Scam Number: +1-863-733-5745
Domain Used: https://goyamaids.xyz/code45masg/JaC0deJdfd008f0d0CH888Err0r80dd1/index.html
from https://wetopcarpetsandfloors.blogspot.com/
Extra Info: From a saved redirect I have that goes to a popup. This popup has the ip address where it is hosted if you go to the root page at https://goyamaids.xyz/ even though this is behind cloudflare. Here’s a urlscan of the popup https://urlscan.io/result/21536058-e7a3-468e-8f63-ac00cfe5b05f/ and the page with the ip address https://urlscan.io/result/815ed22a-37f4-45d0-b5c7-692a9b44fc17/.
Active hoarding
“Install a project” - Sign in to your account | Laravel Forge
Server ID: 536897
Site ID: 1572966
IP/name: DOMAIN-2 (64.227.166.3)
I think this might be implying this site owner’s account has two domains on it, but I could be wrong.
talking to them rt now
more scam numbers:
850-203-4369
980-600-0064
If I remember correctly that means they have another server with different domains. I had a list of their domains that they leaked previously on accident, I can share them here if you’d like. I used to report them to digital ocean a lot but I got tired of doing that every day. You should be able to use the IP address and spoof the host header to check on that list if any are in use.