VoIP Report - Twilio, Inc (+1-844-386-6601)



.VoIP number: +1-844-386-6601

. Carrier: Twilio, Inc


. Abuse email: support+id4863314@twilio.zendesk.com

. Date of the original report: October 13, 2020

. Date of response by the carrier: October 14, 2020

. Website status: Offline (flagged & blocked by Google Safebrowsing)

. Scam page used: HTML: EvilCursor (Blocked by Avast anti-virus)

 

- End of report

 

Share:

VoIP Report - ATL Communications (+1-800-646-6305)



.VoIP number: +1-800-646-6305

. Carrier: ATL Communications

. Abuse email: support@porting.com

. Date of the original report: September 27, 2020

. Date of response by the carrier: October 8, 2020

. Website status: Offline (blocked & flagged by Google Safe-browsing)

. Scam page used: HTML: EvilCursor

 

. Call flooding used prior to the original report?: Yes (via Scammerblaster.com)

 
- End of report.
Share:

Scareware: Fake McAfee Virus Scan (Trojan.Tech-Support-Scam)



. Date of the original report: October 12, 2020

. Website status: Offline (a takedown report was submitted by Netcraft)

. Scam page used: Trojan.Tech-Support-Scam (impersonated McAfee; Feed The Phish's PC's are protected by Avast)

. Description: This is a fake McAfee virus scan. These Trojans are used in technical support scams and belong to the Trojan.Tech-Support-Scam family. This window pretends to be a scan by a McAfee product that states that high risk threats were detected and that the victim should call the listed tech support number (if displayed) to fix the issue. It is important to note that this is not an official scan from a McAfee product. McAfee is not involved in any way with this alert. These fake alerts are in actuality websites designed to behave like an antivirus program and will only appear within the victims browser of choice through malicious adverts. Trojans of this type will also appear even if the victim uses/installed a different antivirus software.
 
- End of Report
Share:

HTML: FakeAlert-T [Trj]

 
. Codes: HTML: FakeAlert-T [Trj] HTML:EvilCursor-B [Trj] debug-filing244.gq [URL:Phishing] 
 HTML:Tech-Scam-M [Phish]

. Filed under: Microsoft Tech Support Scams

. Properties: A technical support scam refers to any class of telephone fraud activities in which a scammer claims to offer a legitimate technical support service, often via cold calls to unsuspecting users. Such calls are mostly targeted at Microsoft Windows users, with the caller often claiming to represent a Microsoft technical support department.

In English-speaking countries such as the United States, Canada, United Kingdom, Ireland, Australia and New Zealand, such cold call scams have occurred as early as 2008.

The scammer will typically attempt to get the victim to allow remote access to their computer. After remote access is gained, the scammer relies on confidence tricks, typically involving utilities built into Windows and other software, in order to gain the victim's trust to pay for the supposed "support" services. The scammer will often then steal the victim's credit card account information or persuade the victim to log into their online banking account to receive a promised refund, only to steal more money, claiming that a secure server is connected and that the scammer cannot see the details. Many schemes involve convincing the victim to purchase expensive gift cards and then to divulge the card information to the scammer.


. Organizations affected: Microsoft

. Reported to: Scumware.org, Google Safe browsing (Report Phishing, Report Malware), Scammer Blaster.com, Netcraft (via browser extension) Emsisoft (via browser extension)

*Warning: For your safety, it is highly recommend that users do not visit any of the websites under the following codes:  HTML:EvilCursor-B [Trj]  debug-filing244.gq [URL:Phishing] 
These webpages are extremely aggressive and will cause crashes and other undesired effects.

. Screenshots:


HTML:EvilCursor-B [Trj]




debug-filing244.gq [URL:Phishing]





HTML:EvilCursor-B [Trj]

debug-filing244.gq [URL:Phishing]

. Offending URL's

*These websites are considered dangerous. For your safety, the links have been published as plain text.
 
 https://www.beautifulbuds.club/tjhkdgflagfuiagsif/home.php#forward

http://errorsandwarning.xyz/AK10101001101010CH/16

http://157.230.176.80/5-10-20-chrome/?phone=+1-(888)-353-0912&

https://gxuard.club/__Win_dows_H_MF6K_QNR/NSM5YJ_P_B/6OI_LE_VX_/?n_b=MSg4ODgpMzgxIDk0NTk=&s_1=s186_69b.94f115cd13b

https://goawtn.club/__Win_dows_H_MF6K_QNR/NSM5YJ_P_B/6OI_LE_VX_/?n_b=MSg4ODgpMzgxIDk0NTk=&s_1=s186_69b.74bbfe6e4de

