← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Silent Push Uncovers Chinese Fake Marketplace e-Commerce Phishing Campaign Using Thousands of Websites to Spoof Popular Retail Brands.
Recent investigations by Silent Push Threat Analysts revealed a significant phishing e-commerce scam targeting consumers during "Hot Sale 2025," an event akin to Black Friday in the United States. This campaign, initially tipped by Mexican journalist Ignacio Gmez Villaseor, expanded beyond Mexico, identifying a series of fraudulent websites aimed at both English and Spanish-speaking customers globally. The analysis indicated that the threat actor group behind this operation likely originates from China, as evidenced by a unique technical fingerprint discovered in the campaign's infrastructure, which contains Chinese characters.
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| domain | brooksbrothersofficial.com | — | 2025-07-03 | |
| domain | cotswoldoutdoor-euro.shop | — | 2025-07-03 | |
| domain | guitarcentersale.com | — | 2025-07-03 | |
| domain | harborfrieght.shop | — | 2025-07-03 | |
| domain | josbankofficial.com | — | 2025-07-03 | |
| domain | nordstromltems.com | — | 2025-07-03 | |
| domain | rizzingupcart.com | — | 2025-07-03 | |
| domain | tommyilfigershop.com | — | 2025-07-03 | |
| domain | tumioutlets.com | — | 2025-07-03 | |
| hostname | portal.oemsaas.shop | — | 2025-07-03 | |
| URL | http://www.harborfrieght.shop/ | — | 2025-07-03 | |
| URL | https://www.harborfrieght.shop/ | — | 2025-07-03 | |
| URL | http://www.guitarcentersale.com/ | — | 2025-07-03 | |
| URL | https://www.guitarcentersale.com/ | — | 2025-07-03 | |
| URL | https://www.josbankofficial.com/ | — | 2025-07-03 | |
| URL | https://www.brooksbrothersofficial.com/ | — | 2025-07-03 | |
| URL | http://www.nordstromltems.com/ | — | 2025-07-03 | |
| URL | https://www.nordstromltems.com/ | — | 2025-07-03 | |
| URL | http://www.tommyilfigershop.com/ | — | 2025-07-03 |
References (1)