Info collector

Latest SPAM

“Central Intelligence Agency – Case #79238516” extortion spam

By on March 18, 2019 in Latest SPAM

I’ve seen various extortion spams over the past 12 months or so, but this one has a particularly vicious twist. If you haven’t seen one of these before – it’s just a spam, randomly sent to your email address. You can safely ignore it. From:    Liza Guest [] Reply-To: To:    [redacted] Date:    18 Mar […]

Continue Reading »

Phishing and fraudulent sites hosted on (Qhoster)

By on May 22, 2018 in Latest SPAM

Nigerian registrants. Dodgy Eastern European  host offering bulletproof and anonymous hosting. Yup, I very much doubt there is anything legitimate at all hosted on or indeed any part of Qhoster’s network. 237buzz.com255page.ga702mine.com779999977.

Continue Reading »

Malware spam: “New documents available for download” / /

By on May 10, 2018 in Latest SPAM

This fake Barclays spam seems to lead to the Trickbot banking trojan. From:    Barclays []Date:    10 May 2018, 13:16Subject:    New documents available for downloadSigned by:    Standard encryption (TLS) Learn moreBarclays Bank PLC Has Sent You Important Account Documents to SignYou can view the document in your Barclays

Continue Reading »

“Best porno ever” Necurs spam

By on May 4, 2018 in Latest SPAM

This spam (apparently from the Necurs botnet) promises much, but seems not to deliver. From:    Susanne@victimdomain.tld [Susanne@victimdomain.tld]Date:    4 May 2018, 10:22Subject:    Best porno everHi [redacted],Best gay,teen,animal porno everPlease click the following link to activate your account.hxxp:||,Susanne The sender’s name varies, but is always in the same

Continue Reading »

New Traffic Light Protocol (TLP) levels for 2018

By on April 1, 2018 in Latest SPAM

The Traffic Light Protocol should be familiar to anyone working with sensitive data, with levels RED, AMBER, GREEN and WHITE being used to specify how far information can be shared. In recent years it has become clear that these four levels are not enough, so the United Nations International Committee on Responsible Naming (UN/ICoRN) has […]

Continue Reading »

“Faster payment” scam is not quite what it seems

By on March 8, 2018 in Latest SPAM

I see a lot of “fake boss” fraud emails in my day job, but it’s rare that I see them sent to my personal email address. These four emails all look like fake boss fraud emails, but there’s something more going on here. From:    Ravi [Redacted] Reply-To:    Ravi [Redacted] To:    accounts@victimdomain.comDate:    23 February 2018 at […]

Continue Reading »

Swisscoin [SIC] cryptocurrency spam

By on January 15, 2018 in Latest SPAM

Swisscoin is a fairly low-volume self-styled cryptocurrency that has been the target of a Necurs-based spam run starting on Saturday 13th January, and increasing in volume to huge levels on Monday. From:    Florine Fray [Fray.419@redacted.tld] Date:    15 January 2018 at 10:51 Subject:    Could this digital currency actually make you a millionaire? Every once in a […]

Continue Reading »

Some random thoughts on Damian Green and those porn allegations

By on December 4, 2017 in Latest SPAM

If you live in the UK then you might have noticed the somewhat bizarre furore over Damian Green MP and his alleged viewing of pornography on house his Parliament computer. Now, I don’t know for certain if he did or didn’t, but to put it in context his private email address also allegedly turned up […]

Continue Reading »

Bogus porn blackmail attempt from

By on October 31, 2017 in Latest SPAM

This blackmail attempt is completely bogus, sent from a server belonging to the domain. From:    Hannah Taylor [] Reply-To: To:    contact@victimdomail.tld Date:    31 October 2017 at 15:06 Subject:    ✓ Tiскеt ID: DMS-883-97867 [contact@victimdomail.tld] 31/10/2017 03:35:54 Maybe this will change your life Signed

Continue Reading »

Updated 3NT Solutions LLP / / IP ranges

By on October 25, 2017 in Latest SPAM

When I was investigating IOCs for the recent outbreak of BadRabbit ransomware I discovered that it downloaded from a domain hosted on This IP belongs to a company called 3NT Solutions LLP that I have blogged about before. It had been three-and-a-half years since I looked at their IP address ranges so I […]

Continue Reading »