In this section you will find reports, screenshots and other useful information for all of the Microsoft technical support scam pages that have been encountered and eliminated. The administrator for this section is staff member "Sentinel" Visitors are also encouraged to report any technical support scams they may come across when browsing through our links. Should you choose to report a technical support scam - consider the following criteria first.  *Update: Staff member Sentinel, will now monitor the mobile ads for scamware and adult content. Screenshots and reports will also be provided in this section as well.

1. Name of the browser you are using. 
2. The post in question. 
3. Leave your findings in the comments section of the respective post or you can comment here with all of the required criteria.

Tech scam kill count: 44 (as of 12/2/2019)

Mobile ad kill count: 1 (As of 9/3/2019)


*While the images present 5 different scams, there are actually only 4 with the last 2 being part of the same page and scam
*Browser: Chrome, Opera (Windows 10)
*Encountered By: Sentinel
*Walked The Plank On: 12/2/2019 (via @abuse)
A huge and unexpected bust. A barrage of Microsoft technical support scams has popped up, seemingly out of nowhere. While the images present 5 different scams, there are actually only 4 with the last 2 being part of the same page and scam. The screenshots with the "blue screen of death" are part of the same scam but hosted on 3 different domains. In order to kill these pages, 3 different reports were written. Yes, reports. I have now gone to the source instead on relying on Google's Safe Browsing. The draw back with this method is that it takes longer for the pages to die since the reports have to be verified. The flip side is that they are verified and terminated immediately. As for the final 2 images, this is a special problem. Those 2 images are associated with a program called "Reimage Repair" The program itself has a bad reputation online. I'm not going to discuss if it's genuine software or not but what is absolutely disgusting is that he makers of this software are using scare ware tactics to trick users into downloading the program. How you ask? By using a well known Microsoft Technical Support Scam webpage. I have a video capture of the process as well. It can be viewed via the external link to imgur.com (click here to be redirected). I have also taken the liberty of reporting this domain myself. One should not, under no circumstances use these disgusting tactics to promote and or trick people into downloading their software. Notice how not once, during the entire recording, did the virtual machine's antivirus software, trigger any warning that the supposed online scanner claimed to have found. Further monitoring on my behalf will continue. Rest assured, I will not stand down on this matter,

 *The scammers have changed things up but as always, they lack fundamental knowledge and understanding of the Windows Operating system and it's utilities - as well as common sense.
*It has been eliminated thanks to the awesome "Suspicious Site Reporter"
*Browser: Chrome (Windows 10)
*Encountered By: Sentinel
*Walked The Plank On: 11/20/2019 (via Suspicious Site Reporter)
 As with the last encounter, some 2 months have passed since my last encounter with a Microsoft Technical Support Scam. Nothing has changed in terms of where the fight is but what has changed is the presentation. My saltest finding has taken the form of a Windows Smart Screen warning. The scammers have changed things up but as always, they lack fundamental knowledge and understanding of the Windows Operating system and it's utilities - as well as common sense. Although Windows Smart Screen is a real and a very effective tool that is available on the Windows operating system, it's only available on Internet Explorer and Microsoft Edge - This message appeared on Google Chrome. Enough said. The scam page was not malicious in it's behavior. It didn't freeze or cause the browser to perform erratically. It seems as if the scammers have now moved away from these tactics but never the less, it's still a scam. It has been eliminated thanks to the awesome Suspicious Site Reporter browser extension integrated into our Virtual Machine's Google Chrome browser. Fun fact: if you are using the Opera browser, Suspicious Site Reporter can also be added into Opera. Find out how by clicking on this link.

*The fight has now moved away from the adfly links and into the notifications field.
*Browser: Opera (Windows 8.1)
*Encountered By: Sentinel
*Walked The Plank On: 9/15/2019 (via Google Safe Browsing)
 It has been nearly 2 months since the last time I have encountered a Microsoft technical support scam on an Adfly link. The reason for this is simple. The fight has now moved away from the Adfly links and into the notifications field. This area is plagued with so many scams, not just Microsoft related ones. The screenshots tell the entire story. McAfee antivirus renewal scams, Windows Defender online scams and the old, tired and true, Microsoft technical support scams. As of now, I have decided to not report these to Adfly for the simple fact that they have been asking for information that quite frankly, is ridiculous, in order to eliminate these scams from their service. The links and screenshots are no longer enough for them and they have done nothing once said information that was requested has been provided. Case and point, they're lazy. Because of this, I have decided to place the links directly in Google's Safe Browsing with added screenshots from imgur.com. This appears to be working, specifically for the Windows defender and McAfee scams as they are taken offline much faster. They tend to return with new links and domains but it is a step in the right direction. I'll be monitoring these from now on. I can now at least be content that the Adfly links are in the right place and are no longer infested with tech scam links.

