Tech Suppoat Numbers 7-24-19

888-547-4642

Link: https://hukeh.club/5sliy94n/jals1ana/e5v6a2mw76/?p_n=%201%20(888)%20547%204642


888-623-6909

Link: http://45.76.245.198/1xxdsfdsafsdfsdfdsfsdfdsfsfsdfsdfs/


Neither of these numbers work.

877-382-6641

Link: http://studpoint.gq/dasdadasdawe212321sdsAx/


877-378-9630

Link: http://studpoint.cf/dasdadasdawe212321sdsAx/


888-886-6018

Link: https://adultsexvedios.site/CH_asdasqweq2/?sou=2EUbV9hJAYgII4KKu7HOP2rZ0ipNpiGP2rZxEZrHSmD6gf8wZZ3yu4K2EsSJHDxqvpPoLs8fv6zzm5OdT4iF6pQ5tH57HyllXZKHZP2rZc02TP2rZsipy&subid=9_196910_


888-876-5058

Link: http://165.227.10.220/malware-win-chx/?phone=+1-(888)-876-5058&


833-272-0272

Link: http://grpfont-webtekerr21x.site/ce22z/tsks/deskrer/chmx/


@JoeHimself5#100974 So far on 888 547 4642 its down and dialtone

@JoeHimself5#100978 Down and dead with dialtone

@JoeHimself5#101014 Calling now… “Sorry the number you have dialed has been disconnected”

@JoeHimself5#101029

DATA DUMP: I have not mapped out all the domains yet, however I will attempt to do so before the end of the month. Other things taking presidence over this file currently. I want you all to notice how in the sections I have mapped it goes back to "randy maugins is a " The same site is seen connected to craigslist posts in the computer section and many other bot networks and malware distribution networks.

TECH SUPPORT SCAM PAGE FOR THE PURPOSE OF ECONOMIC TERRORISM AND EXTORTION.
7252019 data collection date
Screen captures of the live attack
https://ibb.co/7QKPWqj
https://ibb.co/m6fwFTc
https://ibb.co/Ns4yF2X

DELIVERY LINK:
https://adultsexvedios.site/CH_asdasqweq2/?sou=2EUbV9hJAYgII4KKu7HOP2rZ0ipNpiGP2rZxEZrHSmD6gf8wZZ3yu4K2EsSJHDxqvpPoLs8fv6zzm5OdT4iF6pQ5tH57HyllXZKHZP2rZc02TP2rZsipy&subid=9_196910_

Site:
adultsexvedios.site <--Godaddy controlled
Registrant Name: Mark Epperson
Registrant Organization:
Registrant Street: 445 hamilton ave
Registrant City: Whiteplains
Registrant State/Province: New York
Registrant Postal Code: 10530
Registrant Country: US
Registrant Phone: +1.3238632609
Registrant Email: [email protected]
Scondary email: [email protected]
Via Trace Route: 167.71.131.37 <-- Digital Ocean Controlled
Serving IP is the same:
THERE IS THE BOT NET, NOTE THE GREEN NODE, THE PURPLE NODE, AND "RANDY MUAGINS" IS INVOLVED AGAIN! Goes back to craigslist posts, again.
TC: https://www.threatcrowd.org/domain.php?domain=adultsexvedios.site
TCSC: https://ibb.co/MCzK9jD
FIRST MALWARE NODE: ddos bot is used and connected
TC: https://www.threatcrowd.org/malware.php?md5=419dc41f96b8ad29f895f3d80978803a
TCSC: https://ibb.co/XSdXJqM
FIRST GREEN NODE:
TC: https://www.threatcrowd.org/ip.php?ip=192.42.116.41
TCSC: https://ibb.co/dpRnyfF

