Hostfly.by technical specialists have detected a wave of phishing attacks targeting domain name owners. Attackers are sending out emails disguised as official registrar notifications.
How the Scheme Works
The email informs the user that their domain needs to be renewed and prompts them to follow a payment link. This link leads to a malicious website that visually mimics the Hostfly login page, designed to steal logins, passwords, and credit card details.
Technical Details of the Attack (Detected on 01/30/2026):
- Sender: Addresses based on @gmail.com and other public mail services.
- Display Name: Hostfly.by.
- Malicious Link: nickelclothing . com / ahostyby / web / login.php.
Security Recommendations
- Ignore such emails. Official notifications are never sent from free public email services.
- Change your password. If you have entered data on a suspicious site, immediately change your password in the my.hostfly.by client area.
- Block your card. If you have entered payment card details on a third-party resource, contact your bank immediately to block the card.
- Activate 2FA. Enable two-factor authentication in your account security settings.
Please stay vigilant and always verify link addresses before entering confidential data. If you have any doubts, contact only the official support channels.