Scam Detective
Domain

decode-fx.com

First seen Feb 24, 2026

Suspicious
  • No SSL certificate
  • 1 community report from users

Campaign Intelligence

This cluster centers on 2382 connected domains tagged as PureHVNC, elf, sh. 572 of these domains have been flagged by threat intelligence feeds including Google Safe Browsing and URLhaus. The connected infrastructure includes 969 phone numbers (8772427372, 1319641540, 1319641221) with 557 FTC complaints; 690 email addresses (kellymoore_64@yahoo.com, schantzsybg7@aol.com, online.motors@consultant.com). Across all linked entities, consumers have filed 2228 complaints with federal agencies. Geog...

Part of: Dropped call or no message Robocall Campaign3/17/2026

This cluster centers on 2396 connected domains tagged as 156-233-71-230, Quakbot, lnk. 586 of these domains have been flagged by threat intelligence feeds including Google Safe Browsing and URLhaus. The connected infrastructure includes 969 phone numbers (8772427372, 1319641540, 1319641221) with 565 FTC complaints; 690 email addresses (kellymoore_64@yahoo.com, schantzsybg7@aol.com, online.motors@consultant.com). Across all linked entities, consumers have filed 2237 complaints with federal agen...

Part of: Lotteries, prizes & sweepstakes Robocall Campaign3/18/2026

This cluster centers on 1895 connected domains tagged as BeaverTail, RedLineStealer, password: 2026. 113 of these domains have been flagged by threat intelligence feeds including Google Safe Browsing and URLhaus. The connected infrastructure includes 934 phone numbers (8772427372, 1319641540, 1319641221) with 524 FTC complaints; 683 email addresses (kellymoore_64@yahoo.com, schantzsybg7@aol.com, online.motors@consultant.com). Across all linked entities, consumers have filed 2093 complaints wit...

Part of: Medical & prescriptions Robocall Campaign2/26/2026

This cluster centers on 2416 connected domains tagged as BABADEDA, WallStealer, meterpreter. 607 of these domains have been flagged by threat intelligence feeds including Google Safe Browsing and URLhaus. The connected infrastructure includes 969 phone numbers (5086371451, 9366439335, 1842506726) with 570 FTC complaints; 690 email addresses (kellymoore_64@yahoo.com, schantzsybg7@aol.com, online.motors@consultant.com). Across all linked entities, consumers have filed 2243 complaints with federa...

Part of: Lotteries, prizes & sweepstakes Robocall Campaign3/19/2026

This cluster centers on 3287 connected domains tagged as HijackLoader, RemcosRAT, screenconnect. 617 of these domains have been flagged by threat intelligence feeds including Google Safe Browsing and URLhaus. The connected infrastructure includes 1649 phone numbers (5408463620, 8552597377, 8007873903) with 7110 FTC complaints; 143 companies (Informative LLC, HomePlus Corporation, Doral Capital Corporation) with 8547081 CFPB complaints; 807 email addresses (kellymoore_64@yahoo.com, schantzsybg7@...

Part of: Dropped call or no message Robocall Campaign3/21/2026

Details

First Seen
2/24/2026

Related Domains

No known connections to other entities yet.

Community Reports

So I got scammed out of 0.075 Crypto through a dating app So I'll cut the chase and give some details because idk how much I should give without looking like I'm just guessing because it's ongoing. So these are the steps he did to scam me: \- We met through the app Blued (yes I am gay) \- He is supposedly Malaysian living in Osaka (doubtful) \- He asked me to meet him there on the 20th \- He's supposedly wealthy blah blah and he told me he could teach me how to make money \- First he made me create an account and this could be important: a bitFlyer account (A legit one) \- I transferred my 0.075 ETH from my dmm bitcoin account to bitFlyer (They took 0.005 as a fee) \- He said the bitFlyer account was needed because it takes too long to send from DMM to his broker (DMM took a day and half but dmm costs 0 to transfer either to bank or to other crypto addresses) \- Then after this first transfer was completed and since it was a legit app and site I kinda lost and registered to his supposed broker: Decode Gobal \- Googled it and it kinda matched except this site was a phishing scam I just didn't notice it at first. \- I transfered 0.07 from bitFlyer to this fake broker \- The site I can post if allowed but it's a phishing site. \- He was very pushy and wants me to download and this is also very important: MT5 or metatrader 5 \- He wanted me mostly to do it on my phone which did sound weird \- The MT5 app is loaded from a Chinese site, I found out Apple suspended MT5 because it was being used by scammers. ​ Currently I kinda am on talks but I didn't answer him since yesterday, he wants badly to teach me how to make money but I looked it after I transferred and the MT5 scam happened to some other guy, So yeah if allowed I would post more details and even my fake account so you can check it yourself because well it has money that in theory isn't retrievable. ​ As for the reasons why I think it is obvious but its a site that has a weird ty

1238 days ago2 upvotes

Share Your Experience

What's Your Exposure?

Know your risk exposure to this message with a Thorough Analysis. It returns a detailed report covering the complaint history, your data breach exposure, related scam entities, and risk signals tied to this email message. Check the box and enter your email address now.

NordVPN Block threats and hide your IP from trackers

NordVPN encrypts your internet traffic and blocks malicious websites, ads, and trackers before they reach your device.

Get NordVPNAffiliate link. We may earn a commission.
Is decode-fx.com safe? Check it now | Scam Detective