that Ponle had with various scammers and money mules he worked with.

In addition to Ponle's Chicago crimes, he also committed many others that are documented in his case:

- 16JAN2019 - $188,000 fraud against a company in Des Moines, Iowa.

- 04MAR2019 - $415,000 fraud against a company in Great Bend, Kansas.

- June 2019 - attempted $19,292,690.30 wire for a company - stopped by JP Morgan Chase!

- September 2019 - the FBI took over the accounts of one of the former money mules and received instructions from Ponle to open a new bank account. The FBI opened the account, but stopped a $1.2 million fraudulent transaction from occurring.

These details and more can be found in the Criminal Complaint against Olalekan Jacob Ponle.

MoneyLaundering via LocalBitcoins

The big Chicago case happened on 11FEB2019 - $2,300,000 fraud against a Chicago company. In that case, the money was sent to a six-month old Personal Checking Account opened by the money mule. He then moved $2.1 million into a SilverGate bank account belonging to Gemini Trust, a cryptocurrency exchange. The mule then tells Ponle that the funds will be moved to him $500,000 USD at a time, and asks him for his bitcoin account. The mule says we are sending you 340 bitcoins and the rest is coming.

All of this is easy to confirm by looking at the blockchain. I use CipherTrace for Bitcoin analysis. This shows that over the lifetime of this Bitcoin address, 3,798.20832689 BTC were received by the account Ponle claims as his own, in 434 different transactions. (At current Bitcoin values, that would be $34,315,216 USD!) You can clearly see the 340 Bitcoin transaction being received from Gemini.com on 15FEB2019:

MrWoodbery/Ponle Bitcoin account receiving stolen funds

Right after this transaction, you can see that MrWoodbery sent 611 Bitcoin (currently worth $5,522,495 USD!) to Bitcoin wallet 15go6kCncrhkt6z2ziQr6W39SVpyZ52tpM, from which the funds were sold off bit by bit in LocalBitcoins.com transactions.

40 BTC on 16FEB via LocalBitcoins.com

15.7 BTC on 16FEB via LocalBitcoins.com

5 BTC on 17FEB2019 via Luno.com

56 BTC on 17FEB2019 via LocalBitcoins.com

23 BTC on 18FEB2019 via LocalBitcoins.com

30 BTC on 18FEB2019 via LocalBitcoins.com

15 BTC on 18FEB2019 via LocalBitcoins.com

30 BTC on 19FEB2019 via LocalBitcoins.com

29 BTC on 19FEB2019 via LocalBitcoins.com

22 BTC on 19FEB2019 via LocalBitcoins.com

etc.

Along the way some smaller transactions were made, such as spending 0.03 BTC at UniCC, a stolen credit card shop.

the BTC transactions to Local Bitcoins stay small 1-3 BTC per transaction, until 09MAR2019 when he sells 35.9884 BTC on LocalBitcoins.com

By June of 2019, the funds which had not been converted to cash via LocalBitcoins were primarily deposited at HuboiGlobal, a cryptocurrency exchange originally founded in China, but now with offices in Singapore, Hong Kong, Korea, Japan, and oh yes, the United States!

The Los Angeles Case Against HushPuppi

At first it may not be obvious why the HushPuppi case is in Los Angeles, as one of the largest victims is a New York based company, from which Raymon Abbas (aka Hushpuppi) is accused of stealing $922,857 USD from in a Business Email Compromise scam. The Los Angeles FBI came to have possession of an iPhone which contained many communications between the owner of that phone and Abbas. During the laundering of the funds from the New York based company, at least $396,050 were laundered by a second money mule, who opened bank accounts in Los Angeles, giving the Los Angeles FBI venue on the case.

The iPhone showed many communications to the Dubai-based number +971 543 777 711. This phone was listed in the iPhone contacts under the name "Hush" ... there was also a Snapchat contact with this number under the name "hushpuppi5" whose account called himself "the Billionaire Gucci Master!!!" The FBI's review of Hushpuppi's Instagram account found a post where he listed his own Snapchat account as "Hushpuppi5."

Instagram, who fully cooperates with law enforcement, provided to the FBI that the Instagram account used the email "rayhushpuppi@gmail.com" and the phone number +971 502 818 689. The account was created October 10, 2012 and had many logins from the UAE.

Snapchat, also a US based company who fully cooperates with law enforcement, provided that the Hushpuppi5 account used the same email as the Instagram account, rayhushpuppi@gmail.com and a different UAE telephone number +971 565 505 984.

The Gmail account, (Google is a US based company who fully cooperates with law enforcement) revealed that an Apple Account was created on 29MAR2014 in the name Ray Hushpuppi, and used both the gmail account and the account "rayhushpuppi@icloud.com" and another gmail account.

The other Apple account found used the name Godisgood Godson and the gmail account "godisgoodallthetime0007@gmail.com" but often used the name "Ramon Abbas" in account records, giving the mailing address "1706 Palazzo Versace, Dubai, UAE." The rayhushpuppi@gmail.com account was used to lease that property from 04APR2020 through 03MAY2021.

Through a combination of IP address login records and telephone login records, all of the above accounts could be clearly shown to belong to the same individual.

The emails also contained things such as copies of Abbas's Nigerian passport and UAE Resident card which further confirm these accounts were under his personal control. Receipts for wire transfers of large volumes, including $250,000 and $2,397,000 were found in the emails, linking Abbas in the latter case to the Chicago Mr.Woodbery case above.

Other indicators included proof that Abbas picked up wire transfers from Western Union in the UAE in 2018 and MoneyGram transactions in the UAE, all using his UAE Resident card.

Malta Bank Job

In addition to the New York law firm case, Abbas also discussed a foreign financial institution case where €13 million was stolen ($14.7 Million USD) and the co-Conspirator in Los Angeles asked for accounts which could receive "5m euro" which Abbas provided by sending information for a Romanian bank account. Abbas communicates with the group who is trying to laudner the money, and confirms receipt of €500,000

Although it is not stated in the FBI paperwork, this was the Bank of Valetta, mentioned in the headlines of the Times of Malta. The hackers boast that the bank had not yet noticed their activity and that they were going to hit it more the following day.

ToshiTimes

The Prime Minister of Malta issued a statement to the public that although "Hackers sought to make international transfers to banks in the UK, US, Czech Republic and Hong Kong. The transfers were blocked within 30 minutes and the banks alerted." A follow-up report a week later in the Times of Malta detailed how a bank employee believed he was responding to an email from a French government stock market regulator, but the attached Word document actually planted malware on the banking system, allowing the hack to move forward. The Times of Malta said the attack was thought to be part of a hacking group called "EmpireMonkey" which has been linked by other cybercrime researchers to CobaltGoblin and even the Carbanak group. (See for example this Kaspersky article: FIN7.5: the infamous cybercrime rig continues its activities.

https://timesofmalta.com/articles/view/how-bov-hackers-got-away-with-13-million.702800

This last example illustrates that once someone begins to operate on the level as Hushpuppi, they are often most useful as someone who has the network to establish bank accounts to receive stolen funds. It is extremely unlikely that Hushpuppi has the hacking skills to pull off a Bank of Malta attack -- however he had the reputation as being someone who could provide accounts capable of receiving 5 million Euro transactions, so criminals reach out to him to fulfill that need.

↧