This analysis explores the connections between two Phishing-as-a-Service (PhaaS) platforms: Tycoon2FA and Dadsec. The investigation reveals shared infrastructure and operational similarities, suggesting a common origin or adaptation. The report details the evolving tactics of Tycoon2FA, including its use of Cloudflare Turnstile, anti-analysis techniques, and sophisticated phishing pages. Key findings include the rapid expansion of Tycoon2FA's infrastructure, with thousands of new phishing pages detected since July 2024. The analysis also uncovers the platform's advanced features, such as MFA bypass capabilities and real-time credential interception. The report emphasizes the growing threat posed by PhaaS platforms and the need for continued vigilance and adaptation in cybersecurity defenses.