This cluster centers on 2957 connected domains tagged as GuLoader, NorthKorea, censys. The domains include salelegalsteroids.com, 192.210.186.208, gharnt.com, cloflart.com, id3702579photo-image-docs.com, www.almacensantangel.com, 64.95.12.162, blue-oceans.net, sixmexicos.com, baritonclick.online, 185.252.24.15, un1rw11q4u.com, ameyiando.com, niril.sbs, bursaelektriktamir.com, blankeyeo.com, umxtxhub.za.com, sunchernical.com, 18.194.67.137, servecdn.my and 2937 more. 606 of these domains have bee...
Phone Number
965-755-2555
Last reported Feb 24, 2026
Low Activity
- 1 community report from users
Campaign Intelligence
This cluster centers on 2107 connected domains tagged as GuLoader, NorthKorea, censys. The domains include storage.googleapis.com, cdn.discordapp.com, pastes.io, s3.us-east-2.amazonaws.com, dl.dropboxusercontent.com, 188.137.230.45, touchskins.io, 158.94.208.7, 74.0.32.149, 74.0.32.141, api.touchskins.io, 80.89.237.190, 188.137.254.207, api.wewpwsw.su, 188.137.229.136, 196.251.107.24, 104.194.152.180, link.storjshare.io, s3.g.s4.mega.io, 62.60.226.159 and 2087 more. 562 of these domains have bee...
This cluster centers on 2121 connected domains tagged as GuLoader, NorthKorea, censys. The domains include 59.182.90.199, 178.50.166.61, 113.168.249.76, 123.209.193.86, 113.165.6.38, 120.157.72.234, 171.235.194.253, 120.157.159.171, 37.142.77.163, 46.124.33.133, 46.124.40.3, 83.224.151.243, 88.86.246.233, 41.146.1.154, 59.182.119.128, 14.236.247.68, 120.157.72.59, 95.127.248.192, 116.110.179.199, cdn.discordapp.com and 2101 more. 576 of these domains have been flagged by threat intelligence feed...
This cluster centers on 1630 connected domains tagged as BABADEDA, pw-2026, wsh. The domains include storage.googleapis.com, cdn.discordapp.com, implementing-theft-metal-justin.trycloudflare.com, staying-heavily-meaning-blowing.trycloudflare.com, creations-venture-traditional-stainless.trycloudflare.com, arilprivate.storexyz.web.id, 206.123.145.26, 103.125.219.204, 45.87.43.154, 10cricofficial.com, justwatch.life, 195.16.44.75, advise-visual-playstation-closer.trycloudflare.com, 91.92.241.197, 6...
This cluster centers on 2141 connected domains tagged as GuLoader, NorthKorea, censys. The domains include 59.182.90.199, 91.80.129.100, 123.28.175.23, 120.61.247.2, 178.50.166.61, 113.168.249.76, 123.209.193.86, 113.165.6.38, 120.157.72.234, 171.235.194.253, 120.157.159.171, 37.142.77.163, 171.241.208.124, 120.157.229.220, 171.117.30.233, 91.80.136.9, 46.124.33.133, 46.124.40.3, 83.224.151.243, 88.86.246.233 and 2121 more. 596 of these domains have been flagged by threat intelligence feeds incl...
Details
Linked Company Activity
EQUIFAX, INC.
1 BBB complaint · Credit Cards] [Business: Equifax Impersonator] [Location: MD, USA- 21207]
BANK OF AMERICA, NATIONAL ASSOCIATION
175 BBB complaints
TRANSUNION INTERMEDIATE HOLDINGS, INC.
4 BBB complaints · Phishing] [Business: TransUnion Imposter Sc
JPMORGAN CHASE & CO.
16 BBB complaints
CAPITAL ONE FINANCIAL CORPORATION
161 BBB complaints
CITIBANK, N.A.
23 BBB complaints
Resurgent Capital Services L.P.
1 BBB complaint
WELLS FARGO & COMPANY
205 BBB complaints
AMERICAN EXPRESS COMPANY
105 BBB complaints
PNC Bank N.A.
