Scammer unfortunately got a family member

(1st) +1 866-600-9192
[email protected]

(2nd) (916)-755-6877

TLDR: a family member was having 3rd partied password issues, looked up “exfinity” clicked on the first link, called “(1st) Number” gave email, address, phone number and, credit card info. got scammed for a “WI-FI Booster” for $147.58, plus has been getting spam texts from “(2nd) Number”.

Do what you guys do best, Thanks.

4 Likes

866 using typical hold music. No answer apparently they’re all busy allegedly scamming and I need to leave a message at the tone (of course, I didn’t and simply hung up like usually).

In regards to the 916 number, it says it’s no longer in service.

2 Likes

I’ve left a few messages from a few different numbers. I’m waiting for a call back

1 Like

aka Contacts – Internet Cable Links

Domain name: cablenetlinks.com
Registry Domain ID: 2480805009_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com

Registrar: NAMECHEAP INC
Name Server: dns1.namecheaphosting.com
Name Server: dns2.namecheaphosting.com
DNSSEC: unsigned


Subdomains:

cablenetlinks.com,23.227.38.65
oldweb.cablenetlinks.com,198.54.120.162
mail.cablenetlinks.com,198.54.120.162
www.oldweb.cablenetlinks.com,198.54.120.162
www.oldback.cablenetlinks.com,198.54.120.162
oldback.cablenetlinks.com,198.54.120.162


Complete subdomain list:

oldweb.cablenetlinks.com
www.cablenetlinks.com
cpcontacts.oldback.cablenetlinks.com
cpcalendars.oldback.cablenetlinks.com
cpanel.cablenetlinks.com
www.oldweb.cablenetlinks.com
oldback.cablenetlinks.com
whm.cablenetlinks.com
webdisk.cablenetlinks.com
cpcontacts.cablenetlinks.com
whm.oldback.cablenetlinks.com
cpcalendars.oldweb.cablenetlinks.com
autoconfig.oldback.cablenetlinks.com
cpcalendars.cablenetlinks.com
autoconfig.cablenetlinks.com
whm.oldweb.cablenetlinks.com
cpanel.oldback.cablenetlinks.com
mail.cablenetlinks.com
ftp.cablenetlinks.com
cablenetlinks.com
autodiscover.cablenetlinks.com
autoconfig.oldweb.cablenetlinks.com
webmail.cablenetlinks.com
cpcontacts.oldweb.cablenetlinks.com
webdisk.oldback.cablenetlinks.com

Portscsan:


https://cablenetlinks.com/robots.txt //robots.txt file - contains a fair amount


| CVE | Summary | Affected Software

| [+] CVE-2018-16487 | A prototype pollution vulnerability was found in lodash| Lodash 4.5.1 |

| [+] CVE-2021-23337 | Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function. | Lodash 4.5.1 |

| [+] CVE-2019-10744 | Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload. | Lodash 4.5.1 |

| [+] CVE-2020-8203 | Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20. | Lodash 4.5.1 |

| [+] CVE-2020-28500 | Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions. | Lodash 4.5.1 |

| [+] CVE-2015-9251 | jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. | jQuery 1.10.2 |

| [+] CVE-2019-11358 | jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. | jQuery 1.10.2 |

| [+] CVE-2020-11022 | In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. | jQuery 1.10.2 |

| [+] CVE-2020-11023 | In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. | jQuery 1.10.2 |

Anyway, if I find more, I’ll hit this thread up <3

This is somewhat bigger than I was expecting, expect a post in a few hours.

Owner Info
Owner: Haider Jafri
Owner of 2 companies, both fraudulent.

Company 1: Cable Net Links
Website: https://cablenetlinks.com/
^ Was attacked back in 2020 - Zone-Xsec - Defacement Details of cablenetlinks.com
Filed on: 2020/04/29
Registered office address: 9513 Coney Island Cir, Elk Grove, CA 95758-3646

Company 2: Auto Parts Now
Website(s):
https://autopartsnow.us - Main
A whois search brings out further leads,
Registered by: Vinage Auto Parts Inc
Address: 3646 Crowberry way, Euless, Texas
Email: [email protected]
(More on this ^ later)
https://autopartsnowllc.com/ - LLC Site
Filed on: 2019/06/17
Registered office address: 716 Northfield Dr Unit F Sacramento, CA 95833-2433

They have a few complaints online: https://www.bbb.org/us/ca/elk-grove/profile/used-auto-parts/auto-parts-now-llc-1156-90047232/customer-reviews
And something fishy going on here:

Company 2.1: Vinage Auto Parts
This was discovered in the whois records of autopartsnow.us
Website: http://www.vinageautoparts.com/ - No longer exists
Nothing too interesting in the whois records, though it uses GoDaddy
Address: 3646 Crowberry way, Euless, Texas
Email: [email protected]

Again, has a few bad reviews:
https://www.bbb.org/us/tx/houston/profile/auto-parts/vinage-auto-parts-inc-0915-90056123
^ From here click the button labelled “Read Complaints”, direct link is a 404
VinAge Auto Parts Reviews, Complaints, Customer Service

That’s enough for now. I’ll be back with more later, looking more into the people aspect

Man. On it!

They got me for this one. I’m really nervous because they have my social security number too. :frowning:

2 Likes

internetcablelinks.com 866-600-9192, 888-208-4759
cableinternethub.com 866-600-9192, 888-685-2068

Both domains are by the same registrant:
Registrant Name: Shamshair Ali
Registrant Organization: Bit Links Tech Pvt Ltd
Registrant Street: 33 MB Floor Zainab tower Link road Model town
Registrant City: Lahore
Registrant State/Province: Punjab
Registrant Postal Code: 54700
Registrant Country: PK
Registrant Phone: +92.03235257679

Bit Links Tech Pvt Ltd

1 Like

Since when Punjab is in Pakistan :blush:

1 Like

Before 1947 there was one nation India which had Punjab state. India got divided to present India and Pakistan. Punjab got divided. One part in India side and one in Pakistan side

1 Like

I have the carrier information. I will email the carriers and let them know that this scam was a tech support scam.


Let’s hope the numbers go down
Numbers have been reported. Unfortunately the number (225) 327-7773, which was reported to both Enflick and Sinch, does not belong to Enflick, who owns TextNow. 7773 is NOT a TextNow registered number. So, to our conclusion for this number, chances are that it most likely belongs to Sinch.

2 Likes

First off, I’m sorry about your family member being scammed. :=(

Second, I don’t know if anyone welcomed you yet, so welcome!

1 Like

Hi @Simple.Man welcome to the club! We are sorry to hear that a scammer stole from a family member. If there is anything you need, please let us know here.

1 Like

@Simple.Man if you haven’t already tried, have they disputed the charges with their bank/PayPal/other payment method?