QadsiaClub Twitter ATO. Retrieves configuration on a fake captchabot domain: /captchabot.courses/configuration If the malicious domain is used as the origin header to the fake captchabot domain, the receiver changes
Spread via a fake @poopie account. Interesting configuration as it retrieves the malicious actor's wallet via a fake Discord Captchabot domain and that the wallet address changes depending on the passed origin header.