860-681-0379

This cluster centers on 2451 connected domains tagged as GuLoader, NorthKorea, trojan. The domains include cdn.discordapp.com, 91.92.241.152, 91.92.240.222, 158.94.208.174, 178.16.52.44, 158.94.211.102, 158.94.210.93, 158.94.208.52, i.postimg.cc, s3.us-east-2.amazonaws.com, storage.googleapis.com, 178.16.52.18, 158.94.211.101, 158.94.211.100, local-host.life, dropmefiles.com, limewire.com, 62.60.226.159, id8965.com, valfanto.com and 2431 more. 633 of these domains have been flagged by threat int...

This cluster centers on 2957 connected domains tagged as GuLoader, NorthKorea, censys. The domains include salelegalsteroids.com, 192.210.186.208, gharnt.com, cloflart.com, id3702579photo-image-docs.com, www.almacensantangel.com, 64.95.12.162, blue-oceans.net, sixmexicos.com, baritonclick.online, 185.252.24.15, un1rw11q4u.com, ameyiando.com, niril.sbs, bursaelektriktamir.com, blankeyeo.com, umxtxhub.za.com, sunchernical.com, 18.194.67.137, servecdn.my and 2937 more. 606 of these domains have bee...

This scam campaign centers around a fraudulent luxury watch scheme that exploits eBay listings to target high-value sellers. The campaign uses two phone numbers, 8005511554 and 8606810379, along with the email address candy05@sbcglobal.net, all connected through shared reporting patterns with 100% confidence across 12 documented relationships. While neither phone number has generated formal FTC complaints to date, community reports reveal the operational details of this sophisticated fraud opera...

This cluster centers on 2107 connected domains tagged as GuLoader, NorthKorea, censys. The domains include storage.googleapis.com, cdn.discordapp.com, pastes.io, s3.us-east-2.amazonaws.com, dl.dropboxusercontent.com, 188.137.230.45, touchskins.io, 158.94.208.7, 74.0.32.149, 74.0.32.141, api.touchskins.io, 80.89.237.190, 188.137.254.207, api.wewpwsw.su, 188.137.229.136, 196.251.107.24, 104.194.152.180, link.storjshare.io, s3.g.s4.mega.io, 62.60.226.159 and 2087 more. 562 of these domains have bee...

This cluster centers on 2121 connected domains tagged as GuLoader, NorthKorea, censys. The domains include 59.182.90.199, 178.50.166.61, 113.168.249.76, 123.209.193.86, 113.165.6.38, 120.157.72.234, 171.235.194.253, 120.157.159.171, 37.142.77.163, 46.124.33.133, 46.124.40.3, 83.224.151.243, 88.86.246.233, 41.146.1.154, 59.182.119.128, 14.236.247.68, 120.157.72.59, 95.127.248.192, 116.110.179.199, cdn.discordapp.com and 2101 more. 576 of these domains have been flagged by threat intelligence feed...

This cluster centers on 1630 connected domains tagged as BABADEDA, pw-2026, wsh. The domains include storage.googleapis.com, cdn.discordapp.com, implementing-theft-metal-justin.trycloudflare.com, staying-heavily-meaning-blowing.trycloudflare.com, creations-venture-traditional-stainless.trycloudflare.com, arilprivate.storexyz.web.id, 206.123.145.26, 103.125.219.204, 45.87.43.154, 10cricofficial.com, justwatch.life, 195.16.44.75, advise-visual-playstation-closer.trycloudflare.com, 91.92.241.197, 6...

This cluster centers on 2141 connected domains tagged as GuLoader, NorthKorea, censys. The domains include 59.182.90.199, 91.80.129.100, 123.28.175.23, 120.61.247.2, 178.50.166.61, 113.168.249.76, 123.209.193.86, 113.165.6.38, 120.157.72.234, 171.235.194.253, 120.157.159.171, 37.142.77.163, 171.241.208.124, 120.157.229.220, 171.117.30.233, 91.80.136.9, 46.124.33.133, 46.124.40.3, 83.224.151.243, 88.86.246.233 and 2121 more. 596 of these domains have been flagged by threat intelligence feeds incl...

This cluster centers on 2559 connected domains tagged as GuLoader, NorthKorea, trojan. The domains include 83.224.148.34, 14.236.247.68, 120.157.72.59, 95.127.248.192, 116.110.179.199, 116.101.73.68, 95.127.250.241, 152.173.199.182, 91.80.129.100, 59.88.45.188, 117.216.5.20, 182.60.11.164, 41.146.14.165, 120.157.46.38, 59.182.90.199, 113.168.249.76, 78.132.114.25, 171.241.208.124, 120.157.229.220, 14.236.84.25 and 2539 more. 640 of these domains have been flagged by threat intelligence feeds inc...