This cluster centers on 2382 connected domains tagged as PureHVNC, elf, sh. 572 of these domains have been flagged by threat intelligence feeds including Google Safe Browsing and URLhaus. The connected infrastructure includes 969 phone numbers (8772427372, 1319641540, 1319641221) with 557 FTC complaints; 690 email addresses (kellymoore_64@yahoo.com, schantzsybg7@aol.com, online.motors@consultant.com). Across all linked entities, consumers have filed 2228 complaints with federal agencies. Geog...
Phone Number
(541) 240-9985
Last reported Feb 24, 2026
Low Activity
- 1 community report from users
Campaign Intelligence
This cluster centers on 2396 connected domains tagged as 156-233-71-230, Quakbot, lnk. 586 of these domains have been flagged by threat intelligence feeds including Google Safe Browsing and URLhaus. The connected infrastructure includes 969 phone numbers (8772427372, 1319641540, 1319641221) with 565 FTC complaints; 690 email addresses (kellymoore_64@yahoo.com, schantzsybg7@aol.com, online.motors@consultant.com). Across all linked entities, consumers have filed 2237 complaints with federal agen...
This cluster centers on 1895 connected domains tagged as BeaverTail, RedLineStealer, password: 2026. 113 of these domains have been flagged by threat intelligence feeds including Google Safe Browsing and URLhaus. The connected infrastructure includes 934 phone numbers (8772427372, 1319641540, 1319641221) with 524 FTC complaints; 683 email addresses (kellymoore_64@yahoo.com, schantzsybg7@aol.com, online.motors@consultant.com). Across all linked entities, consumers have filed 2093 complaints wit...
This cluster centers on 2416 connected domains tagged as BABADEDA, WallStealer, meterpreter. 607 of these domains have been flagged by threat intelligence feeds including Google Safe Browsing and URLhaus. The connected infrastructure includes 969 phone numbers (5086371451, 9366439335, 1842506726) with 570 FTC complaints; 690 email addresses (kellymoore_64@yahoo.com, schantzsybg7@aol.com, online.motors@consultant.com). Across all linked entities, consumers have filed 2243 complaints with federa...
This cluster centers on 3287 connected domains tagged as HijackLoader, RemcosRAT, screenconnect. 617 of these domains have been flagged by threat intelligence feeds including Google Safe Browsing and URLhaus. The connected infrastructure includes 1649 phone numbers (5408463620, 8552597377, 8007873903) with 7110 FTC complaints; 143 companies (Informative LLC, HomePlus Corporation, Doral Capital Corporation) with 8547081 CFPB complaints; 807 email addresses (kellymoore_64@yahoo.com, schantzsybg7@...
Details
Connected Entities
No known connections to other entities yet.
Community Reports
ATTENTION: NEW VICTIMS **General advice (Ctrl+F to search for your scam)** As a rule of thumb: If you're doubting whether the site is a scam, it probably is. Our advice is to withdraw your money from the scam site if possible, transfer your money out of the wallet, cut contact, and contact law enforcement. If you confront the scammers about being unable to withdraw the money, they may guilt trip you into paying more [fees](https://sites.google.com/view/scammerce/scams/advance-fee) to do that, for example asking for money to pay "taxes" and offering to cover a part of your expenses. If you manage to withdraw your money from the scam site, transferring it out of your compromised cryptocurrency wallet ensures that it is now out of reach of the scammers. Report the scammers to the platform and block them, but do not delete chat logs. The evidence has to be preserved for law enforcement. Law enforcement is often not qualified or motivated to recover your money, but if you are unable to get your money back, they are your only option. Even if they do not help you in the end, reporting the scam will at least alert them to the problem, keeping it on the radar. Unfortunately, no hacker online can get back what you've lost. Please watch out for [recovery scams](https://sites.google.com/view/scammerce/scams/recovery), a follow-up scam done after victims have fallen for an earlier scam. Scammers will DM you to offer recovery services. A form of the advance-fee, victims are convinced that the scammer can recover their money. This "help" can come in the form of fake hacking services or authorities. If you see anyone circumventing the scam filters, please report the submission and we will take action shortly. ​ **Collecting information** * Please do not post personally identifiable information. * Photos the scammer sends are not usually considered useful information for tracking. If you can get them to video call though, that may help more. * IP addresses can serve a
1251 days ago3 upvotes
Share Your Experience
What's Your Exposure?
Know your risk exposure to this message with a Thorough Analysis. It returns a detailed report covering the complaint history, your data breach exposure, related scam entities, and risk signals tied to this email message. Check the box and enter your email address now.
NordPass — Stop reusing passwords across accounts
After a breach, attackers try stolen passwords on every site you use. NordPass generates and stores a unique password for each account.
Try NordPassAffiliate link. We may earn a commission.