u/FreelyRoaming

Working a TCPA case against a persistent scam SEO outfit hammering my US business with 3PM daily calls from rotating numbers for several weeks. Need help building out their footprint to surface a US-jurisdictional defendant.
Surface facts:
• Trading brand: AIO Technologies
• Website: aiotechnologies.com
• Listed entity (per site footer): Tencaro Services Ltd
• Listed address: 18 Souliou Street, Strovolos, P.O. Box 23622, 1685 Nicosia, Cyprus
• Site copyright: 2023
• Call origin: Indian call center, English-speaking, US-style pitch
• Service pitched: SEO / digital marketing
• Pattern: 3PM hits daily, rotating CLI on every call, no compliance with cease-and-desist
• Target number DNC-registered for over a year
What I’m working through, and where help would short-circuit the timeline:
1. Sister brands. Cyprus shell + Indian call center + boilerplate SEO site almost certainly means 5 to 20 white-label variants on shared infrastructure. Planning to pivot on tracker IDs (GA, Pixel, AdSense), favicon hash via Shodan/Censys, reverse IP, and certificate transparency. If anyone has bandwidth and tooling to run those faster than me, or has already mapped a similar operator’s portfolio, I’d be very grateful. Sister brands with US-fronted billing entities are the real targets.
2. Tencaro Services Ltd beneficial owners. Cyprus UBO register is restricted-access. Planning to retain a Cypriot solicitor for direct access, but if anyone has Sayari Graph, OpenCorporates premium, or similar entity-linkage access and is willing to run “Tencaro Services Ltd” against the registered address, that would save me two weeks.
3. Lead vendor. They got my number from somewhere specific. GDPR DSAR going to the Cyprus entity (Article 15 + Article 14 source disclosure required). If anyone recognizes this operator’s targeting pattern from prior investigations and has a likely list broker in mind, would appreciate a pointer.
4. US gateway carrier on inbound foreign traffic. Pulling CDRs from my carrier this week to get true ANI, OCN, LRN, and STIR/SHAKEN attestation. If anyone’s navigated this with a major business carrier and has tips on the path of least resistance, would love to hear them.
5. Cross-investigation linkage. Strovolos shows up a lot in offshore-scam OSINT. Has anyone seen “Tencaro Services Ltd” or “18 Souliou Street, Strovolos” pop up in unrelated investigations? Looking for any prior reporting that ties these to a known operator group.
Pivot data anyone can work with right now:
• Domain: aiotechnologies.com (registered via privacy service)
• Entity: Tencaro Services Ltd
• Address: 18 Souliou Street, Strovolos, P.O. Box 23622, 1685 Nicosia, Cyprus
What I can trade back:
• Documented call log (numbers, times, dates) over several weeks
• CDRs once carrier returns them
• Whatever surfaces from the Cypriot UBO file pull
• GDPR DSAR response if and when it lands
• Any contract or proposal artifacts if I escalate engagement to extract them

These guys have been hitting our office line at 3PM on the dot, every single day, for the past several weeks. Different number every single time. Won't stop no matter what we say. "AIO Technologies," Indian/Pakistani call center, pitching SEO services. My number's been on the DNC for over a year. They don't care.

Looked them up. Their website (aiotechnologies.com) lists them as Tencaro Services Ltd of Nicosia Cyprus. Their address is 100% a mail drop in a known shell-company district. The site is template SEO-scam boilerplate, copyright 2023. Real classy operation.

Trying to figure out who's actually behind this before going after them legally. If you've gotten these calls, I'm interested in:

• Did anyone actually pay them? The credit card descriptor on your statement is the real US entity behind this. That's who can actually be sued.
• Rep names you caught? Especially anyone they called a "US manager" or "senior consultant" for closing.
• Sister brands. I'd bet good money they run a bunch of white-label sites off this same setup. Anyone identified any?
• Where they got your number from, if you happen to know.
• The numbers they've been calling you from, if you've kept a log. Curious if there's overlap with mine, which would help confirm a single number pool.

I've got FTC / FCC / CA AG complaints going in and a GDPR request to the Cyprus entity (they're EU, so it applies). But the real goal is finding the US-side identity so this turns into a TCPA suit with actual teeth.

Small Sound and Comm shop (3 employees) in D9 potentially looking to become a signatory shop, I'm ideally looking to talk to another owner that has done similar. We already do a decent bit of davis bacon and state PW work, and are currently with WECA.