This cluster centers on 2451 connected domains tagged as GuLoader, NorthKorea, trojan. The domains include cdn.discordapp.com, 91.92.241.152, 91.92.240.222, 158.94.208.174, 178.16.52.44, 158.94.211.102, 158.94.210.93, 158.94.208.52, i.postimg.cc, s3.us-east-2.amazonaws.com, storage.googleapis.com, 178.16.52.18, 158.94.211.101, 158.94.211.100, local-host.life, dropmefiles.com, limewire.com, 62.60.226.159, id8965.com, valfanto.com and 2431 more. 633 of these domains have been flagged by threat int...
Phone Number
202-844-7621
Last reported Apr 21, 2026
Low Activity
- 2 community reports from users
Campaign Intelligence
This cluster centers on 1486 connected domains tagged as AgentTesla, None, js. The domains include i.postimg.cc, cdn.discordapp.com, s3.us-east-2.amazonaws.com, pastes.io, dl.dropboxusercontent.com, ltcexchange.bitparking.com, bitcoin.sipa.be, litecoinpool.org, cryptocoincharts.com, sigaintevyh2rzvw.onion, toremail.net, lelantos.org, www.sigaint.org, epjhlyfgxenf2q4o.onion~~, inocncymyac2mufx.onion, torbox3uiot6wchz.onion, 344c6kbnjnljjzlz.onion, mailtor.net, bscscan.com, securitized.io and 1466...
This cluster centers on 2957 connected domains tagged as GuLoader, NorthKorea, censys. The domains include salelegalsteroids.com, 192.210.186.208, gharnt.com, cloflart.com, id3702579photo-image-docs.com, www.almacensantangel.com, 64.95.12.162, blue-oceans.net, sixmexicos.com, baritonclick.online, 185.252.24.15, un1rw11q4u.com, ameyiando.com, niril.sbs, bursaelektriktamir.com, blankeyeo.com, umxtxhub.za.com, sunchernical.com, 18.194.67.137, servecdn.my and 2937 more. 606 of these domains have bee...
This cluster centers on 2107 connected domains tagged as GuLoader, NorthKorea, censys. The domains include storage.googleapis.com, cdn.discordapp.com, pastes.io, s3.us-east-2.amazonaws.com, dl.dropboxusercontent.com, 188.137.230.45, touchskins.io, 158.94.208.7, 74.0.32.149, 74.0.32.141, api.touchskins.io, 80.89.237.190, 188.137.254.207, api.wewpwsw.su, 188.137.229.136, 196.251.107.24, 104.194.152.180, link.storjshare.io, s3.g.s4.mega.io, 62.60.226.159 and 2087 more. 562 of these domains have bee...
This cluster centers on 2121 connected domains tagged as GuLoader, NorthKorea, censys. The domains include 59.182.90.199, 178.50.166.61, 113.168.249.76, 123.209.193.86, 113.165.6.38, 120.157.72.234, 171.235.194.253, 120.157.159.171, 37.142.77.163, 46.124.33.133, 46.124.40.3, 83.224.151.243, 88.86.246.233, 41.146.1.154, 59.182.119.128, 14.236.247.68, 120.157.72.59, 95.127.248.192, 116.110.179.199, cdn.discordapp.com and 2101 more. 576 of these domains have been flagged by threat intelligence feed...
This cluster centers on 1630 connected domains tagged as BABADEDA, pw-2026, wsh. The domains include storage.googleapis.com, cdn.discordapp.com, implementing-theft-metal-justin.trycloudflare.com, staying-heavily-meaning-blowing.trycloudflare.com, creations-venture-traditional-stainless.trycloudflare.com, arilprivate.storexyz.web.id, 206.123.145.26, 103.125.219.204, 45.87.43.154, 10cricofficial.com, justwatch.life, 195.16.44.75, advise-visual-playstation-closer.trycloudflare.com, 91.92.241.197, 6...
