HTML: FakeAlert-T [Trj]


. Codes: HTML: FakeAlert-T [Trj] HTML:EvilCursor-B [Trj] 
 HTML:Tech-Scam-M [Phish]

. Filed under: Microsoft Tech Support Scams

. Properties: This error is displayed by a malicious website that claims that the victim's PC is infected with viruses and other malware.  These websites use aggressive tactics to keep the victim from exiting the website by closing the tab and some also prevent the visitor from closing the internet browser, through normal means These webpages can also cause the browser and the victims mouse to act erratically. Some of these webpages also overload the victim's computer by running many background process through the browser, causing the browser to either freeze or shut down unexpectedly. Often, an "official looking" Windows error message along with a telephone number will be displayed, prompting the victim to call the number for official technical support. Should the victim call the number, they will be asked by the scammer to download additional software as to gain access to the victims computer remotely which in turn, the scammer on the other end will charge the victim an enormous sum of money for bogus Anti-virus software and technical support. While this is one of the oldest scams on the internet, the biggest flaw of this scam is the fact that all supposed virus warning come the the webpage and not through the desktop notifications. Microsoft has not and will not ever call or ask any of their customers to call them if their PC's are infected. Microsoft's built in anti-malware, Windows Defender, has been released with every version of Windows since Windows Vista & Windows 7.

. Organizations affected: Microsoft

. Reported to: Scumware.org, Google Safe browsing (Report Phishing, Report Malware), EST.com (Via Report a Phishing page) Scammer Blaster

*Warning: For your safety, it is highly recommend that users do not visit any of the websites under the following codes:  HTML:EvilCursor-B [Trj]  debug-filing244.gq [URL:Phishing] 
These webpages are extremely aggressive and will cause crashes and other undesired effects.

. Screenshots:

HTML:Tech-Scam-M [Phish]
HTML:EvilCursor-B [Trj

Aggressive scam page found on the URL shortening website, Adfly. It uses HTML: EvilCursor. Adfly is well known for its many Phishing adverts and other tech support scam adverts. Adfly itself is not malicious but their support team and monitoring of the actual adverts that appear on their service is extremely poor. Firefox users are most at risk of seeing these scam pages through Adfly.



HTML:EvilCursor-B [Trj

HTML:EvilCursor-B [Trj
HTML:EvilCursor-B [Trj


HTML:EvilCursor-B [Trj

This is a variant of the refund scam. McAfee does not have a product called "Advanced PC Pro" The URL of this scam page is also not a McAfee domain nor is it even remotely close to being one in terms of name. These scam pages will appear whether or not you are using McAfee or a different antivirus software.

HTML:EvilCursor-B [Trj

HTML: FakeAlert-T [Trj]


HTML:EvilCursor-B [Trj]

HTML:EvilCursor-B [Trj]






HTML:EvilCursor-B [Trj]

HTML:EvilCursor-B [Trj] - This one contains an animated mouse cursor that points to all of the key fundamentals of the scam. The cursor will point to the fake error messages, the Windows logo and the phone number.


HTML: FakeAlert-T [Trj]

HTML: FakeAlert-T [Trj]

HTML: FakeAlert-T [Trj]

HTML: FakeAlert-T [Trj]
. Offending URL's

*These websites are considered dangerous. For your safety, the links have been published as plain text.

https://66-hacking-attempt-found-dll-missing-system-blocked-0115.s3.amazonaws.com/chrome_win/index.htm?source_id=s358_796884

https://request-18helpdesk-online.preview-domain.com/Chdsdsdasdasdasdad13123123/

http://weatherinfo.ml/Chdsdsdasdasdasdad13123123/

https://helpdeskreport-2000bug-xyz.preview-domain.com/%2B1%20425-286-8817/%2B1%20425-286-8817/

https://helpdeskreport-2000bug-xyz.preview-domain.com/WA10011001010CHV_JU/

https://sites.google.com/view/advance-pc-pro/home

http://www.microsoft.com-clean-windows.net/redirect/?ip=158.222.184.115&campid=fbb96fa3-0e67-4e51-b9e5-972239321a47&zn=86&sc=7089cafc-7135-4b2a-99b3-8e00d22601ff&browser=Chrome&browserversion=Chrome%2083&city=Brooklyn&os=Windows&osv=Windows%2010&model=Desktop&td=www.ourtracking.net&ua=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F83.0.4103.61%20Safari%2F537.36&language=en&connection=CABLE&isp=Charter%20Communications&carrier=&country=US&cep=gmRdlk_V1p7RxqQT1fwg8FWZ0Pli9XO_Ia8xayMDsZGmHR6mBw8HYtIwYdsslzZ5vva835dhhyPVEi0FXsrIkFQJ8HtcCv6eC0mHBTaX1uOIDEtHY_LExP9-sgrE2vmR32oQnLkPMJzk-oRdsgZ0MF7ZcNIE3OOXqpNT2x6_dgnal0-3se8vaa-jKEdLpBg7YLPyIEfiFD1SkdaBwCHN-h8emsFJLRFgpaLVw2ioDZf2j9rUCqZmBx5YSikoelV2P_mLDiGji478OqXEuIOIg-_6PKqQEtVSjuSODat6tvOO8y9Jr1EDOhIbXRDGpWNxrAAsyJYrAGYbeCrmXfz9woVlzyOh4-HHA3Tki32tGaLZjPMTdpVhxNXfVmU9xkQfmsAdOLz38qXuLlUPmlOULMmdz73S4VuYbCuBtRjoEXrUbyjNYvCauSKTMkbD24WrgdTUEFwxYlFxI3XBfE5N9I0vNXgZi2FbVMW1DoiEPAsTQWG8pkHfYf_WWwcZnDGo1R4j3JK-i8mPIUw_3a-o5w&lptoken=152c956e1828598e334e&supply_id=86&source=4679&creativity_id=551035&userAge=7&campain_id=171316&bid=0.001&click_id=push_20200719184152_00c5adc0_3ea7_4959_bdb9_a838287492f6

http://www.microsoft.com-clean-windows.net/redirect/?ip=158.222.184.115&campid=fbb96fa3-0e67-4e51-b9e5-972239321a47&zn=86&sc=7089cafc-7135-4b2a-99b3-8e00d22601ff&browser=Chrome&browserversion=Chrome%2083&city=Brooklyn&os=Windows&osv=Windows%2010&model=Desktop&td=www.ourtracking.net&ua=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F83.0.4103.61%20Safari%2F537.36&language=en&connection=CABLE&isp=Charter%20Communications&carrier=&country=US&cep=gmRdlk_V1p7RxqQT1fwg8FWZ0Pli9XO_Ia8xayMDsZGmHR6mBw8HYtIwYdsslzZ5vva835dhhyPVEi0FXsrIkFQJ8HtcCv6eC0mHBTaX1uOIDEtHY_LExP9-sgrE2vmR32oQnLkPMJzk-oRdsgZ0MF7ZcNIE3OOXqpNT2x6_dgnal0-3se8vaa-jKEdLpBg7YLPyIEfiFD1SkdaBwCHN-h8emsFJLRFgpaLVw2ioDZf2j9rUCqZmBx5YSikoelV2P_mLDiGji478OqXEuIOIg-_6PKqQEtVSjuSODat6tvOO8y9Jr1EDOhIbXRDGpWNxrAAsyJYrAGYbeCrmXfz9woVlzyOh4-HHA3Tki32tGaLZjPMTdpVhxNXfVmU9xkQfmsAdOLz38qXuLlUPmlOULMmdz73S4VuYbCuBtRjoEXrUbyjNYvCauSKTMkbD24WrgdTUEFwxYlFxI3XBfE5N9I0vNXgZi2FbVMW1DoiEPAsTQWG8pkHfYf_WWwcZnDGo1R4j3JK-i8mPIUw_3a-o5w&lptoken=152c956e1828598e334e&supply_id=86&source=4679&creativity_id=551035&userAge=7&campain_id=171316&bid=0.001&click_id=push_20200719184152_00c5adc0_3ea7_4959_bdb9_a838287492f6

