Sign in

Ruining All My Branding
Cyber Security professional and actual detective. True crime blogger and kicker of @.
30 Photos Deleted from Gallery — Click here to restore and scan for virus [URL]

Full Text

30 Photos Deleted from Gallery — Click here to restore and scan for virus [URL]

Do not click the link, report the spam to 7726 (see below).

Yup, This is a Scam.

I’ve been getting a series of spam text messages from various phone numbers, likely compromised devices, all seem to be from AT&T in origin. These text messages have various messages, this one in particular saying, “30 Photos Deleted from Gallery — Click here to restore and scan for virus [URL].” with a link to click. DO NOT CLICK THE LINK and forward it to the SPAM number (7726, see below).The URL is likely…


There is a Massive Spam Campaign out of Namecheap

Namecheap’s bulk update function [Edited for this article]

Namecheap protects the scammers in the name of profit. The hosting providers keep taking down their infrastructure when reported, but for the scammers, updating the DNS is as easy as selecting three menu items within Namecheap’s bulk update function.


Disclaimer

I don’t normally publish emails and phone numbers because often times due to innocent victims, or if these are compromised accounts. Also I don’t want some noob going to the URLS, or responding to the emails, or clicking the links. So, to start with this article, don’t do that.

These are here simply as a record, in part, to warn people that they are treading in dangerous waters should they engage with these scammers, to present to authorities, to provide an entertaining read for practitioners in Cyber Security.

Note that in researching these URLS/etc, I am doing so in a…


I’ve been getting a series of spam text messages from various phone numbers, likely compromised devices, all seem to be from AT&T in origin. All of them say, “We will lock your device soon. Please clear your spam messages. Scan now” with a link to click, and let me tell you, DO NOT CLICK THE LINK and forward it to the SPAM number (7726, see bottom of article). The URL is likely designed to deliver ransomware, credential phishing, malware, spyware or anything the scammer desires. Also of note, the most recent reports about this kind of text message (smishing) spam/scam…


US Pipeline Ransomware Attack

A map of major US Pipelines (source).

In what is described as the “largest successful cyber attack” on fuel infrastructure to date, Colonial Pipeline’s infastructure was hit by a Ransomware attack, which lead to the pipeline ceasing operations. According to Colonial Pipeline, prices for gasoline will not be impacted unless the pipeline stays down, and according to other sources, this could be a matter of 4–5 days (1–3).

US Pipeline Cyber Attack

On Friday, May 7th, 2021, Colonial Fuel Pipeline reported during trading that they were having network issues, and two people had reported issues posting “refined product batches, updates or changes to batch deliveries” using the Colonial Pipeline website (likely…


An image made from the main html site for yours truly.

Yes, spammers are yet again sending text messages that use code and redirects to forward users to additional pornography sites that manipulate browser state, read browser history to ultimately collect personal and financial information.

The Text Message & Initial Domain


An image created by yours truly for this article.

The Text Message

A text message came in stating: I’m Nicole, also provide 0nline servicesHere4meet>> teen69live.site.+18

The same group has been seen before in other articles I’ve written:

  1. Scammers using .US TLD to Spam Pornography
  2. A Single Porn Text Message (spam)
  3. Obliterated Gross Porn Text Message (spam)
  4. See auto-updated list here.

This is the same group, they use the same html code, phrasing and similar architecture, and linked domains. They seem to move from one webhost/registrar to the next after they are booted off. The initial email included in the smish was leengram01 at gmail.com. It was reported directly to Google in sending…


Spam Porn

Everyone I know usually receives, and also super dislikes, these text messages. Most AV Vendors have already marked some of these domains as malicious, and to work around that scammers are getting clever about not serving the same content, and also, a large redirect chain that usually halts the analysis of some tools. I ran my tools 4–5 times, and received a total of 18 domain names. It was easy to see there was some kind of application or “engine” (as we will refer to in this article) that was the same pattern in every run. …


I am obsessed with the thought of making natural dye, and in ancient times, spinning your own cloth and dying it using natural materials was common-place. I do not have anything of my own to dye currently such as wool or cloth or some kind of linen, but I have been researching throughly how to dye various colors in a natural way. The following are best for use on Wool, Linen, Silk, and Cotton listed with their historical sources. Quality of these need investigation of course, and require basic chemistry, use at your own risk. Later posts will likely go…


Prepare for Spring — Learn to Recognize Morning Glory as it Sprouts.

L. Prang & Co., Publisher, and Julia Mcentee Dillon. Wild morning glories and clematis / after Julia Dillon. [Boston, Mass.: Reproduced and published by L. Prang & Co., Boston, Mass] Photograph. Retrieved from the Library of Congress, <www.loc.gov/item/2016652328/>.

Some say the cochroach is nearly impossible to kill, but likely they have never spoken to a gardener. The true award of undying obviously goes to the Bindweed, or Morning Glory, which is a climbing vine that lives in the soil for decades until it is resurrected under the right conditions. Every single root fragment that is broken off becomes a new plant, and although it is very beautiful, it climbs up the side of buildings or against other plants to suffocate them and take their sunlight in…

Ruining All My Branding

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store