Hot diggity dog.

The briefing concludes that standalone generative AI systems, based on unlawful web scraping, depend on mass invasions of privacy by design, and are fundamentally incompatible with [International Human Rights Law]. As such, Amnesty International is calling for a prohibition of such systems, including where such systems are identified as exacerbating existing inequalities or creating new forms of discrimination.

https://www.amnesty.org/en/documents/pol40/0996/2026/en/

Spotted a TikTok video promoting free Fortnite skins linking to fortgg[.]cc. Ended up being a full AiTM phishing kit impersonating Epic Games login.

The kit uses a custom DNSPod CAPTCHA gate to block scanners then serves a pixel perfect Epic Games credential harvester. Under the hood it hooks fetch and XHR to proxy requests to Epic in real time bypassing all 2FA methods including authenticator app, SMS, backup codes and Epic app.

After credential harvest victims are redirected to a fake "Star Locker" page to keep them busy while the operator processes the stolen session token server side.

Source code comments are in Russian. Hosted on 91.227.114.14 AS210006 bullet proof infrastructure. Related domains on same IP include Valorant themed kits suggesting a single operator targeting multiple gaming platforms.

IOCs in image.

#CTI #ThreatIntel #Phishing #AiTM #EpicGames #Fortnite #OSINT #DFIR #infosec #malware

Ad Tech                  Queer Polycule

                     🤝

“We and our up to 161 partners …”

Can we get some orca pods through the locks?

#seattle