Ok, so I’ve come across more of those videos that were around a few months ago for that CashApp scam that was on YouTube. For those unfamiliar with this type of scam, they make it sound super “techy” such as using the words “injection” with fancy CSS and JavaScript to make it look like the website that you go to in order to do this “injection” is doing something when it’s doing nothing. Of course, it sends you on a redirect at least twice to make you download (“inject”) two different VPN apps, at least that’s what it was at the time of this posting when seeing the website, which then “hacks” Onlyfans++.
The website in question is itweak.me. I was able to find this info with a WHOIS search:
Domain Name: ITWEAK.ME
Registry Domain ID: D425500000333554263-AGRS
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: www.namecheap.com
Updated Date: 2020-04-01T03:27:17Z
Creation Date: 2020-04-01T02:50:26Z
Registry Expiry Date: 2021-04-01T02:50:26Z
Registrar Registration Expiration Date:
Registrar: NameCheap, Inc.
Registrar IANA ID: 1068
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone: +1.6613102107
Reseller:
Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited
Registrant Organization: WhoisGuard, Inc.
Registrant State/Province: Panama
Registrant Country: PA
Name Server: SID.NS.CLOUDFLARE.COM
Name Server: NORA.NS.CLOUDFLARE.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form https://www.icann.org/wicf/)
At the time of seeing someone demonstrate this on a burner device, it routed them to bigappboi.com. When trying to WHOIS search this domain, it actually returned a 500 error, someone probably DDOS'd this or reported it to AWS who it appears to have hosted this. It does appear to have had several name changes over the years of appregistration.net, areyouabot.net, and areyouahuman.co. I tried to use Wayback machine, but nothing came up.
The video I found this on was by Optimus on YouTube, https://www.youtube.com/watch?v=lSX2vSrjJQs.
I don't know if anyone wants to subject their device or a KVM Windows machine running Bluestacks or anything to track what happens when any of this crap is run on it with Wireshark, but I feel like it will datamine your personal info out of your device which could open possible scambait opportunities with burner accounts. Of course, do so at your own risk.