pc-errors-500.com scam message

–I’ve since come across these people again in August 2015!—

While investigating a “Whats App” phishing campaign going around today I came across the following site:

http://pc-errors-500.com/Alert2a-Warning-PC-Problems-UK/

This page gives you the standard “your computer is infected” advert with non-stop javascript pop up messages and audio that plays telling you the same thing. Needless to say – this is just a website! Your computer is probably not infected. End Task or somehow close your browser window.
fake-virus-warning-tiscali-phishing

It lists the phone number as (0800)-051-3311 (or in other formatting 08000513311 or +448000513311) provided by Vodafone Ltd (C&W).

When called at 10pm UK time I was greeted with a handy message with the company name, and then a very helpful offshore “emergency support” call center who clarified the company name.

https://soundcloud.com/user604457825/techvedic-easytechy-scam

Which means the number being advertised in the scam advert is for…

http://www.easytechy.co.uk/
and the parent brand
http://www.techvedic.com/uk/

I do not know if they are the people running the scam advert with their phone number. It is either their own scam advert or they have an affiliate scheme which encourages such fraudulent practices.
Given that the easytechy site lists a different number (0800 016 3909 – allocated to BT) I presume the fraudulent advert number is an affiliate’s number that generates them commission when someone signs up to have their computer “fixed”.

The domain, pc-errors-500.com, is hosted on 188.68.250.134 “n8250h134.sprintdatacenter.net”.
This IP also reports as host.myerror-online1a.com. The host doesn’t resolve but the domain does exist and is registered, once again, using a privacy service. The nameservers (ns1.pc-errors-500.com and ns2.pc-errors-500.com) resolve (188.68.250.130) but don’t respond to DNS requests. The pc-errors-500 domain has been registered since 11th May and the myerror domain since the end of April so this is a fairly new scam.
The 188.68.250.130 and 188.68.250.134, 188.68.250.133, 188.68.250.139 and other nearby IPs appear to be on the same physical computer.

inetnum: 188.68.224.0 – 188.68.255.255
netname: PL-SPRINT-20090825
descr: “Sprint” S.A.
country: PL

The pc-errors-500 domain leaks a fake address of “asdfwdfko@gmail.com” but does allow a reverse lookup of other potentially spammy / scammy domains that the same operation is running or has run in the past:

-techfix-alerted.com (188.68.250.133)
-myerrors-notice5a.com (http://techfix-alerted.com/Alert2a-Warning-PC-Problems-UK/ has the same scam page)
-myerrors-noticehere1.com (http://myerrors-noticehere1.com/Alert2a-Warning-PC-Problems-UK/ has the same scam page)
-news-5onlineweb.com (doesn’t really fit the bill.. the domain is registered by someone in china yet points to the ns1.myerror-online1a.com nameserver)
-adzmarkets.com (188.68.250.139)
-myerrors-2100zx.com
-myerror-online10b.com (Nameservers in the 188.68.250.132 range)

The IP ranges announcing as the host.myerror-online1a.com server are:
-188.68.250.130
-188.68.250.131
-188.68.250.132
-188.68.250.133
-188.68.250.134
-188.68.250.135
-188.68.250.136
-188.68.250.137
-188.68.250.138
-188.68.250.139

The initial phishing was a supposed voicemail from the miss-spelled “Whats App”:
tiscaliphishing

Which used domains similar to:

http://ccfbd4db5cc7ddb-mailbox-tiscali.scdsmail.com/bi.html

The first time the phishing link is clicked it gives you a screen saying that your sign in has expired and asks you for your email password.. (stealing your credentials).

If you then re-visit the site.. the first time you get sent to a page that looks like youtube and plays a video. Any further visits give you some acacia berry spam / marketing site.

The phishing domain, scdsmail.com, is registered with a whois privacy service. The site is hosted on IP 104.148.44.92..

Net Range 104.148.44.0 – 104.148.45.255
CIDR 104.148.44.0/23
Name EVOVM-NETWORKS
Handle NET-104-148-44-0-1
Parent GLOBAL-FRAG-SERVERS (NET-104-148-0-0-1)

However somehow while investigating the above domain I got forwarded to the fake virus warning page.

Advertisements
This entry was posted in Uncategorized. Bookmark the permalink.

3 Responses to pc-errors-500.com scam message

  1. Pingback: Windows 8.1 apps, validated in the store, say you have viruses! | thecomputerperson

  2. Pingback: “online-supporting-500errors1.com” support scam | thecomputerperson

  3. Pingback: The “notice-alerted-onlineweb11.com” tech support scam. | thecomputerperson

Comment on this topic

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s