2019-01-09 - FAKE AV PAGE/TECH SUPPORT SCAM POPUP

ASSOCIATED FILES:

 


Shown above:  Flow chart for today's traffic.

 

WEB TRAFFIC BLOCK LIST

Indicators are not a block list.  If you feel the need to block web traffic, I suggest the following domains, URLs, and partial URLs:

 

TRAFFIC


Shown above:  Traffic filtered in Wireshark.

 

TRAFFIC RELATED TO THE FAKE AV/TECH SUPPORT SCAM POPUP:

 

OTHER INFO

MALWARE FROM AN INFECTED WINDOWS HOST:

 

IMAGES


Shown above:  Fake AV/tech support scam page without the popup windows.

 


Shown above:  Fake AV/tech support scam page with the popup windows.

 

FINAL NOTES

Once again, here are the associated files:

Zip archives are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.