Tech support scam (844) 721-2449

Scam Number: +1-844-721-2068
Domain Used: C00d0e000Er0
from https://gethubserver.xyz/
Extra Info: From a porn site ad that pops up when you click on something, here’s a urlscan of the popup perfectwebserver.xyz - urlscan.io.

"Thank you for calling Support Center, please hold for the next available agent."

Whois of domain with the popup has interesting info

Domain Name: PERFECTWEBSERVER.XYZ
Registry Domain ID: Not Available From Registry
Registrar WHOIS Server: whois.publicdomainregistry.com
Registrar URL: www.publicdomainregistry.com
Updated Date: 2022-06-17T10:44:27Z
Creation Date: 2022-06-17T10:38:39Z
Registrar Registration Expiration Date: 2023-06-17T23:59:59Z
Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
Registrar IANA ID: 303
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID: Not Available From Registry
Registrant Name: lyla2 kiehn1
Registrant Organization: 
Registrant Street: naka faizabad   
Registrant City: faizabad
Registrant State/Province: Uttar Pradesh
Registrant Postal Code: 224001
Registrant Country: IN
Registrant Phone: +91.8790128765
Registrant Phone Ext: 
Registrant Fax: 
Registrant Fax Ext: 
Registrant Email: 
Registry Admin ID: Not Available From Registry
Admin Name: lyla2 kiehn1
Admin Organization: 
Admin Street: naka faizabad  
Admin City: faizabad
Admin State/Province: Uttar Pradesh
Admin Postal Code: 224001
Admin Country: IN
Admin Phone: +91.8790128765
Admin Phone Ext: 
Admin Fax: 
Admin Fax Ext: 
Admin Email: 
Registry Tech ID: Not Available From Registry
Tech Name: lyla2 kiehn1
Tech Organization: 
Tech Street: naka faizabad  
Tech City: faizabad
Tech State/Province: Uttar Pradesh
Tech Postal Code: 224001
Tech Country: IN
Tech Phone: +91.8790128765
Tech Phone Ext: 
Tech Fax: 
Tech Fax Ext: 
Tech Email: 
Name Server: ns1.perfectwebserver.xyz
Name Server: ns2.perfectwebserver.xyz
DNSSEC: Unsigned
Registrar Abuse Contact Email: 
Registrar Abuse Contact Phone: +1.2013775952
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2022-06-17T13:53:33Z <<<

For more information on Whois status codes, please visit https://icann.org/epp

Registration Service Provided By: BIGROCK

The data in this whois database is provided to you for information purposes 
only, that is, to assist you in obtaining information about or related to a 
domain name registration record. We make this information available "as is",
and do not guarantee its accuracy. By submitting a whois query, you agree 
that you will use this data only for lawful purposes and that, under no 
circumstances will you use this data to: 
(1) enable high volume, automated, electronic processes that stress or load 
this whois database system providing you this information; or 
(2) allow, enable, or otherwise support the transmission of mass unsolicited, 
commercial advertising or solicitations via direct mail, electronic mail, or 
by telephone. 
The compilation, repackaging, dissemination or other use of this data is 
expressly prohibited without prior written consent from us. The Registrar of 
record is PDR Ltd. d/b/a PublicDomainRegistry.com. 
We reserve the right to modify these terms at any time. 
By submitting this query, you agree to abide by these terms.

Some or all of it may be incorrect, this is the email in the whois
image

Related as well, same number:
C00d0e000Er0 (estimatepageshub.xyz)

Another redirect:
webzonehub.xyz

1 Like

How did you find these other domains? Was it finding popups like normal or through some other way

perfectwebserver.xyz
divisionsalesinfotec.xyz
queriereboothub.xyz
estimatepageshub.xyz
getserviersweb.xyz
consultationzone.xyz
creativestandardcore.xyz

This is the full list of sites they created today, all of them are hosted on the same IP on digitalocean [159.203.3.101]
VirusTotal - Ip address - 159.203.3.101

1 Like

Latest popup at C00d0e000Er0 from the other redirect at https://webzonehub.xyz/ changes number to +1-844-721-2235. Here’s a urlscan of the popup https://urlscan.io/result/7b5b5c6b-8068-4623-b433-5e4dea2b646c/.

Flooding

Takedown issued for consultationzone.xyz and perfectwebserver.xyz

Issue ID 33230712 - Netcraft Security Incident Response
Issue ID 33230492 - Netcraft Security Incident Response

1 Like

Yeah, netcraft is way better at takedowns than having to manually report to the hosting provider

1 Like

Latest popup at C00d0e000Er0 changes number to (844) 721-2445
URLscan: getserviersweb.xyz - urlscan.io
Redirected from webzonehub.xyz

Takedown issued:
https://incident.netcraft.com/f2da8464c0a2/

Latest popup at C00d0e000Er0 , UrlScan: webserverzone.xyz - urlscan.io

Takedown from netcraft: https://incident.netcraft.com/f9bfde77b9e8/

Latest popup at C00d0e000Er0 , UrlScan: searchwebcretaive.xyz - urlscan.io
Changes number to 844) 721-2449

Takedown: Issue ID 33232557 - Netcraft Security Incident Response

Latest popup at C00d0e000Er0 & C00d0e000Er0
Changes number to 844-721-2450

Takedown #1: Issue ID 33233336 - Netcraft Security Incident Response

New redirect: gethubcrative.xyz

Latest Popup at C00d0e000Er0
Changes number to 844-721-2068

Issue ID 33230492 - Netcraft Security Incident Response