Attackers can use a customized subdomain of plesk.page to host their phishing websites.
Command and Control
Attackers can use a customized subdomain of plesk.page as their C&C server.
Attackers can add upload functionalities hosted on *.mybluehost.me and exfiltrate data on there.
Malicious tools can be stored on *.plesk.page and downloaded when required.
Last Update: 2022-07-28
Credits: Jonathan Lind