Threat Database Adware '' Pop-Ups

'' Pop-Ups

By GoldSparrow in Adware

The '' pop-ups originate from the site that is registered to the IP address. However, we found that the site has half a dozen clones, among which are: glemurpro[.]club, glemurshop[.]club, glemurweb[.]club, glemurtech[.]club, glemurlab[.]club and glemurworld[.]club. These pages are used to present Web surfers with misleading information and claim that the user's PC is infected with spyware and viruses that can cause damage to the Microsoft's network if the user does not call a dedicated phone number. The '' alerts are identified as fake security warnings, which suggest users call a toll-free phone number and ask for help with removing threats from their devices. The '' false warnings may feature titles like 'Error # 3658d5546db22ca', 'Error #268D3' and 'Your Windows has been blocked' and might be accompanied by an audio recording that says:

'Critical alert from Microsoft, your computer has alerted us that your computer is infected with virus and or spyware.
This virus may be sending your credit card details, Facebook login, personal emails to hackers remotely.
Please call us immediately at the toll-free phone number listed so that our engineers can guide you through the removal process.
If you close this message, we will be forced to disable your computer to prevent further damage to our network.

We have discovered that the '' pop-ups may promote the 888-448-5333 helpline, which is operated by The site does not appear to offer legitimate services and has no pricing model available. A deeper investigation into and uncovered that the 888-448-5333 could be found on pages registered to the IP address. We followed the leads, and we discovered that the 888-448-5333 is listed with other businesses and many "tech support guides" published via Itphonenumber[.]com. Pages that are not connected to directly appeared to offer similar content and recommend users call the following phone lines:

  • 844-819-3386
  • 888-828-4852
  • 888-866-2166

When users loaded phishing portals identical to the following message box appeared on their screens:

'[SITE NAME] is requesting your username and password. The site says: "the server reports that is from windows . your windows license has been corrupted. enter user and password or contact windows help desk at Toll Free…"
User name: [TEXT BOX]
Password: [TEXT BOX]

The rabbit hole started at and lead us to the IP where we found nearly a dozen questionable "tech support guides" and phishing pages like microsoftlivehelp[.]com, which claimed to offer help from certified experts at Microsoft Corp. It is recommended that you avoid interaction with and pages that suggest your PC is compromised and you need to call a toll-free helpline. Cyber security experts warn that calling fake technical support desks may result in a security compromise and the loss of money. You might want to add a credible anti-spyware tool that can recognize pages like and block them. The following pages are related to questionable technical support services and are known to use names of trusted companies:

  • h[tt]p://www.itphonenumber[.]com/hp-printer-customer-service
  • h[tt]p://cogecoemail.supportno[.]com/
  • h[tt]p://ezaplabs[.]com/zxc/dropbox/spacebox
  • h[tt]p://lenovolaptop.supportno[.]com/
  • h[tt]p://pc1488.bentleybugg[.]com
  • h[tt]p://rocketmail.supportno[.]com/
  • h[tt]p://travomint.supportno[.]com/
  • h[tt]p://www.esolutionsupport[.]com/mozilla-firefox-technical-support
  • h[tt]p://www.itphonenumber[.]com/cox-customer-service
  • h[tt]p://www.itphonenumber[.]com/earthlink-customer-service
  • h[tt]p://www.microsoftlivehelp[.]com/error-code-30175-4.php
  • h[tt]p://www.microsoftlivehelp[.]com/mchat/chat.php?a=4dd63


Most Viewed