ALL LINKS TO FILES ON WEB DIRECTORY VISIBLE:
https://adultsexvedios.site/CH_asdasqweq2/style.css
https://adultsexvedios.site/CH_asdasqweq2/3.png
https://adultsexvedios.site/CH_asdasqweq2/btns.png
https://adultsexvedios.site/CH_asdasqweq2/win_logo.jpg
https://code.jquery.com/ui/1.12.1/jquery-ui.min.js
https://code.jquery.com/jquery-2.2.4.min.js
https://d10lpsik1i8c69.cloudfront.net/css/reset.css
https://d10lpsik1i8c69.cloudfront.net/graphics/blink_green.png
https://d10lpsik1i8c69.cloudfront.net/graphics/logo-light.png
https://d10lpsik1i8c69.cloudfront.net/graphics/sound-on-white.png
https://d10lpsik1i8c69.cloudfront.net/w.js
https://adultsexvedios.site/CH_asdasqweq2/err.mp3
https://d10lpsik1i8c69.cloudfront.net/js/clickstream.js?v=f81bef2
blob:https://adultsexvedios.site/6ff0f969-7247-4751-9577-24d4ba8ed1a5
blob:https://adultsexvedios.site/b8913aa4-1e3f-4e99-81dc-63de0c1ecfdf

DATA COMPILED ON OWNER: This may be bot netted as well, will build data soon!
[email protected]
There are 5 domains that matched this search query.
These are listed below:
Domain Name Creation Date Registrar
hotbeauty.us 2019-07-05 GODADDY.COM, INC.
hotgallery.us 2019-07-05 GODADDY.COM, INC.
hotimages.us 2019-07-05 GODADDY.COM, INC.
hotvedios.us 2019-07-05 GODADDY.COM, INC.
onlinefun.us 2019-07-05 GODADDY.COM, INC.

all sites under name
Mark Epperson
There are 63 domains that matched this search query.
These are listed below:
Domain Name Creation Date Registrar
2017audia4.com 2016-03-19 GODADDY.COM, LLC
arumc.com 2002-11-27 GOOGLE INC.
arumc.net 2002-11-27 GOOGLE INC.
arumc.org 1999-01-25 GOOGLE INC.
autostylemiami.com 2014-01-24 GODADDY.COM, LLC
bestcarsinflorida.com 2011-10-06 GODADDY.COM, LLC
bestcarsinmiami.com 2011-10-06 GODADDY.COM, LLC
bradfordfalls.org 2010-02-25 TUCOWS INC.
browardcardeals.com 2011-10-06 GODADDY.COM, LLC
cardealersinhollywood.com 2012-04-27 GODADDY.COM, LLC
carsforsaleftlauderdale.com 2012-05-03 GODADDY.COM, LLC
carsforsaleftlauderdale.info 2012-05-03 GODADDY.COM, LLC
finefloridacars.com 2012-04-27 GODADDY.COM, LLC
floridafinecardeals.com 2011-10-06 GODADDY.COM, LLC
floridafinecarfl.com 2014-01-24 GODADDY.COM, LLC
floridafinecars.info 2014-01-24 GODADDY.COM, LLC
floridafinecars.net 2014-01-24 GODADDY.COM, LLC
floridafinecars.org 2014-01-24 GODADDY.COM, LLC
floridafinecars.us 2014-01-24 GODADDY.COM, INC.
floridafinecarsfl.com 2014-01-24 GODADDY.COM, LLC
floridafinecarsmiami.com 2014-01-24 GODADDY.COM, LLC
floridausedcars.us 2011-10-06 GODADDY.COM, INC.
fortlauderdaleusedcardealers.com 2012-04-27 GODADDY.COM, LLC
hollywoodusedcardealers.com 2012-04-27 GODADDY.COM, LLC
hotbeauty.us 2019-07-05 GODADDY.COM, INC.
hotgallery.us 2019-07-05 GODADDY.COM, INC.
hotimages.us 2019-07-05 GODADDY.COM, INC.
hotvedios.us 2019-07-05 GODADDY.COM, INC.
ibookaccount.com 2015-11-04 GODADDY.COM, LLC
luxurycarsinflorida.com 2012-04-27 GODADDY.COM, LLC
miamicardeals.com 2011-10-06 GODADDY.COM, LLC
miamiusedcars.info 2012-05-03 GODADDY.COM, LLC
miamiusedcars.mobi 2012-05-03 GODADDY.COM, LLC
michaelsautosale.com 2011-10-06 GODADDY.COM, LLC
michaelsautosales.info 2012-05-03 GODADDY.COM, LLC
michaelsautosales.mobi 2012-05-03 GODADDY.COM, LLC
michaelsautosales.org 2012-05-03 GODADDY.COM, LLC
michaelsautosalesfl.com 2013-01-29 GODADDY.COM, LLC
michaelsautosalesfl.info 2014-01-24 GODADDY.COM, LLC
michaelsautosalesfl.org 2014-01-24 GODADDY.COM, LLC
michaelsusedautos.com 2011-10-06 GODADDY.COM, LLC
myarumc.org 2012-10-02 GOOGLE INC.
off-lease-cars.com 2014-01-24 GODADDY.COM, LLC
offleaseonly.co 2014-01-24 GODADDY.COM, INC.
offleaseonly.info 2014-01-24 GODADDY.COM, LLC
offleaseonlycars.info 2012-05-03 GODADDY.COM, LLC
offleaseonlyflorida.com 2014-01-24 GODADDY.COM, LLC
onlinefun.us 2019-07-05 GODADDY.COM, INC.
usedcarrosmiami.com 2014-01-24 GODADDY.COM, LLC
usedcarsforsaleinhollywood.com 2012-05-03 GODADDY.COM, LLC
usedcarsforsaleinhollywood.info 2012-05-03 GODADDY.COM, LLC
usedcarshollywoodfl.com 2012-05-03 GODADDY.COM, LLC
usedcarshollywoodfl.info 2012-05-03 GODADDY.COM, LLC
usedcarsinfortlauderdale.com 2012-05-03 GODADDY.COM, LLC
usedcarsinfortlauderdale.info 2012-05-03 GODADDY.COM, LLC
usedcarsinhollywood.com 2011-10-06 GODADDY.COM, LLC
usedcarsinmiami.mobi 2012-05-03 GODADDY.COM, LLC
usedinfinityg.info 2012-05-03 GODADDY.COM, LLC
usedinfinityg35.info 2012-05-03 GODADDY.COM, LLC
usednissanaltimainmiami.com 2012-04-27 GODADDY.COM, LLC
usedtoyotacamryhollywood.com 2012-05-03 GODADDY.COM, LLC
usedtoyotacamryhollywood.info 2012-05-03 GODADDY.COM, LLC
usedtoyotacamrymiami.info 2012-05-03 GODADDY.COM, LLC

