I Traced a "Cute" Minecraft Phishing Site to a C2 Server in Chicago

Hello community! As an IT engineering student, I recently conducted a technical investigation into an active threat targeting the gaming community (specifically Minecraft players). What appeared to be a harmless "cute" website turned out to be a Phishing and Malware-as-a-Service (MaaS) infrastructure. Here is a technical breakdown of my findings: PHISHING AND MALWARE SPREAD THROUGH DISCORD The primary domain identified is owocraft.com. At first glance, it uses Tailwind CSS and a Turkish-coded template (identified by source code comments such as /* Sayfa Fade-in Animasyonu */). The main deception is a download button for a fake "Launcher" that actually points to a malicious .rar file hosted on Dropbox (ID: 3d1d505ajob480fkdnpm3). This file contains a Discord Token Stealer. Unmasking the Infrastructure Despite using Cloudflare for obfuscation, I performed a passive DNS analysis and utilized OSINT tools (Censys/Shodan) and other tools to identify the real origin server: Command & Control