Clever Tech Support Scammer Tactic - Editing the \etc\hosts File

The other day, I made it to the end of a technical support scam wherein the scammers pretended to “fix” my computer by installing various free programs and changing various config files. Today, I was too lazy to restore an older version of my VM, so I started scambaiting on the same snapshot that the other scammers had worked on. When I went to https://www.ultraviewer.net/ so a new scammer could connect to my computer, rather than seeing the Ultraviewer website I instead saw this:

image1912×938 76.2 KB

It turns out that the previous scammers who I had baited the other day had edited my C:\Windows\System32\drivers\etc\hosts file in order to DNS spoof all remote connection tool websites to instead show their warning. Their warning is hosted at http://44.194.8.66/. Below is their edited version of the \etc\hosts file:

Copyright (c) 1993-2009 Microsoft Corp.

This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

This file contains the mappings of IP addresses to host names. Each
entry should be kept on an individual line. The IP address should
be placed in the first column followed by the corresponding host name.
The IP address and the host name should be separated by at least one
space.

Additionally, comments (such as these) may be inserted on individual
lines or following the machine name denoted by a ‘#’ symbol.

For example:

102.54.94.97 rhino.acme.com # source server
38.25.63.10 x.acme.com # x client host

localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost
44.194.8.66 www.realvnc.com
44.194.8.66 manage.realvnc.com
44.194.8.66 help.realvnc.com
44.194.8.66 support.realvnc.com
44.194.8.66 api.realvnc.com
44.194.8.66 goverlan.com
44.194.8.66 www.goverlan.com
44.194.8.66 manage.goverlan.com
44.194.8.66 help.goverlan.com
44.194.8.66 support.goverlan.com
44.194.8.66 api.goverlan.com
44.194.8.66 beyondtrust.com
44.194.8.66 www.beyondtrust.com
44.194.8.66 manage.beyondtrust.com
44.194.8.66 help.beyondtrust.com
44.194.8.66 support.beyondtrust.com
44.194.8.66 api.beyondtrust.com
44.194.8.66 beyondtrust.com
44.194.8.66 fixme.it
44.194.8.66 www.fixme.it
44.194.8.66 manage.fixme.it
44.194.8.66 help.fixme.it
44.194.8.66 support.fixme.it
44.194.8.66 api.fixme.it
44.194.8.66 techinline.com
44.194.8.66 www.techinline.com
44.194.8.66 manage.techinline.com
44.194.8.66 help.techinline.com
44.194.8.66 support.techinline.com
44.194.8.66 api.techinline.com
44.194.8.66 islonline.com
44.194.8.66 www.islonline.com
44.194.8.66 manage.islonline.com
44.194.8.66 help.islonline.com
44.194.8.66 support.islonline.com
44.194.8.66 api.islonline.com
44.194.8.66 gotomypc.com
44.194.8.66 www.gotomypc.com
44.194.8.66 manage.gotomypc.com
44.194.8.66 get.gotomypc.com
44.194.8.66 support.gotomypc.com
44.194.8.66 api.gotomypc.com
44.194.8.66 ultraviewer.net
44.194.8.66 www.ultraviewer.net
44.194.8.66 manage.ultraviewer.net
44.194.8.66 help.ultraviewer.net
44.194.8.66 support.ultraviewer.net
44.194.8.66 api.ultraviewer.net
44.194.8.66 tightvnc.com
44.194.8.66 www.tightvnc.com
44.194.8.66 manage.tightvnc.com
44.194.8.66 help.tightvnc.com
44.194.8.66 support.tightvnc.com
44.194.8.66 api.tightvnc.com
44.194.8.66 mremoteng.org
44.194.8.66 www.mremoteng.org
44.194.8.66 manage.mremoteng.org
44.194.8.66 help.mremoteng.org
44.194.8.66 support.mremoteng.org
44.194.8.66 api.mremoteng.org
44.194.8.66 nomachine.com
44.194.8.66 www.nomachine.com
44.194.8.66 manage.nomachine.com
44.194.8.66 help.nomachine.com
44.194.8.66 support.nomachine.com
44.194.8.66 api.nomachine.com
44.194.8.66 remoteutilities.com
44.194.8.66 www.remoteutilities.com
44.194.8.66 manage.remoteutilities.com
44.194.8.66 help.remoteutilities.com
44.194.8.66 support.remoteutilities.com
44.194.8.66 api.remoteutilities.com
44.194.8.66 dualmon.com
44.194.8.66 www.dualmon.com
44.194.8.66 manage.dualmon.com
44.194.8.66 help.dualmon.com
44.194.8.66 support.dualmon.com
44.194.8.66 api.dualmon.com
44.194.8.66 aeroadmin.com
44.194.8.66 www.aeroadmin.com
44.194.8.66 manage.aeroadmin.com
44.194.8.66 help.aeroadmin.com
44.194.8.66 support.aeroadmin.com
44.194.8.66 api.aeroadmin.com
44.194.8.66 jumpdesktop.com
44.194.8.66 www.jumpdesktop.com
44.194.8.66 manage.jumpdesktop.com
44.194.8.66 help.jumpdesktop.com
44.194.8.66 support.jumpdesktop.com
44.194.8.66 api.jumpdesktop.com
44.194.8.66 remotetopc.com
44.194.8.66 www.remotetopc.com
44.194.8.66 manage.remotetopc.com
44.194.8.66 help.remotetopc.com
44.194.8.66 support.remotetopc.com
44.194.8.66 api.remotetopc.com
44.194.8.66 litemanager.com
44.194.8.66 www.litemanager.com
44.194.8.66 manage.litemanager.com
44.194.8.66 help.litemanager.com
44.194.8.66 support.litemanager.com
44.194.8.66 api.litemanager.com
44.194.8.66 skyfex.com
44.194.8.66 www.skyfex.com
44.194.8.66 manage.skyfex.com
44.194.8.66 help.skyfex.com
44.194.8.66 support.skyfex.com
44.194.8.66 api.skyfex.com
44.194.8.66 deskroll.com
44.194.8.66 www.deskroll.com
44.194.8.66 manage.deskroll.com
44.194.8.66 help.deskroll.com
44.194.8.66 support.deskroll.com
44.194.8.66 api.deskroll.com
44.194.8.66 rview.com
44.194.8.66 www.rview.com
44.194.8.66 manage.rview.com
44.194.8.66 help.rview.com
44.194.8.66 support.rview.com
44.194.8.66 api.rview.com
44.194.8.66 rapidsupport.net
44.194.8.66 www.rapidsupport.net
44.194.8.66 manage.rapidsupport.net
44.194.8.66 help.rapidsupport.net
44.194.8.66 support.rapidsupport.net
44.194.8.66 api.rapidsupport.net
44.194.8.66 remmina.org
44.194.8.66 www.remmina.org
44.194.8.66 manage.remmina.org
44.194.8.66 help.remmina.org
44.194.8.66 support.remmina.org
44.194.8.66 api.remmina.org
44.194.8.66 showmypc.com
44.194.8.66 www.showmypc.com
44.194.8.66 manage.showmypc.com
44.194.8.66 help.showmypc.com
44.194.8.66 support.showmypc.com
44.194.8.66 api.showmypc.com
44.194.8.66 anyplace-control.com
44.194.8.66 www.anyplace-control.com
44.194.8.66 manage.anyplace-control.com
44.194.8.66 help.anyplace-control.com
44.194.8.66 support.anyplace-control.com
44.194.8.66 api.anyplace-control.com
44.194.8.66 sysaid.com
44.194.8.66 www.sysaid.com
44.194.8.66 manage.sysaid.com
44.194.8.66 help.sysaid.com
