Taking out ConnectWise sites

The only issue I have now is linking these sites to a number so I can link the numbers and the websites to a call center
Posting numbers where you got the site from would be appreciated in helping me map out the centers

1 Like

I’m going to run the new ip you provided and see what new sites o can find

1 Like

Ah yes moralist is a cw site
I see that you came to that conclusion based on similar file structure which is good but yes that is a cw site and it should be reported

1 Like

b36back9.site - is apart of their connectwise server. Unsure of the main server but if this is taken down then it will make the main site broken
Same with lfback9366.site (I think it’s down tho)

1 Like

any hint on how to / where to report it? and what reason should I use for the report.
If you could teach me that and a bit (mb in dm or on disc) on how to find the back-end properly (as I just saw it on my screen while connecting) I would like to engage more in reporting, cheers and thanks

ConnectWise ScreenConnect Remote Support Software,
and,
https://xlhelp.top/?__cf_chl_rt_tk=uSH8JaLA6sugXzIayqUieblqzkyBGGQb2Nz5FCG.9qQ-1734480187-1.0.1.1-cpgBTQ96BafwPcnEj6QsyD1EyoXIfQeu2SmEFT5MjI4

2 Likes

12/19/24 uchelp.top 172.67.160.208 Cloudflare/Gname
12/19/24 numolatori.icu 188.114.96.3 Cloudflare/Gname

Download last seen IP changed very slightly
11/04/24 uphelp.top 172.67.163.230 Cloudflare/Gname.com Pte. Ltd.
11/04/24 numolatori.icu 188.114.97.3 Cloudflare/Gname.com Pte. Ltd.

1 Like

12/19/24 gxhelp.top 104.21.24.192 Cloudflare/Gname
12/19/24 cogajroker.icu 188.114.96.3 Cloudflare/Gname

Download last seen same IP
11/18/24 i3j.top 188.114.97.3 Cloudflare/Gname.com
11/18/24 cogajroker.icu 188.114.96.3 Cloudflare/Gname.com

12/19/24 nor.help9.top 104.21.6.106 Cloudflare/Gname
12/19/24 ongajroker.icu 188.114.96.9 Cloudflare/Gname

Download last seen slightly different IP
12/17/24 ppl.help9.top 104.21.6.106 Cloudflare/Gname
12/17/24 ongajroker.icu 188.114.97.3 Cloudflare/Gname

https://comp136.top/,
and,
https://sehelp.top/

2 Likes

https://karb.link:9113/

Sure private me your discord

1 Like

12/19/24 sys231.org 188.114.96.3 Cloudflare/Gransy

12/19/24 sup2.sysx231.ru:9119/Guest 185.66.89.123 Virtual Systems LLC/RUssia

This one is a frame

1 Like

https://uchelp.top/,
https://gzhelp.top/?__cf_chl_rt_tk=fuvesm5l7Suo9_EFqRY2X_m7rzzhrOutYo4b1ItWao0-1734623713-1.0.1.1-L8uM6cCyOr5xkS_WEZj9Eap4alhRxteIeCiTca5ioSk

2 Likes

can you post the phone number from which you got it from?

1 Like

It was the McAfee scam I posted this morning,
810-345-3520

1 Like

https://gxhelp.top/?__cf_chl_tk=zQvEVvmYfBLIaFWFiiv1kebiNaC3ByHTh2lmWK2fFUE-1734655919-1.0.1.1-O51GRwPfCDwCzpsIKaqiHEbfn3_COCE1wjCWafuzAg0

1 Like

https://mrhelp.top/?__cf_chl_rt_tk=znrbSHV4nnj2jnbezvokR4ByTF113_U5Bs11eg.FP8k-1734701498-1.0.1.1-_UfHy5Ge9LXT_xltS4RF3CtMzmMKwSfpk.kxbZgPnlI,
and,
https://mthelp.top/?__cf_chl_rt_tk=sIiwsjOCR5qt2onKpO0Cyx.gie9yCcxNUb9dCv8ulb8-1734704204-1.0.1.1-DFeH.AK0IxhM8pD8wDhpmbOpz3kIc5aV1W8M3sMvyRE

1 Like

12/20/24 vthelp.top 188.114.96.3 Cloudflare/Gname- mcafee9788
12/20/24 gomolatori.cyou 104.21.79.105 Cloudflare/Gname

I’ve never seen a connect code like that - or that long

Backend looks moved to new IP
11/21/24 vthelp.top 188.114.96.3 Cloudflare/Gname.com
11/21/24 gomolatori.cyou 172.67.144.81 Cloudflare/Gname.com

https://www.webhostingtalk.com/showthread.php?t=1860547
this should be on peoples’ radars