http://www.microsoft.com-clean-windows.net/redirect/?ip=158.222.184.115&campid=fbb96fa3-0e67-4e51-b9e5-972239321a47&zn=86&sc=7089cafc-7135-4b2a-99b3-8e00d22601ff&browser=Chrome&browserversion=Chrome%2083&city=Brooklyn&os=Windows&osv=Windows%2010&model=Desktop&td=www.ourtracking.net&ua=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F83.0.4103.61%20Safari%2F537.36&language=en&connection=CABLE&isp=Charter%20Communications&carrier=&country=US&cep=m5izZ88DUvUPPCgrbcUs1bu1pda_e2f1Wg53ak5MaNGnMMnAOJ7PbmfHl5XDTfEXvq2dkIL8yoGzNjmCJz71icnjVZtp2oRPSxUKizTL5RE2vIwL6CanI4fYNx0lDhoxQT0c6yr8LLHAA6uDvp7gADKu17BqsXIAD2cFnvSizwPbbDuXbFmDlbHAn5t0h1hIH4gIl-HJ7ee57KXCvodDCej8cgnY16Q5GPZs1gFjrbEV7CuYpL8kGvqxre2H5gdC7D3__WaWZ0jneN7Z1f4qVFq147scUaOKf2HzHkJeQkxPFzZTP0Xo60-m-E2t3pTXUgV0oijK85HzQhX0OOcQozMc1q_7VkA7BmvkAM0lGL1CPe6YryWfl9LDfARRnd08jxmLD-6dBdbDrTdIfzU9fQGOH5AIU8UXc1m3r-wANS6HtyX8yMwJpR6smrpKxIVxHNEiOBX11HyhAzO5eq9B5ioa18tsKSizOW_CNdgPxPtKsmZ9H
-tT9eI3LWV4nm_xLWAqmeYPr1YwadWaGHdyBA&lptoken=152395d818df595932ea&supply_id=86&source=4679&creativity_id=551038&userAge=7&campain_id=171316&bid=0.001&click_id=push_20200719184202_d9222b2f_7ae4_4857_87cd_909d6f752da7

https://ynpuob.club/Wim_dows35W8o79IRcb7jQQWdc5XXsN42/xG5GXxh3XhWHvniB2XMWGcsZj/xW5SoxtuQ/?n_b=MSg4ODgpNDA1IDA5MzU=

https://kayamat-h-kayamat.cf/alert/0WCHfdfdfdfddfd0099900YN/

https://dwhfejobjcdsicsncen3889484.cf/alert/0WCHfdfdfdfddfd0099900YN/

https://fvdhiw.club/Wim_dows35W8o79IRcb7jQQWdc5XXsN42/xG5GXxh3XhWHvniB2XMWGcsZj/xW5SoxtuQ/?n_b=MSg4ODgpMzk1IDc1MTI=

https://yyyyyy-utti-uttam-xxxxx.cf/alert/0WCHfdfdfdfddfd0099900YN/

https://izphxx.club/Wim_dows35W8o79IRcb7jQQWdc5XXsN42/xG5GXxh3XhWHvniB2XMWGcsZj/xW5SoxtuQ/?n_b=MSg4ODgpNDE0IDYxOTk=

http://ip-conflict-network-error.gq/ched/

https://server13onlinenow-tk.preview-domain.com/CH0101101010101001CS/

https://pchelp-2020helpdesk-xyz.preview-domain.com/DsdfsfsfsdCHfsfsfsf009/

https://server13onlinenow-tk.preview-domain.com/CH0101101010101001CS/
Share: