Large Scale Traffic Brokerage Campaign using Fake Lures targeting Global Brands Across Multiple Regions

This report outlines a global, centralized traffic-broker phishing operation that runs hundreds of disposable, brand-themed microsites (using TLDs like .xyz, .top, .cn) to lure mobile users with localized giveaway/discount campaigns across 100+ countries and 300+ brands; the infrastructure harvests and profiles victims, filters for mobile visitors to evade scanners, and monetizes traffic by redirecting it to downstream scams such as pig butchering and Telegram account compromise.