HTML: FakeAlert-T [Trj]


. Codes:  HTML:EvilCursor-B [Trj] debug-filing244.gq [URL:Phishing] HTML:Tech-Scam-M [Phish]  HTML: FakeAlert-T [Trj]

. Filed under: Microsoft Tech Support Scams

. Properties: This error is displayed by a malicious website that claims that the victim's PC is infected with viruses and other malware.  These websites use aggressive tactics to keep the victim from exiting the website by closing the tab and some also prevent the visitor from closing the internet browser, through normal means These webpages can also cause the browser and the victims mouse to act erratically. Some of these webpages also overload the victim's computer by running many background process through the browser, causing the browser to either freeze or shut down unexpectedly. Often, an "official looking" Windows error message along with a telephone number will be displayed, prompting the victim to call the number for official technical support. Should the victim call the number, they will be asked by the scammer to download additional software as to gain access to the victims computer remotely which in turn, the scammer on the other end will charge the victim an enormous sum of money for bogus Anti-virus software and technical support. While this is one of the oldest scams on the internet, the biggest flaw of this scam is the fact that all supposed virus warning come the the webpage and not through the desktop notifications. Microsoft itself is alos another give away. Microsoft has not and will not ever call or ask any of their customers to call them if their PC's are infected. Microsoft's built in anti-malware, Windows Defender, has been released with every version of Windows since Windows Vista & Windows 7.

. Organizations affected: Microsoft

. Reported to: Scumware.org, Google Safe browsing (Report Phishing, Report Malware), EST.com (Via Report a Phishing page) Scammer Blaster

*Warning: For your safety, it is highly recommend that users do not visit any of the websites under the following codes:  HTML:EvilCursor-B [Trj]  debug-filing244.gq [URL:Phishing] 
These webpages are extremely aggressive and will cause crashes and other undesired effects.

. Screenshots:

HTML: FakeAlert-T [Trj]

 HTML:Tech-Scam-M [Phish]


HTML:EvilCursor-B [Trj]

HTML:EvilCursor-B [Trj]

HTML:EvilCursor-B [Trj]

HTML:EvilCursor-B [Trj]

HTML:EvilCursor-B [Trj]

debug-filing244.gq [URL:Phishing]

HTML:EvilCursor-B [Trj]

HTML:EvilCursor-B [Trj]

debug-filing244.gq [URL:Phishing]

HTML:EvilCursor-B [Trj]

Seen on an Adfly shorten URL. Uses HTML:EvilCursor-B [Trj]

Seen on an Adfly shorten URL. Uses HTML:EvilCursor-B [Trj]

HTML:EvilCursor-B [Trj]

debug-filing244.gq [URL:Phishing]

Seen on an Adfly shorten URL. Uses HTML:EvilCursor-B [Trj]

Seen on an Adfly shorten URL. Uses HTML:EvilCursor-B [Trj]

Seen on an Adfly shorten URL. Uses HTML:EvilCursor-B [Trj]

Seen on an Adfly shorten URL. Uses HTML:EvilCursor-B [Trj]

debug-filing244.gq [URL:Phishing]

HTML:EvilCursor-B [Trj]
. Offending URL's

*These websites are considered dangerous. For your safety, the links have been published as plain text.

