live-technician.com / malware-resolutions.com tech support scam.

This is the second time I’ve come across this offshore tech support liar scheme.

The first time was back in August 2015 when they were going under the name onlineresolve.com.

This time, today, they were advertising on DNSUnlocker malware infected computers.

live technician screenshot malware resolutions

IF YOU ARE A British Telecommunications Plc CUSTOMER
READ BEFORE CONTINUING TO

It appears that your Windows 7 computer has popup ads ENABLED. Please call TOLL FREE to DISABLE popup ads now at 0800 802 1145 . PLEASE FOLLOW THESE INSTRUCTIONS: Before you use , it is strongly advised that you call to disable popup ads. You can do so by calling 0800 802 1145
**************************
Browser: Firefox
IP: 199.199.199.199

The URL my test browser was sent to was:

https://malware-resolutions.com/9dk32/uk-vlp/12-27/?a=1&s=&isp=British%20Telecommunications%20Plc&browser=Firefox&os=Windows&osversion=Windows%207&clickid=Redacted&ip=199.199.199.199&city=Redacted&region=Redacted&domain=

Which then instructed me to call 0800 802 1145 (aka. +448008021145, 00448008021145, 0800-802-1145 or 08008021145).

As you can hear in the video and call recording they lie about many, many things.
They also syskey / encrypt the computer’s registry with a key that they don’t tell me.

Whiel I was on the phone they also gave me the following contact telephone numbers 0800 404 9199 (aka. +448004049199, 00448004049199, 0800-404-9199 or 08004049199)

They tried to take payment using http://www.live-technician.com (registered using a whois privacy service). The website on live-technician.com [198.12.149.118] is hosted on the same server as onlineresolve.com [198.12.149.118]

Another telephone number that appears on their website is 1-877-817-4678 (aka. 8778174678, 0018778174678 or 877-817-4678)
Also somewhere I saw these numbers too while on the phone with the guy:
1-888-389-7614 (the same number listed on live-remote.com)
and
1-888-334-5804 (the same number listed on live-remote.com)

The payment agreement or card transaction appeared to have been attempted via an account called  “Web VAD”.

Other domains now associated with this company (that I didn’t discover in my last research of them [see link at the top of the article] are:

  • fix-us.com – A remote tech support company claiming to be based in Canada. The other countries they are based in match up with the countries the liar on the phone told me the payments could be processed via.

Address: 187 E. Warm Springs Road
Suite B156, Las Vegas NV 89119
USA

Address: 1 Yonge Street, Suite 1801,
Toronto, Ontario M5E 1W7
CANADA

Address: Costa Del Este, Capital Plaza Tower,
E-1 Floor, Office 6,
Panama City, Panama

Address: Suite 501, St. James Court,
St. Denis Street, Port Louis,
Mauritius

Phone: + 1-866-612-4980 (aka 8666124980, 0018666124980 or 866-612-4980)
Email: support@fix-us.com

  • livecomtech.com – Registered to an address in India but currently a holding page.
  • livetechnician.com – Registered via a domain whois privacy service. A remote tech support page that lists their telephone number the same as onlineresolve.com and live-pcfix.com (1-888-334-5804). They also list their main address as a UK address.

Minshull House, 67, Wellington Road North, Stock Port, Cheshire, SK4 2LP
This address appears slightly differently in the UK address databases as:
On Line Company Services, 67 Wellington Road North
This appears to be an address used by at least 600 other companies registered in the UK. Probably an accountant’s office or company formations service.

Advertisements
This entry was posted in Uncategorized. Bookmark the permalink.

Comment on this topic

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s