This cluster centers on 2559 connected domains tagged as GuLoader, NorthKorea, trojan. The domains include 83.224.148.34, 14.236.247.68, 120.157.72.59, 95.127.248.192, 116.110.179.199, 116.101.73.68, 95.127.250.241, 152.173.199.182, 91.80.129.100, 59.88.45.188, 117.216.5.20, 182.60.11.164, 41.146.14.165, 120.157.46.38, 59.182.90.199, 113.168.249.76, 78.132.114.25, 171.241.208.124, 120.157.229.220, 14.236.84.25 and 2539 more. 640 of these domains have been flagged by threat intelligence feeds including Google Safe Browsing and URLhaus.
Flagged domains in this cluster, 83.224.148.34, 14.236.247.68, 120.157.72.59, 95.127.248.192, 116.110.179.199, 116.101.73.68, 95.127.250.241, 152.173.199.182, 91.80.129.100, 59.88.45.188, 117.216.5.20, 182.60.11.164, 41.146.14.165, 120.157.46.38, 59.182.90.199, 113.168.249.76, 78.132.114.25, 171.241.208.124, 120.157.229.220, 14.236.84.25 and 620 more.
The connected infrastructure includes 1375 phone numbers (8885084102, 8337817181, 9165452687) with 15946 FTC complaints; 160 companies (ACCOUNT SERVICES INC., Ready Capital Corporation, The Money Company) with 9002382 CFPB complaints; 252 email addresses (hr@marketingami.com, amaneesam@yahoo.co.jp, generalmanager@domainsbyproxy.com).
Across all linked entities, consumers have filed 9022624 complaints with federal agencies.
Geographically, consumer complaints associated with this campaign are concentrated in West Palm Beach, Florida, Las Vegas, Nevada, Orlando, Florida, Houston, Texas, San Diego, California. This regional pattern may indicate targeted operations or reflect where the scam has been most actively reported.
If you receive a call or text from any of these numbers, do not engage. Hang up immediately and do not call back. Never provide personal information or make payments to unknown callers. Do not click links to any of the flagged domains. If you have visited one, check your accounts for unauthorized activity and consider changing your passwords. If you were contacted by any of these companies, verify their legitimacy by looking up their official contact information independently — do not use phone numbers or links provided in the suspicious communication. Do not reply to suspicious emails or click any links or attachments they contain. Check the sender's domain carefully for misspellings or unusual variations. You can report suspicious contacts to the FTC at reportfraud.ftc.gov or to the FCC at consumercomplaints.fcc.gov.
This campaign was identified through automated analysis of FTC/FCC complaint databases, threat intelligence feeds, CFPB consumer complaints, email threat intelligence and entity relationship mapping.