44.194.8.66 support.sysaid.com
44.194.8.66 api.sysaid.com
44.194.8.66 n-able.com
44.194.8.66 www.n-able.com
44.194.8.66 manage.n-able.com
44.194.8.66 help.n-able.com
44.194.8.66 support.n-able.com
44.194.8.66 api.n-able.com
44.194.8.66 cayzu.com
44.194.8.66 www.cayzu.com
44.194.8.66 manage.cayzu.com
44.194.8.66 help.cayzu.com
44.194.8.66 support.cayzu.com
44.194.8.66 api.cayzu.com
44.194.8.66 rhubcom.com
44.194.8.66 www.rhubcom.com
44.194.8.66 manage.rhubcom.com
44.194.8.66 help.rhubcom.com
44.194.8.66 support.rhubcom.com
44.194.8.66 api.rhubcom.com
44.194.8.66 dameware.com
44.194.8.66 www.dameware.com
44.194.8.66 manage.dameware.com
44.194.8.66 help.dameware.com
44.194.8.66 support.dameware.com
44.194.8.66 api.dameware.com
44.194.8.66 cybelesoft.com
44.194.8.66 www.cybelesoft.com
44.194.8.66 manage.cybelesoft.com
44.194.8.66 help.cybelesoft.com
44.194.8.66 support.cybelesoft.com
44.194.8.66 api.cybelesoft.com
44.194.8.66 teamviewer.com
44.194.8.66 www.teamviewer.com
44.194.8.66 manage.teamviewer.com
44.194.8.66 help.teamviewer.com
44.194.8.66 support.teamviewer.com
44.194.8.66 api.teamviewer.com
44.194.8.66 ammyy.com
44.194.8.66 www.ammyy.com
44.194.8.66 manage.ammyy.com
44.194.8.66 help.ammyy.com
44.194.8.66 support.ammyy.com
44.194.8.66 api.ammyy.com
44.194.8.66 ultraassist.com
44.194.8.66 www.ultraassist.com
44.194.8.66 manage.ultraassist.com
44.194.8.66 help.ultraassist.com
44.194.8.66 support.ultraassist.com
44.194.8.66 api.ultraassist.com
44.194.8.66 ultraassist.com
44.194.8.66 www.remotepc.com
44.194.8.66 manage.remotepc.com
44.194.8.66 help.remotepc.com
44.194.8.66 support.remotepc.com
44.194.8.66 api.remotepc.com
44.194.8.66 gotoassist.com
44.194.8.66 www.gotoassist.com
44.194.8.66 manage.gotoassist.com
44.194.8.66 help.gotoassist.com
44.194.8.66 support.gotoassist.com
44.194.8.66 api.gotoassist.com
44.194.8.66 get.gotoassist.com
44.194.8.66 fastsupport.gotoassist.com
44.194.8.66 joinme.com
44.194.8.66 www.joinme.com
44.194.8.66 manage.joinme.com
44.194.8.66 help.joinme.com
44.194.8.66 support.joinme.com
44.194.8.66 api.joinme.com
44.194.8.66 joinme.com
44.194.8.66 www.join.me
44.194.8.66 manage.join.me
44.194.8.66 help.join.me
44.194.8.66 support.join.me
44.194.8.66 api.join.me
44.194.8.66 gotomeeting.com
44.194.8.66 www.gotomeeting.com
44.194.8.66 manage.gotomeeting.com
44.194.8.66 help.gotomeeting.com
44.194.8.66 support.gotomeeting.com
44.194.8.66 api.gotomeeting.com
44.194.8.66 app.gotomeeting.com
44.194.8.66 support.gotomeeting.com
44.194.8.66 zoho.com
44.194.8.66 www.zoho.com
44.194.8.66 manage.zoho.com
44.194.8.66 help.zoho.com
44.194.8.66 support.zoho.com
44.194.8.66 api.zoho.com
44.194.8.66 slashtop.com
44.194.8.66 www.slashtop.com
44.194.8.66 sos.slashtop.com
44.194.8.66 help.slashtop.com
44.194.8.66 support.slashtop.com
44.194.8.66 api.slashtop.com
44.194.8.66 parallels.com
44.194.8.66 www.parallels.com
44.194.8.66 kb.parallels.com
44.194.8.66 help.parallels.com
44.194.8.66 support.parallels.com
44.194.8.66 api.parallels.com
44.194.8.66 softonic.com
44.194.8.66 www.softonic.com
44.194.8.66 sos.softonic.com
