Popup - http://jankyswapper.com/
Registered via PublicDomainRegistry on March 18, 2021 (updated April 11, 2021) - Whois jankyswapper.com
Program contains a variant of the AgentTesla trojan designed to hijack Discord accounts via token grabbing.
Malware itself is a Redline Stealer sample, The C&C server used is 109.248.11.240 at port 17523; sample takes a screenshot, grabs the IP, steals your Discord tokens, steals Chrome and Firefox cookies + Local Data, Steals WhatsApp and Steam accounts, checks and steals cold crypto wallets, checks for common VPN applications and profiles your HW and OS. It’s sometimes is nice to go back to the roots, isn’t it?
The Command and Control server is hosted on the network of Contel OOO in Moscow, Russia. - Whois 109.248.11.240