Scam Number: +1-844-721-2068
Domain Used: https://perfectwebserver.xyz/D0d0C0de08g0f00Er0f0r2068/
from https://gethubserver.xyz/
Extra Info: From a porn site ad that pops up when you click on something, here’s a urlscan of the popup https://urlscan.io/result/5f217b7a-158c-4ece-8d1f-1a5861b6f2af/.
Whois of domain with the popup has interesting info
Domain Name: PERFECTWEBSERVER.XYZ
Registry Domain ID: Not Available From Registry
Registrar WHOIS Server: whois.publicdomainregistry.com
Registrar URL: www.publicdomainregistry.com
Updated Date: 2022-06-17T10:44:27Z
Creation Date: 2022-06-17T10:38:39Z
Registrar Registration Expiration Date: 2023-06-17T23:59:59Z
Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
Registrar IANA ID: 303
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID: Not Available From Registry
Registrant Name: lyla2 kiehn1
Registrant Organization:
Registrant Street: naka faizabad
Registrant City: faizabad
Registrant State/Province: Uttar Pradesh
Registrant Postal Code: 224001
Registrant Country: IN
Registrant Phone: +91.8790128765
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email:
Registry Admin ID: Not Available From Registry
Admin Name: lyla2 kiehn1
Admin Organization:
Admin Street: naka faizabad
Admin City: faizabad
Admin State/Province: Uttar Pradesh
Admin Postal Code: 224001
Admin Country: IN
Admin Phone: +91.8790128765
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email:
Registry Tech ID: Not Available From Registry
Tech Name: lyla2 kiehn1
Tech Organization:
Tech Street: naka faizabad
Tech City: faizabad
Tech State/Province: Uttar Pradesh
Tech Postal Code: 224001
Tech Country: IN
Tech Phone: +91.8790128765
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email:
Name Server: ns1.perfectwebserver.xyz
Name Server: ns2.perfectwebserver.xyz
DNSSEC: Unsigned
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone: +1.2013775952
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2022-06-17T13:53:33Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
Registration Service Provided By: BIGROCK
The data in this whois database is provided to you for information purposes
only, that is, to assist you in obtaining information about or related to a
domain name registration record. We make this information available "as is",
and do not guarantee its accuracy. By submitting a whois query, you agree
that you will use this data only for lawful purposes and that, under no
circumstances will you use this data to:
(1) enable high volume, automated, electronic processes that stress or load
this whois database system providing you this information; or
(2) allow, enable, or otherwise support the transmission of mass unsolicited,
commercial advertising or solicitations via direct mail, electronic mail, or
by telephone.
The compilation, repackaging, dissemination or other use of this data is
expressly prohibited without prior written consent from us. The Registrar of
record is PDR Ltd. d/b/a PublicDomainRegistry.com.
We reserve the right to modify these terms at any time.
By submitting this query, you agree to abide by these terms.
Some or all of it may be incorrect, this is the email in the whois
Related as well, same number:
C00d0e000Er0 (estimatepageshub.xyz)
Another redirect:
webzonehub.xyz
1 Like
How did you find these other domains? Was it finding popups like normal or through some other way
perfectwebserver.xyz
divisionsalesinfotec.xyz
queriereboothub.xyz
estimatepageshub.xyz
getserviersweb.xyz
consultationzone.xyz
creativestandardcore.xyz
This is the full list of sites they created today, all of them are hosted on the same IP on digitalocean [159.203.3.101]
VirusTotal - Ip address - 159.203.3.101
1 Like
Latest popup at https://consultationzone.xyz/D0d0C0de08g0f00Er0f0r2235/ from the other redirect at https://webzonehub.xyz/ changes number to +1-844-721-2235. Here’s a urlscan of the popup consultationzone.xyz - urlscan.io.
Flooding
Takedown issued for consultationzone.xyz and perfectwebserver.xyz
Issue ID 33230712 - Netcraft Security Incident Response
Issue ID 33230492 - Netcraft Security Incident Response
1 Like
Yeah, netcraft is way better at takedowns than having to manually report to the hosting provider
1 Like
Latest popup at https://getserviersweb.xyz/D0d0C0de08g0f00Er0f0r2445/ changes number to (844) 721-2445
URLscan: getserviersweb.xyz - urlscan.io
Redirected from webzonehub.xyz
Takedown issued:
https://incident.netcraft.com/f2da8464c0a2/
Latest popup at https://webserverzone.xyz/D0d0C0de08g0f00Er0f0r2445 , UrlScan: webserverzone.xyz - urlscan.io
Takedown from netcraft: https://incident.netcraft.com/f9bfde77b9e8/
Latest popup at https://searchwebcretaive.xyz/D0d0C0de08g0f00Er0f0r2449/ , UrlScan: searchwebcretaive.xyz - urlscan.io
Changes number to 844) 721-2449
Takedown: Issue ID 33232557 - Netcraft Security Incident Response
Latest popup at https://getwebbrowerwork.xyz/D0d0C0de08g0f00Er0f0r2450/ & https://swiftlylogicshub.xyz/D0d0C0de08g0f00Er0f0r2450/
Changes number to 844-721-2450
Takedown #1: Issue ID 33233336 - Netcraft Security Incident Response
New redirect: gethubcrative.xyz
Latest Popup at https://perfectwebserver.xyz/D0d0C0de08g0f00Er0f0r2068/
Changes number to 844-721-2068
Both Dead