By GoldSparrow in Browser Hijackers

The address refers to a phishing domain that has several clones and hosts misleading information. Web filtering services such as Google Safebrowsing, Mozilla Phishing Protection, and Websense ThreatSeeker might block connections to and clones of the page. However, it is not difficult to set up a new site and upload misleading information on the Internet in the span of a couple of hours. There is browser hijacking software to take into consideration as well. is related to such software, and compromised users may not benefit from the security measures incorporated in their browser to full extend. PC security researchers found that the content on is presented on several other domains including

  • error-[RANDOM CHARACTERS].xyz
  • helpline-[RANDOM NUMBER].xyz

The pages hosted on the domains above are tailored to include a bad JavaSctipt code and cause the visitor's browser to malfunction. Additionally, the pages related to are designed to bring up fake security alerts that feature a background image that is a screenshot of Many users presented with the pop-ups may believe they are presented with a warning by Microsoft, but that is not the case. The notifications brought by and its clones may say:

Error #268D3
Please, call us immediately at: 1-844-386-5092
Do not ignore this critical alert.
If you close this page, your computer access will be disabled to prevent further damage to our network.
Your computer has alerted us that it has been infected with a virus and spyware. The following information is being stolen...
Facebook Login
Credit Card Details
Email Account Login
Photos stored on this computer
You must contact us immediately, so that out engineers can walk you through the removal process over the phone. Please call us in the next 5 minutes to prevent your computer from being disabled.
Toll-Free 1-844-386-5092'

We have seen the tag 'Error # 268D3' listed on several other alerts from untrusted pages. The 'Error # 268D3' notifications are associated with the +61 (1800) 893-775 and the 844-730-8222 phone lines as well. Computer security researchers note that the operators behind the 844-386-5092 phone line may be the same behind many other fake security alerts. The messages offered via are aimed at users with a limited understanding of how Windows OS and security applications work. You might be suggested to contact a con artist that may lead you to a payment portal and offer you help in exchange for a few hundred dollars. Needless to say, you might want to avoid contact with the team on the 844-386-5092 phone line and seek help from a reputable security vendor. AV tools may bring up a notification in the system tray area when you load and list the following names:

  • HEUR:Trojan.Script.Generic
  • HTML/FakeAlert.GE
  • JS.LockPage.21
  • JS:Trojan.Cryxos.226
  • Rogue:JS/TechBrolo.G
  • Trojan.HTML.FakeAlert


Most Viewed