CloudNexus – Front of a Phishing Operation

The web hosting company CloudNexus (cloudnexus[.]com[.]my) is owned by ADRIAN KATONG, an individual based in Malaysia who is responsible for multiple phishing operations such as BulletProftLink.

Please exercise caution and avoid signing up with this web host, as it is guaranteed they will inject malicious code into your websites.

We have been researching about this individual and his operations for months now, and so far we’ve gathered the following:

  • He is using pirated licenses for cPanel, WHMCS, and other hosting-related software. He’s getting these from another illegal operation called LicenseMan.
  • He has some hardware colocated with TPMNet in Malaysia.
  • On 2023-02-10, he transferred an amount of MYR 16,616.55 from ALLIANCE ISLAMIC BANK – 100390013011801 (ADRIAN WEBHOSTING SE) to MAYBANK BERHAD – 514413200266 (TPM IT SDN BHD) for 1 year of colocation services.
  • He is using BackBlaze as storage for his phishing pages and email templates.
  • He owns the GitHub account “AnthraxBPLLC” which houses many phishing-related repos.
  • He sells “phishing services” via Telegram and other instant messaging apps under the name “Anthrax” or a variant of it.

Known Domains:

  • bp[.]net[.]co
  • bulletproftlink[.]dev
  • bulletproftlink[.]ru
  • cloudnexus[.]biz
  • cloudnexus[.]com[.]my
  • ms-team-safe-zone[.]co
  • zoomlandline[.]cam

This page will be updated when we find out more information about CloudNexus and/or Adrian Katong.


Posted

in

,

by

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *