This cluster centers on 2451 connected domains tagged as GuLoader, NorthKorea, trojan. The domains include cdn.discordapp.com, 91.92.241.152, 91.92.240.222, 158.94.208.174, 178.16.52.44, 158.94.211.102, 158.94.210.93, 158.94.208.52, i.postimg.cc, s3.us-east-2.amazonaws.com, storage.googleapis.com, 178.16.52.18, 158.94.211.101, 158.94.211.100, local-host.life, dropmefiles.com, limewire.com, 62.60.226.159, id8965.com, valfanto.com and 2431 more. 633 of these domains have been flagged by threat int...
Phone Number
267-917-8506
Last reported Mar 26, 2026
Low Activity
- 1 community report from users
Campaign Intelligence
This cluster centers on 1486 connected domains tagged as AgentTesla, None, js. The domains include i.postimg.cc, cdn.discordapp.com, s3.us-east-2.amazonaws.com, pastes.io, dl.dropboxusercontent.com, ltcexchange.bitparking.com, bitcoin.sipa.be, litecoinpool.org, cryptocoincharts.com, sigaintevyh2rzvw.onion, toremail.net, lelantos.org, www.sigaint.org, epjhlyfgxenf2q4o.onion~~, inocncymyac2mufx.onion, torbox3uiot6wchz.onion, 344c6kbnjnljjzlz.onion, mailtor.net, bscscan.com, securitized.io and 1466...
This cluster centers on 2559 connected domains tagged as GuLoader, NorthKorea, trojan. The domains include 83.224.148.34, 14.236.247.68, 120.157.72.59, 95.127.248.192, 116.110.179.199, 116.101.73.68, 95.127.250.241, 152.173.199.182, 91.80.129.100, 59.88.45.188, 117.216.5.20, 182.60.11.164, 41.146.14.165, 120.157.46.38, 59.182.90.199, 113.168.249.76, 78.132.114.25, 171.241.208.124, 120.157.229.220, 14.236.84.25 and 2539 more. 640 of these domains have been flagged by threat intelligence feeds inc...
This scam campaign involves a coordinated network of four phone numbers operating in conjunction with Account Services Inc., a debt collection company that has accumulated 8 CFPB complaints. The central phone number 877-215-3254 serves as a hub connecting to three other numbers: 267-917-8506, 877-200-9802, and 660-848-6683. Analysis reveals high-confidence same campaign connections between 877-215-3254 and the other numbers (confidence levels of 0.70), while all phone numbers show reported toget...
This scam campaign operates through a coordinated network of six phone numbers that target consumers with impersonation schemes designed to steal personal and financial information. The primary number 2124795212 has generated 24 FTC complaints, while supporting numbers 2124973972 (11 complaints), 8883526864 (5 complaints), and 7712473441 (4 complaints) work in conjunction as part of the same campaign operations. Two additional numbers, 6026792050 and 2679178506, have been reported together with ...
Details
Linked Company Activity
EQUIFAX, INC.
1 BBB complaint · Credit Cards] [Business: Equifax Impersonator] [Location: MD, USA- 21207]
BANK OF AMERICA, NATIONAL ASSOCIATION
175 BBB complaints
TRANSUNION INTERMEDIATE HOLDINGS, INC.
4 BBB complaints · Phishing] [Business: TransUnion Imposter Sc
JPMORGAN CHASE & CO.
16 BBB complaints
CAPITAL ONE FINANCIAL CORPORATION
161 BBB complaints
CITIBANK, N.A.
23 BBB complaints
Resurgent Capital Services L.P.
1 BBB complaint
SELECT PORTFOLIO SERVICING, INC.
1 BBB complaint · Advance Fee Loan] [Business: Said they were from Select Portfolio Servicing] [Location:
WELLS FARGO & COMPANY
205 BBB complaints
FIFTH THIRD FINANCIAL CORPORATION
26 BBB complaints
Connected Entities
Linked Companies
company
Flagstar Bank, N.A.
campaign co-membercompanyFirst Credit Services Inc.
campaign co-membercompanyPENTAGON FEDERAL CREDIT UNION
campaign co-membercompanyFIFTH THIRD FINANCIAL CORPORATION
campaign co-membercompanyCredit Services Corporation, LLC
campaign co-membercompanyIntegrity Group Inc
campaign co-membercompanyDirect, Inc
campaign co-membercompanyThe Bureaus, Inc.
campaign co-membercompanyEVERBANK, NATIONAL ASSOCIATION
campaign co-membercompanyTime Investment Corporation
campaign co-membercompanyCheckr, Inc
campaign co-membercompanyMOUNTAIN AMERICA FEDERAL CREDIT UNION
campaign co-memberRelated Phone Numbers
phone
8553572202
campaign co-memberphone8667715844
campaign co-memberphone8339086865
campaign co-memberphone8009220204
campaign co-memberphone4097617631
campaign co-memberphone6789998212
campaign co-memberphone6512042449
campaign co-memberphone5187704680
campaign co-memberphone8887291403
campaign co-memberphone8889194623
campaign co-memberphone9805107108
campaign co-memberphone7712473445
campaign co-memberphone5858247925
campaign co-memberphone8009993355
campaign co-memberphone8007715361
campaign co-memberphone8009033637
campaign co-memberphone2025582508
campaign co-memberphone9297499563
campaign co-memberphone8887910954
campaign co-memberphone8334471291
campaign co-memberphone7656119812
campaign co-memberphone8669591188
campaign co-memberphone8442446363
campaign co-memberphone3473635189
campaign co-memberRelated Domains
domain
130.12.180.43
campaign co-memberdomainimplementing-theft-metal-justin.trycloudflare.com
campaign co-memberdomainstaying-heavily-meaning-blowing.trycloudflare.com
campaign co-memberdomaincreations-venture-traditional-stainless.trycloudflare.com
campaign co-memberdomain103.125.219.204
campaign co-memberdomain206.123.145.26
campaign co-memberdomainarilprivate.storexyz.web.id
campaign co-memberdomain14.236.182.73
campaign co-memberdomain83.224.162.132
campaign co-memberdomain123.31.81.229
campaign co-memberdomain120.157.56.105
campaign co-memberdomain113.176.132.141
campaign co-memberRelated Emails
email
cfjtfl@verxl.com
campaign co-memberemaildiana@ierek.com
campaign co-memberemailhr@teknfix.com
campaign co-memberemailcbx-df@ceszx.com
campaign co-memberemailj.thompson8822@ymail.com
campaign co-memberemailbb.adige@libero.it
campaign co-memberemailpangmyiuhk@yahoo.co.jp
campaign co-memberemailmarydavis09@zoho.com
campaign co-memberemailxxxxxxxxxxxxxxxxxxxxxxxx@vmh5.grupoaldama.com.mx
campaign co-memberemaila4084163@trbvm.com
campaign co-memberemaillegalnotice@facebookmail.com
campaign co-memberemailleads@myhome.ie
campaign co-memberCommunity Reports
I was contacted by someone on a Chase Bank phone number: 212-497-3972. Note that this is an official Chase phone number as I called it back. They said they were from Chase Fraud and that my Zelle account had suspicious activity with two charges: one for $3k and one for $2k. He also said an iPhone 6 or 9 had attached itself to my account. He said that to remove the charges we would have to get into Zelle and initiate a cancellation process for each charge. He said that the Chase Fraud Case ID# was JPM2679178506. He then transferred my to someone named Mark Stevenson at a second Chase phone number: 212-479-5212. Again I checked this number out and it is a Chase phone number. Thus Chase's Phone system was hacked which allowed for this Fraud to happen. Mark led me through process in Zelle where IU input the numeric values of this 'cancellation' code into the $ amount window: CVC0049900. When I put this into the $ amount window it came out to $499. I questioned him about this and he said that it was part of the process. The person he had me send it to was Sherline Lherisson at (267)917-8506. He also asked me to put 5 capital letter in the notes section which he told me stood for something, and he said Sherline was the Chase fraud case manager. He had me take a picture of the transfer screen and txt it to (561)3136-6429 which he said was Sherline's number. He then had me get back into Zelle to try and initiate the second cancellation but Zelle only had $1 transfer capability for the rest of the day. Then he asked my what other online banking services I used and I told him Paypal and Venmo, and also told me I would need to go into a Chase branch at some point to show my ID. He then had me do a similar thing in Paypal where I input a 'cancellation code' that ended up totaling $1998. This time it was to Noricene Norelien and in the notes section he had me type 'F [BBB Scam Type: Bank/Credit Card Company Imposter] [Business: Chase Imposter]
49 days ago
Share Your Experience
What's Your Exposure?
Know your risk exposure to this message with a Thorough Analysis. It returns a detailed report covering the complaint history, your data breach exposure, related scam entities, and risk signals tied to this email message. Check the box and enter your email address now.