Scam Detective
Domain

openoffice.org

First seen Feb 22, 2026

Suspicious
  • No SSL certificate
  • 1 community report from users

Campaign Intelligence

This cluster centers on 1 connected domains identified through shared infrastructure and registration patterns. Do not click links to any of the flagged domains. If you have visited one, check your accounts for unauthorized activity and consider changing your passwords. You can report suspicious contacts to the FTC at reportfraud.ftc.gov or to the FCC at consumercomplaints.fcc.gov. This campaign was identified through automated analysis of threat intelligence feeds and entity relationship mapp...

Part of: Domain Campaign2/22/2026

This cluster centers on 2382 connected domains tagged as PureHVNC, elf, sh. 572 of these domains have been flagged by threat intelligence feeds including Google Safe Browsing and URLhaus. The connected infrastructure includes 969 phone numbers (8772427372, 1319641540, 1319641221) with 557 FTC complaints; 690 email addresses (kellymoore_64@yahoo.com, schantzsybg7@aol.com, online.motors@consultant.com). Across all linked entities, consumers have filed 2228 complaints with federal agencies. Geog...

Part of: Dropped call or no message Robocall Campaign3/17/2026

This cluster centers on 2396 connected domains tagged as 156-233-71-230, Quakbot, lnk. 586 of these domains have been flagged by threat intelligence feeds including Google Safe Browsing and URLhaus. The connected infrastructure includes 969 phone numbers (8772427372, 1319641540, 1319641221) with 565 FTC complaints; 690 email addresses (kellymoore_64@yahoo.com, schantzsybg7@aol.com, online.motors@consultant.com). Across all linked entities, consumers have filed 2237 complaints with federal agen...

Part of: Lotteries, prizes & sweepstakes Robocall Campaign3/18/2026

This cluster centers on 1895 connected domains tagged as BeaverTail, RedLineStealer, password: 2026. 113 of these domains have been flagged by threat intelligence feeds including Google Safe Browsing and URLhaus. The connected infrastructure includes 934 phone numbers (8772427372, 1319641540, 1319641221) with 524 FTC complaints; 683 email addresses (kellymoore_64@yahoo.com, schantzsybg7@aol.com, online.motors@consultant.com). Across all linked entities, consumers have filed 2093 complaints wit...

Part of: Medical & prescriptions Robocall Campaign2/26/2026

This cluster centers on 2416 connected domains tagged as BABADEDA, WallStealer, meterpreter. 607 of these domains have been flagged by threat intelligence feeds including Google Safe Browsing and URLhaus. The connected infrastructure includes 969 phone numbers (5086371451, 9366439335, 1842506726) with 570 FTC complaints; 690 email addresses (kellymoore_64@yahoo.com, schantzsybg7@aol.com, online.motors@consultant.com). Across all linked entities, consumers have filed 2243 complaints with federa...

Part of: Lotteries, prizes & sweepstakes Robocall Campaign3/19/2026

This cluster centers on 3287 connected domains tagged as HijackLoader, RemcosRAT, screenconnect. 617 of these domains have been flagged by threat intelligence feeds including Google Safe Browsing and URLhaus. The connected infrastructure includes 1649 phone numbers (5408463620, 8552597377, 8007873903) with 7110 FTC complaints; 143 companies (Informative LLC, HomePlus Corporation, Doral Capital Corporation) with 8547081 CFPB complaints; 807 email addresses (kellymoore_64@yahoo.com, schantzsybg7@...

Part of: Dropped call or no message Robocall Campaign3/21/2026

Details

First Seen
2/22/2026

Related Domains

Community Reports

My firefox randomly opens up different sites (news, ads?) and also just changed the browser to a Windows default theme. Later my entire OS went to the default theme. **edit**: I tried to edit it as best as I could. There's nothing too serious going on yet but they are very annoying. I got a HijackThis log: * Logfile of Trend Micro HijackThis v2.0.2 * Scan saved at 7:10:19 PM, on 10/5/2010 * Platform: Unknown Windows (WinNT 6.01.3504) * MSIE: Internet Explorer v8.00 (8.00.7600.16385) * Boot mode: Normal * Running processes: * C:\Windows\system32\Dwm.exe * C:\Windows\system32\taskhost.exe * C:\Windows\Explorer.EXE * C:\Program Files\Dell\QuickSet\quickset.exe * C:\Program Files\IDT\WDM\sttray.exe * C:\Windows\System32\WLTRAY.EXE * C:\Program Files\HP\HP Software Update\hpwuSchd2.exe * C:\Program Files\AVG\AVG9\avgtray.exe * C:\Program Files\iTunes\iTunesHelper.exe * C:\Program Files\Common Files\Java\Java Update\jusched.exe * C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe * C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe * C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe * C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe * C:\Windows\explorer.exe * C:\Program Files\Mozilla Firefox\firefox.exe * C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe * C:\Program Files\Trend Micro\HijackThis\HijackThis.exe * R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 * R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://pegasus2.pearsoned.com/Pegasus/Modules/MyPegasus/MyPegasus.aspx * R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 * R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 * R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 *

5652 days ago1 upvote

Share Your Experience

What's Your Exposure?

Know your risk exposure to this message with a Thorough Analysis. It returns a detailed report covering the complaint history, your data breach exposure, related scam entities, and risk signals tied to this email message. Check the box and enter your email address now.

Proton VPN Block malicious sites and encrypt your connection

Proton VPN routes your traffic through encrypted servers and blocks known malware domains. Free plan available.

Get Proton VPNAffiliate link. We may earn a commission.