This cluster centers on 2141 connected domains tagged as GuLoader, NorthKorea, censys. The domains include 59.182.90.199, 91.80.129.100, 123.28.175.23, 120.61.247.2, 178.50.166.61, 113.168.249.76, 123.209.193.86, 113.165.6.38, 120.157.72.234, 171.235.194.253, 120.157.159.171, 37.142.77.163, 171.241.208.124, 120.157.229.220, 171.117.30.233, 91.80.136.9, 46.124.33.133, 46.124.40.3, 83.224.151.243, 88.86.246.233 and 2121 more. 596 of these domains have been flagged by threat intelligence feeds incl...
This cluster centers on 2559 connected domains tagged as GuLoader, NorthKorea, trojan. The domains include 83.224.148.34, 14.236.247.68, 120.157.72.59, 95.127.248.192, 116.110.179.199, 116.101.73.68, 95.127.250.241, 152.173.199.182, 91.80.129.100, 59.88.45.188, 117.216.5.20, 182.60.11.164, 41.146.14.165, 120.157.46.38, 59.182.90.199, 113.168.249.76, 78.132.114.25, 171.241.208.124, 120.157.229.220, 14.236.84.25 and 2539 more. 640 of these domains have been flagged by threat intelligence feeds inc...
Details
Linked Company Activity
EQUIFAX, INC.
1 BBB complaint · Credit Cards] [Business: Equifax Impersonator] [Location: MD, USA- 21207]
BANK OF AMERICA, NATIONAL ASSOCIATION
175 BBB complaints
TRANSUNION INTERMEDIATE HOLDINGS, INC.
4 BBB complaints · Phishing] [Business: TransUnion Imposter Sc
JPMORGAN CHASE & CO.
16 BBB complaints
CAPITAL ONE FINANCIAL CORPORATION
161 BBB complaints
CITIBANK, N.A.
23 BBB complaints
Resurgent Capital Services L.P.
1 BBB complaint
SELECT PORTFOLIO SERVICING, INC.
1 BBB complaint · Advance Fee Loan] [Business: Said they were from Select Portfolio Servicing] [Location:
WELLS FARGO & COMPANY
205 BBB complaints
FIFTH THIRD FINANCIAL CORPORATION
26 BBB complaints
Connected Entities
Linked Companies
company
Credit Corp Solutions Inc.
reported togethercompanyFlagstar Bank, N.A.
campaign co-membercompanyFirst Credit Services Inc.
campaign co-membercompanyPENTAGON FEDERAL CREDIT UNION
campaign co-membercompanyFIFTH THIRD FINANCIAL CORPORATION
campaign co-membercompanyCredit Services Corporation, LLC
campaign co-membercompanyIntegrity Group Inc
campaign co-membercompanyThe Bureaus, Inc.
campaign co-membercompanyDirect, Inc
campaign co-membercompanyTime Investment Corporation
campaign co-membercompanyEVERBANK, NATIONAL ASSOCIATION
campaign co-membercompanyCheckr, Inc
campaign co-memberRelated Phone Numbers
phone
8557397810
campaign co-memberphone4154236379
campaign co-memberphone6782735206
campaign co-memberphone4097617631
campaign co-memberphone8882745552
campaign co-memberphone8773824357
campaign co-memberphone4092571942
campaign co-memberphone8884044504
campaign co-memberphone4806606572
campaign co-memberphone2603103075
campaign co-memberphone8446657222
campaign co-memberphone2233002233
campaign co-memberphone8967530024
campaign co-memberphone6055104392
campaign co-memberphone2289803131
campaign co-memberphone8887291403
campaign co-memberphone8502779873
campaign co-memberphone9148779868
campaign co-memberphone5715481682
campaign co-memberphone5162394413
campaign co-memberphone8008571567
campaign co-memberphone4046696656
campaign co-memberphone3486156058
campaign co-memberphone8888160224
campaign co-memberRelated Domains
domain
130.12.180.43
campaign co-memberdomainimplementing-theft-metal-justin.trycloudflare.com
campaign co-memberdomainstaying-heavily-meaning-blowing.trycloudflare.com
campaign co-memberdomaincreations-venture-traditional-stainless.trycloudflare.com
campaign co-memberdomain103.125.219.204
campaign co-memberdomain206.123.145.26
campaign co-memberdomainarilprivate.storexyz.web.id
campaign co-memberdomain14.236.182.73
campaign co-memberdomain83.224.162.132
campaign co-memberdomain123.31.81.229
campaign co-memberdomain120.157.56.105
campaign co-memberdomain113.176.132.141
campaign co-memberRelated Emails
email
saclaimingdpt@e-mail.ua
campaign co-memberemailvictor7@luckymail.com
campaign co-memberemailbsood@goodstart.org.au
campaign co-memberemailm0ercia1@yahoo.co.jp
campaign co-memberemailadmin@ibookingpms.com.br
campaign co-memberemailsupport@salesforce.com
campaign co-memberemail_reply@geico.com
campaign co-memberemailabuse@telus.com
