How to get scam popups

Scams Tech Support Scam
1

Typo-squatting most certainly yields tech support pop ups, however, they are very geo-location specific.

If you are coming from an ISP that is outside of the US, you typically will not get the tech support popups.

If you are on a VPN vs. a regular "ISP" connection, you also will receive different targeted ads. Lastly, if you visit multiple sites throughout the day, you will get captcha codes for a lot of the advertisement sites.

The list I have, from another scammer.info member, is as follows:

[type or paste code here]
http://Gmil.cm
http://Gmil.cm
http://Gyoutube.com
http://amason.com
http://ebaay.com
http://ebbay.com
http://facebooook.com
http://fastsuppirt.com
http://fecebook.com
http://firert.com
http://geogle.com
http://ggmail.com
http://ggoogle.co.uk
http://ghogle.com
http://giigle.com
http://gllgle.com
http://gmial.com
http://gmil.com
http://goggle.com
http://goigle.com
http://googae.com
http://googe.com 
http://googee.com
http://googfe.com
http://googhe.com
http://googl4.com
http://googln.com
http://googlo.com
http://googloe.com
http://googme.com
http://googpe.com
http://googre.com
http://googte.com
http://googwe.com
http://gookle.com
http://goolle.com
http://goonle.com
http://goooogle.com
http://gooooogle.com
http://gooqle.com
http://gooxle.com
http://gooyle.com
http://gopgle.com
http://gpogle.com
http://guogle.com
http://gyogle.com
http://gyoutube.com
http://hoohle.com
http://hotmali.com
http://iutlook.com
http://outliik.com
http://outliok.com
http://outloik.com
http://outlool.com
http://outloook.com
http://ouylook.com
http://oyoutube.com
http://paypak.com
http://poutlook.com
http://redddit.com
http://reddiit.com
http://reddir.com
http://redditt.com
http://reeddit.com
http://scammer.net
http://teamviewre.com
http://teddit.com
http://trxtnow.com
http://twittre.com
http://twltter.com
http://twwitter.com
http://uotlook.com
http://uoutibe.com
http://uoutube.com
http://voovle.com
http://washimgtonpost.com
http://washingtompost.com
http://wikia.cm
http://yiutube.com
http://yootube.com
http://yoptube.com
http://yotube.com
http://youtibe.com
http://youtoob.com
http://youtubd.com
http://youtubs.com
http://youtubu.com
http://yuotube.com
http://yuutube.com

What I do is go to http://www.openmultipleurl.com in Incognito Mode and paste in the above list. I turn off popup blocking (or allow the domain) and let all of the sites load at once. This has revealed multiple fake tech support popups.

Today's list

https://www.14cleeper.cf/call-microsoft-security-1-855-687-8444/
http://slimier.stream/live/
http://lugeings.stream/
http://curbjess.stream/

855-687-8444
877-204-8351
855-643-2037
877-836-9717

2 Likes
2

Another one: Gyoutube.com

3

I just go to sketchy download sites on my VM then click the fake advertisements that are supposed to look like downloads, this usually works for me also.

Please also do this on your VM, these can lead to unwanted programs of course.

4

@Cloud241#36858 Good catch - this one brings me to

https://www.hdepro.cf/call-microsoft-security-1-855-566-7666/

855-566-7666

5

@Markiemm#36909 Sure can! The site is still active.

6

Some Popup Patterns:

Alphebetically decerment v, u, t, s, r, q, (gap), j, i, h, g, f, e, d, (gap), b, for the wild-card character ? in http://?depro.cf
e.g. http://vdepro.cf has at least one Popup

Alphebetically decerment o, (gap), m, l, k, for the wild-card character ? in http://?klo.cf
e.g. http://kklo.cf has at least one Popup

Alphebetically decerment c, b, a, for the wild-card character ? in http://?par.cf
e.g. http://cpar.cf has at least one Popup

Numerically increment 0, 1, 2 for the wild-card character ? in http://computer-error0x485012?.pw
e.g http://computer-error0x4850120.pw is a Popup

