Multiple Tech Support Scam 1-844-571-4233

FrankLee · 24 Sierpień 2019 23:12

Initial US Toll-Free Phone Number: 1-844-571-4233

Subsequent US Toll-Free number: 1-844-251-1647

Tech Prodigy LLC / CyberPCSecure.com / mypc9.com

Tech Support Scam - These Scammers seem very prolific, with multiple domains and numbers. For details of related numbers and domains please see this post:
http://scammer.info/d/23981-fake-tech-support-group-wit-at-least-8-different-phone-numbers-at-844-305-6556

* Scammers claimed to provide Gmail support when asked, and when given an email address said their “system” had detected my email and computer had been hacked(!)

* Scammers used www.supremocontrol.com to access and control my PC using Supremo 3 with ID: 121 342 350

* Scammers used msconfig to display normal stopped services and claimed this was evidence of a virus/hackers in my PC.

* Scammers used Event Viewer and claimed the normal warnings/errors were more evidence of a virus/hackers in my PC.

* Scammers used the following link to download and install Splashtop Streamer (a Remote Access Tool):
https://my.splashtop.com/team_deployment/download/PAXSWL7PKR3P
Network Support (owner: [email protected])
via
Splashtop_Streamer_Windows_DEPLOY_INSTALLER_v3.3.2.1_PAXSWL7PKR3P.exe
from
d1wwl9pgn04oi3.cloudfront.net

* Scammers installed a Windows Batch file named 'Network Firewall.bat' from this google drive URL: https://drive.google.com/file/d/15p_t06pb4ACeSf-BM14SzcusrYWCu6Qq/view - The only function of this batch file is to clear the event viewer, presumably to deceive me that they had fixed my non-existent virus/hacking problem.

* Scammers downloaded a PDF 'receipt' from the following google drive URL:
https://drive.google.com/file/d/1dtBFHYv4Px066Y3d3c5y_fLX4Zh7pkbN/view (image copy here: https://gyazo.com/a267feca778d92790e729fa5587b1974 ) - The file identifies my Scammers as 'Tech Prodigy', however their email address is: [email protected] ).

* Scammers attempted to create an eCheque of $ 310, made payable to 'Tech Prodigy LLC' for their 'services', using the following URL: https://portal.seamlesschex.com/#/checkout/c07d5390-18d6-11e8-93ac-93e41943afa8/ebd193c0-caf2-11e7-b17f-550f6122b43c/0/0 and with the originating email address [email protected]

* Scammers created a phone number on my taskbar, of the callback Toll-Free number: 1-844-251-1647.

I have Video/Audio, IP logs and keylogger evidence of the entire Scam in progress on my Virtual Machine. This attempted fraud is being reported to all relevant authorities and software/service providers.

BobRTC link: https://bobrtc.live/phonebook/dial/18445714233

When the Scammers finished, they covertly left Splashtop Streamer installed without my permission, most likely to use my PC as an unwitting proxy for continued criminal activity. To aid them in that activity they installed the following domains into my System 32 hosts file:

