Scam Number: +1 (863) 614-0959
Scammer’s Website or Email:
Additional information about this scam: Norton Life Lock Refund Scam
2 Likes
Carrier: Skype
Network: Lumen/Level 3
Call Center Location: India 
Answers as: “Norton”
Technician: “Jacob”
Remote Access Software: ConnectWise from pjhelp.top (Nickname: “Norton Portal”/“Cancellation Server” IP: 172.67.144.156 
), an iFrame of m3699.molatorister.cyou:8443/guest (IP: 176.97.122.246 
) or AnyDesk (Address: 1533694576/HP, Password: norton1234)
Once remotely connected to my virtual machine, the incredibly-impatient “Jacob” asked me to go to pjhelp.top, which I refused, before they then asked me to set a password.
- I was then asked to fill out a “Norton refund form” and log into my nonexistent bank account. But since I don’t do online banking, I was asked to call my bank but I refused as they were on “holiday.”
- As they then refused to “suppoat,” I played them the bhenchod song.
3 Likes
What is this showing? Is this the address of the scammer?
1 Like
No, this is a link to the scammers’ ConnectWise download page, which is masked as an iFrame on a completely separate website.
1 Like
Ah… well, I found it that identical address in a client.exe on my fathers machine. Guy made him install anydesk, and saw him go to pjhelp.top in the history. Guess this is the guy who got him.
Scammer managed to get 50k out of him.
1 Like
i guess there is no way to track their origin IP?
2 Likes
We could if we were able to reverse the remote access connections, but I currently lack the ability to do so when the scammers use ConnectWise.