Hello Railway Team,

I am reporting an active phishing project currently deployed on your platform targeting government sector.

Note: URLs defanged to prevent accidental clicks. Screenshots attached.

Phishing Domain:

hxxps://zimbramail-nyatel-com[.]up[.]railway[.]app/login.html?gfjdliotrgojnghgherbegrehureert0e0ee

• Impersonates: Zimbra mail server

• Fully cloned login portal stealing credentials

• Confirmed active: May 15, 2026

REQUESTED ACTION:

Immediate takedown of the site and suspension of the associated Railway account.