2017-07-06 - EITEST CAMPAIGN PUSHES TECH SUPPORT SCAM

ASSOCIATED FILES:

  • 2017-07-06-EITest-tech-support-scam-traffic.pcap   (348,274 bytes)
  • 2017-07-06-page-from-skylogistics.com-with-injected-EITest-script.txt   (13,510 bytes)
  • 2017-07-06-tech-support-scam-audio-from-instavape7.top.mp3   (262,144 bytes)
  • 2017-07-06-tech-support-scam-page-from-instavape7.top.txt   (5,322 bytes)

 

NOTES:


Shown above:  Current situation with the EITest campaign.

 

TRAFFIC


Shown above:  Injected script in a page from the compromised website  The highlighted URL leads to a tech support scam page.

 


Shown above:  Traffic filtered in Wireshark.

 


Shown above:  Screenshot of the tech support scam page.

 


Shown above:  Screenshot of the tech support scam page with the notification pop-up.

 


Shown above:  There's a different telephone number when checking from a UK location.

 

ASSOCIATED DOMAINS AND URLS:

TECH SUPPORT SCAM PHONE NUMBERS:

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.