0.0.0.0 www.proxysite.com 0.0.0.0 www.proxysite.com 0.0.0.0 www.filterbypass.me 0.0.0.0 www.filterbypass.me 0.0.0.0 www.proxfree.com 0.0.0.0 www.hide.me 0.0.0.0 www.hide.me/en/proxy 0.0.0.0 www.zend2.com 0.0.0.0 www.free-proxyserver.com 0.0.0.0 www.kproxy.com 0.0.0.0 www.moneygram.com/us/en/send-money 0.0.0.0 www.global.moneygram.com/india-en 0.0.0.0 www.xoom.com/india/send-money 0.0.0.0 www.xoom.com/united-kingdom/send-money 0.0.0.0 www.xoom.com/philippines/send-money 0.0.0.0 www.ammyy.com 0.0.0.0 www.ammyy.com/AA_v3.exe 0.0.0.0 www.teamviewer.com 0.0.0.0 www.download.teamviewer.com 0.0.0.0 www.showmypc.com 0.0.0.0 www.join.me 0.0.0.0 www.anydesk.it 0.0.0.0 www.anydesk.de 0.0.0.0 www.anydesk.fr 0.0.0.0 www.anydesk.pt 0.0.0.0 www.anydesk.com 0.0.0.0 anydesk.com 0.0.0.0 www.remotedesktopmanager.com 0.0.0.0 www.anyplace-control.com 0.0.0.0 www.webex.co.in 0.0.0.0 www.realvnc.com 0.0.0.0 www.deskroll.com 0.0.0.0 www.spotdox.com 0.0.0.0 www.skyfex.com 0.0.0.0 www.webex.com 0.0.0.0 www.2x.com 0.0.0.0 www.gg.gg/02026 0.0.0.0 www.gg.gg/02024 0.0.0.0 www.gg.gg/02023 0.0.0.0 www.gg.gg/02022 0.0.0.0 www.tightvnc.com 0.0.0.0 www.uvnc.com 0.0.0.0 www.fastsupport.com 0.0.0.0 www.supremocontrol.com 0.0.0.0 www.joingotomeeting.com 0.0.0.0 www.gotomeeting.in 0.0.0.0 www.gotoassist.com/remote-support 0.0.0.0 www.gotoassist.me/ds/gotoassistme.tmpl 0.0.0.0 www.remotepc.com 0.0.0.0 www.gotomypc.com 0.0.0.0 www.remotepc.net 0.0.0.0 www.rdesktop.org 0.0.0.0 www.mikogo.com 0.0.0.0 www.radmin.com 0.0.0.0 www.fastviewer.com 0.0.0.0 www.beanywhere.com 0.0.0.0 www.zoho.com 0.0.0.0 www.bomgar.com 0.0.0.0 www.filehippo.com/download_anydesk 0.0.0.0 www.beanywhere.com 0.0.0.0 www.aeroadmin.com 0.0.0.0 www.fastsupport.com 0.0.0.0 www.support.me 0.0.0.0 www.secure.logmein.com 0.0.0.0 www.logmein123.com 0.0.0.0 www.logmein.com 0.0.0.0 www.logmeinrescue.com 0.0.0.0 secure.logmeinrescue.com 0.0.0.0 proxysite.com 0.0.0.0 proxysite.com 0.0.0.0 filterbypass.me 0.0.0.0 filterbypass.me 0.0.0.0 proxfree.com 0.0.0.0 hide.me 0.0.0.0 hide.me/en/proxy 0.0.0.0 zend2.com 0.0.0.0 free-proxyserver.com 0.0.0.0 kproxy.com 0.0.0.0 moneygram.com 0.0.0.0 moneygram.com/us 0.0.0.0 moneygram.co.uk 0.0.0.0 westernunion.com 0.0.0.0 westernunion.co.uk 0.0.0.0 global.moneygram.com 0.0.0.0 xoom.com 0.0.0.0 moneygram.com/us/en/send-money 0.0.0.0 global.moneygram.com/india-en 0.0.0.0 xoom.com/india/send-money 0.0.0.0 xoom.com/united-kingdom/send-money 0.0.0.0 xoom.com/philippines/send-money 0.0.0.0 ammyy.com 0.0.0.0 ammyy.com/AA_v3.exe 0.0.0.0 teamviewer.com 0.0.0.0 download.teamviewer.com 0.0.0.0 showmypc.com 0.0.0.0 join.me 0.0.0.0 anydesk.it 0.0.0.0 anydesk.de 0.0.0.0 anydesk.fr 0.0.0.0 anydesk.pt 0.0.0.0 remotedesktopmanager.com 0.0.0.0 anyplace-control.com 0.0.0.0 webex.co.in 0.0.0.0 realvnc.com 0.0.0.0 deskroll.com 0.0.0.0 spotdox.com 0.0.0.0 skyfex.com 0.0.0.0 webex.com 0.0.0.0 2x.com 0.0.0.0 gg.gg/02026 0.0.0.0 gg.gg/02024 0.0.0.0 gg.gg/02023 0.0.0.0 gg.gg/02022 0.0.0.0 tightvnc.com 0.0.0.0 uvnc.com 0.0.0.0 fastsupport.com 0.0.0.0 supremocontrol.com 0.0.0.0 joingotomeeting.com 0.0.0.0 gotomeeting.in 0.0.0.0 gotoassist.com/remote-support 0.0.0.0 gotoassist.me/ds/gotoassistme.tmpl 0.0.0.0 remotepc.com 0.0.0.0 gotomypc.com 0.0.0.0 remotepc.net 0.0.0.0 rdesktop.org 0.0.0.0 mikogo.com 0.0.0.0 radmin.com 0.0.0.0 fastviewer.com 0.0.0.0 beanywhere.com 0.0.0.0 zoho.com 0.0.0.0 bomgar.com 0.0.0.0 filehippo.com/download_anydesk 0.0.0.0 beanywhere.com 0.0.0.0 aeroadmin.com 0.0.0.0 fastsupport.com 0.0.0.0 support.me 0.0.0.0 secure.logmein.com 0.0.0.0 logmein123.com 0.0.0.0 logmein.com 0.0.0.0 logmeinrescue.com 0.0.0.0 secure.logmeinrescue.com 0.0.0.0 www.anydesk.com 0.0.0.0 www.remote123.co.uk 0.0.0.0 www.remote123.tk 0.0.0.0 www.bit.do/548 0.0.0.0 help36.com 0.0.0.0 alpemix.com 0.0.0.0 fastsupport.gotoassist.com

ezra · 24 Sierpień 2019 23:48

Hey, call flooded the number and got it taken down!

Thanks for the info btw.

FrankLee · 25 Sierpień 2019 00:00

A simple google search of the original number found this pinterest page, which gives you a good idea of what they have been up to! https://www.pinterest.co.uk/pin/603552787537143937/?lp=true

TheCEoHN · 25 Sierpień 2019 04:15

time for revenge:

https://bobrtc.live/phonebook/dial/18006746369

https://bobrtc.live/phonebook/dial/18445714233

https://bobrtc.live/phonebook/dial/18443135022

https://bobrtc.live/phonebook/dial/18443056556

https://bobrtc.live/phonebook/dial/18448914883

https://bobrtc.live/phonebook/dial/18885610110

Also see this updated post about his group:
http://scammer.info/d/24182-huge-tech-support-with-over15-telphone-numbers

TheCEoHN · 26 Sierpień 2019 17:49

a few more of them have been added

https://bobrtc.live/phonebook/dial/18552018682

https://bobrtc.live/phonebook/dial/18777150111

https://bobrtc.live/phonebook/dial/18448914813

https://bobrtc.live/phonebook/dial/18005131434

drwat · 31 Grudzień 2019 02:56

mcafeecom.net

Mcafee Phone Number 1-844-571-4233

For months this site was controlled by Monika Rawat aka DigitalMonika

a scammer fro Delhi

Now I think this number belongs to ROKU scammers

Cyberlytical · 24 Marzec 2021 20:53

Same Number found here: http://scammer.info/d/48153-amazon-code-activation-scam