Dear Security Research Team,* I am reporting a sophisticated and active *Phishing-as-a-Service (Phaa ...
show moreDear Security Research Team,* I am reporting a sophisticated and active *Phishing-as-a-Service (PhaaS)* cluster currently operating on the infrastructure of Ultahost (*IP: 31.210.50.51 / Public ID: 4331*). This network is targeting high-profile financial brands and local investment firms to conduct financial theft and identity harvesting. *1. Phishing Frontends (Lures):* The following domains are being used as initial entry points to impersonate legitimate entities: - subefmd.com / msmenkul.com / vmdyatirim.com - clnmenkul.com (Impersonating "Çelen Kurumsal Gayrimenkul Değerleme") - avsmenkul.com (Impersonating "Avrasya GYO") *2. Malicious Backend & Brand Impersonation:* All traffic from the lures is redirected to the primary data harvesting backend: - *Domain:* goldmsuygulama.com - *Target Brand:* *Goldman Sachs* (Unauthorized use of logos, branding, and corporate identity). *3. Malicious Activity & Payload:* The backend serves as a hub for *malicious APK/App distribution* and identity theft. Victims are pro
show less
PhishingFraud VoIPSpoofing
By clicking “Accept all”, you agree to the storing of cookies on your device to remember preferences and
analyze site usage.
Read more
- Required to log into your AbuseIPDB account, and store these cookie preferences.