Tracked down a phishing attacker

Hello,

I and others in my family have been receiving several text messages claiming netflix account has been blocked. I have tracked down the person who sent the text message in china his name is Hau Duan. He used phone numbers in BC and new york as well as Manitoba

https://www.jihaoba.com/haoduan/changsha/1778897.htm

He used the following numbers

778-897-1646 is a Landline phone number operated by Comwave Networks and is located in the city of Vancouver in BC. Get more information on the 778-897-1646 number, origin, and statistics.

212-744-**XXXX** is a Landline phone number operated by Verizon New York and is located in the city of New York in NY. Get more information on the 212-744-**XXXX** number, origin, and statistics.
** Number hidden by moderator**

http://Netflix-Billing.info/REF-5543

REF#1646394

It is a tracker, Before receiving these messages a website my family used to own was taken over by Chinese hackers and was originally replaced with Chinese ministry and military but now is a Chinese porn site

I had also faced a ransomware attack and several calls about the attack such as microsoft redmond responding to nunavut ransomware attack which they did after the call which was before, and after wasaga midland stratford the nation ransomware attack, and then they call as service canada demanding bitcoins

https://imgshare.io/image/tpFdg
https://imgshare.io/image/tpDp7

https://netflxpayfees.com/

https://ibb.co/FqDN5qL
https://ibb.co/LZsSBtr

from 12047478457

I googled text message REF# and I found this which was similar Archived - Rogers Community

Dear Rogers Client, we have sent you a Refund from last payment [case:769]. Please claim your funds here: http://rrd.me/cW9uD

REF#1932

Examples of Fraud and Scams | CIBC They also have similar REF# tags on these scams

Any idea what generates them?

Hey, I’m the owner of the 212-744 number and I am NOT a phisher or scammer, so you can stop calling me and asking me to help you with your Windows problem, k? Sheesh…

I would highly recommend using an archive website such as archive.today to log the websites just in case they contain malicious JavaScript or other crap that will mess with a PC that isn’t running VMWare or other virtualization software where you can easily roll it back to a non-infected state.

As for the websites themselves, have you run them through reverse lookup and WHOIS tools to find who owns the domain and things like that? https://whois.domaintools.com is a website that I use when researching possible malicious websites and who owns them. For example with the "rrd.me/cW9uD" one, here's what it found:
Domain Name: RRD.ME
Registry Domain ID: D108500000013616847-AGRS
Registrar WHOIS Server:
Registrar URL:
Updated Date: 2019-09-07T13:34:18Z
Creation Date: 2014-09-21T09:38:02Z
Registry Expiry Date: 2020-09-21T09:38:02Z
Registrar Registration Expiration Date:
Registrar: HiChina Zhicheng Technology Ltd.
Registrar IANA ID: 420
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone:
Reseller:
Domain Status: ok https://icann.org/epp#ok
Registrant Organization: Zhou Chang Bing
Registrant State/Province: Shang Hai
Registrant Country: CN
Name Server: VIP1.ALIDNS.COM
Name Server: VIP2.ALIDNS.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form https://www.icann.org/wicf/)
This was all from a WHOIS lookup and is publicly available.

yeah I did the chinese own it now they basically took a canadian telecom company took the domain and now its a chinese porn site run by the chinese military. Huaweii ftw i guess.

[[41],[3,15,41,72]]

@howard#130634 Sorry about that, and thank you for commenting. The last 4 digits of your phone number have been hidden in the initial post, so people can at least see if they have been called by the same person/scammer (assuming whoever is behind this alters their caller ID to the same number every time).

If you have any questions, or would like any further action taken, please let me know.

Thank you