*This particular ad was everywhere. Another variant had an image with full frontal nudity.
*Browser: Google Chrome Mobile (Android)
*Advert Type: Mobile
*Encountered By: Sentinel
*Walked The Plank On: 9/3/2019 (via Adfly)
 *Adult content on mobile ads is a serious problem. This particular ad was everywhere. Another variant had an image with full frontal nudity. It is from a website that produces such content so how they were able to purchase a spot and have it approved by Adfly is beyond me. By Adfly's own accord, this is in direct violation of Adfly's terms of service yet these ads were by far the most commonly seen when viewing adverts on a mobile device. While I have nothing against adult content in general, Adfly does have an alternative url shortening service for this very type of content. It belongs there, not here. We also don't recommend viewing our website on a mobile device but we do understand that people do and will use this website on such devices. I have now begun the process of monitoring the mobile ads with the full intention of cleaning up and making the mobile experience better than before. Adult content will be blurred out if I am to encounter it. This website uses Adfly but we will not tolerate or stand for scamware, adult content or technical support scams on any advert.

* I found something new. Well, not quite.
*Browser: Google Chrome (Windows 8.1)
*Encountered By: Sentinel
*Walked The Plank On: 7/15/2019 (via Adfly)
 It's been a while since I've found  a technical support scam page on an Adfly link but today or yesterday, I should say - I found something new. Well, not quite. Aside from a shade of lighter blue and a small aesthetic change, the only thing new about this scam is that now it requires the Windows activation key to unblock the computer. Way to go - above and beyond, guys. Aside from the fact that my virtual machine ran just fine while still being able to open, close and utilize the browser like normal, if we were to play devil's advocate here, if the computer was blocked, the last thing that would unblock it would be the Windows activation number. The associated domain/website that preloaded the scam is "desiredclicks.xyz" It seems this is how they are getting past the Adfly advert check. The process to approve an advert on Adfly takes 3 days so it's very likely that they are using these domains as a forwarding address to load the scams on Adfly once they have been approved. Behavior wise, this scam is not aggressive. It seems that they have now moved on from the aggressive scare tactics to more aesthetic/"official" looking Windows error pages.

*It seems that this persistent scam page has taken the place of it's predecessor "Mr. Blue" as the new annoying kid on the block
*Browser: Google Chrome (Windows 8.1)
*Encountered By: Sentinel
*Walked The Plank On: 6/22/2019 (via Adfly)
*Notes: It seems that this persistent scam page has taken the place of it's predecessor "Mr. Blue" as the new annoying kid on the block. The only "good" thing I can say... excuse me, have said about this scam page are it's properties which I will not repeat. I wish there was more that could share with you but there isn't. I don't know what's worse, the fact that we have a new "Mr. Blue" on our hands or the underwhelming find that is this scam. This advert has been reported to Adfly.

*We're back to square 1 again.
*Browser: Google Chrome (Windows 8.1)
*Encountered By: Sentinel
*Walked The Plank On: 6/6/2019 (via Adfly)
*Notes: From nearly 1 month to now just 5 days. We're back to square 1 again. There's no use in explaining this scam any further. Rest assured that I will continue to monitor our links again since it is now clear that they have we now returned to our regularly scheduled program.

*Nearly 1 month of peace - shattered by this new find.
*Browser: Google Chrome (Windows 8.1)
*Encountered By: Sentinel
*Walked The Plank On: 6/1/2019 (via Adfly)
*Notes: This is quite possibly the most disheartening find of all. A new record was set. Nearly 1 month of peace - shattered by this new find. The only saving grace (if you can call it that) is that the scammers have no inherit desire to update their tactics at all. It makes my job easier but at the same time, I can't help but think as to why they still even bother. I can answer that. It's because there's still people put there who are extremely naive about this pages. They still believe that these are legit. Even with Google at the palm of everyone's hands these days through mobile devices, the simple concept of a Google search is still foreign to them, at least when it comes to searching for these scams anyway. This page has been reported but unfortunately the awareness that I had hoped to spread about this subject is still far, far away from becoming a reality.