@FLAGRUM#101147 Looks like they may be ddosing their targets to enforce the “your compooter is full of WIRUSES” part of their scripts.

I actually ran into this with a customer. I was onsite, his computer was currently under remote control. I nuked the connection and began the process of full secure and lockout of equipment. Within about, 40 seconds of ending their session they began spam calling then they actually ddos'd his router. When I was done, they had no way back in, or out and I had all their files, links, sites and IP addresses and the phone numbers.

It was fun wrestling them to regain control of the network.

Start playing this when you call them. Play it in the back ground.

https://www.youtube.com/watch?v=nitEj7QRxh4

JOEHIMSELF5

Link: http://159.65.62.207/YSUK0734/malware-win-chx/?p_num=JOEHIMSELF5


(A little attempt at humor)

@FLAGRUM#101175 if u get clownfish voice changer they have a music player that acts as a mic aslo a tts and obviously a voice changer all u have to do for music is youtube to mp3 type shit

@JoeHimself5#101216 WTF?

Dude, are you putting these up, if not, then why is your user name at the end of the link there?

@FLAGRUM#101387 It’s one of those URL’s that let you change the phone number at the end to whatever you want. I guess when these scammer designers made these, they didn’t know about it? Jerrycan1991 brought it to our attention in one of his posts a while back, btw.


1 (888) 912-9484

Was up and running as of a few minutes ago …

Told them I had a popup about a virus and they said would cost $199 to fix/resolve.
Can call back anytime <insert evil grin>

For reference, was directed to this thread through the BobRTC system.