https://lbhulh.club/__Windo_ws__S4_XKWQ9_/_Q28_FHPUE1T3__/AH_0__3RN/?n_b=MSg4ODgpNDEwIDc5NTI=&s_1=s186_69b.eb8a2928272

https://qgukqu.club/__Windo_ws_B_6H__OSJ17RZE/NLBF_TH_IZ_3OXJ/8_Z__PTF/?n_b=MSg4ODgpNTM2IDY1MDc=&s_1=s1169_267862

https://techweblink.com/CHfsfsdfsdf0s12s07xxx1/#forward

https://utyzyl.club/__Windo_ws__UO4_7J_LEDBI1/Q5__WDTA7XIKL2G/ZE_I12U_/?n_b=MSg4NDQpNDcwIDk5MjM=&s_1=s1151_6514cf1f48

https://microsoft-windows-defender-security-scan-usa-8809.s3.us-east-2.amazonaws.com/1310.html#
Share:

URL:Phishing

 

. Code: URL:Phishing

. Filed under: Suspicious Sites

. Properties: Phishing is the fraudulent attempt to obtain sensitive information or data, such as usernames, passwords and credit card details, by disguising oneself as a trustworthy entity in an electronic communication. Typically carried out by email spoofing, instant messaging, and text messaging, phishing often directs users to enter personal information at a fake website which matches the look and feel of the legitimate site.

. Organizations affected: Symantec, McAfee, Google, Walmart, Apple, Target, Amazon, USPS, Cash App, PayPal, Shell,

. Reported to: Nefcraft (via browser extension), Emsisoft (via browser extension), Google Safebrowsing

. Screenshots:






























. Offending website URL's:


*These websites are considered dangerous. For your safety, the links have been published as plain text.

 https://autumnsavings.com/index.php?target={target}&clickid={clickid}

https://ultradeals.club/expired/norton.html?bemobdata=c%3D1efb3f48-58f6-4e27-a8cf-869f67baab8a..a%3D0..b%3D0..z%3D0.08..e%3Dpush_20200927012507_d5d4a49f_61b8_4603_90d7_9d157686f4dd..c1%3D4679..c2%3D86..c3%3D197225..c4%3D635114..c5%3D86-4679%252Cen..c6%3D86-4679%252Cen..c8%3DUS..c9%3DBrooklyn..c10%3D6..r%3Dhttps%253A%252F%252Fwww19a.josueshah.pro%252Fam-push.796884.js%253FclBwTG8pckd1WUpoRG5DUGJCel1LZUl9TV5yEX9cFmdJL19fNREpCV9kSH5bX2gTdVtfMxR%25252BXhExSXUJETJIbkNQZhR%25252BWkdiEihCRGBFdUJGNBQoQktpSXpCRWQTegtBNhQuV0s1UmBNASdSYE0ANR0pAQYxHC0ZE34TIBoQclxuXkJ%25252BRW5DFDEcPwpeNhEgHBcN

https://fyi.push4free.com/?lp1=-PO0RrFOfvs&lp2=112243.796884

https://reviewsgizmo.com/en/mcafee/warning-security-protection-renews/?cep=nPGUOlCZGRLwYMFZHs27ObkDzRGlsHXtE-_7Vj1hjo9bQiI-SYaPfHe40Tl-s78syNmGfvXECs7UNWDpr8CJwQld0Sr_YBFOP3RGK0kLxOFrF7uOA3B1cexaIpOvoWYe2yQvdWFs6aqIS2Y72koLb5CKxos7dsr67Qa5CzYI78n6aj2zVLZPqY5kb3orsjLL3RDLyBRlSJzgIu5T3KmnBLR_kBc6Vl4V4FHruOMO52i8i9nEoNfyAUrZt5AJFoillzyOT1L6fQm2JYa_7yC9IVuq6pepAespp9jhrKGxJLnqyRy9N-C43IrLEHr1JZyQPSoi1hq2DOSKLvMXk-67_i3CVVczORyQOXQ7hFSuHEKW5PXJpgOR6x6jsDIrUTRVjnNxZ5vGGPEsUmv2fD481WzymXGPBQjCGGCrDQ5bGvOQPefhjQGfGblhl3yIPXuTej39iiUvEyUClKJ_mRhouTmlivosGihrNQW5AsNVgaEOZ6Ue5jIZ61EAlf4mtJHL7n1XGuxMvYIlfyPos6SsK5-Cd9FymgJ3MOoQI0JzhRPyEak5bubVBwIEKxguucua&lptoken=162601d423af4892077e&int=&site_id=86-4679&camp_id=184176&creativity_id=593283&type=mainstream&format=push&language=en&device_name=&supply_id=86&user_age=7&bid=0.061&click_id=push_20200927185639_ea0a2488_71c1_4fc6_aef9_1c8cdc3798b2