*This particular scam is designed to look like ransomware, more specifically, "Zepto"
*Browser: Google Chrome (Windows 8.1)
*Encountered By: Sentinel
*Walked The Plank On: 5/2/2019 (via Adfly)
*Notes: Another Microsoft technical support scam has been found and reported via the "Report This Ad" feature. This time we have something more sinister than the previous 2 encounters. This particular scam is designed to look like ransomware, more specifically, "Zepto". This is where all of the legitimacy ends. The scammers are clearly focused only on aesthetics rather than function as all of these scams still behave exactly the same. What exactly does that mean? Simple. This scam page causes the browser to stutter and at times, freeze up (standard features in tech scam pages). One new feature is the "uploading" ticker at the bottom of the page that falsely states that the files on the PC are being encrypted. There are 3 very important things to take into account here. First, clicking "skip ad" eliminates all of the supposed claims/infections the page presents (that hardly sounds like my computer has been encrypted) Second, "Zepto" ransomware is blocked by both Avast and Malwarebytes, which is what my virtual machine is running. Lastly, Zepto doesn't look like this and a proper infection would have set off notifications via the desktop and not the internet browser. Other classic signs that give it away are poor English grammar, bad spelling and the ever classic overlay "back to safety" white box that they can't seem to change. As always, we have you covered. Do not become a victim. Microsoft has not and will not ever ask you to call them if your PC has been infected. Windows Defender is a standard feature within the operating system and it has improved greatly since it's introduction. Rest assured, this has been taken care of.

*The fact that this has appeared more consistently and more frequently is a testament to how much more aggressive the scammers seem to be pushing it
*Browser: Google Chrome (Windows 8.1)
*Encountered By: Sentinel
*Walked The Plank On: 4/16/2019 (via Adfly)
*Notes: I suppose it was only natural for this scam page to take the rightful place of Mr. Blue in terms of persistence and annoyance. I cant say that it's surprising considering that the scammers really feel that they have a winner here. The fact that this has appeared more consistently and more frequently is a testament to how much more aggressive the scammers seem to be pushing it. No new updates have been made to this page however which is great for me but it also means that I will have to spend more time searching for this page which in turn, means far less publishing on my behalf (sorry Lass) This scam has once again been reported. I look forward to the next encounter.

*The scammers think they have a real winner with this one.
*Browser: Google Chrome (Windows 8.1)
*Encountered By: Sentinel
*Walked The Plank On: 4/12/2019 (via Adfly)
*Notes: I can't say that I'm surprised to this scam page return. After all, it is the "best' page that the scammers have produced so far. It does it's best to look legit but as with all of these scams, the same glaring flaw in their approach is still present and it's not something they can ever truly pass over since doing so will go against the scammers goal, which is to trick you into sending them your money for bogus tech service and support. If you've read my previous reports then you know what that flaw is. Taking things to the next level by actually having files download themselves onto the operation system and attempting to open the users "Pictures" page is a nice but terrifying approach. Regardless, the danger is still non existent and the browser did it's job once again by stopping such actions. Microsoft, the actual company has never called nor will they ever ask their costumers to call them personally if an infection occurs on one's P.C. (they also don't advertise on Adfly or other slink shortening services) Windows Defender has been a standard feature within the operating system for quite sometime now and they most certainly will never noti.... Oops! I almost said the "magic words" there. The scammers think they have a real winner with this one. That's not not possible so long as we're around. This scam page has once again been dealt with. As stated in my previous report, we take this very seriously and daily regular enforcement on my behalf is still in effect. There was a comment earlier about a "blocked link" Our bot checked the link but found nothing. I saw this as fishy. Our bot is only programmed to pass the link once. The scams themselves are shuffled underneath various ads so the best method to find them is to check all of them one by one and wouldn't you know it, I found it. To the anonymous user who reported this, I say thank you and I would also like to apologize for our bot's response. Thank you for your service. It's highly appreciated.

*What stopped everything from happening was the actual browser. Good job on Chrome's part!
*Browser: Google Chrome (Windows 8.1)
*Encountered By: Sentinel
*Walked The Plank On: 4/6/2019 (via Adfly)
*Notes: This is a post to report another Microsoft technical support scam like no other. This scam page is actually acting liking Malware as it tried to download and install files onto the computer. Said files were blocked by Google Chrome. However, another thing to note is that this scam actually tried to open up the "Pictures" folder on the desktop. In the past, they were merely web pages designed to look like infections. Now they are behaving like such. What stopped everything from happening was the actual browser. Good job on Chrome's part! I was never a fan but my opinions on the browser have changed. Despite the page's persistent claim that my computer was blocked, it wasn't. I was able to report it without any problems. Not only did I report this to Adfly but I have also alerted the users on the Adfly forum about this. This is unacceptable. I have written to the Adfly staff personally as well citing that further enforcement should be used to combat these scams. Further enforcement on my part will now take place. I will be monitoring the links on a daily basis from now on. Whether this scams are changing due to us reporting them to Adfly is unclear but it is quite a coincidence that the scam pages have changed in such a short time since we arrived on the scene. The website is free and it will remain free and if we must clean up Adfly in order for us to achieve that goal then so be it. We are not going away!

