Fake Tech Support Sites

User avatar
spectre
Posts: 4017
Joined: Sun May 03, 2009 10:43 pm

RE: Fake Tech Support Sites

Post by spectre » Sat Oct 29, 2016 3:02 am

<quote user="simcityfan4684">
[red]virus-alert-j5v0p7.online[/red]

I got this from a pop up. Didn't get the number down but this is a fake tech support site. Not sure if this leads to a virus or not.
[/quote]
This URL is redirecting to google.com now.

----------------------------------------------------------------------------------------------------------------------------------------

[red]dubconnect.com
livepcservicess.co.uk
pathball.com
pathtank.com
pcassist.club
pcsafes.club
processhelp.club
safariflaws.club
ukhelpdesknumber.co.uk
[/red]

User avatar
Myxt
Posts: 2085
Joined: Sat Mar 05, 2011 6:18 am

RE: Fake Tech Support Sites

Post by Myxt » Sat Oct 29, 2016 3:19 am

<quote user="simcityfan4684">
[red]virus-alert-j5v0p7.online[/red]

I got this from a pop up. Didn't get the number down but this is a fake tech support site. Not sure if this leads to a virus or not.
[/quote]

Could lead to a virus if you panic and beg them to put badware on your computer.

BTW, [red]virus-alert-j5v0p7.online[/red] sits on IP [red]23.111.155.10[/red] > _http://bgp.he.net/ip/23.111.155.10#_dns
A Fine Kettle of Phish

Although their excellent branding pretty well ensures they are only suitable for one purpose, the little darlings should be vetted to ensure they are both live and evil before posting here.

EDIT:

All 508 domains on [red]23.111.155.10[/red] are live.

EDIT:

<quote user="shazza">
This URL is redirecting to google.com now.
[/quote]

Only if there are no parms. See _https://www.virustotal.com/en/domain/virus-aler ... formation/
and try these with [red]shields up[/red]:
_http://[red]virus-alert-j5v0p7.online[/red]/critical.dill/?os=Windows&browser=Chrome&isp=Illinois%20Century%20Network&ip=216.125.48.219&asdflasdl0tfn1asldfalsdffl=888-744-2987
_http://[red]virus-alert-j5v0p7.online[/red]/critical.dill/?1580f7497c9ceb0tfn1580f7497c9d2a0=888-744-2987&1580f7497c9d650tfn1580f7497c9d9f0=888-7

The second one, loaded in Firefox with NoScript, lands at a directory listing from which you can download the default page in the subfolder "critical.dill". That page is loaded with base64 code which converts to
Dear [isp] customer,

Your IP: [ip] has been blocked!

A serious malfunction has been detected with {os.family} {os.version} and your {name} {version}. Please call the toll-free number below for a certified technician to help you resolve the issue:

[number]

For your safety, closing the {name} browser has been disabled without support of the certified technician to avoid corruption to the registry of your {os} operating system

Please contact support at the toll-free Helpline [number]

DO NOT SHUT DOWN OR RESTART THE COMPUTER, DOING THAT MAY LEAD TO DATA LOSS AND POSSIBLE FAILURE OF THE OPERATING SYSTEM AND POTENTIAL NON BOOTABLE SITUATION RESULTING IN COMPLETE DATA LOSS, CONTACT MICROSOFT CERTIFIED TECHNICIANS TO RESOLVE THE ISSUE CALLING TOLL FREE - [number]
The replaceable fields suggest this is a distributable kit sold to affiliate idiots. The first URL likely shows how the field values are passed to the page.

@simcityfan4684 - a good find indeed.

User avatar
spectre
Posts: 4017
Joined: Sun May 03, 2009 10:43 pm

RE: Fake Tech Support Sites

Post by spectre » Sun Oct 30, 2016 6:00 pm

[massrate][red]allsupportnumber.com
contactcustomerservicenow.com
customerhelptech.com
customerservicehelps.com
expert-helps.com
helpkindlesupport.net
hurryoffers.info
itsupportnumber.com
kindle-technical-support.com
kindlefire.technicalsupportcontact.net
kindlefiretechsupportnumber.com
kindlefiretechsupportnumber.online
kindleonlinesupport.com
kindletechsupport.us
kobosupport.com
prodeals.info
realwebex.info
tech-support-help.com
technicalsupportcontact.net
techsupt.in
websoftdesk.com
wordfiction11.info[/massrate][/red]

Fake tech sites promoting spyhunter
[red]comodesinstalarelmalware.org
easyremovemalware.com
hoeommalwareteverwijderen.org
howtoremovespywarearabic.com
howtouninstallamalwareth.com
removalidea.com
uninstallmalwareandvirus.com
virusfixhelp.com
[/red]

User avatar
spectre
Posts: 4017
Joined: Sun May 03, 2009 10:43 pm

RE: Fake Tech Support Sites

Post by spectre » Wed Nov 02, 2016 12:58 am

[red]cleanpcssccing.online
computersysteminttruptcontrolservice.club
maccomputerpure.club
mypchelpclub.online
mypchelpreview.online
network-error-window-key-failed-occur.gq
pchelpreviewsclub.online
pcsafepro.club
pcsafeway.club
[/red]

Fake tech sites promoting spyhunter
[red]computerfixguide.com
daretodeletevirus.com
freezingcomputer.com
howtoremovepcvirus.com
icleansoftware.com
pcthreatsremoval.com
removevirusfrombrowser.com
trymytools.com
[/red]

User avatar
williKi
Posts: 519
Joined: Thu Oct 01, 2015 6:52 pm

RE: Fake Tech Support Sites

Post by williKi » Wed Nov 02, 2016 7:21 pm

Yet another method to entice people to call these scammers:

hxxps://blog.malwarebytes.com/cybercrime/social-engineering-cybercrime/2016/11/tech-support-scammers-abuse-bug-in-html5-feature-to-freeze-computers/

User avatar
spectre
Posts: 4017
Joined: Sun May 03, 2009 10:43 pm

RE: Fake Tech Support Sites

Post by spectre » Thu Nov 03, 2016 5:02 am

[red]error0001018.info
gmailsupporthelpnumber.com
pcscan.us[/red]/scan.php
[red]usageekhelp.com
windows-corrupted-browser-not-secure-call-support.info[/red]

Fake tech sites promoting spyhunter
[massrate][red]booturpc.com
cleanpcinfection.com
comedisinstallareilmalware.org
deletebrowserinfection.com
disinstallarewindowsmalware.com
howtouninstallamalwarejp.org
howtouninstallmalware.org
howtouninstallmalwarear.org
howtouninstallmalwarecn.org
hvordanduafinstallerermalware.org
immuneyourpc.com
supportninza.com
uninstallmalwareinfection.com
uninstallvirussteps.com
uninstallwindowsmalware.com
virusspywaredesinstalacion.com
virusspywaredesinstallation.com
wiemanmalwaredeinstallieren.org
[/red][/massrate]

User avatar
Myxt
Posts: 2085
Joined: Sat Mar 05, 2011 6:18 am

RE: Fake Tech Support Sites

Post by Myxt » Tue Nov 08, 2016 6:21 am

[red]techrawat.com[/red]

User avatar
Myxt
Posts: 2085
Joined: Sat Mar 05, 2011 6:18 am

RE: Fake Tech Support Sites

Post by Myxt » Wed Nov 23, 2016 9:03 am

[red]best-pc-support.uk
pc-supports.uk[/red]

User avatar
Myxt
Posts: 2085
Joined: Sat Mar 05, 2011 6:18 am

RE: Fake Tech Support Sites

Post by Myxt » Wed Dec 07, 2016 9:44 am

[red]livetechnicians.co[/red]
Master of all things Gmail - and your sensitive PII.

User avatar
NotBuyingIt
Posts: 3310
Joined: Fri Mar 11, 2011 6:21 pm

RE: Fake Tech Support Sites

Post by NotBuyingIt » Sun Dec 11, 2016 10:40 pm

[red]system-alert-zeus-virus-found.xyz[/red] (WOT scorecard)
published phone: 1-844-870-5033
screenshot: http://phishtank-screenshots.e1.usw1.opendns.com.s3-website-us-west-1.amazonaws.com/4675494.jpg

Post Reply

Who is online

Users browsing this forum: No registered users and 3 guests