| Attribute | Details |
|-----------|---------|
| Domain | fillupmymom.com (sometimes seen as fillupmymomcom when the “.” is removed in URLs) |
| TLD | .com |
| First Seen | Early 2022 (first appearance in open‑source threat intel feeds) |
| Current Status (as of 2024‑09‑xx) | Active – resolves to an IP address in Russia (AS 20773) but the IP changes often (fast‑flux). |
| Primary Threat Type | Malicious redirect / ad‑ware – used as a “gateway” to deliver additional payloads (cryptojacking scripts, ransomware drop‑zones, credential‑phishing). |
| Delivery Vectors | Spam e‑mail with “hot deals”, malicious banner ads, compromised third‑party sites, URL shorteners (e.g., bit.ly) that hide the domain. |
| Reputation Scores | - VirusTotal URL: Malicious (9/10)- Cisco Talos: Bad- IBM X‑Force: High |
| Associated Indicators | See Section 2 (IOCs). |
One of the most critical aspects of online safety is protecting personal information. This includes being cautious when sharing sensitive information, such as passwords, credit card numbers, and addresses, on the internet. It's also important to use strong, unique passwords for different accounts and enable two-factor authentication whenever possible. fillupmymomcom hot
| Evidence | Likely Attribution | |----------|-------------------| | Reuse of same JS miner code as seen in the “RedBanc” campaign (2022‑2023) | RedBanc – a financially‑motivated group that runs ad‑fraud & crypto‑miner chains. | | Similar fast‑flux infrastructure to “Lockbit‑loader” clusters observed in Eastern Europe | LockBit affiliate network – often uses compromised domains for initial redirects. | | Spam e‑mail language (“hot deal”, emojis) matches tactics of the “Scam‑Express” spammers documented by Abuse.ch | Scam‑Express – known for short‑URL spam with click‑bait “hot” offers. | | Attribute | Details | |-----------|---------| | Domain
Attribution is probabilistic; the actors frequently outsource hosting to bullet‑proof services. One of the most critical aspects of online