Threats Tagged 'bulletproof hosting'
View all threats tagged with 'bulletproof hosting'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'bulletproof hosting'
Click on any threat for detailed analysis and mitigation recommendations
From San Pedro to Salinas: How a Chinese Framework “DCloud Uni-App” Powers a Global Scam Economy 0 A Chinese web-development framework called DCloud Uni-App has become the technical foundation for over 236,000 scam domains since 2022, powering fake cryptocurrency exchanges, pig-butchering operations, wallet drainers, gambling platforms, and brand-impersonation sites. The framework gained prominence after the 2024 RainbowEx cryptocurrency scam in Argentina, which defrauded residents of San Pedro. Similar operations include the Lightning Shared Scooter Co. (LSSC) scam in the United States, which caused millions in losses across multiple states, and the currently-active Yuechi Sharing Technology Ltd. bicycle-sharing investment scam. These operations use legitimate hosting providers, with approximately 6% utilizing bulletproof hosting, particularly CTG Server. The scams target victims globally through WhatsApp, Telegram, and social media, converting victims into recruiters for pyramid-style operations. Enterprise exposure reaches over 985 distinct organizations across 25 industry verticals, with over five m... Join the discussion | AlienVault OTX General | 06/25/2026, 18:43:49 UTC Added: 06/26/2026, 08:31:07 UTC |
A New Threat Actor Using ClickFix and Fake Update Drive-By Attacks in Thousands of Compromised Sites 0 DriveSurge is a newly identified threat actor operating as an Initial Access Broker that compromises thousands of websites to deliver malware through drive-by attacks. It uses malicious code injections that redirect visitors via a Traffic Distribution System (zTDS) to deploy malware through FakeUpdate prompts mimicking browser updates and ClickFix prompts that trick users into running malicious PowerShell commands. The actor employs sophisticated infrastructure including bulletproof hosting, obfuscated JavaScript, and targets multiple environments including macOS. This campaign has been active since at least September 2025 and is trackable by unique technical fingerprints. Join the discussion | AlienVault OTX General | 05/30/2026, 06:07:03 UTC Added: 06/01/2026, 09:48:36 UTC |
Showing 1 to 2 of 2 results