*I'm fairly confident that Mr. Blue is not the scam page the visitors have reported.
*Browser: Google Chrome (Windows 8.1)
*Encountered By: Sentinel
*Walked The Plank On: 3/27/2019 (via Adfly)
*Notes: Mr. Blue again? Yes. Mr. Blue again but good lord, was he a nightmare to find. I've received many reports of another scam page being seen but no one could provide a screenshot when asked. I also saw the web address microsoft.com-repair-windows.live but the actual scam page refused to load on my end instead displaying a white blank page. I'm fairly confident that Mr. Blue is not the scam page the visitors have reported. Mr. Blue always loads and always uses a numeric I.P. like web address but regardless of what the visitors actually saw, I can now at least say that this specific scam has been reported to Adfly (again) and has been dealt with.

*It's actually microsoft.com-repair-windows.live.... again
*Browser: Google Chrome (Windows 8.1)
*Encountered By: Sentinel
*Walked The Plank On: 3/11/2019 (via Adfly)
*Notes: Mr. Blue again? No! It's actually microsoft.com-repair-windows.live.... again! What were you expecting? Something new? That's something that these technical support scammers don't do very well. Although I am relieved that Mr. Blue has been retired (for now at least) I'm not at all happy that this particular scam page has made it's return. I am pleased to report that with the new data that was acquired from the past encounters with Mr. Blue has proven to be a valuable asset in our war against these scams. This web page was reported to Adfly and it appears to be offline.

*It just won't go away!
*Browser: Google Chrome (Windows 8.1)
*Encountered By: Sentinel
*Walked The Plank On: 3/1/2019 (via Adfly)
*Notes: It won't go away! Mr Blue refuses to go away! Well... that's not entirely true. This particular scam page refuses to go away but there's a reason for it. Every time these web pages are reported, the scammers are forced to restart the process of buying ad space on Adfly. Rather than making a new scam page, it is much easier for the scammers to reuse the same scam pages over and over while adding some cosmetic changes along the way. I did however find something extremely helpful during this particular encounter. What that is exactly will remain a secret although I will use this new piece of information to my advantage. I look forward to our 6th encounter Mr. Blue.

*"Mr. Blue" has returned with a vengeance.
*Browser: Fire Fox (Windows 8.1)
*Encountered By: Sentinel
*Walked The Plank On: 2/24/2019 (via Adfly)
*Notes: I spoke too soon. 2 times on 2 different days was this particular scam page encountered. Mr. Blue has returned but as before, both scam pages were reported despite the aggressive tactics and glitches they cause on all web browsers.

"Mr. Blue" just won't go away. It's become comical at this point.
*Browser: Fire Fox (Windows 8.1)
*Encountered By: Sentinel
*Walked The Plank On: 2/22/2019 (via Adfly)
*Notes: As if things couldn't get any stranger. Mr. Blue refuses to stay down. It's become quite comical at this point. The only thing that seems to change is the presentation. Instead of a fully rendered image, let's just cut it in half instead! I don't even know what to say anymore. The actual traits and tactics the scammers use remains the same so I won't repeat myself as to how aggressive it is. One curious detail is the web address that loads the actual scam page. Very clever on their part but it also exposes their tactics as to how they get past the Adfly filters. Would you like some more patterns? These recent encounters seem to come back once every 9-10 days on average. Let's wait for the next encounter.

*Another Technical Scam page but with an entirely new look.
*Browser: Opera (Windows 8.1)
*Encountered By: Sentinel
*Walked The Plank On: 2/12/2019 (via Adfly)
*Notes: We have something new in the wild! Another technical support scam web page with an entirely new look. Is it aggressive? No, not at all. It's quite docile in comparison the other web pages I have encountered. This scam has been reported to Adfly without any major problems.

*The scammers seem to be changing things up
*Browser: Chrome (Windows 8.1)
*Encountered By: Sentinel
*Walked The Plank On: 2/7/2019 (via Adfly)
*Notes: An offshoot of Mr. Blue has emerged. The scammers seem to be changing things up. While not as aggressive is it's predecessor, this new scam page has the same false "Blue Screen error" message as the original had only now it features a new white overlay box with an icon that reads "back to safety" The page causes the browser to slow down and stutter at times but it wasn't enough to prevent me from reporting it to Adfly directly. The action seems to have shifted as they are now targeting Windows 8.1 again.