https://octobermall.com/click.php?key=ibfm5o814kofq9rt6hk5&sub1=3704634&sub2=2553225&sub3=6946731&s4=high

https://mcafee-scan.com/protect-expired/free/quick/install.html?cep=E2ulJfaj__fm6ljAPRrMeP7DDc_yqXXNubJDKG7qPVFB3-RYdR1I2xp17oPRzs4vDA5WgwfLjiDo5QsHk3rMJMjKfhrWYRP7h8IMHo5ZwBzOXhvQ3nSfoUwA-ByLHK33ZpATtYkj6LXLzi1pcgqNT0tOD4GkIX6ifEr4JVO5ycRLwmpBqYD5xKdCZSzV6Q5ZOYUcmVl5QY292iESufi-O9otEjNfZrsAW90x6qWwbas5bwvcjZjHPowjVTqhOc7noIp-F_rXKJxwB08lzoG3hgi0aLPb0VsFL7h7hH46_gIM582wiGVDziw6b_yyXEZve9TPNz7zWNPwv3BkfU5driUGHWYrxdTMRFT_D08e8GeZfdacjHeTAfkOd-Jg335PlSyA61-yYNqdrzaNK583UWNJN7VoeatnpXOk5RX5QyXgj0hpMVWP1movi_j2fB-8Wx7b4fHQVXfQsexZVGJPmn3w0mxaTI_Fbwx4-G0EuGiLO2kSRitK2UMfVWwBO55H&lptoken=16430142236288884472&app_id=&banner=4599809&keyword=*&pubfeed=112243&pointid=112243&zoneid=0&query=ron&siteid=&conversion=DeIMab1ha6Q

https://information.securitycenter.tech/an/cn.php?lpkey=16f00184435b592535&ip=158.222.184.115&isp=Spectrum&uclick=2thofe&uclickhash=2thofe-q5c88n-e2-vc-ik-y90-u3dz-eefd52&from=securitycenter.tech#

https://virusdetection.xyz/nrtn/?lpkey=168a010c438f672d16&clickid=e2e2bb4h9gxh9711&language=en-US&uclick=b4h9gxh9&uclickhash=b4h9gxh9-b4h9gxh9-pmi4-bzfe-wfvr-cih9-cigx-ad413f#

https://go.surveyrewardspanel.com/signup.php?oid=ac4f04&aid=1&s1=22&s2=SA&s3=542159bafd894f60b3497882e62f826d

https://521-gifts.com/

https://vipprotection.site/av/us/02ausL21raXJmdEuA277Q3O7t/?lpkey=16f3014a682e39a770&thjp=c3Vic2xpbmtzLmNvbQ&uclick=xsa98rb4&uclickhash=xsa98rb4-xs2t8r46-e88n-0-gxk2-1zj2-1zoc-0813df#

https://rewardstocollect.net/us/?aff_sub=ts7911-push-soi-amazon-us&aff_click_id=1601683323.20-181527081-36511&aff_sub4=amzgc1000

https://package-tracking-info.com/lp/606cb4f0d98ba413bc9a39e84032fb56/86109d400f0ed29e840b47ed72777c84.html?source=PropellerAds%20-%20Postback&campaign=3727866&zone=2768409&country_code=US&country=United%20States&city=Brooklyn&language=en-US&device=Desktop&brand=Desktop&model=Desktop&browser_name=Chrome&browser_version=85&os=Windows&os_version=10&isp=Spectrum&ip=158.222.184.115&clickid=c9c65j646j2j6256&lpkey=161a01bb74c588a245&vertical=sweep&bundles=6&shipping_cost_2=$1.-&tp=1&td=digitalclicktrack.com&t=2&uclick=j646j2j6&uclickhash=j646j2j6-j646j2j6-g5bl-0-uqdv-fn7vwj-fnhebl-8c3596#

https://www.smartermoneytoday.com/cashapp?devicetype=Desktop&ipaddress=158.222.184.115&o=201538&rcp=0&referrer=&requestid=e646d25f05c111ebad650242ac110006-15529&u=aHR0cHM6Ly9jLnNwbmNjcnpvbmUuY29tLz9UVFQ9JTJGR0w2cG9RVzNZY2s0MTVSaTFjeUI4RWpXZHFGSkFRcHZRSkRSb3o3aDVVJTNELWlLZFR4SldLejZvJTNEJnMxPTRkX2Nhc2hhcHAmczI9ZTY0NmQyNWYwNWMxMTFlYmFkNjUwMjQyYWMxMTAwMDYtMTU1Mjk%3D&useragent=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F85.0.4183.83+Safari%2F537.36&utm_term=4d_cashapp