44.194.8.66 help.softonic.com
44.194.8.66 support.softonic.com
44.194.8.66 api.softonic.com
44.194.8.66 connectwise.com
44.194.8.66 www.connectwise.com
44.194.8.66 manage.connectwise.com
44.194.8.66 help.connectwise.com
44.194.8.66 support.connectwise.com
44.194.8.66 api.connectwise.com
44.194.8.66 devolutions.com
44.194.8.66 www.devolutions.com
44.194.8.66 sos.devolutions.com
44.194.8.66 help.devolutions.com
44.194.8.66 support.devolutions.com
44.194.8.66 api.devolutions.com
44.194.8.66 remotedesktopmanager.com
44.194.8.66 www.remotedesktopmanager.com
44.194.8.66 manage.remotedesktopmanager.com
44.194.8.66 help.remotedesktopmanager.com
44.194.8.66 support.remotedesktopmanager.com
44.194.8.66 api.remotedesktopmanager.com
44.194.8.66 anydesk.com
44.194.8.66 www.anydesk.com
44.194.8.66 sos.anydesk.com
44.194.8.66 help.anydesk.com
44.194.8.66 support.anydesk.com
44.194.8.66 api.anydesk.com
44.194.8.66 realvnc.com
44.194.8.66 www.realvnc.com
44.194.8.66 manage.realvnc.com
44.194.8.66 help.realvnc.com
44.194.8.66 support.realvnc.com
44.194.8.66 api.realvnc.com
44.194.8.66 logmeinrescue.com
44.194.8.66 www.logmeinrescue.com
44.194.8.66 secure.logmeinrescue.com
44.194.8.66 help.logmeinrescue.com
44.194.8.66 support.logmeinrescue.com
44.194.8.66 api.logmeinrescue.com
44.194.8.66 logmein123.com
44.194.8.66 123helpme.com
44.194.8.66 sos.anydesk.com
44.194.8.66 help.anydesk.com
44.194.8.66 support.anydesk.com
44.194.8.66 api.anydesk.com
44.194.8.66 www.dwservice.net
44.194.8.66 dwservice.net
44.194.8.66 api.dwservice.net
44.194.8.66 www.freshdesk.com
44.194.8.66 api.freshdesk.com
44.194.8.66 remotedesktop.google.com
44.194.8.66 www.dameware.com
44.194.8.66 dameware.com
44.194.8.66 api.dameware.com
44.194.8.66 www.simple-help.com
44.194.8.66 simple-help.com
44.194.8.66 api.simple-help.com
44.194.8.66 www.atera.com
44.194.8.66 atera.com
44.194.8.66 api.atera.com

This isn’t particularly sophisticated, and it took me all of about 5 minutes to undo, but regardless this is a brow higher then their typical Modus Operandi of reinstalling google chrome and doing absolutely nothing else. Also, I’m not really sure what to do with the website. It seems to be hosted by AWS, but due to its very basic nature I doubt this would get taken down if I reported it.

Please report it since AWS doesn’t take kindly to shit like this

Site is still up.

The remotepc[dot]com is a scam.
Watch this video

RemotePC isn’t a scam, it’s just a remote access software that you can pay for.

Very interesting. I’m unclear though as to what benefit the scammers get from doing this.

It mentions ‘get support’ which the scammer would of put on their, it helps them keep their victims and either re-scam them or support them till they get to the point of re-scamming. Could even be as maybe one day they wanna go legit but that doesn’t seem likely.

Fixme.it scammer Indian Peter called me.
888-688-1512
aka World Live Solution

They called me again today.

Fixme.it called me today
Stream fixme scam by Nigella Blum | Listen online for free on SoundCloud