.. After doing some more research, I found out that the domain name registered for this scam page was only a day old!
*Browser: Fire Fox (Windows 8.1)
*Encountered By: Sentinel
*Walked The Plank On: 2/6/2019 (via Adfly/confidential resources)
*Notes: Mr. White has returned. After doing some more research, I found out that the domain name registered for this scam page was only a day old! Rather than reporting this page to Adfly, I instead decided to go directly to the source. That's all I'm going to say about this matter. It's been shut down. What are the characteristics of Mr. White? Please scroll down read about it's cousin, Mr. Blue

*With "Mr. Blue" now a thing of the past, it's cousin "Mr. White" has made it's return.
*Browser: Fire Fox (Windows 8.1)
*Encountered By: Sentinel
*Walked The Plank On: 1/30/2019
*Notes: 9 days of peace gone in an instant. With a persistent tech scam page that I have affectionately named Mr. Blue becoming fish food, I've had little to worry about. With Mr. Blue now a thing of the past, it's cousin Mr. White has made it's return. Aside from the aesthetics, Mr. White has the same characteristics as Mr. Blue. If you've been reading my reports then you know what those characteristics are. I am still keeping details to a minimum but rest assured, it's been taken care of. At some point these scammers have to realize that these web pages are just a waste of time and money.  Numerous online communities blacklist their phone numbers and every major anti-virus companies have forums dedicated to this specific tech scam. Regardless, it seems that the fight against these web pages continues.

*By the time I found the scam link, it was already flagged by Google's Safe Browsing
*Browser: Fire Fox (Windows 10, Windows 8.1)
*Encountered By: Sentinel
*Walked The Plank On: 1/21/2019 ??
*Notes: There have several reports that another Microsoft technical support scam web page has been appearing on various Adfly links. The strange thing is that although I did manage to find the web page, someone or Adfly perhaps...? had already beaten me to it. Upon encountering the web page, it was already flagged by Google's Safe Browsing. Just for laughs I decided to ignore the warning to ensure that was flagged by Safe Browsing was indeed scam web page. Indeed it was but in an underwhelming conclusion, it's our old friend Mr. Blue. Please note that while the scam link may still appear, the red screen of Google's Safe Browsing will load instead. I don't know who reported the link but who ever your are, thank you for your service.

*The scammers are using new tactics.
*Browser: Fire Fox (Windows 10)
*Encountered By: Sentinel
*Walked The Plank On: 1/15/2019
*Notes: Rather than having multiple scam pages we instead have the resurgence of just one very aggressive page to contend with. The scammers appear to be using new tactics. Rather than just having the web page lock the browser, they have now added a little box on the left hand corner open as it's own separate page within the same web page. This will further minimize the chances of one actually reporting the link directly to Adfly. As an added bonus the actual web address is registered with a domain name that bears a strong resemblance to an IP address. They've done this before but now the web link will load an error page instead of loading the actual scam web page should someone try to copy and paste the link in the address bar. Quite clever on their behalf but unfortunately it still didn't work. I was still able to bypass the aggressive lock hold the page had on my browser and I managed to report it directly to Adfly. I'm fairly certain that these encounters have annoyed our visitors and rightfully so. Adfly is however the only thing keeping this website free and away from "premium downloads". I will keep my reports shorter and less informative in the future as  the scammers seem to be adapting with every web page that gets taken down. Whether or not it's due to these specific reports is unknown at this but I will not risk it.

*All of the action seems to be happening on Windows 10. I've had no encounters on Windows 8.1.
*Browser: Fire Fox (Windows 10)
*Encountered By: Sentinel
*Walked The Plank On: 1/11/2019
*Notes: We've enjoyed a few days of peace but that is gone now. All of the action seems to be happening on Windows 10. I've had no encounters on Windows 8.1. Coincidence? I think not. This persistent tech scam page has been reported numerous times already. It always gets shutdown but it always returns. If you've been following my reports then you already know what to expect. This web page should be out of the way for now.


*Browser: Fire Fox (Windows 10 & Windows 8.1)
*Encountered By: Sentinel
*Walked The Plank On: 1/8/2019
*Notes: The "Primeapp.cool" pop up ad page was an anomaly and a persistent annoyance with bizarre secrets. This one had some smarts to it. Although it would load directly as a result of a pop up ad, copying the main link and pasting it somewhere else would load an entirely different page altogether -  effectively decreasing it's chances of being spotted. The second page in question isn't as aggressive as "Primeapp.cool" but it still tries to install spyware onto the Operation System. Primeapp.cool is semi to very aggressive depending on what Operating system you are using.It was mopre aggressive on Windows 10. This web page would override the nearest tab and load itself onto it. However, if the tab that has been overridden by the web page were to be reloaded, it would turn up a Microsoft Technical Support Scam page (that one was also eliminated.) I have checked the main "Primeapp.cool" link and it seems to be offline. "My Krazy Games.com" loads instead of "Primeapp.cool" which is better but it is still worth investigating more. For now, "Primeapp.cool" seems to be offline.

