Scam Detective

Scam Campaign

Connectwise Infrastructure Cluster

Identified on 3/30/2026

Primary Entity

domain

us06web.zoom.us.vdns.us
High Risk
  • Flagged by Google Safe Browsing
  • No SSL certificate

Campaign Narrative

This cluster centers on 654 connected domains tagged as KongTuke, gafgyt, rev-base64-loader. 654 of these domains have been flagged by threat intelligence feeds including Google Safe Browsing and URLhaus.

Do not click links to any of the flagged domains. If you have visited one, check your accounts for unauthorized activity and consider changing your passwords. You can report suspicious contacts to the FTC at reportfraud.ftc.gov or to the FCC at consumercomplaints.fcc.gov.

This campaign was identified through automated analysis of threat intelligence feeds and entity relationship mapping.

NordPass Stop reusing passwords across accounts

After a breach, attackers try stolen passwords on every site you use. NordPass generates and stores a unique password for each account.

Try NordPassAffiliate link. We may earn a commission.

Entity Roster

Domains (654)

Data Sources

View all campaigns
Connectwise Infrastructure Cluster | Scam Detective