Phishing Kit Targets Iran’s Keshavarzi Bank (Agribank)

A seemingly rare phishing kit that targets Iran’s Keshavarzi Bank (Agribank) users and steals their login + OTP.
X-SniPer Chase Phishing Kit Targets Fullz for Account Takeover

X-SniPer phishing kit even tries to steal the victim’s mobile phone carrier PIN to perform a SIM swap attack to “bypass” 2FA.
restore-metamask.com Used to Steal Entire Crypto Wallets

The malicious domain restore-metamask.com was used to steal existing crypto wallets of metamask.io users. It also allowed new wallets to be created and cryptocurrencies deposited to the new wallet, but it would ultimately go to the attackers.
Spoofed 404s

Should you trust the HTTP response code when analyzing access logs for suspicious traffic?