This cluster centers on 2957 connected domains tagged as GuLoader, NorthKorea, censys. The domains include salelegalsteroids.com, 192.210.186.208, gharnt.com, cloflart.com, id3702579photo-image-docs.com, www.almacensantangel.com, 64.95.12.162, blue-oceans.net, sixmexicos.com, baritonclick.online, 185.252.24.15, un1rw11q4u.com, ameyiando.com, niril.sbs, bursaelektriktamir.com, blankeyeo.com, umxtxhub.za.com, sunchernical.com, 18.194.67.137, servecdn.my and 2937 more. 606 of these domains have bee...
Phone Number
617-489-8326
Last reported Feb 24, 2026
Low Activity
- 1 community report from users
Campaign Intelligence
This cluster centers on 2107 connected domains tagged as GuLoader, NorthKorea, censys. The domains include storage.googleapis.com, cdn.discordapp.com, pastes.io, s3.us-east-2.amazonaws.com, dl.dropboxusercontent.com, 188.137.230.45, touchskins.io, 158.94.208.7, 74.0.32.149, 74.0.32.141, api.touchskins.io, 80.89.237.190, 188.137.254.207, api.wewpwsw.su, 188.137.229.136, 196.251.107.24, 104.194.152.180, link.storjshare.io, s3.g.s4.mega.io, 62.60.226.159 and 2087 more. 562 of these domains have bee...
This cluster centers on 2121 connected domains tagged as GuLoader, NorthKorea, censys. The domains include 59.182.90.199, 178.50.166.61, 113.168.249.76, 123.209.193.86, 113.165.6.38, 120.157.72.234, 171.235.194.253, 120.157.159.171, 37.142.77.163, 46.124.33.133, 46.124.40.3, 83.224.151.243, 88.86.246.233, 41.146.1.154, 59.182.119.128, 14.236.247.68, 120.157.72.59, 95.127.248.192, 116.110.179.199, cdn.discordapp.com and 2101 more. 576 of these domains have been flagged by threat intelligence feed...
This cluster centers on 1630 connected domains tagged as BABADEDA, pw-2026, wsh. The domains include storage.googleapis.com, cdn.discordapp.com, implementing-theft-metal-justin.trycloudflare.com, staying-heavily-meaning-blowing.trycloudflare.com, creations-venture-traditional-stainless.trycloudflare.com, arilprivate.storexyz.web.id, 206.123.145.26, 103.125.219.204, 45.87.43.154, 10cricofficial.com, justwatch.life, 195.16.44.75, advise-visual-playstation-closer.trycloudflare.com, 91.92.241.197, 6...
This cluster centers on 2141 connected domains tagged as GuLoader, NorthKorea, censys. The domains include 59.182.90.199, 91.80.129.100, 123.28.175.23, 120.61.247.2, 178.50.166.61, 113.168.249.76, 123.209.193.86, 113.165.6.38, 120.157.72.234, 171.235.194.253, 120.157.159.171, 37.142.77.163, 171.241.208.124, 120.157.229.220, 171.117.30.233, 91.80.136.9, 46.124.33.133, 46.124.40.3, 83.224.151.243, 88.86.246.233 and 2121 more. 596 of these domains have been flagged by threat intelligence feeds incl...
Details
Linked Company Activity
EQUIFAX, INC.
1 BBB complaint · Credit Cards] [Business: Equifax Impersonator] [Location: MD, USA- 21207]
BANK OF AMERICA, NATIONAL ASSOCIATION
173 BBB complaints
TRANSUNION INTERMEDIATE HOLDINGS, INC.
4 BBB complaints · Phishing] [Business: TransUnion Imposter Sc
JPMORGAN CHASE & CO.
16 BBB complaints
CAPITAL ONE FINANCIAL CORPORATION
158 BBB complaints
CITIBANK, N.A.
23 BBB complaints
Resurgent Capital Services L.P.
1 BBB complaint
WELLS FARGO & COMPANY
204 BBB complaints · Bank/Credit Card C
AMERICAN EXPRESS COMPANY
105 BBB complaints
PNC Bank N.A.
