# hammanadata.com.ng — SUSPICIOUS

> PhishDestroy identifies hammanadata.com.ng as a fake VTU/data store luring users into payment frauds. VirusTotal still shows 0/95 detections for this active.

## Summary
PhishDestroy identifies hammanadata.com.ng as an active phishing site masquerading as a legitimate VTU, data-bundle, and bill-payment portal. The domain promises quick top-ups for airtime, internet bundles, electricity payments, and TV subscriptions, but is engineered solely to harvest Nigerian users’ payment credentials and funds. At the time of analysis the site remains untouched by antivirus engines, with VirusTotal showing 0 detections out of 95 scanners, while the domain resolves to a single IP address (148.72.153.160) in the AS range of a bulletproof hosting provider often abused by fraudulent merchants.  This threat is a classic credential-harvesting and financial-fraud campaign that specifically targets Nigerian consumers reliant on VTU services. The page title “Hammanadata – Buy internet data bundles, VTU Airtime, Pay Electricity Bills, TV Subscription” is crafted to rank for high-intent search terms such as “buy data Nigeria” and “VTU recharge codes,” ensuring traffic from victims actively searching for telecom or utility services. By presenting a familiar but counterfeit interface, the phishing page tricks visitors into submitting their phone numbers, email addresses, and payment-card details. Once harvested, these credentials are either sold on dark-web markets or used to initiate unauthorized airtime purchases, bill payments, or SIM-swap attacks.  Investigations show hammanadata.com.ng was registered on 10 April 2023 through Namecheap Inc., and as of today appears on zero public blocklists, highlighting its newness and the lag between domain creation and broader threat-intelligence coverage. Users who visited the site should immediately revoke any payment tokens saved in browser wallets, change account passwords if the same credentials were reused, and monitor bank statements for unauthorized transactions. If payment details were entered, contact the card issuer to request a new card number and dispute fraudulent charges. Enable two-factor authentication on all financial and telecom accounts and report the domain to your local CERT or cybercrime unit to accelerate takedown efforts.

PhishDestroy flags hammanadata.com.ng as an active data-scamming portal with 0/95 VirusTotal detections as of the latest scan.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Page title: Hammanadata - Buy internet data bundles, VTU Airtime, Pay Electricity Bills, TV Subscription.

## Domain Intelligence
- Registrar: REGISTRAR_NOT_FOUND
- IP: 148.72.153.160

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/a7ba259a-4493-4a36-a42d-631a694f5158
- PhishDestroy: https://phishdestroy.io/domain/hammanadata.com.ng/
- LLM endpoint: https://phishdestroy.io/domain/hammanadata.com.ng/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/hammanadata.com.ng/
Last updated: 2026-04-13