Scam Detective

Scam Campaign

Scam Reports for zdnet.com

Identified on 6/24/2026

How This Campaign Connects

Domain: tt3j2x4k5ycaa5zt.onion — Suspicious, 0 complaintstt3j2x4k5yc…Domain: winzen4.de — Suspicious, 0 complaintswinzen4.deDomain: gpg4usb.org — Suspicious, 0 complaintsgpg4usb.orgDomain: fhostingineiwjg6cppciac2bemu42nwsupvvisihnczinok362qfrqd.onion — Suspicious, 0 complaintsfhostingine…Domain: zdnet.com — Suspicious, 0 complaintsDomainzdnet.comHigh RiskSuspiciousConsumer ComplaintsLow Activity
The primary entity at the center and the rest of the cluster around it. Showing the 4 highest-risk connections; 5 more in this cluster.

Primary Entity

domain

zdnet.com
Suspicious
  • No SSL certificate
  • 4 community reports from users

Campaign Narrative

This cluster centers on 7 connected domains identified through shared infrastructure and registration patterns. The domains include zdnet.com, tt3j2x4k5ycaa5zt.onion, gnupg.org, danwin1210.me, winzen4.de, gpg4usb.org, fhostingineiwjg6cppciac2bemu42nwsupvvisihnczinok362qfrqd.onion.

The connected infrastructure includes 3 email addresses (user@danwin1210.me, d@winzen4.de, user@tt3j2x4k5ycaa5zt.onion).

This campaign was identified through automated analysis of threat intelligence feeds, email threat intelligence and entity relationship mapping.

Entity Roster

Domains (7)

Emails (3)

Data Sources

Related Campaigns

Other campaigns that share phone numbers, domains, or companies with this one.

Scam Prevention Resources

By the Time Elder Fraud Looks Like Fraud, the Money Is Often Gone

A stranger calls an older woman, greets her as Grandma, and says her grandson is hurt and in police custody. The scariest part is how ordinary the next few minutes feel.

Seven 833-408 Numbers Are Tied to Fake Mortgage Servicer Mail and Calls

Consumers are reporting mailers and calls from numbers including (833) 408-1597 and (833) 408-1587 that impersonate mortgage servicers. Here is what the reports show.

Fake Chase Openers and Warm Transfers Feed a Three-Number Debt Fraud Operation

Callers impersonating Card Member Services are using intimidation tactics and transfer tricks to pressure consumers. Here is what the reports show.

Ignore Calls About an Unserved Summons Directing Contact to Janet Wilson

Callers posing as county process servers claim you have an unserved court summons and push you to contact a 'Janet Wilson' at toll-free numbers tied to a debt collection impersonation scheme.

833-382-5531 Is One of Eight Numbers on Fake Mortgage Postcards Hitting Homeowners

Postcards with real mortgage details and urgent language are being used to impersonate lenders including SmartFi. Here is what the reports show and how to protect yourself.

View all articles

NordPass Stop reusing passwords across accounts

After a breach, attackers try stolen passwords on every site you use. NordPass generates and stores a unique password for each account.

Try NordPassAffiliate link. We may earn a commission.
View all campaigns