This cluster centers on 2382 connected domains tagged as PureHVNC, elf, sh. 572 of these domains have been flagged by threat intelligence feeds including Google Safe Browsing and URLhaus. The connected infrastructure includes 969 phone numbers (8772427372, 1319641540, 1319641221) with 557 FTC complaints; 690 email addresses (kellymoore_64@yahoo.com, schantzsybg7@aol.com, online.motors@consultant.com). Across all linked entities, consumers have filed 2228 complaints with federal agencies. Geog...
Phone Number
(554) 566-0940
Last reported Feb 24, 2026
Low Activity
- 2 community reports from users
Campaign Intelligence
This cluster centers on 2396 connected domains tagged as 156-233-71-230, Quakbot, lnk. 586 of these domains have been flagged by threat intelligence feeds including Google Safe Browsing and URLhaus. The connected infrastructure includes 969 phone numbers (8772427372, 1319641540, 1319641221) with 565 FTC complaints; 690 email addresses (kellymoore_64@yahoo.com, schantzsybg7@aol.com, online.motors@consultant.com). Across all linked entities, consumers have filed 2237 complaints with federal agen...
This cluster centers on 1895 connected domains tagged as BeaverTail, RedLineStealer, password: 2026. 113 of these domains have been flagged by threat intelligence feeds including Google Safe Browsing and URLhaus. The connected infrastructure includes 934 phone numbers (8772427372, 1319641540, 1319641221) with 524 FTC complaints; 683 email addresses (kellymoore_64@yahoo.com, schantzsybg7@aol.com, online.motors@consultant.com). Across all linked entities, consumers have filed 2093 complaints wit...
This cluster centers on 2416 connected domains tagged as BABADEDA, WallStealer, meterpreter. 607 of these domains have been flagged by threat intelligence feeds including Google Safe Browsing and URLhaus. The connected infrastructure includes 969 phone numbers (5086371451, 9366439335, 1842506726) with 570 FTC complaints; 690 email addresses (kellymoore_64@yahoo.com, schantzsybg7@aol.com, online.motors@consultant.com). Across all linked entities, consumers have filed 2243 complaints with federa...
This cluster centers on 2764 connected domains tagged as BeaverTail, Kaiji, fbf543. 645 of these domains have been flagged by threat intelligence feeds including Google Safe Browsing and URLhaus. The connected infrastructure includes 1132 phone numbers (7638857447, 8664372914, 2157987305) with 10266 FTC complaints; 146 companies (JPMORGAN CHASE & CO., Advanced Resolution Services Inc., EVERBANK, NATIONAL ASSOCIATION) with 8616274 CFPB complaints; 298 email addresses (xxxxxxxxxxxxxxxxxxxxxxxx@vm...
This cluster centers on 3287 connected domains tagged as HijackLoader, RemcosRAT, screenconnect. 617 of these domains have been flagged by threat intelligence feeds including Google Safe Browsing and URLhaus. The connected infrastructure includes 1649 phone numbers (5408463620, 8552597377, 8007873903) with 7110 FTC complaints; 143 companies (Informative LLC, HomePlus Corporation, Doral Capital Corporation) with 8547081 CFPB complaints; 807 email addresses (kellymoore_64@yahoo.com, schantzsybg7@...
This cluster centers on 2874 connected domains tagged as QuasarRAT, StealitStealer, pw-k53mv9bc. 652 of these domains have been flagged by threat intelligence feeds including Google Safe Browsing and URLhaus. The connected infrastructure includes 1375 phone numbers (2157987305, 2025069230, 2028641298) with 14635 FTC complaints; 160 companies (JPMORGAN CHASE & CO., Advanced Resolution Services Inc., EVERBANK, NATIONAL ASSOCIATION) with 8680419 CFPB complaints; 299 email addresses (abuse@fb.com, ...
Part of: Other Robocall Campaign3/27/2026
This cluster centers on 1 connected domains identified through shared infrastructure and registration patterns. The connected infrastructure includes 1 phone numbers (5545660940) with 0 FTC complaints; 1 email addresses (noreply@abccompany.com). If you receive a call or text from any of these numbers, do not engage — hang up immediately and do not call back. Never provide personal information or make payments to unknown callers. Do not click links to any of the flagged domains. If you have vis...
Part of: Domain Campaign3/28/2026
Details
Connected Entities
Related Domains
Related Emails
Community Reports
First Time Home buyer : Post closing Phishing email from Loan Officer's inbox ​ https://preview.redd.it/ylfq07cltuf71.png?width=895&format=png&auto=webp&s=d019af0dc35a66ca6747aa0679eab55456609402 We closed on our house 7 days back. Got this email from the Loan officer's email id who was handling our case and communicating with me on email most of the times. This looked suspicious to me. 1. Loan officer did not inform me about such disclosure . I called him immediately and he told he hasn't sent any such email 2. Unfortunately I clicked the link on my Android phone . Did not go further. On desktop hovered over to find fake url. 3. Earlier disclosures etc never came directly from Loan officer's inbox but from the company ([noreply@ABCcompany.com](mailto:noreply@ABCcompany.com)) so I was suspicious on this one 4. Year of birth :) . Why do someone need to tell me my year of birth ? :) . My concern is that someone knows that we were closing and thus had clearly known that one of the next steps could be another post closure disclosure. Thus sending such disclosure link would be a good way for me to get to click it. If they knew this , then either my or the Loan officer's inbox is compromised . I told him so, but he is not much concerned right now. Says maybe this is some automated from his company etc. I am changing key login/pass to be safe. Not sure what else I can do . Any suggestions ?
1694 days ago2 upvotes
First Time Home buyer : Post closing Phishing email from Loan Officer's inbox ​ https://preview.redd.it/ylfq07cltuf71.png?width=895&format=png&auto=webp&s=d019af0dc35a66ca6747aa0679eab55456609402 We closed on our house 7 days back. Got this email from the Loan officer's email id who was handling our case and communicating with me on email most of the times. This looked suspicious to me. 1. Loan officer did not inform me about such disclosure . I called him immediately and he told he hasn't sent any such email 2. Unfortunately I clicked the link on my Android phone . Did not go further. On desktop hovered over to find fake url. 3. Earlier disclosures etc never came directly from Loan officer's inbox but from the company ([noreply@ABCcompany.com](mailto:noreply@ABCcompany.com)) so I was suspicious on this one 4. Year of birth :) . Why do someone need to tell me my year of birth ? :) . My concern is that someone knows that we were closing and thus had clearly known that one of the next steps could be another post closure disclosure. Thus sending such disclosure link would be a good way for me to get to click it. If they knew this , then either my or the Loan officer's inbox is compromised . I told him so, but he is not much concerned right now. Says maybe this is some automated from his company etc. I am changing key login/pass to be safe. Not sure what else I can do . Any suggestions ?
1694 days ago2 upvotes
Share Your Experience
What's Your Exposure?
Know your risk exposure to this message with a Thorough Analysis. It returns a detailed report covering the complaint history, your data breach exposure, related scam entities, and risk signals tied to this email message. Check the box and enter your email address now.
NordProtect — Identity theft monitoring and recovery
NordProtect watches for your personal info on the dark web, monitors your credit, and covers up to $1M in identity theft insurance.
Get NordProtectAffiliate link. We may earn a commission.