https://mgetbyte.xyz/renew/lp002/index.php?type=renew&zone_id=s917&source_id=s917_69b.35b250c3801&campaign_id=504268&creative_id=600797&country=US&browser=Chrome&connection_type=lan&lang=en&os=Windows&format=push&clickid=s2_12399665152281101360_917_6_0&sub_period=4-7&browser_version=85&cost=0

https://vipprotection.site/av/us/02ausL21raXJmdEuA277Q3O7t/?lpkey=1624029000b983bb52&thjp=c3Vic2xpbmtzLmNvbQ&uclick=xswf8ph9&uclickhash=xswf8ph9-xsgha9m7-9zwj-0-gxk2-1zj2-1zoc-7611e2#

https://trends.revcontent.com/click.php?d=A2BmW7tkWDwo%2BiM5iIPAA%2FX0HucBDCEvh4UCxKiPUQ4dZV0%2FFreCmdCLs2jdcB2NV0Oyx%2BDrrs92ZTjIpzrG046hdmqyHZsnAWOzALwgcYdUTjzGFsQlLrKaT6nJNP%2Fl74KNVq4Ml6kpNfmfaR6dYlvsZkomnQ15YQpLkHM1sLFitzTaiA4Gg1%2BJgFAIJxhJZdNhJuPeM80tQem0oWDfrYIf55iR4iqhHM2S0Ex0S4nD2xNurnY0i9cXK9IILRoI8iw9%2BMQxCG1weuVKs2tPVUGeOeuHHV6yR35K1GnkRDmk1TnBSftNYF6Pb6hwIp7E8Tx9JTsEll%2F4zNysabuhcvoJTg20WrnAO%2FtTJ60TPxdOUohTKLKfBs5arxw87hvT9KmoH%2FZHG76x6CwAf9ye0XVLEutr2Bkz%2B2%2FI4zligHWFBozVvMbwvsjr7YhnnGK2waUJRXeu%2FXttTI94KbMLJFDHe%2BdB%2B5pLDuBTTrpwZAvlid4%2FxHRNzU68PAdvC4tOFg1lq%2Fh7Qy85zCd7RpLFcJdQatlPYSiYJsmgHFj%2FTzYMeUoUy7smn8%2F7HeotsP8T5aylmgOzwbOXz%2FvRc1SyKxaw70VGx7E22cKM49JK6hfrDWpyWXkB7KdjU%2BT7qpf3HpgTDa0PfTyqvJUPh%2F5xplCztM4y3p4v6FM49FxBWT0ju660GuDREKIa0ukkPkZx4wN%2Fe82OgsbrBubffRbh%2FCVM9%2Bf3rG16JI%2FnzgjNr32JWFwEdLBAOGqd4HQt9Ifm3w1XpSOu%2BEli8vbZMJP0ie9lRnEyN13LIQNCPadNXXCOzaXrOravWF2DF0MYOu6Iique6OmLpgU0nzPe4CAj%2FCzWDcqIfcfUx%2B4YBG2ra2fJwuMg2RxNCns6EyzugqXlRBuKkYMh2bUjpM2jXIMNZBcyBS1nFOokAm3Yl6DGrml0PPgwGpuYqXEn96mE1yifiNQN%2B5L2yZR4C8C7I2hGxVxpNxRBdnCaRl3Vtbv1MAwkjLcwTtt2TU9UN4lIpzMZ6bPeV3Ap%2FT0%2BSslvcr7ylHj%2B6FexAvMROeHob%2FqF6abdkIUz4A%2FVHsUelykthLKQsQpR%2BLYGXcNvoggVWw9GRdOJq6FZNDuQRPoGgxCAm4U%3D&s2s=1&revsub[KEY1]=-284132855465419647

https://safetynow.click/b/global/norton/8105/?isp=Spectrum&ip=158.222.184.115&city=Brooklyn&browser=Chrome&os=Windows&trk=V1RJNWFtSXlOVEZrUXpWNVlqSk9jbU4zUFQwPQ==&tsid=2&lpkey=163a025104c473a631&lng=en&uclick=hoxsm7c8&uclickhash=hoxsm7c8-hofnk2m7-pmdz-0-k2-17e2-17a7-3bd36a#

https://freeprize.vip/visit.php

https://ambeth.xyz/lp/secure/index.php?type=AAOC8&zone_id=s733&source_id=s733_260031&campaign_id=508882&creative_id=608561&cpc=0.0300&country=US&lang=en&os=Windows&clickid=s4_12341569703979207274_733_6_0&browser=Chrome&cost=0.0300&format=push&browser_version=85&connection_type=lan&sub_period=

