Threat Database Adware

By GoldSparrow in Adware

The domain is associated with cases of browser hijacking and phishing messages. Web surfers reported that they are redirected to and suggested to input their account ID and password occasionally. The design of is a clone of the legitimate support page for Microsoft Windows users found at The image loaded on is a screenshot of that has been modified to include the 844-618-6816 phone number and direct users to call technical support immediately. Users are suggested that they will contact technical support assistants employed by Microsoft by calling the 844-618-6816 phone line. However, that is not true, and con artists operate the 844-618-6816 phone line. Researchers reveal that is hosted on the IP address and is part of a technical support tactic that runs on other pages as well. We can add the following sites:


The domains covered in this article are blacklisted by most Web filtering services including Quttera, Sucuri and Google Safebrowsing. Security researchers reveal that the page on is rigged with bad JavaScript code that might cause browser crashes and simulate a system error. Visitors may be shown several pop-up messages and be welcomed to input their account name and password into a dialog box. The designers of aimed to fool users into thinking that their OSes are generating a security alert about someone trying to access their PCs remotely. Having your PC blocked and your browser unresponsive may lead users to believe that they are under attack by a hacker and consider calling 844-618-6816. Experts remind that the abeyant behavior of the browser while is due to code on the page. We have noticed that users may be shown the following messages:

  • Sample 1:
  • 'Authentication Required!
    User Name [text box]
    Password [text box]'

  • Sample 2:
  • 'A Suspicious Activity Was Detected On Your Computer
    Your Banking Details & Transactions May Be Compromised
    YOUR TCP Connections May Be Tracked and Your Accounts
    May Be Suspended To Prevent Damage
    Your Financial Details May Be Stolen
    Response is Required
    Your Hard Disk May Have Trojan Virus! Please
    Do Not Try to Fix Manually, It may Crash Your Data
    Consequently, We are performing additional security checks
    to verify system security.
    Please Visit Your Nearest Windows Service Center
    OR Call Help Desk
    Customer Service: 1-844-618-6816 (TOLL-FREE)'

  • Sample 3:
  • '*****System Alert*****
    Suspicious activity of intrusions detected which are trying to
    redirect you to an attack site.
    This may happen due to obsolete virus protections.
    To fix this issue please call certified network support engineers
    at 1-844-618-6816 immediately. Please ensure you do not
    restart your computer to prevent data loss.
    WARNING Potential Threat Detected!
    STOP: 0x00000000e2 (0x0000000000, 0x0000000000, 0x0000000000,
    The network on which this computer is running may have
    Call 1-844-618-6816 immediately for assistance on how to remove the virus. The call is toll-free.'

Do not enter your account name and password in the fields provided by because you risk receiving a remote desktop request by a third party. Additionally, hackers can scan your IP address for open ports and initiate a brute force attack in some cases. It is not a good idea to call the 844-618-6816 phone line even if it is toll-free. Con artists may attempt to make you install a remote access tool and operate your PC. Needless to say, they may damage your data and cause your Windows to behave oddly, in which case you might consider subscribing to technical support services. That is what the fake support agents are after, and you should avoid following their instructions. The best way to protect your PC from unauthorized access is to keep your OS up-to-date, install a trusted anti-malware shield and make sure you are running the latest version of your Internet client.


Most Viewed