campaign co-memberemailmailer-daemon@googlemail.com
campaign co-memberemailmem.....@....soft.com
campaign co-memberemailgeral@jogodigital.com
campaign co-memberemailaccount@microsoft.info
campaign co-memberCommunity Reports
Phishing scam: IRS + robocall + backtaxes + arrest warrant Hi all: Wanted to post this here in hopes that it helps someone out. I fell victim to an (apparently common) phishing scam this past Friday. I found an [article on Medium.com](https://medium.com/@hemeon/how-i-almost-fell-for-a-irs-phishing-scam-71ed869555e1) that very closely describes my experience. I was able to figure out this was a scam about an hour into the whole thing, but not before I had given over $500 (which you can't get back from your credit card issuer because it technically isn't fraud, FYI). I feel really embarrassed about even getting that far, but whatever. tl;dr things to look out for: 1. The phone number that called me was 202-844-7621 2. I spoke with three individuals who each gave me first and last names (Carolyn Jordan, Craig Danell, Marshall Harrison), in addition to IRS ID numbers 3. They referenced my address and had the last four digits of my SSN 4. They told me that I was to speak to no one about this issue 5. They told me that I had an arrest warrant that was pending and would be executed unless I worked with them to resolve the issue 6. They told me I was to stay on the phone with them the entire time and not disconnect the line 7. It seemed pretty convincing until Craig told me that I needed to put money on iTunes gift cards (which I somehow rationalized and purchased) 8. The jig was over when Craig told me to go to Best Buy and put the remaining $4,500 on three Best Buy gift cards. I knew I was getting hustled. Please read the article I linked up above, my experience was really similar to the author's, down to the phrasing of the quotes he included. If they're thirsty enough to not let you hang up and call them back, it's not the IRS. Don't be like me. Please share.
3138 days ago2 upvotes
Phishing scam: IRS + robocall + backtaxes + arrest warrant Hi all: Wanted to post this here in hopes that it helps someone out. I fell victim to an (apparently common) phishing scam this past Friday. I found an [article on Medium.com](https://medium.com/@hemeon/how-i-almost-fell-for-a-irs-phishing-scam-71ed869555e1) that very closely describes my experience. I was able to figure out this was a scam about an hour into the whole thing, but not before I had given over $500 (which you can't get back from your credit card issuer because it technically isn't fraud, FYI). I feel really embarrassed about even getting that far, but whatever. tl;dr things to look out for: 1. The phone number that called me was 202-844-7621 2. I spoke with three individuals who each gave me first and last names (Carolyn Jordan, Craig Danell, Marshall Harrison), in addition to IRS ID numbers 3. They referenced my address and had the last four digits of my SSN 4. They told me that I was to speak to no one about this issue 5. They told me that I had an arrest warrant that was pending and would be executed unless I worked with them to resolve the issue 6. They told me I was to stay on the phone with them the entire time and not disconnect the line 7. It seemed pretty convincing until Craig told me that I needed to put money on iTunes gift cards (which I somehow rationalized and purchased) 8. The jig was over when Craig told me to go to Best Buy and put the remaining $4,500 on three Best Buy gift cards. I knew I was getting hustled. Please read the article I linked up above, my experience was really similar to the author's, down to the phrasing of the quotes he included. If they're thirsty enough to not let you hang up and call them back, it's not the IRS. Don't be like me. Please share.
3138 days ago2 upvotes
Share Your Experience
What's Your Exposure?
Know your risk exposure to this message with a Thorough Analysis. It returns a detailed report covering the complaint history, your data breach exposure, related scam entities, and risk signals tied to this email message. Check the box and enter your email address now.