PHP shell (command panel) and CGI-telnet shell have been found on this host. Using the panel you can upload files, execute commands, etc. Possibly the threat actor uses the host via these interfaces. Meanwhile, a PayPal phishing web application is being built here. #phishing

These phishing web applications have just activated. They targeting PayPal and Scotiabank customers. hXXp://update-paypal.unatransport.ba hXXp://reviewpaypal.dynv6.net/ hXXp://paypal.com.support-limited.verifications-v2l-confirmation.com/ hXXp://scotiabank.trafika.mx/ #phishing

This phishing attack targets Itaú Private Bank. Hundreds of customers are affected. I've also found a control panel here. #phishing

The threat actor of this phishing attack can be easily identified because he used an online PHP obfuscator that saved his IP address in this automatically generated comment section. (See my previous tweet for more info.) #phishing

I've just found some newly activated phishing web applications (targeting Bank of America, Citibank and Wells Fargo customers). hXXp://bankofamerica.com.access-custumer.instant-canalser.com hXXp://citi-com.tk hXXp://wellsfargo-submit.ml #phishing

This is what a PayPal phishing web application's admin panel looks like. #phishing

Do NOT call this phone number: 1866-394-4845. This is an attempt to steal your personal data and credentials. #phishing

This spear phishing web application targets one single person called 'Evan'. The web application pre-populates his e-mail address and continuously increases the amount of transferred money - perhaps because they're blackmailing the victim... #phishing

So sad... This phishing web application targets deaf people as well. #phishing

Select a default language and install whatever you want... #phising

This site is under construction. Would it be suspicious for you? #phishing

ipay[.]bangkokbank[.]com[.]bblvbvacs[.]adsotp[.]brewerycotton[.]com backoffice[.]bankaccountchecker[.]com fednet[.]federalbanks[.]cf login-accounts[.]paypai[.]dz[.]aliancafm[.]com wellsfargo-secure01[.]serveirc[.]com #phishing

This malicious web application seems to be checking PayPal Email addresses. It is implemented on a PayPal phishing server. #phishing

This host is used for malware sharing. outlook lice nece[.]com #phishing #Malware

When an undefined variable error reveals the full access path of the malicious web application. #phishing

An Ursnif variant (unknown to VirusTotal) has been found in the wild. hXXp://how-to-get-reg istry-cleaner-windows[.]kinetic otx[.]com/www/crypt_7000.exe #phishing #Malware

This is a rare phenomenon but it happens. Somebody implemented an 'Archive Unzipper' for the zipped phishing kit. #phishing

Even Nanyang Technological University customers are being phished. This is something you cannot see very often. #phishing

A repository of malware/phishing kits/hacking tools/how-to documents/source codes/etc. has been found. #phishing #Malware

Just another shell...