Pattern in these ?.tk/number=☏ seems more complicated, e.g.
☏ 866-279-5172
http://arunningcloseby.tk/?number=866-279-5172
http://betghafcsvrea.tk/?number=866-279-5172
http://feehyjadseukl.tk/?number=866-279-5172
http://intheairstars.tk/?number=866-279-5172
http://needingathemand.tk/?number=866-279-5172
http://oftruthupon.tk/?number=866-279-5172


Baiters need a link only for the Scammer phone number. For baiting itself, even de-activated Popups are irrelevent. Create custom Popup, with any scammer Phone number, links are in the description of http://youtu.be/INGU-yUH0JU


Truncating ADAROSS Link replace/d/8181-fake-windows-scam-site
to the bare-minimum, http://cpar.cf
Next decrement the first character alphabetically, http://bpar.cf, http://apar.cf for more Popup numbers
Also increment to http://dpar.cf for more

7

Baiters need a link only for the Scammer phone number. For baiting itself, even de-activated Popups are irrelevent. Create custom Popup, with any scammer Phone number, links are in the description of Your Own Fake Popup - YouTube

8

Truncating ADAROSS Link replace/d/8181-fake-windows-scam-site

to the bare-minimum, http://cpar.cf

Next decrement the first character alphabetically, http://bpar.cf, http://apar.cf for more Popup numbers

Also increment to http://dpar.cf for more

9

http://gmial.com

http://gyoutube.com

http://oyoutube.com

http://yiutube.com

http://youtibe.com

http://yuotube.com

http://yotube.com

http://googe.com

http://wikia.cm

http://reeddit.com

http://goggle.com

10

Various techniques are used by Popup hunters.

I have no idea which country phone code is in this Popup, captured by a tech-savvy hunter using correct values for each of the several variables like time-frame, time-zone, etc.

http://hacking902-alert.ml/Microsoft%2520Edge&isp=Time%2520Warner%2520Cable%2520Internet-Time%2520Warner%2520Cable%2520Internet%2520Llc&ip=172.116.211.232&geo=US/jefsysalert02300cd90fe0r3fe3r35-dfwe323224-12312312345

11

Thanks to a techie-friend suggestion for hunting Popups which start with stream.live

Variable starts after the two slashes// up to the first dot .
A value for the variable may be in a screen-grab or a video frame-pause.

This example starts with the frame-pause http://youtube.com/watch?v=iw-ewcoL50Y&t=1s

The value here is metamere

Append the next line
.stream/welcome/?a=none&pagex=none&s1=none&os=none&browser=none&isp=none&ip=none&geo=none

Paste the newly obtained line in the address bar to read:
metamere.stream/welcome/?a=none&pagex=none&s1=none&os=none&browser=none&isp=none&ip=none&geo=none

This will establish the relationship between the Popup a baiter used and the CURRENT PHONE NUMBER
The actual phone number the baiter shows may still be active, not necessarily identical with the CURRENT HUNT

This method is also useful for tie-breaking a given phone number with the host value descrided above.

☏ 866-819-7045
http://lobednine.stream/welcome/?a=none&pagex=none&s1=none&os=none&browser=none&isp=none&ip=none&geo=none
http://lobeliaone.stream/welcome/?a=none&pagex=none&s1=none&os=none&browser=none&isp=none&ip=none&geo=none
http://lobeone.stream/welcome/?a=none&pagex=none&s1=none&os=none&browser=none&isp=none&ip=none&geo=none
http://lonenine.stream/welcome/?a=none&pagex=none&s1=none&os=none&browser=none&isp=none&ip=none&geo=none
http://mascarafiest.stream/welcome/?a=none&pagex=none&s1=none&os=none&browser=none&isp=none&ip=none&geo=none
http://medullae.stream/welcome/?a=none&pagex=none&s1=none&os=none&browser=none&isp=none&ip=none&geo=none
http://metaphyses.stream/welcome/?a=none&pagex=none&s1=none&os=none&browser=none&isp=none&ip=none&geo=none
http://metaprotein.stream/welcome/?a=none&pagex=none&s1=none&os=none&browser=none&isp=none&ip=none&geo=none
http://metaproterenol.stream/welcome/?=none&pagex=none&s1=none&os=none&browser=none&isp=none&ip=none&geo=none
http://metaraminol.stream/welcome/?a=none&pagex=none&s1=none&os=none&browser=none&isp=none&ip=none&geo=none
http://microbic.stream/welcome/?a=none&pagex=none&s1=none&os=none&browser=none&isp=none&ip=none&geo=none
http://thickety.stream/welcome/?a=none&pagex=none&s1=none&os=none&browser=none&isp=none&ip=none&geo=none
http://thickish.stream/welcome/?a=none&pagex=none&s1=none&os=none&browser=none&isp=none&ip=none&geo=none
http://thievery.stream/welcome/?a=none&pagex=none&s1=none&os=none&browser=none&isp=none&ip=none&geo=none
http://thieving.stream/welcome/?a=none&pagex=none&s1=none&os=none&browser=none&isp=none&ip=none&geo=none
http://thievish.stream/welcome/?a=none&pagex=none&s1=none&os=none&browser=none&isp=none&ip=none&geo=none
http://thimbler.stream/welcome/?a=none&pagex=none&s1=none&os=none&browser=none&isp=none&ip=none&geo=none
http://tramroad.stream/welcome/?a=none&pagex=none&s1=none&os=none&browser=none&isp=none&ip=none&geo=none