http://www.microsoft.com-clean-windows.net/redirect/?ip=158.222.184.115&campid=ec779303-5644-48fb-9e65-5ec235e019b2&zn=151167_796884&sc=a0eff8f0-86e6-46bb-9503-7adece4a517d&browser=Chrome&browserversion=Chrome%2083&city=Brooklyn&os=Windows&osv=Windows%2010&model=Desktop&td=www.ourtracking.net&ua=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F83.0.4103.61%20Safari%2F537.36&language=en&connection=CABLE&isp=Charter%20Communications&carrier=&country=US&cep=gVhj1xrie72CP6tp95grRzvuAPBAMNGUaDNmsVryNrTDG62vI8GY0XjMyjyhnKsJhwMnho-sieUigdShYOt7kO-oWhXG7e5aHq1ci8JOgkl3OSF4PtAqm9jqCBk1aSNvUgKaeO9N6Z1giWXkAhN9NXxc8JH1kOId-Pi25C51Hiw2wLKv9TEJgfnI2qppvGUq79plASov2LZT3hUE-RwOerKEiy6zzMWY4agPkpC0Pq7XWmhO5BrP4GCop-gvHtzfUdOod8WJeo3r0wP7K83yp-W8YT2BdCFDAovijm7PkUphvJVFZdPY8hsDOYFB6B90e9u9D0rg8kZtzBQmZjD4hP7gr9wdbKOc9E6bKDoCHJ2UUc1TXN8a4nxFuBvcl_UNcqhDXqZz0y2vwvIKWTabWp_8Kxf7ik32p3P8mvqgd1pCBcoZl3BgjR8sTnIyqZyLDVcRc53oswG7T5dIQBgDCCdIH2WzGLYp1bmgDxvFt-hClmybFMCSeN582u5qyADTZ08Q9TRiQSBUAMHldmkKv8Z6bQ6hvHPVyCclojYAcnr5SlBRIC8zpRBY5w0pv2cvbp2pCg27Et0-Y7QdorCtWRh9wmki99bGtVyfG6SVCroPtZRTaUn0EnSQWb1Nj9i3&lptoken=150f944814e626d1315c&subid=151167_796884&state=ny&campaign=449041&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/83.0.4103.61%20Safari/537.36&bid=0.01&conversion=74WddkEpIKQ

https://illegal-activities-alert-hacking-attempt-found-1265.s3.us-east-2.amazonaws.com/chrome_win/index.htm

https://security-alert-66-infection-hacking-attempt-found-os-blocked-8.s3.amazonaws.com/chrome_win/index.htm?source_id=s358_796884

https://gywaat.club/Wim_dows35W8o79IRcb7jQQWdc5XXsN42/xG5GXxh3XhWHvniB2XMWGcsZj/xW5SoxtuQ/?n_b=MSg4ODgpMzgyIDAyMDk=

http://104.42.49.16/call-service-help-now/D00ChsfsdfjdsfjdsfjRV/?site=2340893&zone=9306#forward

http://104.42.49.16/call-service-help-now/D00ChsfsdfjdsfjdsfjRV/?site=2340893&zone=9306#forward

https://rphpeo.club/Wim_dows35W8o79IRcb7jQQWdc5XXsN42/xG5GXxh3XhWHvniB2XMWGcsZj/xW5SoxtuQ/?n_b=MSg4ODgpMzgyIDgzMDQ=

https://win-error3949.tk/CHOM01010101010X0NVx/

https://tigkfc.club/Wim_dows35W8o79IRcb7jQQWdc5XXsN42/xG5GXxh3XhWHvniB2XMWGcsZj/xW5SoxtuQ/?n_b=MSg4ODgpNTM3IDY1NzI=

https://vtxtdy.club/Wim_dows35W8o79IRcb7jQQWdc5XXsN42/xG5GXxh3XhWHvniB2XMWGcsZj/xW5SoxtuQ/?n_b=MSg4ODgpNDA1IDA0ODk=

https://yzpyd.club/click.php?key=x0u6mt6f0a51j9ppt92r&click_id=push_20200714172517_f7ccf2bb_0e54_4d6f_84cb_9a59c5727126&bid=0.042&source=571856&supply_id=914&site_id=914-571856&campaign_id=166796&p_s=&city=Brooklyn&language=en&bidcpm=42&creativity_id=526847&userage=6

http://192server168.ga/Chdsdsdasdasdasdad13123123/

https://vvutqt.club/Wim_dows35W8o79IRcb7jQQWdc5XXsN42/xG5GXxh3XhWHvniB2XMWGcsZj/xW5SoxtuQ/?n_b=MSg4ODgpNTI1IDE4OTM=

https://uocmke.club/Wim_dows35W8o79IRcb7jQQWdc5XXsN42/xG5GXxh3XhWHvniB2XMWGcsZj/xW5SoxtuQ/?n_b=MSg4ODgpNTMzIDQ4MDc=

http://newdaterpornx.ml/Chdsdsdasdasdasdad13123123/99

https://ymyvqy.club/Wim_dows35W8o79IRcb7jQQWdc5XXsN42/xG5GXxh3XhWHvniB2XMWGcsZj/xW5SoxtuQ/?n_b=MSg4ODgpNTM4IDE4OTU=

http://newdaterpornx.cf/Chdsdsdasdasdasdad13123123/

http://datingonlineclub.ml/Chdsdsdasdasdasdad13123123/
Share: