A cold call came into a land line in a plant room while I happened to be in there.
The line being called is not published anywhere and is only there to host broadband. There is no “leak” of info here, just some spammy autodialler.
Initially an Indian lady claimed she was calling from BT and that the connection was sending viruses. Then when she was sure I was “hooked” as a victim she transferred me to an Indian guy.
Sadly as I was in a plant room and on a standard land line phone I couldn’t record the call. I did have access to a virtual machine.
They initially attempted to get me to go to help87.com (which for some reason on the connection I was on would not load).
Then when that failed they got me to use the SupRemo remote software. Again, as I was on-site at a job I spent about 50 minutes trolling them along but had to give up in the end. We didn’t get to the payment stage.
Once the scammer got connected he tried to use the W3C validator (again, a site that wasn’t loading for some reason) and when that failed he used the “tree” command in dos to claim that the system was scanning and cleaning viruses.
The only things I have to go on are the initial domain he tried to use:
and the phone caller ID: 01245785847 (aka. +441245785847 or “01245 785 847” / “01245 785847”) in the UK. (Possibly also related “02059837401”)
The phone number doesn’t lead anywhere other than a few other people complaining about scam calls.
Let’s focus on the domain. There are two references to threatexpert reports. Sadly it looks like Symantec have eaten threatexpert and have taken down their free public reports.
The only remaining thing I can go on is the IP, 188.8.131.52, which resolves to a GoDaddy IP “ip-107-180-9-83.ip.secureserver.net”.
I don’t think this is a shared server. It looks like a private dedicated or virtual dedicated. The SSL certificate on it references, “softwaretweak.co” “akick.com” and “akickoptimizer.com”. This domain seems to sell lots of badly written software including “PC Booster” type software.
If you go to buy the software on that site it takes you to a non-secure form that asks for credit card details!
They also claim to me Microsoft Gold partners but the link to verify doesn’t work.
Upon digging around some more it seems there may be a reason why they are no longer a Microsoft Gold partner!
1) Their PC Doctor software is listed as malware by Microsoft: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Rogue:MSIL/Rustliver&ThreatID=223709
The Microsoft page above ties it all together too. They reference gattsupport.com (hosted on a different server within the same IP range) which has the same domain registration of technocaretechnology.com!
State Uttar Pradesh
The original IP once had a domain gattsupportcom.com pointing at it.
Another likely link to them being the same people is another domain on the IP, technocaretechnology.com and gatechnocaretechnology.com, who seem to do outsourced phone support and other business processes.
Other domains on the same server that have no content:
In summary: It is my opinion that this company is a scam and, in their downtime, cold call people to attempt to get them to pay for services or products that they don’t need. Certainly they do the standard event viewer “scare” tactics and lie about the reason for the call.