Credit to PopupDb and @choozn for this find. I noticed that a lot of recent pop ups in the database followed a pattern, which is below. Though they advertise the same number there are 89*3 pop ups, with another 11 sites that may host 3 pop ups already bought by these scammers.
The scammers use the following structure for their domains:
Http://terror[insert number between 01 and 89, note the 0 in front of single digits].azurewebsites.net
There are three pages that have the pop ups in each domain, ending in:
/Boyd-TX
/Keene-OH
/Amazon-AZ
Two of these are fake Microsoft pop ups and one of them is a fake Mac pop up.
For example, domains such as
http://terror09.azurewebsites.net/Keene-OH
http://terror39.azurewebsites.net/Amado-AZ
Though only numbers between 01-89 are active currently, it seems the scammers have bought 89-100 as well.
Now to report all of these, help would be appreciated :)
@Commissar#150997 Look on PopupDb for today’s active number. I don’t know if they have activated the other numbers as I think the other links will be used in later days… and hopefully will be taken down before they can be used
Update on reporting:
All sites reported to netcraft, which in turn has initiated their “take down” service for pop ups that claim to represent certain companies.
Pop ups appear to have been reported to google safe browsing (by netcraft?)
Reported to Microsoft
Working on reporting to Norton
For list of urls see https://github.com/YON100-HB/Popups-19.07
Am working on updating this with more info as soon as I can get it
@Commissar#151247 Familiarise yourself with the layout of the pop ups . Once you have done that go to popupdb and find the most recent pop up from these scammers on websites aerror.azure and terror.azure.
Those numbers will work. Call at a US ‘normal’ time
