Darkhub Hacking-for-Hire Portal Advertises Crypto Fraud Services
By Threat Intelligence Unit

Platform Overview
A dark web platform known as Darkhub has emerged on the Tor network, openly advertising hacking-for-hire services to a broad audience. The platform presents itself as a centralized hub for illicit cyber activities, offering services targeting both individuals and organizations.
Advertised Services
Darkhub advertises a wide range of offensive capabilities, including:
- Unauthorized access to social media accounts (Instagram, Telegram, WhatsApp)
- Email account compromise
- Mobile phone monitoring and message interception
- Real-time location tracking
- Cryptocurrency-related fraud services
- Unauthorized bank account access
- Credit score manipulation
The platform also includes categories such as fund recovery services, which are commonly associated with advance-fee fraud schemes.
Public Infrastructure Exposure
A publicly routable IP address potentially associated with the Darkhub platform was identified.
- Public IP Address:
38.127.***.*** - Host Provider: ULTAHOST
- Country: United States
- ASN: AS44259
ULTAHOST (AS44259) has previously been referenced in third-party reporting related to permissive or bulletproof-style hosting environments commonly observed among dark web service operators.
Implications
- Portions of the backend infrastructure may not have been fully isolated within Tor-only environments
- Potential operational security weaknesses in infrastructure management
- Possibility of infrastructure tracking or operational identification