01/22/25 hrcare.help 172.67.153.58 Cloudflare/Namesilo - 11496
Same URL download
1 Like
4 Likes
01/23/25 wnsupport.help 104.21.16.1 Cloudflare/Namesilo - 30851
Thought they were getting on a phone, and download URL is the same. That seems to be the case with most of these trying to get on phones
3 Likes
https://rdkc.xyz/,
https://caregive.help (fake Robinhood using this site today)
5 Likes
3 Likes
https://cncare.help/ (code 80159),
and,
https://www.ppverify.help/ (redirects to)
ConnectWise ScreenConnect Remote Support Software,
and,
https://krmo.us:8443/
3 Likes
01/28/25 ppverify.help 37.221.64.202 Alexost/Namesilo
Didn’t get the download of this one - impersonating Paypal branding
01/28/25 kzhelp.top 188.114.97.9 Cloudflare/Gname
This one is same URL download
3 Likes
2 Likes
01/28/25 fuhelp.top 172.67.193.22 Cloudflare/Gname
2 Likes
01/29/25 fihelp.top 104.21.48.1 Cloudflare/Gname - 7887
01/29/25 cogajroker.cyou 172.67.149.39 Cloudflare/Gname
Interesting, the main URL is exactly the same - but they changed the backend
12/20/24 fihelp.top 104.21.48.1 Cloudflare/Gname
12/20/24 gajrokerware.icu 188.114.97.3 Cloudflare/Gname
3 Likes
Just got this one as well - downloaded from same URL code was 79047
1 Like
| 01/29/25 | pdhelp.top | 104.21.74.80 | Cloudflare/Gname - 77xw85s |
|---|---|---|---|
| 01/29/25 | samolatori.icu | 104.21.68.118 | Cloudflare/Gname |
1 Like
01/29/25 okhelp.top 188.114.97.3 Cloudflare/Gname
here’s the entire string…
https://msvcare.help/?__cf_chl_tk=OY.Qc.Fth_ne0113mR3J4Lp0JTqtkT0DmPFIdiY5uHg-1738169189-1.0.1.1-3LHF9RORwm2Zlw4ZZ7Lr5EgxeSRW_0MRtBhnPntpxSA
2 Likes
01/29/25 carehub.help 37.221.64.202 Alexhost/Namesilo
01/29/25 pkbm.xyz 144.126.156.55 Contabo-Nubes/Namesilo- 73663
This was reported on the 10th - at that time, this was used as the download URL, not the main
01/10/25 pkmd.link 104.21.32.1 Cloudflare/Namesilo
01/10/25 pkbm.xyz 144.126.156.55 Contabo-Nubes/Namesilo
01/29/25 bcwcare.help 188.114.96.3 Cloudflare/Namesilo - 18642
Same URL download