It begins with +1 844 534 8410, who claim to be Malwarebytes tech support. Associated with that number are the following websites:
hpsupports.org
antivirus-phone-number.com
callphonenumbers.com
supportmalwarebytes.blogspot.com
malwarebytessupportnumber.com
avastcustomerservice.com
antivirusphonenumber.com
if we take a closer look at antivirusphonenumber.com, we find it is registered to Nitin Singh, who we will discuss in a moment. This website is linked to 2 others through IP. Those other sites are:
annual-subscription.info
subscription-renewal.info
Looking back at Nitin Singh. They have registered a few technical support sites, being:
pc247solutions.com
pc247solutionsllc.com
techsupprt.com
onlinehelp24x7.info
quicksupportusa.com
pcsupport-247.com
intuitquickbookssupport.us
wistechsupport.com
connecttechsolutions.net
microtechnologies.us
We also found qbcustomerservices.com from quicksupportusa.com through a shared IP.
We found office-setup-helpnow.us from a shared Google Analytics ID from intuitquickbookssupport.us
If we go back to avastcustomerservice.com, we found some more information. Through linked IPs, we found 4 websites:
browser-security-alert.com
errorx108.ml
errorx107.ml
icloudsec.com
browser-security-alert.com was registered with the following details:
+91 99584 35465
[email protected]
From the email address, we found 2 more websites:
immediate-response-windows-alert.info
immediate-windows-response-alert.info
We also found, from the avastcustomerservice.com site, a phone number:
+91 98105 48580
This belongs to Rahul Saini, who either owns or manages CyberX, the lead company. His email is [email protected] and the company are registered at A-6, A Block, Sector 16, Noida, Uttar Pradesh 201301, India.
The websites registered are the following:
supportantivirus.us
emaillogin.us
xwebsolutions.us
mswarning.us
emailloginhelp.us
xwebservices.us
xwebtechservices.us
alldigisolutions.us
ewebservices.us
windowserrorwarnings.info
windows-security-alerts.info
mailhelp.us
emailaccountlogin.us
webmailloginhelp.us
Most of all of the domains mentioned in this post are inactive and do not load. The phone number has been passed on to Malwarebytes, and we will provide them with the information found.
