This cluster centers on 2382 connected domains tagged as PureHVNC, elf, sh. 572 of these domains have been flagged by threat intelligence feeds including Google Safe Browsing and URLhaus. The connected infrastructure includes 969 phone numbers (8772427372, 1319641540, 1319641221) with 557 FTC complaints; 690 email addresses (kellymoore_64@yahoo.com, schantzsybg7@aol.com, online.motors@consultant.com). Across all linked entities, consumers have filed 2228 complaints with federal agencies. Geog...
Phone Number
(965) 755-2555
Last reported Feb 24, 2026
Low Activity
- 1 community report from users
Campaign Intelligence
This cluster centers on 2396 connected domains tagged as 156-233-71-230, Quakbot, lnk. 586 of these domains have been flagged by threat intelligence feeds including Google Safe Browsing and URLhaus. The connected infrastructure includes 969 phone numbers (8772427372, 1319641540, 1319641221) with 565 FTC complaints; 690 email addresses (kellymoore_64@yahoo.com, schantzsybg7@aol.com, online.motors@consultant.com). Across all linked entities, consumers have filed 2237 complaints with federal agen...
This cluster centers on 1895 connected domains tagged as BeaverTail, RedLineStealer, password: 2026. 113 of these domains have been flagged by threat intelligence feeds including Google Safe Browsing and URLhaus. The connected infrastructure includes 934 phone numbers (8772427372, 1319641540, 1319641221) with 524 FTC complaints; 683 email addresses (kellymoore_64@yahoo.com, schantzsybg7@aol.com, online.motors@consultant.com). Across all linked entities, consumers have filed 2093 complaints wit...
This cluster centers on 2416 connected domains tagged as BABADEDA, WallStealer, meterpreter. 607 of these domains have been flagged by threat intelligence feeds including Google Safe Browsing and URLhaus. The connected infrastructure includes 969 phone numbers (5086371451, 9366439335, 1842506726) with 570 FTC complaints; 690 email addresses (kellymoore_64@yahoo.com, schantzsybg7@aol.com, online.motors@consultant.com). Across all linked entities, consumers have filed 2243 complaints with federa...
This cluster centers on 3287 connected domains tagged as HijackLoader, RemcosRAT, screenconnect. 617 of these domains have been flagged by threat intelligence feeds including Google Safe Browsing and URLhaus. The connected infrastructure includes 1649 phone numbers (5408463620, 8552597377, 8007873903) with 7110 FTC complaints; 143 companies (Informative LLC, HomePlus Corporation, Doral Capital Corporation) with 8547081 CFPB complaints; 807 email addresses (kellymoore_64@yahoo.com, schantzsybg7@...
Details
Connected Entities
No known connections to other entities yet.
Community Reports
Proton Suspended Journalist Accounts Citing Term of Service Violations **September 14, 2025** *By* [Alex Lekander](https://cyberinsider.com/author/alexlekander/) [https://cyberinsider.com/email/reviews/protonmail/](https://cyberinsider.com/email/reviews/protonmail/) Proton has come under fire for suspending accounts affiliated with Phrack, a long-running hacker publication, after the group published a detailed exposé on North Korean cyber-espionage operations. The suspension, which Proton attributed to terms of service violations, has ignited controversy over transparency, censorship, and the boundaries of responsible disclosure. Founded in 1985, Phrack is one of the oldest and most respected hacker zines in circulation. Over the decades, it has been a platform for both theoretical and practical research in infosec, often blurring the lines between underground and academic contributions. The Phrack article, titled APT Down: The North Korea Files, details a significant breach into systems allegedly operated by Kimsuky, a state-sponsored threat group linked to the North Korean regime. The release included source code, phishing infrastructure, backdoors, stolen credentials, and operational notes purportedly obtained from a Kimsuky-affiliated operator referred to as “KIM.” [According to Phrack](https://phrack.org/issues/72/7_md#article), the whistleblower behind the disclosure used Proton Mail accounts solely for the purpose of responsibly notifying affected South Korean institutions. The publication claims that these accounts were first suspended on August 15 and 16, after attempts to contact the Korea Internet & Security Agency (KISA), the Korea Computer Emergency Response Team (KrCERT), the Ministry of Unification, and other governmental bodies. **Phrack** Despite these efforts to disclose the breach, Proton disabled the accounts, citing concerns about potential damage to its service. In its initial response on social media, Proton stated: “We were alerted b
194 days ago6 upvotes
Share Your Experience
What's Your Exposure?
Know your risk exposure to this message with a Thorough Analysis. It returns a detailed report covering the complaint history, your data breach exposure, related scam entities, and risk signals tied to this email message. Check the box and enter your email address now.
Proton Pass — Unique passwords for every account
After a breach, reused passwords let attackers into your other accounts. Proton Pass generates and stores a unique password for each one.
Try Proton Pass freeAffiliate link. We may earn a commission.