2017-07-14 - ANOTHER TECH SUPPORT SCAM POPUP MESSAGE

ASSOCIATED FILES:

  • 2017-07-14-tech-support-scam-traffic.pcap   (728,331 bytes)
  • 2017-07-14-audio-message-from-df-th-37.s3.amazonaws.com.mp3   (143,728 bytes)
  • 2017-07-14-fake-microsoft-site-from-df-th-37.s3.amazonaws.com-index.txt   (127,069 bytes)
  • 2017-07-14-jquery.js-from-134.249.116.78.txt   (2,698 bytes)

 

IMAGES


Shown above:  Popup seen after trying to view the compromised website.

 


Shown above:  Web page behind the popup.

 

 

TRAFFIC


Shown above:  Traffic from this activity, filtered in Wireshark.

 


Shown above:  HTTPS urls from the Internet Explorer cache.

 

ASSOCIATED DOMAINS AND URLS:

 

FINAL NOTES

Once again, here are the associated files:

Zip archives are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.