22 BBB complaints
Connected Entities
Linked Companies
company
PENTAGON FEDERAL CREDIT UNION
campaign co-membercompanyCredit Services Corporation, LLC
campaign co-membercompanyIntegrity Group Inc
campaign co-membercompanyThe Bureaus, Inc.
campaign co-membercompanyDirect, Inc
campaign co-membercompanyEVERBANK, NATIONAL ASSOCIATION
campaign co-membercompanyCheckr, Inc
campaign co-membercompanyMOUNTAIN AMERICA FEDERAL CREDIT UNION
campaign co-membercompanyFuture Financial Inc.
campaign co-membercompanyReady Capital Corporation
campaign co-membercompanyREGIONS FINANCIAL CORPORATION
campaign co-membercompanyInformative LLC
campaign co-memberRelated Phone Numbers
phone
8557397810
campaign co-memberphone6782735206
campaign co-memberphone8882745552
campaign co-memberphone4092571942
campaign co-memberphone8884044504
campaign co-memberphone2603103075
campaign co-memberphone8446657222
campaign co-memberphone2233002233
campaign co-memberphone8967530024
campaign co-memberphone6055104392
campaign co-memberphone2289803131
campaign co-memberphone5162394413
campaign co-memberphone4046696656
campaign co-memberphone3486156058
campaign co-memberphone8888160224
campaign co-memberphone6503809008
campaign co-memberphone2542989940
campaign co-memberphone8472464299
campaign co-memberphone8502347642
campaign co-memberphone8704567472
campaign co-memberphone8883434868
campaign co-memberphone8444252554
campaign co-memberphone8559941841
campaign co-memberphone2678633473
campaign co-memberRelated Domains
domain
130.12.180.43
campaign co-memberdomainimplementing-theft-metal-justin.trycloudflare.com
campaign co-memberdomainstaying-heavily-meaning-blowing.trycloudflare.com
campaign co-memberdomaincreations-venture-traditional-stainless.trycloudflare.com
campaign co-memberdomain103.125.219.204
campaign co-memberdomain206.123.145.26
campaign co-memberdomainarilprivate.storexyz.web.id
campaign co-memberdomain14.236.182.73
campaign co-memberdomain83.224.162.132
campaign co-memberdomain123.31.81.229
campaign co-memberdomain120.157.56.105
campaign co-memberdomain113.176.132.141
campaign co-memberRelated Emails
email
saclaimingdpt@e-mail.ua
campaign co-memberemailvictor7@luckymail.com
campaign co-memberemailbsood@goodstart.org.au
campaign co-memberemailm0ercia1@yahoo.co.jp
campaign co-memberemailadmin@ibookingpms.com.br
campaign co-memberemailsupport@salesforce.com
campaign co-memberemail_reply@geico.com
campaign co-memberemailabuse@telus.com
campaign co-memberemailmailer-daemon@googlemail.com
campaign co-memberemailmem.....@....soft.com
campaign co-memberemailgeral@jogodigital.com
campaign co-memberemailaccount@microsoft.info
campaign co-memberCommunity Reports
Proton Suspended Journalist Accounts Citing Term of Service Violations **September 14, 2025** *By* [Alex Lekander](https://cyberinsider.com/author/alexlekander/) [https://cyberinsider.com/email/reviews/protonmail/](https://cyberinsider.com/email/reviews/protonmail/) Proton has come under fire for suspending accounts affiliated with Phrack, a long-running hacker publication, after the group published a detailed exposé on North Korean cyber-espionage operations. The suspension, which Proton attributed to terms of service violations, has ignited controversy over transparency, censorship, and the boundaries of responsible disclosure. Founded in 1985, Phrack is one of the oldest and most respected hacker zines in circulation. Over the decades, it has been a platform for both theoretical and practical research in infosec, often blurring the lines between underground and academic contributions. The Phrack article, titled APT Down: The North Korea Files, details a significant breach into systems allegedly operated by Kimsuky, a state-sponsored threat group linked to the North Korean regime. The release included source code, phishing infrastructure, backdoors, stolen credentials, and operational notes purportedly obtained from a Kimsuky-affiliated operator referred to as “KIM.” [According to Phrack](https://phrack.org/issues/72/7_md#article), the whistleblower behind the disclosure used Proton Mail accounts solely for the purpose of responsibly notifying affected South Korean institutions. The publication claims that these accounts were first suspended on August 15 and 16, after attempts to contact the Korea Internet & Security Agency (KISA), the Korea Computer Emergency Response Team (KrCERT), the Ministry of Unification, and other governmental bodies. **Phrack** Despite these efforts to disclose the breach, Proton disabled the accounts, citing concerns about potential damage to its service. In its initial response on social media, Proton stated: “We were alerted b
241 days ago6 upvotes
Share Your Experience
What's Your Exposure?
Know your risk exposure to this message with a Thorough Analysis. It returns a detailed report covering the complaint history, your data breach exposure, related scam entities, and risk signals tied to this email message. Check the box and enter your email address now.