CONNECTED SCAM INFRASTRUCTURE CLUSTER: WORK-FROM-HOME AND ONLINE EARNINGS FRAUD NETWORK
A cluster of 13 connected entities — one phone number and twelve domains — has been identified as part of a coordinated online scam campaign, likely centered on fraudulent work-from-home, online earnings, and cryptocurrency job schemes. The domains in this cluster include earnyoga.biz, payfunda.biz, job4pals.biz, mybitcoinjob.com, paygama.com, invitetown.com, regularduty.com, internetduty.com, and xxx.profithost.net, along with infrastructure-linked domains ns1.offshore-dns.net, www.ecatel.info, and www.ecatel.net. The phone number 310-823-9358, which carries a Los Angeles, California area code, has been reported in connection with multiple domains in this cluster, including xxx.profithost.net, internetduty.com, and www.ecatel.net, suggesting it serves as a contact or verification point within the campaign's outreach operations.
The relationships within this cluster are defined by co-reporting patterns, meaning these entities have been flagged together by consumers in the same complaints or incident reports, with a consistent confidence level of 0.30 across all 15 documented relationships. xxx.profithost.net appears to function as a central node in the network, having been reported alongside seven other domains including earnyoga.biz, invitetown.com, payfunda.biz, regularduty.com, internetduty.com, and www.ecatel.net, as well as the phone number 310-823-9358. Similarly, internetduty.com and www.ecatel.net each appear as secondary hubs, connected to multiple campaign domains and to the same phone number. The presence of ns1.offshore-dns.net and www.ecatel.net and www.ecatel.info suggests the campaign may be routing domain resolution through offshore or bulletproof hosting infrastructure, a common tactic used to evade takedowns and obscure operator identity.
Community reporting confirms active consumer harm. A verified community report, receiving 5 upvotes, identifies payfunda.biz specifically as a data harvesting operation, stating that the site is designed to collect email addresses and personal names and to funnel victims into additional scam offers and online schemes. The reporter characterized the site as entirely a come-on used to gather information and enroll consumers in secondary fraudulent offers without their informed consent. This pattern is consistent with the broader domain portfolio in this cluster, which includes sites themed around earning money online (earnyoga.biz, paygama.com, mybitcoinjob.com), job recruitment (job4pals.biz), and general duty or payment framing (regularduty.com, internetduty.com, payfunda.biz) — all naming conventions commonly used in lead generation and affiliate fraud schemes. Although the FTC complaint count for phone number 310-823-9358 currently shows zero formal complaints, the co-reporting relationships and community documentation indicate active consumer exposure.
Regarding geographic targeting, the 310 area code associated with the phone number points to the Los Angeles, California metropolitan region, though this does not necessarily indicate the operators are based there, as spoofed or VoIP numbers are routinely used in these campaigns to project local legitimacy. The offshore DNS infrastructure referenced in the cluster suggests operator presence or routing outside the United States, which complicates jurisdiction and enforcement. No additional regional targeting data was provided for the domains, but work-from-home and online earnings scams of this type are typically distributed nationally through email, social media, and search advertising, with no geographic restriction on victimization.
Consumers who encounter any of these domains or the phone number 310-823-9358 should not click links, provide personal information, or enter payment details on any associated site. If contacted by phone, hang up immediately and do not call back. To verify whether a domain is safe before visiting it, use tools such as Google Safe Browsing (safebrowsing.google.com/safebrowsing/report_phish) or the Whois lookup at lookup.icann.org to check registration details. Phone numbers can be cross-referenced at the FTC's complaint database or community reporting tools such as 800notes.com or youmail.com. File complaints with the Federal Trade Commission at reportfraud.ftc.gov and with the Federal Communications Commission at fcc.gov/consumers/guides/filing-informal-complaint. If you have submitted personal information to any of these sites, monitor your email for phishing follow-ups, consider placing a credit freeze, and change any passwords associated with the email address provided.
This cluster represents a moderate to elevated threat level given the breadth of connected infrastructure, the confirmed use of at least one domain for personal data harvesting, and the offshore DNS routing that suggests deliberate evasion of enforcement. Recommended next steps include referral of the full domain list to domain registrars for abuse review, submission of the cluster data to the FTC and to relevant hosting providers, and continued community monitoring for new domains that appear with naming conventions consistent with this campaign. Consumers who have been harmed financially by any entity in this cluster should also file reports with their state attorney general's consumer protection office.