https://vipguard.club/av/us/02pusL21raXJmdEuA277Q3O7t/?lpkey=16de02c120cf26e625&thjp=c3Vic2xpbmtzLmNvbQ&uclick=xs5mxrib&uclickhash=xs5mxrib-xsb7d5qe-fvdz-0-17tl-b72t-b7a9-7d9146#

https://kimbrs.xyz/lp/secure/index.php?type=ams&zone_id=s441&source_id=s441_I4BQY4WIINTLZXJDAVFF7D65K3ADK7K3&campaign_id=507821&creative_id=606740&cpc=0.0200&country=US&lang=en&os=Windows&clickid=s4_15287660984785783336_441_6_0&browser=Chrome&cost=0.0200&format=push&browser_version=85&connection_type=lan&sub_period=8-14

https://kimbrs.xyz/lp/secure/index.php?type=AMSOC9&zone_id=s358&source_id=s358_818286&campaign_id=509961&creative_id=610909&cpc=0.0350&country=US&lang=en&os=Windows&clickid=s3_14656967896438752174_358_6_0&browser=Chrome&cost=0.0350&format=push&browser_version=85&connection_type=lan&sub_period=8-14

https://ailocer.com/spin/?caid=afd1dcba-f7d5-4903-8a36-f4723f0b6598&clickid2=1602360843609&trsid=a1bdba40-3171-4231-b3f8-17c259de15ca&o=www.tidulet.com&token2=afd1dcba-f7d5-4903-8a36-f4723f0b6598160236084360975799bc2-ad50-4f5e-906b-9d691dd2241e&region=New%20York&tar=vi&isp=Charter%20Communications&language=en&cep=kHODKFmfPBwzqEDHuE9W0Hhg6qwGMcar6_1kEdFu15sQY80LqfLnXnR1XyAAgN6JxspMiRCSGVzQOCB6IkUi2IG46BIiC-jTbkamoWJhFEvrAYKQRY2rFgXqZBB8cZJyu79A6r1JJhAcHBFc3G-2gDmwEELA5RpAwB8zPW1NAboLsrp23SAJ_Li4JLGJf_XxYym3LhegIGlw-Z7cXICJlRYe2Yefy3JtRey03taR1F99p5voYVQJ5eRrz_QksqWrGuBryPsBOb5MG-PuCNdoT6mHPCgFx4R-bkELuNcCUn_P3KhWXdCaWU5feg-083_y7NDMGScspO0rX5lBEISSgJ8cEn43NEgstDK0DG2T4Tl3d9lK6DzW8qy51j9viZawtXTQ70c-Gkwho8UKmH2-JrlLGS9CK-9qGT0yUXLL-VquAejsmLXjVsLhqN-o-fXUL6IVV3Bv8H5osD22CFVBRw&lptoken=16e7020f368e268d43b1&source_id=s1088_j5gqA2CnTht8ouwGX2QeYz&campaign_id=511096&browser=Chrome&creative_id=612582&cost=0.0200&click_id=%7Bclick_id%7D

https://ailocer.com/boxfinder/?caid=afd1dcba-f7d5-4903-8a36-f4723f0b6598&clickid2=1602361020731&trsid=a1bdba40-3171-4231-b3f8-17c259de15ca&o=www.tidulet.com&token2=afd1dcba-f7d5-4903-8a36-f4723f0b65981602361020731f55f7d7e-927c-42d5-befb-2e75c6294768&region=New%20York&tar=vi&isp=Charter%20Communications&language=en&cep=Lo6aPliFhz9fZ2dF2Ci7ZOa8OdI-igBkgdZk69xcyKjJI0GUuFbFgMd1lCitPwwwg_kMr86QhDdm25S-X-hih6F6E0Tf0t1rJSRKQyirQy-f_EJ1RhSM4fh59UJFkPf4y982ckq8KyyIHk_O8pw09PHM-ePsCjFQN5pmtHbszO6KpewBKG3IRsLG05GxcIGQrfLW2tBNARXM5FHf22_qDUVXq_TzkGXDFO7-_lwnwTOqfuqluLnnvy80qZYTbRz5mLTDepRADcaucu9JTssXLHXvrww2ye4RHclQjnulEQnjj0JtcchPergNxvP2-sL6QmZZWpgqxHa4F3U--SYk4KsVYXm-uHR2_3Gl9Z4A2qF_iZpH9SjM7y0biTRdVrHBbrdCoWn1p7BmYYFOsSfQnOjPFbbzpgueshGl60pQgUW5H3QWEywiz7gErtyKg5LB&lptoken=16470249366c28af20ef&source_id=s733_260031&campaign_id=511096&browser=Chrome&creative_id=612582&cost=0.0200&click_id=%7Bclick_id%7D

