This cluster centers on 2451 connected domains tagged as GuLoader, NorthKorea, trojan. The domains include cdn.discordapp.com, 91.92.241.152, 91.92.240.222, 158.94.208.174, 178.16.52.44, 158.94.211.102, 158.94.210.93, 158.94.208.52, i.postimg.cc, s3.us-east-2.amazonaws.com, storage.googleapis.com, 178.16.52.18, 158.94.211.101, 158.94.211.100, local-host.life, dropmefiles.com, limewire.com, 62.60.226.159, id8965.com, valfanto.com and 2431 more. 633 of these domains have been flagged by threat int...
Phone Number
888-731-2187
Last reported Apr 6, 2026
Low Activity
- 5 community reports from users
Campaign Intelligence
This cluster centers on 1486 connected domains tagged as AgentTesla, None, js. The domains include i.postimg.cc, cdn.discordapp.com, s3.us-east-2.amazonaws.com, pastes.io, dl.dropboxusercontent.com, ltcexchange.bitparking.com, bitcoin.sipa.be, litecoinpool.org, cryptocoincharts.com, sigaintevyh2rzvw.onion, toremail.net, lelantos.org, www.sigaint.org, epjhlyfgxenf2q4o.onion~~, inocncymyac2mufx.onion, torbox3uiot6wchz.onion, 344c6kbnjnljjzlz.onion, mailtor.net, bscscan.com, securitized.io and 1466...
This cluster centers on 2559 connected domains tagged as GuLoader, NorthKorea, trojan. The domains include 83.224.148.34, 14.236.247.68, 120.157.72.59, 95.127.248.192, 116.110.179.199, 116.101.73.68, 95.127.250.241, 152.173.199.182, 91.80.129.100, 59.88.45.188, 117.216.5.20, 182.60.11.164, 41.146.14.165, 120.157.46.38, 59.182.90.199, 113.168.249.76, 78.132.114.25, 171.241.208.124, 120.157.229.220, 14.236.84.25 and 2539 more. 640 of these domains have been flagged by threat intelligence feeds inc...
This cybersecurity report analyzes a coordinated scam campaign involving United Group Inc. and three associated phone numbers that are targeting consumers through deceptive mailing operations and vehicle-related fraud schemes. The campaign centers around United Group Inc., a company operating in the vehicle loan or lease industry that has generated 75 complaints with the Consumer Financial Protection Bureau. This entity is directly connected to three phone numbers through reported relationships...
**United Group Inc. Vehicle Warranty Scam Campaign** This scam campaign centers around United Group Inc., a company with 75 Consumer Financial Protection Bureau complaints in the vehicle loan or lease industry. The operation utilizes a coordinated network of three phone numbers: 833-330-5441, 877-695-1552, and 888-731-2187. These numbers are connected through same campaign relationships with confidence levels of 0.70, indicating they are part of a unified fraudulent scheme. Each phone number ha...
Details
Linked Company Activity
EQUIFAX, INC.
1 BBB complaint · Credit Cards] [Business: Equifax Impersonator] [Location: MD, USA- 21207]
BANK OF AMERICA, NATIONAL ASSOCIATION
173 BBB complaints
TRANSUNION INTERMEDIATE HOLDINGS, INC.
4 BBB complaints · Phishing] [Business: TransUnion Imposter Sc
JPMORGAN CHASE & CO.
16 BBB complaints
CAPITAL ONE FINANCIAL CORPORATION
158 BBB complaints
CITIBANK, N.A.
23 BBB complaints
Resurgent Capital Services L.P.
1 BBB complaint
SELECT PORTFOLIO SERVICING, INC.
1 BBB complaint · Advance Fee Loan] [Business: Said they were from Select Portfolio Servicing] [Location:
WELLS FARGO & COMPANY
204 BBB complaints · Bank/Credit Card C
FIFTH THIRD FINANCIAL CORPORATION
26 BBB complaints
Connected Entities
Linked Companies
company
PENTAGON FEDERAL CREDIT UNION
campaign co-membercompanyFIFTH THIRD FINANCIAL CORPORATION
campaign co-membercompanyCredit Services Corporation, LLC
campaign co-membercompanyIntegrity Group Inc
campaign co-membercompanyDirect, Inc
campaign co-membercompanyThe Bureaus, Inc.
campaign co-membercompanyEVERBANK, NATIONAL ASSOCIATION
campaign co-membercompanyTime Investment Corporation
campaign co-membercompanyCheckr, Inc
campaign co-membercompanyMOUNTAIN AMERICA FEDERAL CREDIT UNION
campaign co-membercompanyFuture Financial Inc.
