Clever Tech Support Scammer Tactic - Editing the \etc\hosts File

The other day, I made it to the end of a technical support scam wherein the scammers pretended to “fix” my computer by installing various free programs and changing various config files. Today, I was too lazy to restore an older version of my VM, so I started scambaiting on the same snapshot that the other scammers had worked on. When I went to so a new scammer could connect to my computer, rather than seeing the Ultraviewer website I instead saw this:

It turns out that the previous scammers who I had baited the other day had edited my C:\Windows\System32\drivers\etc\hosts file in order to DNS spoof all remote connection tool websites to instead show their warning. Their warning is hosted at Below is their edited version of the \etc\hosts file:

Copyright (c) 1993-2009 Microsoft Corp.

This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

This file contains the mappings of IP addresses to host names. Each
entry should be kept on an individual line. The IP address should
be placed in the first column followed by the corresponding host name.
The IP address and the host name should be separated by at least one

Additionally, comments (such as these) may be inserted on individual
lines or following the machine name denoted by a ‘#’ symbol.

For example: # source server # x client host

localhost name resolution is handled within DNS itself. localhost
::1 localhost

This isn’t particularly sophisticated, and it took me all of about 5 minutes to undo, but regardless this is a brow higher then their typical Modus Operandi of reinstalling google chrome and doing absolutely nothing else. Also, I’m not really sure what to do with the website. It seems to be hosted by AWS, but due to its very basic nature I doubt this would get taken down if I reported it.


Please report it since AWS doesn’t take kindly to shit like this

1 Like

Site is still up.

The remotepc[dot]com is a scam.
Watch this video

RemotePC isn’t a scam, it’s just a remote access software that you can pay for.

Very interesting. I’m unclear though as to what benefit the scammers get from doing this.

1 Like

It mentions ‘get support’ which the scammer would of put on their, it helps them keep their victims and either re-scam them or support them till they get to the point of re-scamming. Could even be as maybe one day they wanna go legit but that doesn’t seem likely. scammer Indian Peter called me.
aka World Live Solution

They called me again today.