**Tech Support Scam Campaign Analysis: Multi-Domain Operation with 22 Connected Entities**
This cybersecurity investigation has identified a sophisticated tech support scam campaign operating through a network of 22 interconnected entities, including 17 phone numbers and 5 malicious domains. The campaign centers around the domain security-36rj6.stream, which has been reported together with five key phone numbers: 833-864-5500, 844-850-3562, 888-653-0258, 800-890-8720, and 855-602-7024. Community reports reveal that scammers are using deceptive pop-up advertisements displaying fake security warnings, with victims being directed to call numbers including 888-400-4146 and 888-835-3142 through malicious URLs such as hxxp://13.58.47.54/4146/windows/d/ and hxxp://confirmeejacconet.bid/172/c8b10247a163719d_af5994d918952ce6/.
The operation demonstrates extensive infrastructure coordination, with 15 documented cross-entity relationships showing how phone numbers are reported together in consumer complaints. Phone number 844-416-3666 appears to serve as a central hub, being co-reported with six other numbers in the network: 833-864-5500, 844-866-0408, 844-850-3562, 888-653-0258, and 800-890-8720. Additionally, 844-384-6777 has been co-reported with five numbers, indicating these scammers are operating multiple simultaneous campaigns using rotating phone numbers to evade detection. The domains in this cluster include several designed to mimic legitimate security services, such as applesystemsecuritycloudestorage-warningalert0911.xyz and 03alert01.azurewebsites.net.
Consumer impact data shows that while formal FTC complaints remain low across most numbers in the network, community reports indicate active targeting is occurring. One phone number (800-890-8720) has generated 1 FCC complaint with activity reported in West Monroe, Louisiana, suggesting potential regional targeting patterns. Community members have provided 3 upvotes on multiple reports warning others about the campaign, with specific evidence of pop-up scams directing victims to call 888-400-4146, indicating this operation is actively deceiving consumers with fake computer security alerts.
To protect yourself from this and similar tech support scams, never call phone numbers displayed in pop-up warnings or click on suspicious links claiming your computer is infected. Legitimate antivirus companies and tech support services do not use unsolicited pop-ups or high-pressure tactics. If you receive suspicious calls or encounter these pop-ups, hang up immediately, close your browser, and do not provide personal information or remote access to your computer. Report suspected scams to the FTC at reportfraud.ftc.gov or file complaints with the FCC for unwanted calls. Before trusting any phone number or website, verify legitimacy by searching the number or domain name online along with terms like "scam" or "complaint" to check for consumer warnings.
This campaign represents a moderate to high threat level due to its extensive infrastructure network and active consumer targeting through fake security alerts. The coordinated use of multiple domains and phone numbers suggests an organized operation designed to evade law enforcement. Consumers should exercise extreme caution with any unsolicited tech support offers, and security professionals should monitor the identified domains and phone numbers for continued malicious activity. The campaign's reliance on rotating phone numbers indicates ongoing evolution, requiring continued surveillance and consumer education efforts.