Searching for something else I found a notification for a malware detected months ago, the thing that struck me was the name of the file: FixInternet.exe The first thought was this:

In the last few weeks I have noticed that attacks on Correios are constant. I have studied the matter a bit: it is the Brazilian state company that manages shipments and payments related to them. The scam is always the same, attackers write to users saying that a shipment is blocked and that a small … Continue reading Correios phishing kit →

At the end of a pretty busy day, I finally found a few minutes to check out the incoming notifications from Matrix. I noticed a kit that targets Kraken customers because their icon reminds me of the ghost from Pacman, and just today I got the vintage Pacman console 🙂 The domain used for the … Continue reading Phishing against Kraken →

This morning I came across a kit aimed at Brazilian taxpayers. The domain used for the attack is consultarencomeda[.]online The attack is currently in its initial phase, the domain was registered a few hours ago and the kit was copied to the hosting. Matrix intercepted these two activities, analyzed the archive containing the kit and … Continue reading Attack against Correios →

To be honest I didn't know this bank. Today Matrix identified these two threats and so I did a little research into who they are. It is a bank based in the United Arab Emirates. Looking at the wio.io website the first thing that struck me was that in the management section they don't have … Continue reading Phishing attack against Wio →

A few hours ago Matrix identified a phishing kit targeting customers of the Italian bank Intesa San Paolo (intesasanpaolo[.]com). This site is hosted on cprapid[.]com, the full url is weblntesasanpaolo[.]35-180-129-166[.]cprapid[.]com. I just report it as malicious on urlscan.io. The kit code is a mess 😦 I don't think the low quality indicates attempts at evasion, … Continue reading Intesa San Paolo phishing kit →

A new tool launched in recent days has made it possible to quickly detect an attack based on various .best domains.Matrix had reported these domains on urlscan.io several hours ago. From the evidence gathered in recent minutes, it appears that the attack targeted customers of the US bank America First Credit Union. Below is the … Continue reading Phishing campaign based on .best domains →

After Twitter blocked my account I moved to Urlscan.io where Johannes welcomed and supported me very kindly. I was able to appreciate the platform and today we reached the milestone of one million submissions made. Thanks to the urlscan.io team for their work!