22 BBB complaints
Connected Entities
Linked Companies
company
PENTAGON FEDERAL CREDIT UNION
campaign co-membercompanyCredit Services Corporation, LLC
campaign co-membercompanyIntegrity Group Inc
campaign co-membercompanyDirect, Inc
campaign co-membercompanyThe Bureaus, Inc.
campaign co-membercompanyEVERBANK, NATIONAL ASSOCIATION
campaign co-membercompanyCheckr, Inc
campaign co-membercompanyMOUNTAIN AMERICA FEDERAL CREDIT UNION
campaign co-membercompanyFuture Financial Inc.
campaign co-membercompanyReady Capital Corporation
campaign co-membercompanyREGIONS FINANCIAL CORPORATION
campaign co-membercompanyThe Collection Agency LLC
campaign co-memberRelated Phone Numbers
phone
8553572202
campaign co-memberphone3186669555
campaign co-memberphone8009220204
campaign co-memberphone6789998212
campaign co-memberphone8889194623
campaign co-memberphone8009993355
campaign co-memberphone8007715361
campaign co-memberphone8009033637
campaign co-memberphone8884260179
campaign co-memberphone2025582508
campaign co-memberphone3025417253
campaign co-memberphone8887910954
campaign co-memberphone7656119812
campaign co-memberphone3473635189
campaign co-memberphone6095276573
campaign co-memberphone9096341137
campaign co-memberphone4122148209
campaign co-memberphone8446863816
campaign co-memberphone2013652729
campaign co-memberphone4077347620
campaign co-memberphone8004727563
campaign co-memberphone6468099698
campaign co-memberphone2028008504
campaign co-memberphone8446312193
campaign co-memberRelated Domains
domain
130.12.180.43
campaign co-memberdomainimplementing-theft-metal-justin.trycloudflare.com
campaign co-memberdomainstaying-heavily-meaning-blowing.trycloudflare.com
campaign co-memberdomaincreations-venture-traditional-stainless.trycloudflare.com
campaign co-memberdomain103.125.219.204
campaign co-memberdomain206.123.145.26
campaign co-memberdomainarilprivate.storexyz.web.id
campaign co-memberdomain14.236.182.73
campaign co-memberdomain83.224.162.132
campaign co-memberdomain123.31.81.229
campaign co-memberdomain120.157.56.105
campaign co-memberdomain113.176.132.141
campaign co-memberRelated Emails
email
diana@ierek.com
campaign co-memberemailcfjtfl@verxl.com
campaign co-memberemailcbx-df@ceszx.com
campaign co-memberemailj.thompson8822@ymail.com
campaign co-memberemailbb.adige@libero.it
campaign co-memberemailhr@teknfix.com
campaign co-memberemailpangmyiuhk@yahoo.co.jp
campaign co-memberemailmarydavis09@zoho.com
campaign co-memberemailidentity@varomoney.com
campaign co-memberemailservicename@nickname.tld
campaign co-memberemaila4084163@trbvm.com
campaign co-memberemaillegalnotice@facebookmail.com
campaign co-memberCommunity Reports
emgw.xyz crypto scam that stole more than 200k $ This is a cryptocurrency scam website that has stolen over $200,000 USD from its users. The site gives lots of red flags on the main page. They claim to be "partners" of CoinGecko and Coinbase, which is, of course, a lie. The scam site claims to be a liquefied miner and promises to give 2% of the total investment per day (with this amount of earnings per day, it's a huge red flag), When I was using the scam website, the site paid me all the times (4 withdrawals of $30, total $120), and the fact that they were paying me gave me a lot of confidence about the site (even with all the red flags on the site). They do that to bring trust to the user. But unfortunately, it did not go well for me, and they robbed me of $472. The scam of the site is quite simple. To start "mining," you will need an initial investment (that you will earn 2% of every day from the "mining") and you need to pay a "miner fee," which is actually a transaction that gives access to a wallet to make transactions on the user's USDTs (A.K.A. [Token Approval](https://support.metamask.io/hc/en-us/articles/6174898326683-What-is-a-token-approval-)) In my case, here's the "miner fee" that I paid to start mine: [https://etherscan.io/tx/0x968b95c6511b9a3119cdf1c912d64a33b71c9637255ba38bf8dc509725b9bde3](https://etherscan.io/tx/0x968b95c6511b9a3119cdf1c912d64a33b71c9637255ba38bf8dc509725b9bde3) After some time of mining on the site, I noticed that they had made a transaction from my wallet to another wallet for **472$**. (transaction: [https://etherscan.io/tx/0xbd8743fe5702556c38a80b64ab3c2747625b26af994e222ee5dbc2051278fb7f](https://etherscan.io/tx/0xbd8743fe5702556c38a80b64ab3c2747625b26af994e222ee5dbc2051278fb7f)) After I was robbed of the $472, I went to contact the site support, and these were the conversations: >**Me** *\[06/04/2023 12:00\]*: Hello, I was in my wallet, when I noticed that the USDTs in my wallet disappeared, what happened? > >**Me*
1128 days ago3 upvotes
Share Your Experience
What's Your Exposure?
Know your risk exposure to this message with a Thorough Analysis. It returns a detailed report covering the complaint history, your data breach exposure, related scam entities, and risk signals tied to this email message. Check the box and enter your email address now.