Our analysis has identified a fraudulent e-commerce operation centered around three interconnected domains: marayen.com, zelavee.com, and nyleva.com. All three domains were registered within a seven-day period in August 2025 through the same registrar, MAFF Inc., with marayen.com and nyleva.com both registered on August 12, 2025, and zelavee.com registered on August 5, 2025. Technical analysis reveals these domains share the same underlying infrastructure, indicating coordinated operation by the same threat actors.
The campaign's primary impact appears focused on fraudulent online retail operations, with multiple consumer reports documenting order fulfillment failures and unauthorized recurring charges. Community reports specifically detail consumers ordering merchandise from marayen.com through TikTok advertising links, receiving tracking information through a service called Track718, but never receiving their purchased items. One victim reported ordering 8 shirts, receiving delivery confirmation, but finding no package delivered. Additional reports indicate a subscription scam component, with consumers unable to cancel accounts despite website confirmations, resulting in unauthorized monthly charges of $49.99. The operation has also been co-reported with Locate Services LLC, a debt collection company that has generated 4 CFPB complaints, suggesting potential secondary monetization through aggressive collection practices.
To protect yourself from similar scams, always verify online retailers before making purchases by checking domain registration dates, looking for legitimate contact information and customer service options, and researching customer reviews from multiple sources. Be particularly cautious of retailers promoted through social media advertisements offering unusually low prices or limited-time offers. If contacted by unfamiliar companies requesting payment or personal information, hang up immediately and do not click any links in suspicious emails or text messages. Report fraudulent websites and scam attempts to the FTC at reportfraud.ftc.gov or file complaints with the FCC for phone-based scams. Before engaging with any unfamiliar website or phone number, consumers can verify legitimacy through consumer protection websites and reverse lookup services.
This campaign represents a moderate threat level due to its coordinated infrastructure, active consumer victimization, and multi-vector approach combining e-commerce fraud with subscription scams. The recent domain registrations and shared infrastructure suggest an evolving operation that may expand to additional domains. Consumers should exercise extreme caution when encountering these domains and report any interactions to appropriate authorities. Organizations should consider blocking these domains and monitoring for additional registrations using similar patterns through MAFF Inc.