*.. what does make these so terrible is the fact that they load directly in front of an Adfly ad! I still don't understand why or how Adfly allows these things to pass.
*Browser: Fire Fox (Windows 10)
*Encountered By: Sentinel
*Walked The Plank On: 1/8/2019
*Notes: This specific page plagued one of our visitors and many browsing the Hip-Hop section of our site. I wasn't able to find it until further information was provided by the visitor to staff member "Lass" (thank you very much for providing more information to us) This specific page seems to be targeting Windows 10 users. I wasn't able to find any trace of it on Windows 8.1. These, as I've said before, are the worst kinds of Tech Scam pages you can stumble upon. It is aggressive and it does freeze the browser - effectively eliminating the chances of one being able  use the "Report This Ad" feature but that's not what makes it the worst of the worst. What does make these so terrible is the fact that they load directly in front of an Adfly ad! I still don't understand why or how Adfly allows these things to pass. I have issued numerous complaints to Adfly in regards to this subject. If you were ever wondering why we took the fight in our own hands, now you know. Freezing the browser didn't slow me down. I was still able to report this page directly to Adfly. The one good thing is that Adfly does eliminate the page once reported. The bad thing is that they tend to come back.

*This specific page came back, this time under a different domain (https://178.128.73.81) which passes itself off as an IP address. Nice touch but it still didn't help
*Browser: Fire Fox (Windows 10)
*Encountered By: Sentinel
*Walked The Plank On: 1/8/2019
*Notes: Even more recent comments have alerted me that more pages have surfaced. This specific page came back, this time under a different domain (https://178.128.73.81) which passes itself off as an IP address. Nice touch but it still didn't help. Like the previous incarnation, this page is aggressive and will lock the browser from any further activity. It appeared as a pop up ad rather than loading itself directly on to Adfly this time. Bypassing was still easy. I encountered this page on Fire Fox. I was able to report and shut it down during the span of 10 minutes. For now, it's no longer a threat.

*Another Microsoft Tech Scam page that has been taken offline.
*Browser: Fire Fox, Opera & Chrome (Windows 10)
*Encountered By: Sentinel
*Walked The Plank On: 1/7/2019
*Notes: Recent comments have alerted me that more pages have surfaced. Some appearing during an Adfly ad and other appearing as a pop-up ad. This specific page was aggressive. While it doesn't lock the browser, it does prevent the user from accessing any tabs that are present by constantly reloading the message present in the white box. I was able to bypass the block easily. For added security, I've decided to keep my methods and resources a secret and instead confirm when and if a specific page has been found, reported or shut down. In this case, this blue screen scam page has been taken offline.

*This page has returned but like it's previous incarnations, it is not aggressive.
*Browser: Fire Fox (Windows 8.1)
*Encountered By: Sentinel
*Walked The Plank On: 1/5/2019 (via Adfly)
*Notes: Another repeat offender. This page has returned but like it's previous incarnations, it is not aggressive. I was able to report this one directly to Adfly with no issues.

*For obvious reasons, I will not specify how I was able to bypass this but I did manage to report it to Adfly via "Report This Ad"
*Browser: Fire Fox (Windows 8.1)
*Encountered By: Sentinel
*Walked The Plank On: 1/5/2019 (via Adfly)
*Notes: Possibly the worst kind of tech scam pages are the aggressive pages that lock the browser while an ad is presented. I don't understand how Adfly allows this. They claim to check all of the adverts yet these pages always make there way onto their service. My honest guess is that they don't check but they are aware of it. I was not able to report this to Adfly via "Report This Ad" feature..... Or was I? For obvious reasons, I will not specify how I was able to bypass this but I did manage to report it to Adfly via "Report This Ad"

*After the fall of the "Microsoft.cm-repair.windows.live" page, 3 new pages have emerged. This aggressive page is no longer a threat.
*Browser: Chrome (Windows 8.1)
*Encountered By: Sentinel
*Walked The Plank On: 1/5/2019 (via Google's Safe Browsing)
*Notes: After the fall of the "Microsoft.cm-repair.windows.live" page, 3 new pages have emerged. The smaller image is the original page. Like some of the other aggressive tech scam pages, this one freezes the browser and causes stuttering when attempting to copy the url. This one was reported to Google's Safe Browsing and was blacklisted rather quickly. The second larger is the conformation that Safe Browsing has done it's job. This aggressive page is no longer a threat.

*Success! The page has been shut down!
*Update!
*Browser: Fire Fox (Windows 10)
*Encountered By: Sentinel
*Walked The Plank On: 1/5/2019 (via Malwarebytes Forum)
*Notes: Success! The persistent Microsoft tech scam page that has outlasted Google's Safe Browsing, Micrsoft's official "Report malicious websites" page and stopbadware.org has finally been shut down thanks to the efforts of the Malwarebytes Forum. That's one down but there is still one out there and that's the "Primeapp.cool" malware installer. I will be investigating that one as well. For now, we are one step closer to a much better user experience.

I am banking that the sharks over at Malwarebytes will rip this page to shreds
*Browser: Fire Fox (Windows 10)
*Encountered By: Sentinel
*Walked The Plank On: 1/3/2019 (via Malwarebytes Forum)
*Notes: Once again, this exact same page with the exact same link has proven itself to be a persistent annoyance for all of us onboard the Mediasurf vessel. It has evaded Google's Safe Browsing, Stopbadware.org and even Microsoft's official "report unsafe websites" page! (Why Microsoft?!! Why?) It simply refuses to become fish food. Instead, I've decided to make it shark food. I've sent the webpage link to Malwarebytes' official forum where users submit various links of malware, tech scams, drive by installers, adware, false program scams, virus software etc.. Looking through the forums, some of the reported pages have been shut down. I have other ideas planned for this page should it continue to plague all of our visitors but as of right now, I am banking that the sharks over at Malwarebytes will rip this page to shreds. We get a lot of positive feedback and I myself want this trend to continue. Not just for the site but for all of you, the visitors.

*This page has proven itself to be the most consistent as well as the most persistent tech scam page thus far.
*Browser: Opera (Windows Tablet)
*Encountered By: Sentinel
*Walked The Plank On: 12/29/2018 (via Google Safe Browsing and Microsoft.com)
*Notes: This page has proven itself to be the most consistent & the most persistent tech scam page thus far. I refuse to believe that Google's Safe Browsing has not picked this one up yet. I also refuse to believe that Google has not spotted the obvious flaw that the domain of this page has been registered to. While the page isn't aggressive, the biggest and most obvious flaw is the timer present at the bottom of the page. If this were truly a legitimate webpage that is reporting the destruction of my hard drive then why does the timer reset back to 4 minutes when I reload the page? This one went straight to Google's Safe Browsing page but as an added bonus, I have also reported this page to Microsoft's official website under their "Scam" page. I will also be doing this from now on. They'll be receiving 2 bonuses for the price of 1.

*This page will override the next available tab open with itself, effectively loading itself onto the next tab. It does cause the browser to freeze but if one were to click on "cancel" it becomes completely harmless
*Browser: Fire Fox (Windows Tablet)
*Encountered By: Sentinel
*Walked The Plank On: 12/28/2018 (via Google Safe Browsing)
*Notes: This one is an anomaly. It appeared as a "pop up" page after clicking the "skip ad" button but it's also quite aggressive, or it at least it seems that way at first. This page will override the next available tab open with itself, effectively loading itself onto the next tab. It does cause the browser to freeze but if one were to click on "cancel" it becomes completely harmless or does it? The browser will also become usable again and unblocked. The screenshots show the progress of the page. This isn't a tech scam page either. Regardless of what it is, it's a nuisance and malicious. The installer attempts to download malware onto the operating system. This is by far thew most bizarre page I have seen and it seems as if the more we fightback  and report these pages, the more bizarre they become.

*This one shows creativity by having the domain registered as "microsoft.com-repair-windows.live"
*Browser: Opera
*Encountered By: Lass
*Walked The Plank On: 12/28/2018 (via Google Safe Browsing)
*Notes: Another pop up ad. This one shows creativity by having the domain registered as "microsoft.com-repair-windows.live" Nice touch guys, except that Windows Live was phased out in 2012 during the development of Windows 8 (I'm on Windows 8.1 by the way). Windows Live was merged and rebranded as Office 365. Once again, they shoot themselves in the foot. Although they didn't provide the usual phone number, they did provide a "scan now" button but what do I do? Do I "press it"? Or do I "click" on it? Apparently both. One last thing. Guys, it's "microsoft.com/" not "microsoft.com-"
New "pop up ad" page. Again, the scammers contradict themselves with the claims presented in the image.
*Browser: Fire Fox (Windows Tablet)
*Encountered By: Sentinel
*Walked The Plank On: 12/26/2018 (via Google Safe Browsing)
*Notes: Appeared as a "pop up" page after clicking the "skip ad" button. Perhaps they are on to us and they have decided to revert back to sending these out via the pop up ad option instead...? That's ok. It's actually easier for us anyway. This page is not aggressive. It doesn't freeze the browser. Once again, the scammers contradict themselves with the claims presented in the image. The big claim is that I have 3 virues on my "PC" (I'm on a tablet) but I also have malware (2 of them... ?) 1 trojan and apparently, my system has been damaged by 28.1%. Just for laughs, I decided to leave the tablet on just to see how much of my system would continue to be damaged. As expected, nothing happened.

