The only issue I have now is linking these sites to a number so I can link the numbers and the websites to a call center
Posting numbers where you got the site from would be appreciated in helping me map out the centers
I’m going to run the new ip you provided and see what new sites o can find
Ah yes moralist is a cw site
I see that you came to that conclusion based on similar file structure which is good but yes that is a cw site and it should be reported
b36back9.site - is apart of their connectwise server. Unsure of the main server but if this is taken down then it will make the main site broken
Same with lfback9366.site (I think it’s down tho)
any hint on how to / where to report it? and what reason should I use for the report.
If you could teach me that and a bit (mb in dm or on disc) on how to find the back-end properly (as I just saw it on my screen while connecting) I would like to engage more in reporting, cheers and thanks
ConnectWise ScreenConnect Remote Support Software,
and,
https://xlhelp.top/?__cf_chl_rt_tk=uSH8JaLA6sugXzIayqUieblqzkyBGGQb2Nz5FCG.9qQ-1734480187-1.0.1.1-cpgBTQ96BafwPcnEj6QsyD1EyoXIfQeu2SmEFT5MjI4
12/19/24 uchelp.top 172.67.160.208 Cloudflare/Gname
12/19/24 numolatori.icu 188.114.96.3 Cloudflare/Gname
Download last seen IP changed very slightly
11/04/24 uphelp.top 172.67.163.230 Cloudflare/Gname.com Pte. Ltd.
11/04/24 numolatori.icu 188.114.97.3 Cloudflare/Gname.com Pte. Ltd.
12/19/24 gxhelp.top 104.21.24.192 Cloudflare/Gname
12/19/24 cogajroker.icu 188.114.96.3 Cloudflare/Gname
Download last seen same IP
11/18/24 i3j.top 188.114.97.3 Cloudflare/Gname.com
11/18/24 cogajroker.icu 188.114.96.3 Cloudflare/Gname.com
12/19/24 nor.help9.top 104.21.6.106 Cloudflare/Gname
12/19/24 ongajroker.icu 188.114.96.9 Cloudflare/Gname
Download last seen slightly different IP
12/17/24 ppl.help9.top 104.21.6.106 Cloudflare/Gname
12/17/24 ongajroker.icu 188.114.97.3 Cloudflare/Gname
Sure private me your discord
12/19/24 sys231.org 188.114.96.3 Cloudflare/Gransy
12/19/24 sup2.sysx231.ru:9119/Guest 185.66.89.123 Virtual Systems LLC/RUssia
This one is a frame
https://uchelp.top/,
https://gzhelp.top/?__cf_chl_rt_tk=fuvesm5l7Suo9_EFqRY2X_m7rzzhrOutYo4b1ItWao0-1734623713-1.0.1.1-L8uM6cCyOr5xkS_WEZj9Eap4alhRxteIeCiTca5ioSk
can you post the phone number from which you got it from?
It was the McAfee scam I posted this morning,
810-345-3520
https://mrhelp.top/?__cf_chl_rt_tk=znrbSHV4nnj2jnbezvokR4ByTF113_U5Bs11eg.FP8k-1734701498-1.0.1.1-_UfHy5Ge9LXT_xltS4RF3CtMzmMKwSfpk.kxbZgPnlI,
and,
https://mthelp.top/?__cf_chl_rt_tk=sIiwsjOCR5qt2onKpO0Cyx.gie9yCcxNUb9dCv8ulb8-1734704204-1.0.1.1-DFeH.AK0IxhM8pD8wDhpmbOpz3kIc5aV1W8M3sMvyRE
12/20/24 vthelp.top 188.114.96.3 Cloudflare/Gname- mcafee9788
12/20/24 gomolatori.cyou 104.21.79.105 Cloudflare/Gname
I’ve never seen a connect code like that - or that long
Backend looks moved to new IP
11/21/24 vthelp.top 188.114.96.3 Cloudflare/Gname.com
11/21/24 gomolatori.cyou 172.67.144.81 Cloudflare/Gname.com
https://www.webhostingtalk.com/showthread.php?t=1860547
this should be on peoples’ radars