This kit is being sold as phishing-as-a-service (PhaaS) by the cybercrime service 'Sneaky Log,' which operates through a fully-featured bot on Telegram.
The phishing pages are hosted on compromised infrastructure, mostly involving WordPress websites and other domains controlled by the attacker.
The kit also boasts of several anti-bot and anti-analysis measures, employing techniques like traffic filtering and Cloudflare Turnstile challenges to ensure that only victims who meet certain criteria are directed to the credential harvesting pages.
A notable aspect of the PhaaS is that site visitors whose IP address originates from a data center, cloud provider, bot, proxy, or VPN are directed to a Microsoft-related Wikipedia page.
Collection
[
|
...
]