Tag: Technical Support Scam

Tech Support Scams

Below is a link to an article from Malwarebytes Lab explaining tech support scams: https://blog.malwarebytes.com/tech-support-scams/ Some recent examples that I collected on 05/02/17 are shown below. Network Activity: 174.137.155.139 – xml.pdn-1.com – 302 redirect to tech support scam 107.180.1.35 – binmsisooso.life – Tech support scam landing page 46.30.213.100 – bunt.truncomp.com – Tech support scam server Network ...

Hacked Sites Redirecting Users to Various Malvertising Campaigns

I had somebody contact me via my Contact page saying that they found my post on the Seamless campaign leading to RIG exploit kit. They had told me that they had received an email with the following link multitaskcleaners[.]co[.]uk/giftwrap.php?1702. He went on to say that going directly to multitaskcleaners[.]co[.]uk redirected him to 194.58.42.227/flow339[.]php. 194.58.42.227 is the same gate from my ...

TDS Redirecting Users to RIG Exploit Kit and Other Stuff

I’ve been tracking numerous external TDSs being used in exploit kit infection chains over the last couple of months. This post will focus on one TDS in particular, specifically a Keitaro TDS. During my investigation I was able to track down 12 domains that had been compromised and were redirecting users to this TDS. In the ...