https://www.smartermoneytoday.com/cashapp?devicetype=Desktop&ipaddress=158.222.184.115&o=201538&rcp=0&referrer=&requestid=79a3ab330bfe11ebba880242ac110002-15530&u=aHR0cHM6Ly9jLnNwbmNjcnpvbmUuY29tLz9UVFQ9JTJGR0w2cG9RVzNZY2s0MTVSaTFjeUI4RWpXZHFGSkFRcHZRSkRSb3o3aDVVJTNELWlLZFR4SldLejZvJTNEJnMxPTdkX2Nhc2hhcHAmczI9NzlhM2FiMzMwYmZlMTFlYmJhODgwMjQyYWMxMTAwMDItMTU1MzA%3D&useragent=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F85.0.4183.83+Safari%2F537.36&utm_term=7d_cashapp

https://norton-scanning.xyz/nrtn/?lpkey=16b002cc449578f323&clickid=f42a1ira8ftuo567&language=en-US&uclick=ira8ftuo&uclickhash=ira8ftuo-ira8ftuo-qedz-9l0-slwj-y9y9-y9lp-7f8d99#

https://safeprotection.click/b/global/mcafee/8105/?isp=Spectrum&ip=158.222.184.115&city=Brooklyn&browser=Chrome&os=Windows&trk=V1RJNWFtSXlOVEZrUXpWNVlqSk9jbU4zUFQwPQ==&tsid=18&lpkey=1647027a4494799007&uclick=sc17duqe&uclickhash=sc17duqe-sch9twa4-17fy-0-qd-h9dz-17a6-4a4a88#

https://surveymega.com/wheel/indexconv-br-dyn-pop.bt.php?b=paypal&pushov=0&aff_id=1420&tracker=x.secondpromo.com&region=New%20York&payout=0.1&camp=XX819&clickid=wh305muacpd41ki222umemve&formdgm=1&cep=Y8JYYXelZa_aaId1DfgCvQlj2GNzjHDlVZnolsBPFpIooxeDucfOTEB45BehKoOgwVGuiLy4zyazreMhzqa20R5u_M23IG5cv79xZBpM4tnLjCPI0Wlk2QoZDyct1-rO6EYdOdRgS_h1maa66_BFOBZ5mUB7Dlvii1Il9FVwDaBo9HzeGk2_bjjujKAYyv4ST6v96SrpZmMyTMQw--cXQu6wsELKflRg4lghqxq7chbcE3QyBgtqs14zbFCOZ03uQOvjhTqgNuPxq2l9f646P3KnTl7h81I1LlMlweqPK0HxYzYDZe4VmqfKE7M99ylW1GqM0jvduW8shpzSAuR1UfaPQrLpKL2n-OTUujO6Cq1j2EcCLJrzG-uXXmkNdm56KEDPY3UAtXDHZ0tTb4wzqhmDu-ngb3jH39anw3gI33qhWTsfSfHXo85ZTa2bQoDuO34HiNptCLJE89V4cj6KUBmSQxyR4eGHiNh2e5T-GZUrvY4tHRokevyJyoB6nSl_qwe5jvBquHoQX_yOX7DR5IQKd9P4qEdkcuSStB3jqFRGydQj3ooij91W8ckgBupA7Lx1UZVZFnYLquQrjgGx8rfbrNB2JYO6AvqvMEeuM1Dg9W4lgV6Xx6FvGsV3-o9v7T88x1T5Ebxgn3NlPMzsIMCfXR3m_FHSKxatH0lpREZDfDiPEjSLWaxV_RsObxfU8_QeZ8V476lV4QB8U7OIQ6rmnXI1JbptZVm_VZN0ORu0wKk09gdRgjHBRdPZleoWq5maDddjnvVUZuGJptATj1hyb8kBnOZ8d1o_mNPYYpxftmwEQWF5XQUsImXOGobH2tiChJihEPNthZIb6tRYGgy3QPWPxvNtgz0RxcuFirdGeuKVZne8NEFgJJ0VUWKYT1C5IhDMFPNGsU5E2Yknbb7QDNNZKCMTkVAiU6AzD899DOzZ6VnUHR5DQE58O0uDHNo4hqhkSsrp3-KJlZRBIUwLvL9AA6eE10e01kbwhkN6lrUmNstpq_zDRSrSUqlQRHe1FgbFY90gy2ilk7HTBQ&lptoken=16360240444b968b84c5&sid=74633&keyword=paypal

https://rewardstocollect.net/us/cashappgenerator.htm?offer_id=7489&aff_id=2960&aff_sub=ts7911-push-soi-cash-app-us&aff_click_id=1602447962.65-181527083-54267&aff_sub4=cashapp750

https://stayprotected.site/av/us/02ausL21raXJmdEuA277Q3O7t/?lpkey=163502ba53c862b936&thjp=c3Vic2xpbmtzLmNvbQ&uclick=xs5mxrib&uclickhash=xs5mxrib-xsrnuqa8-fvbl-0-gxk2-1zj2-1zoc-0f9111#

https://scan-antivirus.com/13/?lpkey=16a2020b53ea62a736&uclick=twho7sg5&uclickhash=twho7sg5-twho7sg5-4pvr-q5k2-gm15-gxb48n-gxb4vr-aee285#

https://stayprotected.site/av/us/08ausPDZ7DNyj8kylQb9ffDz8/?lpkey=16bd025b537c79e659&thjp=c3Vic2xpbmtzLmNvbQ&uclick=xs5mxrib&uclickhash=xs5mxrib-xsrnuoa1-1m8n-0-gxy9-3zdv-vck2-c2efc2#

https://lpguard.com/en/norton/warning-windows-protection-renew-deluxe-360/?cep=19e6JcNsasKfred4YTorGvftx_n3eHWXejCHdNj8sfqDYijBIbXAcsNTj9UH7JYK6IL-r2t_m2FIEthwtxd8Fjb4ThppBF1fdi7uMZ_FN2PAPFBhfmSJzt3RTp7w7dDFYEzJgCSAb8nsqVN01cSRfidS-8dh7wR3ixTaCKXTC-ueoQCkic7VGaOkmpH9PfuA4osN6RJQXik3Pck-hI23m2T0LZpAQJdbUhRl79cXzbRv2YosAZ1Z4APWioLbrL-UBibl_S5ePANRCY6xKasUqiXMLAsoAnFKiGwf42y3IhjY4Fc5EjivmvxWFBn3mzfRAq5xONk1fXAojud_N0IbrUA1hYDn8iEmOnBaD9vKsW6jumrK32DKqVSxCHPL5pVA0V4AueIjcqosImaeQHwBOoZHfQH74WSLyarMyMkcikW4tkET-8ZOjHIZDzzawpeBmlQzgOzyLLGy6XZhwr-BEjaVPf_eIC-UVsg1JklTf-P7cRoruBDyszl6P13MRkxZOOb7UpbrqUCOI7y2T1Pt6A&lptoken=1658026253cc96c680f9&source=s1152_29281fe162&camp_id=452037&country=US&browser=Chrome&zone_id=s1152&creative_id=571894&format=push&os=Windows&language=en&cost=0.1000&click_id=s4_694936123406569004_1152_6_0

https://ellbeth.xyz/lp/secure/index.php?type=MS122&zone_id=s441&source_id=s441_I4BQY4WIINTLZXJDAVFF7D65K3ADK7K3&campaign_id=515926&creative_id=615064&cpc=0.0300&country=US&lang=en&os=Windows&clickid=s4_13745582018498874149_441_6_0&browser=Chrome&cost=0.0300&format=push&browser_version=85&connection_type=lan&sub_period=4-7

https://anti-virus-alert.best/virus-a1/236nORTON-PCCHEK/?bemobdata=c%3Dd7bfab09-837d-46af-bbcf-9517555dc21b..f%3Db6458f49-9f34-4d1d-a899-9ee19a5d0f4d..a%3D0..b%3D0..z%3D0.05..e%3Ds3_2898935476359808314_382_8_0..c1%3Ds382_824473..c2%3D463283..c3%3DUS..c4%3DChrome..c5%3D544166..c6%3Dinpage

https://heirwinno.com/ln/1apjHnTzh3j5ufM6Ag_qMGhCko88cBq_m8.MDdH9wbKH99SrWFyiPnGPWe967UZl97CndWfnnkmmm84IO_fEcTxcvt4zs._okclVSJ26jmIdZwyzSF8VM8nXLqiQfKgD5AB7GdnrvY14BZF3WeepcyqK1X_T6LU6.5NNarNeBfP_eCcLEG9qrcBkP4Gd0iOUJ11L5.71bcm1e_lRCIt5C1nVOdqb81vSCKKDaYfvA0uBxweHvlRbfVtxRACd2ZK.GmDr39hJqm818Y7wq3U1BaQbXmlaLaDjYSxwNzwzkFHlocHlbfsazoSwBbO2aNxir2yDob0Aovim7z1vSDFfRto7a2LgWwZHe5k6zh9eAcJM0uCa9bOhXnsVifHDRwRm1h4pkWT.Hl63L2LuNf6pNNZpFSH1ia9OIjAR1n7I_3Wc7AqlETIsAnULYVcdhWnk

