This cluster centers on 2382 connected domains tagged as PureHVNC, elf, sh. 572 of these domains have been flagged by threat intelligence feeds including Google Safe Browsing and URLhaus. The connected infrastructure includes 969 phone numbers (8772427372, 1319641540, 1319641221) with 557 FTC complaints; 690 email addresses (kellymoore_64@yahoo.com, schantzsybg7@aol.com, online.motors@consultant.com). Across all linked entities, consumers have filed 2228 complaints with federal agencies. Geog...
Domain
1.2.164.245
First seen Feb 24, 2026
Suspicious
- No SSL certificate
- 1 community report from users
Campaign Intelligence
This cluster centers on 2396 connected domains tagged as 156-233-71-230, Quakbot, lnk. 586 of these domains have been flagged by threat intelligence feeds including Google Safe Browsing and URLhaus. The connected infrastructure includes 969 phone numbers (8772427372, 1319641540, 1319641221) with 565 FTC complaints; 690 email addresses (kellymoore_64@yahoo.com, schantzsybg7@aol.com, online.motors@consultant.com). Across all linked entities, consumers have filed 2237 complaints with federal agen...
This cluster centers on 1895 connected domains tagged as BeaverTail, RedLineStealer, password: 2026. 113 of these domains have been flagged by threat intelligence feeds including Google Safe Browsing and URLhaus. The connected infrastructure includes 934 phone numbers (8772427372, 1319641540, 1319641221) with 524 FTC complaints; 683 email addresses (kellymoore_64@yahoo.com, schantzsybg7@aol.com, online.motors@consultant.com). Across all linked entities, consumers have filed 2093 complaints wit...
This cluster centers on 2416 connected domains tagged as BABADEDA, WallStealer, meterpreter. 607 of these domains have been flagged by threat intelligence feeds including Google Safe Browsing and URLhaus. The connected infrastructure includes 969 phone numbers (5086371451, 9366439335, 1842506726) with 570 FTC complaints; 690 email addresses (kellymoore_64@yahoo.com, schantzsybg7@aol.com, online.motors@consultant.com). Across all linked entities, consumers have filed 2243 complaints with federa...
This cluster centers on 3287 connected domains tagged as HijackLoader, RemcosRAT, screenconnect. 617 of these domains have been flagged by threat intelligence feeds including Google Safe Browsing and URLhaus. The connected infrastructure includes 1649 phone numbers (5408463620, 8552597377, 8007873903) with 7110 FTC complaints; 143 companies (Informative LLC, HomePlus Corporation, Doral Capital Corporation) with 8547081 CFPB complaints; 807 email addresses (kellymoore_64@yahoo.com, schantzsybg7@...
Details
Related Domains
No known connections to other entities yet.
Community Reports
Skitch for iphone evernote seems like is stealing sensitive information from us Today I loged in to check out my crypto assets on MetaMask and for my surprise there where none left. On 17/12/2022 all of my money total of about 7000$ where transfered to different accounts. I spent all day and could not wrap my head around how could this have happened. Now when I think it seems like a stupid idea to keep my 12 word passhprase on clooud based notes, but I did encrypt them for double safety. So I started to check out my PC logs/Browser history and everything from that day. When I somehow decided to check out evernote history. The first access on evernote at the same day the transactions where made is on 12/27/2022 IP [1.2.164.245](https://1.2.164.245) (Kosamphi Nakhon, Kamphaeng Phet, Thailand). Sceen shot of history [https://ibb.co/cvp7x36](https://ibb.co/cvp7x36) And there are lot more logins from all around the world from that day. Evernote has nice security.... I have NEVER used any app named SKITCH on my Iphone + I have not even logged in evernote on my iphone. And the Skitch App seems like a Evernotes official App [https://evernote.com/products/skitch](https://evernote.com/products/skitch) Really depressing day... Stay safe! ​ P.S. wow i have never recived so much help on any subredit. So many people write me to help me get back my money for only 100$ :)))
1160 days ago1 upvote
Share Your Experience
What's Your Exposure?
Know your risk exposure to this message with a Thorough Analysis. It returns a detailed report covering the complaint history, your data breach exposure, related scam entities, and risk signals tied to this email message. Check the box and enter your email address now.
NordPass — Stop reusing passwords across accounts
After a breach, attackers try stolen passwords on every site you use. NordPass generates and stores a unique password for each account.
Try NordPassAffiliate link. We may earn a commission.