A text message stating that a Stimulus check is coming, promising financial reward to click the URL. This is malicious code running on instrastructure that spans the globe. It is a clever form of malware delivery that evades antivirus and other protections, and is geared to drop malware on your device undetected via a form of delivery called ‘gootloading.’
Full Text
30 Photos Deleted from Gallery — Click here to restore and scan for virus [URL]Do not click the link, report the spam to 7726 (see below).
Yup, This is a Scam.
I’ve been getting a series of spam text messages from various phone numbers, likely compromised devices, all seem to be from AT&T in origin. These text messages have various messages, this one in particular saying, “30 Photos Deleted from Gallery — Click here to restore and scan for virus [URL].” with a link to click. DO NOT CLICK THE LINK and forward it to the SPAM number (7726, see below).The URL is likely…
Namecheap, a US-based domain registrar, is allowing scammers to infest their registrations using global infrastructure to attack Americans and Canadians with malware. When this is reported, Namecheap does nothing. Over the course of months, I have been researching a series of text message campaigns that originate from a US domain registrar who both refuse to act , but also refuse to acknowledge there is a problem thus allowing cyber abuse, text message spam and smishing to go unchecked.
There is a Massive Spam Campaign out of Namecheap
Namecheap protects the scammers in the name of profit. The hosting providers keep taking down their infrastructure when reported, but for the scammers, updating the DNS is as easy as selecting three menu items within Namecheap’s bulk update function.
When a Pharma Spammer is ballsy enough to make a home on WebMD, utilize at least five whatsup numbers, traceable voip, a Wikr, Kick, Skype and Twitter account and websites to sell their wares, one must wonder, what are we, in the cyber security community, snoozing through. Some linked sites were up over seven years! This blog post is detailing the research involved to both make it easier to report to authorities and also make terms searchable in a collective spot to help people from getting scammed, or worse, die from fake medication.
Disclaimer
I don’t normally publish emails and phone numbers because often times due to innocent victims, or if these are compromised accounts. Also I don’t want some noob going to the URLS, or responding to the emails, or clicking the links. So, to start with this article, don’t do that.
These are here simply as a record, in part, to warn people that they are treading in dangerous waters should they engage with these scammers, to present to authorities, to provide an entertaining read for practitioners in Cyber Security.
Note that in researching these URLS/etc, I am doing so in a…
I’ve been getting a series of spam text messages from various phone numbers, likely compromised devices, all seem to be from AT&T in origin. All of them say, “We will lock your device soon. Please clear your spam messages. Scan now” with a link to click, and let me tell you, DO NOT CLICK THE LINK and forward it to the SPAM number (7726, see bottom of article). The URL is likely designed to deliver ransomware, credential phishing, malware, spyware or anything the scammer desires. Also of note, the most recent reports about this kind of text message (smishing) spam/scam…
US Pipeline Ransomware Attack
In what is described as the “largest successful cyber attack” on fuel infrastructure to date, Colonial Pipeline’s infastructure was hit by a Ransomware attack, which lead to the pipeline ceasing operations. According to Colonial Pipeline, prices for gasoline will not be impacted unless the pipeline stays down, and according to other sources, this could be a matter of 4–5 days (1–3).
US Pipeline Cyber Attack
On Friday, May 7th, 2021, Colonial Fuel Pipeline reported during trading that they were having network issues, and two people had reported issues posting “refined product batches, updates or changes to batch deliveries” using the Colonial Pipeline website (likely…
They are at again with “craftily” registered domain namespaces, and the luxury of breaking the law to spam your phone with more porn.
Yes, spammers are yet again sending text messages that use code and redirects to forward users to additional pornography sites that manipulate browser state, read browser history to ultimately collect personal and financial information.
The Text Message & Initial Domain
A porn spam smishing link that contains the word teen in it is bad enough, and this is a serious of redirect chains spanning the globe, only this time, managed mostly by US companies.
The Text Message
A text message came in stating: I’m Nicole, also provide 0nline servicesHere4meet>> teen69live.site.+18
The same group has been seen before in other articles I’ve written:
- Scammers using .US TLD to Spam Pornography
- A Single Porn Text Message (spam)
- Obliterated Gross Porn Text Message (spam)
- See auto-updated list here.
This is the same group, they use the same html code, phrasing and similar architecture, and linked domains. They seem to move from one webhost/registrar to the next after they are booted off. The initial email included in the smish was leengram01 at gmail.com. It was reported directly to Google in sending…
A porn spam smishing link that exposes contact details in registration data, with the intial URL itself is a rotating menu of web redirects usually seen mostly in malvertising. Analysis of and reporting herein.
Spam Porn
Everyone I know usually receives, and also super dislikes, these text messages. Most AV Vendors have already marked some of these domains as malicious, and to work around that scammers are getting clever about not serving the same content, and also, a large redirect chain that usually halts the analysis of some tools. I ran my tools 4–5 times, and received a total of 18 domain names. It was easy to see there was some kind of application or “engine” (as we will refer to in this article) that was the same pattern in every run. …
Natural plants to make natural dye in all shades
I am obsessed with the thought of making natural dye, and in ancient times, spinning your own cloth and dying it using natural materials was common-place. I do not have anything of my own to dye currently such as wool or cloth or some kind of linen, but I have been researching throughly how to dye various colors in a natural way. The following are best for use on Wool, Linen, Silk, and Cotton listed with their historical sources. Quality of these need investigation of course, and require basic chemistry, use at your own risk. Later posts will likely go…
Prepare for Spring — Learn to Recognize Morning Glory as it Sprouts.
Some say the cochroach is nearly impossible to kill, but likely they have never spoken to a gardener. The true award of undying obviously goes to the Bindweed, or Morning Glory, which is a climbing vine that lives in the soil for decades until it is resurrected under the right conditions. Every single root fragment that is broken off becomes a new plant, and although it is very beautiful, it climbs up the side of buildings or against other plants to suffocate them and take their sunlight in…