Share:

Scareware: Fake McAfee Virus Scan (Trojan.Tech-Support-Scam)


. Date of the original report: September 30, 2020

. Website status: Offline (a takedown report was submitted by Netcraft)

. Scam page used: Trojan.Tech-Support-Scam (impersonated McAfee; Feed The Phish's PC's are protected by Avast)

 
. Description: This is a fake McAfee virus scan. These Trojans are used in technical support scams and belong to the Trojan.Tech-Support-Scam family. This window pretends to be a scan by a McAfee product that states that high risk threats were detected and that the victim should call the listed tech support number (if displayed) to fix the issue. It is important to note that this is not an official scan from a McAfee product. McAfee is not involved in any way with this alert. These fake alerts are in actuality websites designed to behave like an antivirus program and will only appear within the victims browser of choice through malicious adverts. Trojans of this type will also appear even if the victim uses/installed a different antivirus software.

- End of report
Share:

HTML: FakeAlert-T [Trj]

 
. Codes: HTML: FakeAlert-T [Trj] HTML:EvilCursor-B [Trj] debug-filing244.gq [URL:Phishing] 
JS:FakeAlert-L.

. Filed under: Microsoft Tech Support Scams

. Properties: A technical support scam refers to any class of telephone fraud activities in which a scammer claims to offer a legitimate technical support service, often via cold calls to unsuspecting users. Such calls are mostly targeted at Microsoft Windows users, with the caller often claiming to represent a Microsoft technical support department.

In English-speaking countries such as the United States, Canada, United Kingdom, Ireland, Australia and New Zealand, such cold call scams have occurred as early as 2008.

The scammer will typically attempt to get the victim to allow remote access to their computer. After remote access is gained, the scammer relies on confidence tricks, typically involving utilities built into Windows and other software, in order to gain the victim's trust to pay for the supposed "support" services. The scammer will often then steal the victim's credit card account information or persuade the victim to log into their online banking account to receive a promised refund, only to steal more money, claiming that a secure server is connected and that the scammer cannot see the details. Many schemes involve convincing the victim to purchase expensive gift cards and then to divulge the card information to the scammer.


. Organizations affected: Microsoft

. Reported to: Scumware.org, Google Safe browsing (Report Phishing, Report Malware), Scammer Blaster.com, Netcraft (via browser extension) Emsisoft (via browser extension)

*Warning: For your safety, it is highly recommend that users do not visit any of the websites under the following codes:  HTML:EvilCursor-B [Trj]  debug-filing244.gq [URL:Phishing] 
These webpages are extremely aggressive and will cause crashes and other undesired effects.

. Screenshots:
 
 HTML:Tech-Scam-M [Phish]


HTML:EvilCursor-B [Trj]



HTML:EvilCursor-B [Trj]

JS:FakeAlert-L.





debug-filing244.gq [URL:Phishing]


. Offending URL's

*These websites are considered dangerous. For your safety, the links have been published as plain text.

 https://windows-security-error-codetrozanx3008091.s3-ap-southeast-2.amazonaws.com/chrome_win/index.htm

http://206.189.161.20/cmium-25/?phone=+1-(888)-308-4899&

https://windows-security-code-trozan3x4546xxxsys.s3-ap-southeast-2.amazonaws.com/chrome_win/index.htm

http://206.189.161.214/cmium-25/?phone=+1-(888)-308-4330&

http://167.99.163.56/c26092020/?phone=+1-(888)-296-5494&

http://149.248.34.126/Windows_error_6767/XMCdhdsbfMShgdfhdgfHDMSh/

https://microsoft-windows-defender-security-alert-4926.s3.us-east-2.amazonaws.com/index.html

https://microsoft-windows-defender-security-alert-4926.s3.us-east-2.amazonaws.com/index.html

https://microsoft-windows-defender-security-alert-9380.s3.us-east-2.amazonaws.com/index.html

https://microsoft-windows-defender-security-alert-2758.s3.us-east-2.amazonaws.com/index.html

https://microsoft-windows-defender-security-alert-2758.s3.us-east-2.amazonaws.com/index.html

https://s3-ap-southeast-2.amazonaws.com/windows-security-trozen-code998xx635error.sys/chrome_win/index.htm

https://celebfeeds.com/new-facebook-messenger-app-for-windows-10-leaks-online-ahead-of-release/

http://3.15.178.10/windows/#forwardproduct/neon-butterfly-face-mask/

http://3.15.178.10/windows/#forward

http://144.202.64.132/Windows_error_8459/ChError7845/

https://microsoft-windows-defender-security-alert--0380.s3.us-east-2.amazonaws.com/index.html

Share: