Microsoft Website Compromised by scammers?
14 views
Skip to first unread message
ad...@reviews.wox.org
Mar 30, 2025, 8:22:09 PMMar 30
to 2600-au...@googlegroups.com
This is an interesting one, got one of those usual dime a
dozen, hit a fake paid ad on facebook get a scam websites
things on a customers computer.
Only it is a domain technically owned by Microsoft for their
.net platform, and normally redirects to one of their
developer portals.
I've obfuscated the dots so you cant hit it by accident,
and firefox by default detects it is shady and calls it out
as deceptive. Unfortunately the user in this case was using
chrome (Le sigh.. does anyone even legitimately even still
use chrome anymore since google started banning ad/scam
blocking plugins because they want to force everyone to
watch their bullcrap advertising? Even edge works better
than chrome now and it uses the same core ROFL)
Normally opens one of those "you are infected, calls us to
let us remote your pc (and let us steal all your personal
details and money)" type phishing pages.
(https)://gfryfgujihuhgvghyjh <dot> z24 <dot> web <dot> core
<dot> windows <dot> net/Wi01nhelpSpefi1042/index.html
--
New and improved 2600... well.. ..we drew on some flames and polished it a bit..
--
Google - making sure, life is no more, than 1984...
--
In politics - Later never happens.
dozen, hit a fake paid ad on facebook get a scam websites
things on a customers computer.
Only it is a domain technically owned by Microsoft for their
.net platform, and normally redirects to one of their
developer portals.
I've obfuscated the dots so you cant hit it by accident,
and firefox by default detects it is shady and calls it out
as deceptive. Unfortunately the user in this case was using
chrome (Le sigh.. does anyone even legitimately even still
use chrome anymore since google started banning ad/scam
blocking plugins because they want to force everyone to
watch their bullcrap advertising? Even edge works better
than chrome now and it uses the same core ROFL)
Normally opens one of those "you are infected, calls us to
let us remote your pc (and let us steal all your personal
details and money)" type phishing pages.
(https)://gfryfgujihuhgvghyjh <dot> z24 <dot> web <dot> core
<dot> windows <dot> net/Wi01nhelpSpefi1042/index.html
--
New and improved 2600... well.. ..we drew on some flames and polished it a bit..
--
Google - making sure, life is no more, than 1984...
--
In politics - Later never happens.
Damien Gardner
Apr 1, 2025, 11:11:05 PMApr 1
to 2600-au...@googlegroups.com
Yeah, I blocked core . windows . net in DNS here quite a few months back - Azure VM's are given hostnames within that by default, and people see those URL's and think they're legit when they get served up microsoft login forms on them. We've seen sooooo many stolen microsoft creds in the last 12 months or so. Once I figured out what was going on, and then logged requests through our resolvers to see if there was a legitimate user for hosts within that domain, it didn't seem like it, and we haven't had any complaints since we blocked it, so it seems not..
--DG
--
--
------------------------------------------------------------
You received this message because you are subscribed to the "2600 Australia" group.
To post, send email to: 2600-au...@googlegroups.com
To subscribe, send email to: 2600-austral...@googlegroups.com
For 2600 monthly meetings, visit http://www.2600AU.org
For more options, visit this group at http://groups.google.com/group/2600-australia
To unsubscribe, send email to: 2600-australi...@googlegroups.com
Disclaimer: Comments to this mailing list are owned by the poster
------------------------------------------------------------
---
You received this message because you are subscribed to the Google Groups "2600 Australia" group.
To unsubscribe from this group and stop receiving emails from it, send an email to 2600-australi...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/2600-australia/a4497b05-080d-43c7-bb13-d75e33f6bacc%40reviews.wox.org.
Reply all
Reply to author
Forward
0 new messages