Recently, I stumbled upon a website ( apple-techsupport.online ) that led directly to a tech support scam pop-up:
Most malware hunters have come upon these pop-ups many times. This time, out of curiosity, I decided to Google the listed phone number. What I found led me on an odd adventure.
The Google search showed results for two companies with the same listed phone number (outlined below in purple):
squadtech247[.]com (page 2 of the Google results – not shown below)
Other than the phone number, the similarity in the domain names would also lead one to think that there’s a relationship between the two companies.
First. I visited sitetech247[.]com and found that their site seemed to be not yet completed. This is what I found:
Well, I suppose that’s a list of all of the things that they’ll be “supporting” once they’re operational?
Looking at the contact.html file gives this:
There’s our phone number again with an address in Chicago, Illinois.
The second website, squadtech247[.]com was much more developed. It “looked” like a regular website hawking their support services. Their contact information was curious:
The same Chicago address as sitetech247[.]com but a different phone number.
Lets dig a little more deeply down the rabbit hole. WHOIS information for both domains is remarkably similar, as expected.
Let’s recap – what have we found? The original website that I visited was apple-techsupport.online and it gave us a pop-up message with a “support” phone number to call. We seem to have also found two other “tech support” companies related to this phone number. What about the WHOIS info for the original website that started us on this chase?
This ties it all together and completes the loop. It has squadtech247[.]com’s Chicago street address and email address along with the phone number that set us on our quest.
So, is that the end of the story. Are we out of the rabbit hole? In a word, no. Some of you may have noticed that the above graphic with the Google search results had some links highlighted in red. We haven’t discussed those. That’s where the story gets even stranger.
To be continued…..
(Disclaimer: any links in the blog posts on this site may contain live malware. Proceed cautiously at your own risk. You alone are responsible for anything that may happen to your computer.)