☏ 877-211-0889
http://lievenine.stream/welcome/?a=none&pagex=none&s1=none&os=none&browser=none&isp=none&ip=none&geo=none

☏ 877-870-3252
http://lobbernine.stream/welcome/?a=none&pagex=none&s1=none&os=none&browser=none&isp=none&ip=none&geo=none
http://lobbysix.stream/welcome/?a=none&pagex=none&s1=none&os=none&browser=none&isp=none&ip=none&geo=none

12

You can freely substitute your favorite scammer name for any place-holder “none” in those Popup hunt URLs

13

@Markiemm#39149

Thanks.

I now see the distinction - This thread is about Redirectors, not the Redirected

I’ll try to pay attention to this topic in this thread☺

14

@reportingscammers007#34269 Lol AVG having some issues with the sites im visiting and thanks for the tip :smiley:

image vmplayer-2018-08-09-23-48-44jpg.jpegimage vmplayer-2018-08-09-23-48-44jpg.jpeg


15

This is what i use - YouTube

i found this one on youtube

16

I have one! https://utube.com if you click on the videos, they give you a gift card scam!

17

Some websites redirect to different sites according to the browser and the computer platform. So if it redirects to something like survey scams and malware downloads and not tech support scam pages, I use a different browser.

18

When using Chrome try this link:

http://chromeredirect.online

Depending on the Popup Cycle frequency and duration, it will redirect to fresh ones, NOT YET FLAGGED by Chrome-safe-browsing.

This is similar to Digital Sign Board Ad on streets. When you miss it, wait for the next cycle for the same Ad.

If it's NOT your Popup type, F5 Refresh WILL NOT DO. You'll have paste the above URL on the Address Bar and Press Enter ⏎

The Popup Phone Numbers often remain active, long after the Popup Page itself has been flagged by Chrome, Firefox, Symantec, Kaspersky, etc. A Screen-Grab or Video-Frame-Pause comes in handy for reporting them, even after the Popups are removed / blocked, preventing their recreation.

… Will Plan an article to safely capture Most Popups, especially with WYSIWYG Phone Numbers…

19

One that’s always worked for me is www.viooz.ac

20

As suggested by @Markiemm , I will paste my list of typo-squatting urls that I have found here:

goooogle.com

ggmail.com

giigle.com

gopgle.com

goigle.com

paypak.com

fecebook.com

outlool.com

outliik.com

gooooogle.com

googloe.com

amason.com

outloik.com

outliok.com

facebooook.com

hoohle.com

outloook.com

iutlook.com

gmil.com

gmial.com

ouylook.com

uotlook.com

poutlook.com

ebaay.com

ebbay.com

youtoob.com

youtibe.com

yuutube.com

yuotube.com

yoptube.com

twittre.com

twwitter.com

twltter.com

hotmali.com

redddit.com

reddiit.com

redditt.com

teddit.com

reddir.com

gllgle.com

voovle.com

teamviewre.com

fastsuppirt.com

Original post: http://scammer.info/d/14855-squatting-links-to-scam-popups