This cluster centers on 2451 connected domains tagged as GuLoader, NorthKorea, trojan. The domains include cdn.discordapp.com, 91.92.241.152, 91.92.240.222, 158.94.208.174, 178.16.52.44, 158.94.211.102, 158.94.210.93, 158.94.208.52, i.postimg.cc, s3.us-east-2.amazonaws.com, storage.googleapis.com, 178.16.52.18, 158.94.211.101, 158.94.211.100, local-host.life, dropmefiles.com, limewire.com, 62.60.226.159, id8965.com, valfanto.com and 2431 more. 633 of these domains have been flagged by threat int...
Domain
*,
First seen Feb 22, 2026
Suspicious
- No SSL certificate
- 2 community reports from users
Campaign Intelligence
This cluster centers on 2957 connected domains tagged as GuLoader, NorthKorea, censys. The domains include salelegalsteroids.com, 192.210.186.208, gharnt.com, cloflart.com, id3702579photo-image-docs.com, www.almacensantangel.com, 64.95.12.162, blue-oceans.net, sixmexicos.com, baritonclick.online, 185.252.24.15, un1rw11q4u.com, ameyiando.com, niril.sbs, bursaelektriktamir.com, blankeyeo.com, umxtxhub.za.com, sunchernical.com, 18.194.67.137, servecdn.my and 2937 more. 606 of these domains have bee...
This cluster centers on 2107 connected domains tagged as GuLoader, NorthKorea, censys. The domains include storage.googleapis.com, cdn.discordapp.com, pastes.io, s3.us-east-2.amazonaws.com, dl.dropboxusercontent.com, 188.137.230.45, touchskins.io, 158.94.208.7, 74.0.32.149, 74.0.32.141, api.touchskins.io, 80.89.237.190, 188.137.254.207, api.wewpwsw.su, 188.137.229.136, 196.251.107.24, 104.194.152.180, link.storjshare.io, s3.g.s4.mega.io, 62.60.226.159 and 2087 more. 562 of these domains have bee...
This cluster centers on 2121 connected domains tagged as GuLoader, NorthKorea, censys. The domains include 59.182.90.199, 178.50.166.61, 113.168.249.76, 123.209.193.86, 113.165.6.38, 120.157.72.234, 171.235.194.253, 120.157.159.171, 37.142.77.163, 46.124.33.133, 46.124.40.3, 83.224.151.243, 88.86.246.233, 41.146.1.154, 59.182.119.128, 14.236.247.68, 120.157.72.59, 95.127.248.192, 116.110.179.199, cdn.discordapp.com and 2101 more. 576 of these domains have been flagged by threat intelligence feed...
This cluster centers on 1630 connected domains tagged as BABADEDA, pw-2026, wsh. The domains include storage.googleapis.com, cdn.discordapp.com, implementing-theft-metal-justin.trycloudflare.com, staying-heavily-meaning-blowing.trycloudflare.com, creations-venture-traditional-stainless.trycloudflare.com, arilprivate.storexyz.web.id, 206.123.145.26, 103.125.219.204, 45.87.43.154, 10cricofficial.com, justwatch.life, 195.16.44.75, advise-visual-playstation-closer.trycloudflare.com, 91.92.241.197, 6...
This cluster centers on 2141 connected domains tagged as GuLoader, NorthKorea, censys. The domains include 59.182.90.199, 91.80.129.100, 123.28.175.23, 120.61.247.2, 178.50.166.61, 113.168.249.76, 123.209.193.86, 113.165.6.38, 120.157.72.234, 171.235.194.253, 120.157.159.171, 37.142.77.163, 171.241.208.124, 120.157.229.220, 171.117.30.233, 91.80.136.9, 46.124.33.133, 46.124.40.3, 83.224.151.243, 88.86.246.233 and 2121 more. 596 of these domains have been flagged by threat intelligence feeds incl...
This cluster centers on 2559 connected domains tagged as GuLoader, NorthKorea, trojan. The domains include 83.224.148.34, 14.236.247.68, 120.157.72.59, 95.127.248.192, 116.110.179.199, 116.101.73.68, 95.127.250.241, 152.173.199.182, 91.80.129.100, 59.88.45.188, 117.216.5.20, 182.60.11.164, 41.146.14.165, 120.157.46.38, 59.182.90.199, 113.168.249.76, 78.132.114.25, 171.241.208.124, 120.157.229.220, 14.236.84.25 and 2539 more. 640 of these domains have been flagged by threat intelligence feeds inc...
Details
Related Domains
domain
seamless.com
reported togetherphone8553572202
campaign co-memberphone3186669555
campaign co-memberphone8667715844
campaign co-memberphone8339086865
campaign co-memberphone8009220204
campaign co-memberphone4097617631
campaign co-memberphone6789998212
campaign co-memberphone5187704680
campaign co-memberphone8887291403
campaign co-memberphone8889194623
campaign co-memberphone7712473445
campaign co-memberphone8009993355
campaign co-memberphone8007715361
campaign co-memberphone8009033637
campaign co-memberphone8884260179
campaign co-memberphone2025582508
campaign co-memberphone9297499563
campaign co-memberphone3025417253
campaign co-memberphone8887910954
campaign co-memberphone8334471291
campaign co-memberphone7656119812
campaign co-memberphone8669591188
campaign co-memberphone8442446363
campaign co-memberCommunity Reports
Is my computer compromised? Possible phishing by impersonating Seamless website. Hey everyone, I'm not sure of any real phishing attempts, but this situation is a little fishy (no pun intended). I was ordering dinner on seamless.com, had just finished ordering, and then while navigating to the home page, all of a sudden I was at a completely different looking homepage. I was also not logged in anymore. I tried reloading the page several times, to no avail. I then went to Google, searched for seamless.com, and clicked that link, only to be brought to the same odd-looking website. I looked at the address bar, and it was not a secure connection (http instead of https). I manually typed in the *https://*, but when the page loaded, it removed that and went back to normal http. Then I loaded Chrome incognito mode, as well as Firefox Private mode. When going to seamless.com on both of these, the page loaded the correct version of seamless (or at last the one I was expecting). I was also able to use https:// for both. Here's screenshots of the browsers: Firefox, odd homepage: http://i.imgur.com/gkNUswp.jpg Chrome, Incognito Mode: http://i.imgur.com/ma6orCR.jpg Firefox, Private Mode: http://i.imgur.com/RzrTvZc.jpg Is this some kind of spoofing or phishing scam? Thanks for your help!
3618 days ago1 upvote
Is my computer compromised? Possible phishing by impersonating Seamless website. Hey everyone, I'm not sure of any real phishing attempts, but this situation is a little fishy (no pun intended). I was ordering dinner on seamless.com, had just finished ordering, and then while navigating to the home page, all of a sudden I was at a completely different looking homepage. I was also not logged in anymore. I tried reloading the page several times, to no avail. I then went to Google, searched for seamless.com, and clicked that link, only to be brought to the same odd-looking website. I looked at the address bar, and it was not a secure connection (http instead of https). I manually typed in the *https://*, but when the page loaded, it removed that and went back to normal http. Then I loaded Chrome incognito mode, as well as Firefox Private mode. When going to seamless.com on both of these, the page loaded the correct version of seamless (or at last the one I was expecting). I was also able to use https:// for both. Here's screenshots of the browsers: Firefox, odd homepage: http://i.imgur.com/gkNUswp.jpg Chrome, Incognito Mode: http://i.imgur.com/ma6orCR.jpg Firefox, Private Mode: http://i.imgur.com/RzrTvZc.jpg Is this some kind of spoofing or phishing scam? Thanks for your help!
3618 days ago1 upvote
Share Your Experience
What's Your Exposure?
Know your risk exposure to this message with a Thorough Analysis. It returns a detailed report covering the complaint history, your data breach exposure, related scam entities, and risk signals tied to this email message. Check the box and enter your email address now.