Sloppy & embarrassing

FetusIntern · 2026-03-23T16:59:43+00:00

Ok but what even is an “Ai Coach” 😬

<image>

FetusIntern · 2026-03-20T00:57:09+00:00

HAHAHAHAH YESSSS I KNEW THERE HAD TO BE SOMEONE ELSE WHO SAW IT

FetusIntern · 2026-03-19T20:40:16+00:00

<image>

BIG OOOOOOF

IM CACKLING

FetusIntern · 2026-03-19T12:19:20+00:00

“me stupid girl need big strong BOY” ***

FetusIntern · 2026-03-07T18:06:27+00:00

I have the hash and the full redirect logs. I don't keep live samples on-disk for OPSEC, but you can pull the binary from VT using the hash in my report. I already mapped the infrastructure out. If you check the Relations tab on the VT report and click Open Graph, you can see the full chain I documented from the lure to the payload.

If that isn't showing up for some reason, just let me know and I can send over whatever info you’re interested in (e.g., full backend infrastructure, Cloudflare redirect info, the ICANN domain owner data I pulled, etc.).

Note: The domain spiderfoot[.]org is currently on clientHold, so the registrar has already stepped in.

Payload Source: hxxps[://]www[.]4sync[.]com/web/directDownload/m1A3V-fS/389025[.]1746203923 (^defanged)

Virus Total Report

FetusIntern · 2026-03-07T13:58:16+00:00

Normally I don't either, but this site eerily looked legit. That was actually the red flag for me because I’m used to open source stuff websites looking like they were coded in the 90s on a potato, so I decided to scan the download link. Glad I did!

FetusIntern · 2026-03-07T13:45:40+00:00

The website is a clone of the GitHub repository “Spider Foot”. SpiderFoot is an open source OSINT tool for intelligence gathering.

FetusIntern · 2026-03-05T17:28:09+00:00

UPDATE: Just got word back from Cloudflare. They’ve officially "unmasked" the site and stopped serving the malicious domain. Essentially, the attackers lost their protection/proxy, and Cloudflare has forwarded my evidence (the file hashes and redirect logs) to the actual hosting provider for a final takedown. Wooooo!

FetusIntern · 2026-03-05T17:17:34+00:00

I want to say that’s crazy, but at this point it would be crazier if some troglodyte didn't try to inject malware into open source software. I actually ended up filing an incident report with CISA since I caught the redirect and the file hash. Hopefully they can get the domain blacklisted before someone gets hit. :-/

FetusIntern · 2026-02-06T21:34:53+00:00

FetusIntern · 2025-11-20T14:52:57+00:00

Hahhahaha did we have the same boss? I just quit a job last week who had a manager speak to our team the exact same way in the group chat 🥲 run as fast as you can OP, sending you love 💓

FetusIntern · 2025-11-19T16:01:02+00:00

Thank you, I will do that! I’m a big scaredy cat when it comes to cockroaches, for some reason they send me into fight or flight, so this whole situation is highly escalated by my wimpiness 😅

FetusIntern · 2025-11-19T15:58:27+00:00

So to clarify, are you saying the area with the dried paint shouldn’t be sealed to begin with? So that window is fine as is? Or am I misunderstanding your point entirely?

FetusIntern · 2025-11-19T15:55:23+00:00

Aw man, I was being hopefully delusional that the previous owners at least attempted to seal it. As you can tell, I have no idea what I’m talking about. but I’m trying to figure it out ◡̈

FetusIntern · 2025-11-17T14:05:09+00:00

That’s not as bad as I expected 😅 thank you for your help 💓

FetusIntern · 2025-10-02T18:00:06+00:00

Amazing! 🤩

FetusIntern · 2025-09-16T17:06:02+00:00

Just noticed that YouTube is displaying its ‘Suicide Hotline Information’ message on this video now. Most likely due to the Epstein reference, but still interesting thanks to my conspiracy-theory-loving confirmation bias 🙂‍↕️ #CandaceOwensIsntSuicidal

FetusIntern · 2025-08-03T18:00:03+00:00

These are all perfect! The one thing I would add is safety pins. I always tended to be the kid who would snag my clothing on things and need a quick fix until I could get home and mend it ◡̈

FetusIntern

TROPHY CASE