Scam Number: 802-503-3799
Scammer’s Website or Email: Text
Additional information about this scam:
إعجابَين (2)
8025033799 Kevin
إعجاب واحد (1)
There are children in the background
Carrier: T-Mobile
Hold Music: Indian folk music
Call Center Location: An apartment in Kolkata, West Bengal, India 
Status: Only accepts calls from mobile numbers, otherwise fake busy
Answers as: “PayPal”
Technician: “Sean”
Falsely Claims: IP address hacked by @JimBrowning11 and Pierogi
Remote Access Software: Alpemix from globalwebcenter.org (IP: 84.32.84.236 
, 908842674) and ConnectWise from bestcontrol.ctrl421.ru (Username: Vicary), or AnyDesk
Once remotely connected to my virtual machine, the “manager” proceeded to download ConnectWise from bestcontrol.ctrl421.ru on the grounds of “connecting” to the “secure server.”
- The “Manager” then blanked my screen and viewed my browser history before refusing to “suppoat,” instead telling me to “go somewhere else.”
globalwebcenter.org has been active since December 17, 2024, and lists the following options to “connect with” the “Secure Server:”
- Alpemix (dubbed “Alpha Community”)
- UltraViewer (dubbed “Ultra Vision”)
- SupRemo (dubbed “Supreme Community”)
- AweSun (dubbed “Awesome Vision”)
The scammers also list several ConnectWise domains as “Secure AI Servers,” including:
- sp7help.top (dubbed "Secure Artificial Intelligence)
- gh2hehp.top (dubbed “Total Secure Artificial Intelligence”)
- tfccare.help (dubbed “ScreenConnect Artificial Intelligence”)
The scammers also use JotForm for their fake cancellation form.
إعجاب واحد (1)
Again great research @OfclyGoodenough
إعجاب واحد (1)
I called once more and the chod wanted me to withdraw all but $200 from my account as it’s a “case of identity theft,” and he wanted me to send a photo of my driver’s license to his personal GoTextMe line (415) 787-9761. I tried sending him an IP grabber on the grounds that my phone cannot support MMS (which has actually happened before), and he responded by calling me an “ass-fucking liar” that didn’t withdraw $9,000, despite the fact that I told him my fake bank account had $8,200.
I was then asked to go to a nearby Best Buy to purchase $500 Apple gift cards, as the chod I spoke to claimed to be from “Apple Best Buy” before blocking my Google Voice line and claiming he scams together with his brothers Pierogi and @JimBrowning11, and that they will put me back into my mother’s womb.
إعجاب واحد (1)
I got ahold of “Shawn” once more and he put me on hold as I was giving him the AnyDesk number. I believe he was also attempting to get OTPs.
إعجاب واحد (1)
“Shawn” was unable to connect to my AnyDesk on the grounds of me giving the “wrong number,”
إعجاب واحد (1)
The site calls the endpoint “https://noderepo-jdi5.onrender.com/phone/getPhoneNumber ”, which returns with a JSON payload which contains a phone number “(800) 525-1849” - this is then stored to site local storage. Wondering whether this means they can easily rotate numbers from a db?
إعجاب واحد (1)
Still active, “Harry” answered as the “cancellation team” and wants me to use QuickAssist, ScreenLeap and ConnectWise from sys140.net, an iFrame of sup2.bkdx308.ru (Code: KN9113, User: hdrm1)
In this case, I was asked to fill out a “PayPal Cancellation and Refund Request Form” and log into my nonexistent bank account.
- Since I don’t do online banking, “Harry” transferred the call to his supervisor, “Levi,” who wanted me to log into my nonexistent bank account before refusing to “suppoat” and blanking my screen whilst attempting to view my webcam to no avail.
On a more positive note, their Jotform was taken offline
إعجاب واحد (1)
I called once more, chod answered as Apple and falsely claimed the purchase was made in El Paso, Texas before refusing to “suppoat” when I downloaded UltraViewer
إعجاب واحد (1)
Google form taken down 
إعجاب واحد (1)