The US Treasury Department has approved a Philippines -based company Funonul technology, supporting hundreds of thousands of malicious websites behind the cyber scams of more than $ 200 million for Americans.
Funnel bought an IP address from various cloud service providers in bulk and facilitated virtual currency investment scam (also known as romance batting and pig but butcher). The company sold these IP addresses and hosting services to cyber criminal, so that they could host malicious websites.
The criminals behind the Pig butcher scam contact the victims through dating sites, social media and messaging apps, build trusts and attract victims in fake investment plans. However, instead of investing, the fraudsters controlled it, stealing their money that they control.
The company uses domain generation algorithms (DGAS) to generate several unique domain names and also provides cyber criminal with web design templates that transplant reliable brands. This helps them quickly switch IP addresses and domains.
“Funnull FBI is associated with the majority of the informed virtual currency investment scam websites. The US-based victims of these scams have reported a loss of more than $ 200 million, with an average loss of more than $ 150,000 per person,” Ofac said On Thursday.
Foreign Property Control (OFAC) of the Treasury’s office also banned Liu Lizi, a Chinese citizen, who worked as a administrator of Funnelul and managed the company’s employees, monitoring their performance and work progress.
Following these sanctions, citizens and organizations in the United States have been banned from transacting with Fannul and Lizhi. All their American assets will also be frozen, while foreign institutions involved in financial institutions and transactions with them may also face punishment.
Funny indicators of compromise
Today, FBI has also published Flash alert With more information, with technical details about IP addresses and domains of the part of Cyber Scam Infrastructure of Funonul.
“Since January 2025, the FBI has identified 548 unique funnel canonical names (CNAME) associated with more than 332,000 unique domains. In April 2025, a sample of eight domains was analyzed.
“Between October 2023 and April 2025, several patterns of IP address activity were seen using funnelul infrastructure from multiple domains. During this time limit, hundreds of domains using funnel infrastructure became migrated from one IP address to another in the same precise day or at the same time.”
As the FBI disclosed last month, Cyber Criminal stole a record of $ 16,6 billion from Americans in 2024, losing to more than $ 6.5 billion investment scams, marking a huge increase in loss of more than 33% compared to the previous year.
Based on the analysis of 14M malicious tasks, search for the top 10 MITERAT & CK techniques behind the 93% attacks and how to defend them against them.
