A sweeping investigation conducted jointly by the Associated Press and FRONTLINE drew on tens of thousands of leaked documents, videos, and photos from scam centers, along with an in-depth analysis of how artificial intelligence is being misused at those facilities. The project also involved a close look at more than 200,000 internet connections made by devices at four scam compounds in Myanmar — all of which have been tied to entities under U.S. government sanctions. Researchers also spoke with 58 people who were defrauded and roughly three dozen individuals who worked at scam operations, representing 19 countries in total.
The AP examined a specific sample of 202,013 device connections traced to those four Myanmar compounds. The data used in the analysis was commercially available advertising technology data obtained by International Justice Mission, an anti-trafficking nonprofit organization, which then shared it with the AP. The data covers several time windows between February 2025 and January 2026.
Every entry in the dataset recorded a device’s physical location coordinates along with its IP address. The AP used a database from Scamalytics, a company specializing in fraud prevention, to determine which internet service providers were assigned those IP addresses. When results were unclear or conflicting, the AP defaulted to the information provided by Scamalytics.
This approach made it possible to pinpoint not only where internet traffic was physically originating, but also which companies were profiting by providing hosting services for it. The dataset was further analyzed using risk indicators from Scamalytics, which draws on several open-source blacklists — including those maintained by Firehol, IP2ProxyLite, IPSum, Spamhaus, and X4Bnet Spambot — as well as Scamalytics’ own scoring system based on fraud reports and internal analysis. Those scores reflect potential risk and are not proof of confirmed fraud.
Reporters note several important limitations. The dataset only captures devices that had geolocation enabled, meaning the actual internet infrastructure supporting these compounds is likely far more extensive than what the data reflects. Additionally, Spur Intelligence Corporation, a cybersecurity firm, reviewed the data and flagged instances of ad fraud. The AP removed those known cases from its analysis, though additional undetected instances may remain.
Telecommunications firms and internet service providers can serve scam operations in multiple ways — providing basic internet access, hosting fraudulent websites like fake cryptocurrency platforms or counterfeit shopping sites, enabling VPN or proxy services to hide real locations, or simply routing internet traffic. While patterns in the data may point toward certain uses, the commercially available data alone cannot support definitive conclusions.
The four compounds where devices were geolocated are: Tai Chang, Deko Park, KK Park, and a newly identified compound near Hpakalu, Myanmar.
KK Park, like many scam operations along the Thai border, operates under the protection of the Karen Border Guard Force — also referred to as the Karen National Army, or KNA — an armed militia composed of ethnic Karen people from eastern Myanmar that is affiliated with Myanmar’s military, according to U.S. and European government sanctions documents. In May 2025, the U.S. Treasury designated the KNA as a transnational criminal organization, pointing to its role in enabling cyberscams targeting Americans and facilitating human trafficking. Treasury’s Office of Foreign Assets Control stated the KNA provided security at KK Park and profited from scam activities by leasing land to criminal groups. Myanmar’s military government launched a high-profile demolition effort against KK Park in October 2025, causing scammers to disperse — including to the emerging site near Hpakalu. The International Justice Mission found that some devices active at KK Park just before the raids later showed activity at the Hpakalu location in January 2026.
Deko Park and Tai Chang are situated in territory controlled by the Democratic Karen Benevolent Army, known as the DKBA. The U.S. Treasury Department sanctioned the DKBA in November 2025, citing its support for cyberscam centers, including the Tai Chang compound, where survivors of trafficking have reported being tortured and beaten by DKBA soldiers.
The AP also confirmed satellite imagery of 25 newly identified scam compounds in Myanmar, flagged by International Justice Mission, that have either appeared or expanded considerably since the October 2025 crackdown on KK Park and similar sites. The AP reviewed a sample of device activity at these locations between March 1, 2026, and June 1, 2026. At least 13 of those compounds showed connections using Starlink IP addresses. That data represents only a sample and may not capture all Starlink activity at those sites.
The AP provided detailed information about the timing and location of device connections to every company referenced in the investigation.
This investigation is part of a continuing collaboration between the Associated Press and FRONTLINE on PBS, which includes an upcoming documentary.
