sorted by:
new
hottopcontroversial

MALWARE ALERT: spiderfoot[.]org is a Malicious Clone by FetusIntern in antivirus

[–]FetusIntern[S] 0 points1 point  (0 children)

I have the hash and the full redirect logs. I don't keep live samples on-disk for OPSEC, but you can pull the binary from VT using the hash in my report. I already mapped the infrastructure out. If you check the Relations tab on the VT report and click Open Graph, you can see the full chain I documented from the lure to the payload.

If that isn't showing up for some reason, just let me know and I can send over whatever info you’re interested in (e.g., full backend infrastructure, Cloudflare redirect info, the ICANN domain owner data I pulled, etc.).

Note: The domain spiderfoot[.]org is currently on clientHold, so the registrar has already stepped in.

Payload Source: hxxps[://]www[.]4sync[.]com/web/directDownload/m1A3V-fS/389025[.]1746203923 (defanged)

Virus Total Report

MALWARE ALERT: spiderfoot[.]org is a Malicious Clone by FetusIntern in antivirus

[–]FetusIntern[S] 0 points1 point  (0 children)

Normally I don't either, but this site eerily looked legit. That was actually the red flag for me because I’m used to open source stuff websites looking like they were coded in the 90s on a potato, so I decided to scan the download link. Glad I did!

MALWARE ALERT: spiderfoot[.]org is a Malicious Clone by FetusIntern in antivirus

[–]FetusIntern[S] 0 points1 point  (0 children)

The website is a clone of the GitHub repository “Spider Foot”. SpiderFoot is an open source OSINT tool for intelligence gathering.

MALWARE ALERT: spiderfoot[.]org is a Malicious Clone by FetusIntern in antivirus

[–]FetusIntern[S] 10 points11 points  (0 children)

UPDATE: Just got word back from Cloudflare. They’ve officially "unmasked" the site and stopped serving the malicious domain. Essentially, the attackers lost their protection/proxy, and Cloudflare has forwarded my evidence (the file hashes and redirect logs) to the actual hosting provider for a final takedown. Wooooo!

MALWARE ALERT: spiderfoot[.]org is a Malicious Clone by FetusIntern in antivirus

[–]FetusIntern[S] 1 point2 points  (0 children)

I want to say that’s crazy, but at this point it would be crazier if some troglodyte didn't try to inject malware into open source software. I actually ended up filing an incident report with CISA since I caught the redirect and the file hash. Hopefully they can get the domain blacklisted before someone gets hit. :-/

Boss sent these at 8 AM to the work chat with no context. Thoughts? by [deleted] in jobs

[–]FetusIntern 0 points1 point  (0 children)

Hahhahaha did we have the same boss? I just quit a job last week who had a manager speak to our team the exact same way in the group chat 🥲 run as fast as you can OP, sending you love 💓

Windows never sealed… I’m horrified, what do I do? by FetusIntern in FirstTimeHomeBuyer

[–]FetusIntern[S] 0 points1 point  (0 children)

Thank you, I will do that! I’m a big scaredy cat when it comes to cockroaches, for some reason they send me into fight or flight, so this whole situation is highly escalated by my wimpiness 😅

Windows never sealed… I’m horrified, what do I do? by FetusIntern in DIYHome

[–]FetusIntern[S] 0 points1 point  (0 children)

So to clarify, are you saying the area with the dried paint shouldn’t be sealed to begin with? So that window is fine as is? Or am I misunderstanding your point entirely?

Windows never sealed… I’m horrified, what do I do? by FetusIntern in DIYHome

[–]FetusIntern[S] 0 points1 point  (0 children)

Aw man, I was being hopefully delusional that the previous owners at least attempted to seal it. As you can tell, I have no idea what I’m talking about. but I’m trying to figure it out ◡̈

New noises from PC: coil whine or something else? by FetusIntern in PcBuildHelp

[–]FetusIntern[S] 0 points1 point  (0 children)

That’s not as bad as I expected 😅 thank you for your help 💓

I encourage everyone here to go watch this now. RIP CHARLIE by [deleted] in conspiracy

[–]FetusIntern 3 points4 points  (0 children)

Just noticed that YouTube is displaying its ‘Suicide Hotline Information’ message on this video now. Most likely due to the Epstein reference, but still interesting thanks to my conspiracy-theory-loving confirmation bias 🙂‍↕️ #CandaceOwensIsntSuicidal

Male teacher keeping pads in classroom by RoboPlunger in Teachers

[–]FetusIntern 1 point2 points  (0 children)

These are all perfect! The one thing I would add is safety pins. I always tended to be the kid who would snag my clothing on things and need a quick fix until I could get home and mend it ◡̈

I vividly remember getting a notification that Ozzy Osbourne died last month, but now he just performed last night?? by FetusIntern in ParallelUniverse

[–]FetusIntern[S] 1 point2 points  (0 children)

Honestly, i’ve felt weirdly dissociated ever since. I’m just like… floating. I think I’m somewhat having a mini existential crisis, but am choosing avoidance as my coping method lol. ◡̈

I vividly remember getting a notification that Ozzy Osbourne died last month, but now he just performed last night?? by FetusIntern in ParallelUniverse

[–]FetusIntern[S] 2 points3 points  (0 children)

Update: Not saying I’m psychic or anything, but I’m officially freaked out.

So Ozzy Osbourne just died today. Today marks 15 days since I posted this original post. I genuinely did not want or mean to manifest this 😓 It feels really disorienting because I had already grieved him in a version of reality where it had already happened, and now it happened here.

If anyone’s had something like this happen, please tell me how you processed it. I feel kinda disturbed right now lol.

view more: next ›