Intesa San Paolo phishing kit

A few hours ago Matrix identified a phishing kit targeting customers of the Italian bank Intesa San Paolo (intesasanpaolo[.]com). This site is hosted on cprapid[.]com, the full url is weblntesasanpaolo[.]35-180-129-166[.]cprapid[.]com. I just report it as malicious on urlscan.io. The kit code is a mess 😦 I don't think the low quality indicates attempts at evasion, … Continue reading Intesa San Paolo phishing kit →

An Italian solution

This morning I wanted to write a short post on a phishing site, which was also poorly made, but which using IPFS could be a little more interesting than the others. The site is an attack (targeted or not I don't know) against some company that wants to become a supplier to the US government.The … Continue reading An Italian solution →

Attack against Zoom

Today I'll tell you about an attack detected a few hours ago by Matrix and reported on urlscan.io. This is a fairly complex attack against Zoom. The attackers registered on Namecheap a domain (us06webzoomus[.]pro) reminiscent of Zoom subdomains and deployed a series of files. Here we find three malware (Android and Windows), static content (scripts, … Continue reading Attack against Zoom →

Free RAT

A little while ago I came across this website: hxxps://domin-remote[.]online The domain was registered yesterday via hostinger. To date it has not been reported. Matrix reported it on urlscan.io 15 hours ago. Domain Name: DOMIN-REMOTE.ONLINERegistry Domain ID: D424887618-CNICRegistrar WHOIS Server: whois.hostinger.comRegistrar URL: https://www.hostinger.com/Updated Date: 2024-01-15T10:57:55.0ZCreation Date: 2024-01-15T10:57:50.0ZRegistry Expiry Date: 2025-01-15T23:59:59.0ZRegistrar: HOSTINGER operations, UABRegistrar IANA ID: … Continue reading Free RAT →

Assemblaggio P-51D Mustang

Rieccoci con un altro post su come ho assemblato un nuovo modello realizzato da Gianluca. Dopo aver assemblato il BF109 oggi vediamo il P-51D Mustang. Si tratta anche in questo caso di un kit realizzato in polestirele ricavato da lastra, quindi buona parte dei procedimenti sono già stati spiegati nel post del BF109, vi consiglio … Continue reading Assemblaggio P-51D Mustang →

Attack on Iranian bank customers

Given that the Iranian regime disgusts me, as does every theocracy, I dedicate time to this kit because it has interesting features and because I think that we all owe solidarity to the Iranian population, persecuted by a fascist regime. After this introduction, let's move on to this kit. Matrix downloaded it from the e-h-r-a-z-c[.]org … Continue reading Attack on Iranian bank customers →

Assemblaggio Combat BF109

In questo articolo vi racconto come costruire un aeromodello radiocomandato "Combat" Messerschmitt BF109. Il kit che andremo a costruire è stato progettato e realizzato da Gianluca, aeromodellista esperto del Gruppo Modellistico Infernetto. Si tratta di un modello ad ala bassa molto agile e divertente. Pur non essendo complicato da pilotare non è un aereo scuola … Continue reading Assemblaggio Combat BF109 →

Phishing campaign based on .best domains

A new tool launched in recent days has made it possible to quickly detect an attack based on various .best domains.Matrix had reported these domains on urlscan.io several hours ago. From the evidence gathered in recent minutes, it appears that the attack targeted customers of the US bank America First Credit Union. Below is the … Continue reading Phishing campaign based on .best domains →

Just went online

These domains were registered last week but the scripts have only now been uploaded. This seems like suspicious behavior to me… hxxp://marqatha[.]com hxxp://marqrdha[.]com hxxp://vaiqsant[.]com hxxp://vaiqbant[.]com hxxp://mawqreha[.]com hxxp://vazxant[.]com hxxp://marqrxha[.]com hxxp://marqreha[.]com

The Italian job

Today I downloaded a phishing kit hosted by cPanel, intended to scam BBVA customers. The kit is a 2022 panel. Very often the kits downloaded from cPanel are written in Italian, regardless of the company targeted. During this period I also noticed how these criminals operate during office hours and seem to operate in the … Continue reading The Italian job →