campaign co-membercompanyReady Capital Corporation
campaign co-memberRelated Phone Numbers
phone
8553572202
campaign co-memberphone8667715844
campaign co-memberphone8339086865
campaign co-memberphone8009220204
campaign co-memberphone4097617631
campaign co-memberphone6789998212
campaign co-memberphone6512042449
campaign co-memberphone5187704680
campaign co-memberphone8887291403
campaign co-memberphone8889194623
campaign co-memberphone9805107108
campaign co-memberphone7712473445
campaign co-memberphone5858247925
campaign co-memberphone8009993355
campaign co-memberphone8007715361
campaign co-memberphone8009033637
campaign co-memberphone2025582508
campaign co-memberphone9297499563
campaign co-memberphone8887910954
campaign co-memberphone8334471291
campaign co-memberphone7656119812
campaign co-memberphone8669591188
campaign co-memberphone8442446363
campaign co-memberphone3473635189
campaign co-memberRelated Domains
domain
130.12.180.43
campaign co-memberdomainimplementing-theft-metal-justin.trycloudflare.com
campaign co-memberdomainstaying-heavily-meaning-blowing.trycloudflare.com
campaign co-memberdomaincreations-venture-traditional-stainless.trycloudflare.com
campaign co-memberdomain103.125.219.204
campaign co-memberdomain206.123.145.26
campaign co-memberdomainarilprivate.storexyz.web.id
campaign co-memberdomain14.236.182.73
campaign co-memberdomain83.224.162.132
campaign co-memberdomain123.31.81.229
campaign co-memberdomain120.157.56.105
campaign co-memberdomain113.176.132.141
campaign co-memberRelated Emails
email
cfjtfl@verxl.com
campaign co-memberemaildiana@ierek.com
campaign co-memberemailhr@teknfix.com
campaign co-memberemailcbx-df@ceszx.com
campaign co-memberemailj.thompson8822@ymail.com
campaign co-memberemailbb.adige@libero.it
campaign co-memberemailpangmyiuhk@yahoo.co.jp
campaign co-memberemailmarydavis09@zoho.com
campaign co-memberemailxxxxxxxxxxxxxxxxxxxxxxxx@vmh5.grupoaldama.com.mx
campaign co-memberemaila4084163@trbvm.com
campaign co-memberemaillegalnotice@facebookmail.com
campaign co-memberemailleads@myhome.ie
campaign co-memberCommunity Reports
A letter was received in the mail stating "Final Notice". It listed our home address and mortgage company name. It stated "This letter is to inform you about important matter regarding the property........secured by your current lender.....We reserve the right to revoke allocated waiver after 7 days of receiving this notice. Please call IMMEDIATELY as this will be our final attempt to notify you 888-731-2187." A record ID is listed but no company name, address or website. Just the number and hours to call. Also, included what looks like a "check" payable to use for $199.99 for "allocated waiver", but states at the bottom it is not a check. [BBB Scam Type: Debt Collections] [Business: none] [Location: KY, USA - 40422]
37 days ago
I recently got a HELOC. A letter in the mail identified the HELOC lender and told me the letter was to inform me of an important matter about the property, specifically an allocated waiver ($199) they can revoke after 7 days. The letter told me to call 888-731-2187 immediately as the letter was the final attempt to notify. The letter came with what looked like a check, but was identified as not a check, in the amount of $199, and had a place for us to sign. The company said it was not affiliated with our HELOC lender, but did not identify its own name or address. [BBB Scam Type: Phishing] [Business: HELOC lender] [Location: NY, USA- 14103]
46 days ago
This letter is to inform you about an important matter regarding property at (our address) secured by your current lender whic is United States of America (not our lender). We reserve the right ot revoke the allocated waiver after 7 days of receiving this notice. Please call immediately as this will be our final attempt to notify you. 888-731-2187 Attached was what appeared to be a check for $199.00. Below that in small print it states, "This is not a check". [BBB Scam Type: Counterfeit Product] [Business: Tax Deed Legl] [Location: LA, USA- 71351]
49 days ago
The phishing scam was careful not to implicate themselves and attempts to scare victims into calling their number listed in the letter. The 3-sided, perforated UNITED STATES MAIL had this information on the outside: U.S. POSTAGE PAID PERMIT NO. 1535 PRESORTED STANDARD MAILED FROM ZIP CODE 33431 The letter stated: This letter is to inform you about an important matter regarding the property VICTIM's ADDRESS REDACTED secured by your current lender which is REDACTED. We reserve the right to revoke allocated waiver after seven days of receiving this notice. PLEASE CALL IMMEDIATELY AS THIS WILL BE OUR FINAL ATTEMPT TO NOTIFY YOU 888-731-2187. [BBB Scam Type: Phishing] [Business: Access Fcu] [Location: TN, USA- 37066]
50 days ago
Received a letter w/ $199 "Allocated Waiver." Stated they were secured by my current Lender: Nvr Mtg Fin Inc. Regarding my property. (I have no mortgage or lender of any kind) Stated FINAL ATTEMPT TO NOTIFY and to call immediately at 888-731-2187. I Did NOT. [BBB Scam Type: Other] [Business: Allocated Waiver] [Location: OH, USA- 44310]
50 days ago
Share Your Experience
What's Your Exposure?
Know your risk exposure to this message with a Thorough Analysis. It returns a detailed report covering the complaint history, your data breach exposure, related scam entities, and risk signals tied to this email message. Check the box and enter your email address now.