Reported to Adfly via Screenshot
*Browser: Fire Fox
*Encountered By: Lass
*Walked The Plank On: 12/24/2018 (via Adfly)
*Notes: Not as aggressive as the other scam links. I was able to report and take a screenshot of this scam page via Adfly's "report this ad" feature with no problems at all.

Reported to Google Safe Browsing
*Browser: Chrome (Android)
*Encountered By: Lass
*Walked The Plank On: 12/24/2018 (via Google Safe Browsing)
*Notes: Nothing special. These aren't aggressive. These tend to pass themselves off as "safe apps" that help clean and protect your phone. In reality, they are bogus and do nothing but fill the phones up with adware.

Reported to Adfly via screenshot
*Browser: Chrome (Windows Tablet)
*Encountered By: Sentinel
*Walked The Plank On: 12/7/2018 (via Adfly)
*Notes: This is a new one. It isn't aggressive at all. It doesn't freeze the browser. Like most of these pages, it's full of lies. My "computer" wasn't even a computer but a tablet nor was it blocked. I went straight to adfly on this one.

Reported to Adfly via Screenshot
*Browser: Fire Fox (Windows Tablet)
*Encountered By: Sentinel
*Walked The Plank On: 12/24/2018 (via Adfly)
*Notes: Semi aggressive. It doesn't freeze the browser at all but does cause some stuttering. I was able to report this one to adfly via screenshot and by adfly's "report this ad" feature without much trouble.

"Dead men tell no tales! Hang 'em from the yardarm! So heave ho! me maties and cleave them to the brisket!"

8 comments:

  1. Give em hell Sentinel! Fuck them and fuck Microsoft for allowing these things to exist. I'm rooting for you! Stomp a mud hole in their ass and walk it dry!

    ReplyDelete
  2. After I hit the 'SKIP AD' button, I get this:

    This site can’t be reached The webpage at https://www1.ecleneue.com/pushredirect/?placementid=14988571&clickid=5736150639&dest=https%3A%2F%2Fmega.nz%2F%23%21WLAXzRZS%21aQDk-j26XMbUHv_615SC_FODke8MGRpxx9ZL6Zjolrc might be temporarily down or it may have moved permanently to a new web address.
    ERR_CONNECTION_ABORTED

    and then everything just stops. Just reporting this to you. Thx!

    ReplyDelete
    Replies
    1. A better place to put this error would be the FAQ's section but, it's fine for now. Every now and then, the page itself might fail to load. The "Press Allow" feature is still relatively new by Adfly's part so it won't always load correctly.

      Depending on the browser you are using, simply reload/refresh the page during the error screen to proceed to the download. The link you've posted has been tested and it appears to be working. Here's a video for you. The browser used here was Google Chrome.

      - Link check
      https://imgur.com/JKyuzV7

      Delete
    2. I think I figured out why some are now 'blocked'; the new Adfly features 'maranhesduve.club' and/or 'www1.ecleneue.com'. Most antivirus/anti-malware programs consider these to be malicious adware threats and completely block them; ergo, no more DLs. I am still a big fan of your site!

      Delete
    3. Unfortunately, all link shortners are treated that way because of the Microsoft Tech Scam pages that can be found on these links. That sucks but since the scammers pay money for ad space, there's nothing that can be done on their end. All we can do is find them and block them on our end. Them paying and then changing their supposed ad into a scam page is the real problem.

      All of our virtual machines as well as our actual PC's are using Avast antivirus with "silent mode" turned on. What that means is that all notifications are turned off but the PC is still protected. In other words, everytime a threat is blocked, we don't receive the notification. We have to manually check if we want to see the threat. This is probably why we don't have trouble/blocked pages on our end when it comes to passing those pages after clicking "allow".

      If you notice, everytime we post a video of us checking a link, we don't get blocked pages or other such errors on our end because of how Avast handles these pages. You are free to do and go elsewhere if you wish to but If you would like to stay, perhaps look into some of the information that I have posted to give you better peace of mind. If not, we understand.

      Delete
  3. I report these to adfly (after like 30 seconds, the REPORT button becomes clickable) when I encounter them. Does reporting these help or should I not bother?

    ReplyDelete
    Replies
    1. It does. They get taken down once they are reported. Thank you for giving us a helping hand. I also track them down and it seems as if the adfly forums have also begun reporting them as well. Spread the word about these scams. That's all we ask of everyone here. Awareness is key to eliminating these scams.

      Delete
    2. However, you are not obligated to report these if you don't want to. I always end up finding them in the long run. Once again, thank you for your help. It's very much appreciated.

      Delete