Scam Detective

Scam Campaign

Rev-Base64-Loader Infrastructure Cluster

Identified on 4/2/2026

Primary Entity

domain

bafybeidp7zdy2lu6yxvbgoev4b6xokuaa6jljr34vkflxzel2ya2gc3plm.ipfs.dweb.link
High Risk
  • Flagged by Google Safe Browsing
  • No SSL certificate

Campaign Narrative

This cluster centers on 673 connected domains tagged as Gh0stRAT, msi, scr. 673 of these domains have been flagged by threat intelligence feeds including Google Safe Browsing and URLhaus.

Do not click links to any of the flagged domains. If you have visited one, check your accounts for unauthorized activity and consider changing your passwords. You can report suspicious contacts to the FTC at reportfraud.ftc.gov or to the FCC at consumercomplaints.fcc.gov.

This campaign was identified through automated analysis of threat intelligence feeds and entity relationship mapping.

Entity Roster

Domains (673)

Data Sources

Scam Prevention Resources

Bill Huffman Isn't Approving Your Loan

A voicemail about a $52,000 loan you never applied for. A fake name. A callback number that steals your identity. We traced one scam call from start to finish.

Blocking That Local Number Doesn't Mean The Scammers Give Up!

Government impersonation scams use 20,068 different phone numbers. Most get reported only 2-5 times before scammers abandon them for fresh ones.

Scammers Bill Fake Medical Equipment to Your Medicare Account

Tax season brings a surge in fake Medicare calls. Over 21,000 complaints last year came from nearly 8,000 different numbers.

Tax Refund Identity Theft Still Hits Millions Every Filing Season

Government impersonation calls spike every January through April. FTC complaint data shows how scammers use tax season urgency to steal personal information.

Scammers Hit Seniors Hard During Tax Season

Government impersonation, medical scams, and fake tech support calls converge on older Americans every January through April. The FTC data shows exactly how they do it.

View all articles

Proton Pass — Unique passwords for every account

After a breach, reused passwords let attackers into your other accounts. Proton Pass generates and stores a unique password for each one.

Try Proton Pass freeAffiliate link. We may earn a commission.
View all campaigns
Rev-Base64-Loader Infrastructure Cluster | Scam Detective