New popup

Scams Tech Support Scam
1

http://tref.njiuhbvgytfcdrxesz.tk/x1dfsdndkjfrsasasrere343cv/

https://bobrtc.live/phonebook/dial/18306377234#

2

Here is all i am going to deliver to you guys currently. It will take awhile to map everything out.

TECH SUPPORT SCAM PAGE: 1a7282019A
Initial attack link: http://tref.njiuhbvgytfcdrxesz.tk/x1dfsdndkjfrsasasrere343cv/
Screen caps of attack live:
https://ibb.co/vLNtgQJ
https://ibb.co/TR6yCKh
https://ibb.co/4spRztb

Screen Cap of not empty downlaoded beep file: https://ibb.co/t2JJHdn
Link to beep file downloadable, is not empty: http://tref.njiuhbvgytfcdrxesz.tk/x1dfsdndkjfrsasasrere343cv/beep.mp3
Serving IP Address: 178.159.36.119 Country Ukraine
IP via trace route: 178.159.36.119 Country Ukraine
Domain name:
NJIUHBVGYTFCDRXESZ.TK
Organisation:
BV Dot TK
Dot TK administrator
P.O. Box 11774
1001 GT Amsterdam
Netherlands
Phone: +31 20 5315725
Fax: +31 20 5315721
E-mail: abuse: [email protected], copyright infringement: [email protected]
Domain Nameservers:
NS03.FREENOM.COM
NS04.FREENOM.COM
NS01.FREENOM.COM
NS02.FREENOM.COM
person: Alexandros Iosifidis
address: 24.5 Old Northern Highway, Titoff Place, Boston Village, Belize
phone: +4915145583734
nic-hdl: AI4225-RIPE
mnt-by: MNT-PHL
created: 2016-07-07T13:25:43Z
last-modified: 2016-07-07T13:25:43Z

3

number

18306377234

4

[[3,4],[3,4,27]]

5

I have started mass uploading all the files I pulled from their web directory.

6

Is there anyway, that we can pipe this into their phones during flooding them?

A little message from Seattle.

https://www.youtube.com/watch?v=x6E0Z8wqNDQ

Or perhaps this? Its where I come from, JUNKIE TOWN! ahahahahahaahahahaaaa

https://www.youtube.com/watch?v=O42LndZnT-Q

7

Mapping and uploading all files to as many virus scanner companies as I can.

Help would be NICE!

8

Mapping nodes

9

oh me, OH MY,

SCOPE OF BOT NET: Tech-Support-Scam-Page1-A7282019-E hosted at ImgBB — ImgBB

Its not complete yet, but its already rather large and complicated.

I would becarefull visiting those tech support scam pages, if I was you guys!

10

@FLAGRUM#101735 why? It’s just a fake popup nothing dangerous.

11

@NeeP#101739

Its not the pop up, its the server itself. If the server is under control by outside sources your ip can easily be recorded by connecting to the site, that is on the server. That can lend them more information for future attacks and or exploits directly involving your current ip.

12

@NeeP#101739 You should also remember some of these are not just pajeet and his poop street pals. Some of them are state actors.

13

@NeeP#101739 You should tell the scammers to be “manual scavengers”.

https://www.youtube.com/watch?v=4MK5o9Vhiqk

14

@FLAGRUM#101757 You do realize most Ads will display similar network interconnections because thats how they work. That is why Ads bring in revenue, because they are spread all over the internet and people allow them on their websites. You would need to find the Hosting server where the files themselves are stored on, not the relay paths across the domains that host the js redirects from the marketing company.

15

@FLAGRUM#101763 This is really disturbing. I almost deleted this post because of how disturbing that video was. YUCK!

16

@iScam#101771

Yes it is disturbing, whats more disturbing is that the people there are okay with it. How could people treat their own people in this manner?

17

@FLAGRUM#101757

the IP cannot really be exploited. Most consumers have a dynamic IP anyway that will change after a few days and also the scammers are not interested to go after specific people…

18

@FLAGRUM#101786 yeah tbh I felt physically ill. :frowning:

19

I reported them to Freenom, their domain registrar.

20

Telephone was up earlier today 14 Aug. Down now.