This cluster centers on 2764 connected domains tagged as BeaverTail, Kaiji, fbf543. 645 of these domains have been flagged by threat intelligence feeds including Google Safe Browsing and URLhaus. The connected infrastructure includes 1132 phone numbers (7638857447, 8664372914, 2157987305) with 10266 FTC complaints; 146 companies (JPMORGAN CHASE & CO., Advanced Resolution Services Inc., EVERBANK, NATIONAL ASSOCIATION) with 8616274 CFPB complaints; 298 email addresses (xxxxxxxxxxxxxxxxxxxxxxxx@vm...
Domain
2fstatics-marketingsites-wcus-ms-com.akamaized.net
First seen Feb 22, 2026
Suspicious
- No SSL certificate
- 1 community report from users
Campaign Intelligence
This cluster centers on 3287 connected domains tagged as HijackLoader, RemcosRAT, screenconnect. 617 of these domains have been flagged by threat intelligence feeds including Google Safe Browsing and URLhaus. The connected infrastructure includes 1649 phone numbers (5408463620, 8552597377, 8007873903) with 7110 FTC complaints; 143 companies (Informative LLC, HomePlus Corporation, Doral Capital Corporation) with 8547081 CFPB complaints; 807 email addresses (kellymoore_64@yahoo.com, schantzsybg7@...
This cluster centers on 2874 connected domains tagged as QuasarRAT, StealitStealer, pw-k53mv9bc. 652 of these domains have been flagged by threat intelligence feeds including Google Safe Browsing and URLhaus. The connected infrastructure includes 1375 phone numbers (2157987305, 2025069230, 2028641298) with 14635 FTC complaints; 160 companies (JPMORGAN CHASE & CO., Advanced Resolution Services Inc., EVERBANK, NATIONAL ASSOCIATION) with 8680419 CFPB complaints; 299 email addresses (abuse@fb.com, ...
Part of: Other Robocall Campaign3/27/2026
This cluster centers on 3 connected domains identified through shared infrastructure and registration patterns. Do not click links to any of the flagged domains. If you have visited one, check your accounts for unauthorized activity and consider changing your passwords. You can report suspicious contacts to the FTC at reportfraud.ftc.gov or to the FCC at consumercomplaints.fcc.gov. This campaign was identified through automated analysis of threat intelligence feeds and entity relationship mapp...
Part of: Domain Campaign3/28/2026
Details
Related Domains
Community Reports
Deceptive Site Ahead while trying to change my password on the microsoft website? I logged in to account.microsoft.com without my outlook email and wanted to change my password. It asked for the usual verification email. I inputted the code. And then later Chrome flashed red with the Deceptive Site Ahead warning. It tells me regarding sta tics-marke tingsite s-wcus-ms.com.akamaized .net (link cut up so it can't be accessed) and how it might be a phishing scam. Is this legit or a false positive? It's my first time trying to change my password. True enough, Google Transparency Report did flag the site as phishing (https://transpar encyreport.google.com/safe-browsing/search?url=https:%2F%2Fstatics-marketingsites-wcus-ms-com.akamaized.net%2Fstatics%2Foverride.css%3Fc%3D7&hl=en-GB) Is this a false positive, or am I screwed? I mean, I logged into microsoft just fine. I was wondering if anyone else has encountered this. If it is a phishing scam, then how can I keep my account safe if I can't even change my password from this link? Would appreciate any help on this. It's my first time reporting such a problem. Thanks.
954 days ago1 upvote
Share Your Experience
What's Your Exposure?
Know your risk exposure to this message with a Thorough Analysis. It returns a detailed report covering the complaint history, your data breach exposure, related scam entities, and risk signals tied to this email message. Check the box and enter your email address now.
NordProtect — Identity theft monitoring and recovery
NordProtect watches for your personal info on the dark web, monitors your credit, and covers up to $1M in identity theft insurance.
Get NordProtectAffiliate link. We may earn a commission.