One just needs a shodan search query or a google dork, like for instance for -search?q=\x72\x65\x2E\x69\x6E\x66\x6F
to infest like a redirect to [quote] -http://kpkp01.xyz is requesting your username and password. The site says: “Windows Defender Alert :Zepto Virus Detected In Your System Registry . CALL Microsoft Technician +31 72 80 80 241 for Free Checkup” which is a Fraud/Scam.
- https://www.virustotal.com/#/url/f3790f11643c0dc884b231bd2ab6a6ad6a10935de9b0044ee1d44d94dd426f44/detection
Fortinet flags as suspicious code.
polonus (volunteer website security analyst & website error-hunter)
P.S. Interesting presentation on this topic by Yuta Takata
→ https://www.first.org/resources/papers/conf2018/Takata-Yuta_FIRST_20180531.pdf
Damian