Taking out ConnectWise sites

dubloox3 · June 15, 2025, 6:02am

clones for www.cp9help.top

Website:	Registrar:	Registered on:
https://www.pp9help.top/	Gname.com	2025-05-29
https://www.t4khelp.top/	Gname.com	2025-05-01
https://www.s3phelp.top/	Gname.com	2025-04-30

genman · June 16, 2025, 9:59am

Does reporting these sites to Abuse complaints-Domain name reporting do anything? I gave it a go. Reporting to Report an unsafe site - Microsoft Security Intelligence
and https://safebrowsing.google.com/safebrowsing/report-url seems to help get sites flagged. At least I notice that scammers have to keep buying more domain names as they get quickly flagged.

eyskap · June 16, 2025, 10:04am

hey if you can send it to me at [email protected]

SouthernCulture_x · June 16, 2025, 12:37pm

Yes, reporting does help quite a bit, not all the time but it’s effective.

genman · June 16, 2025, 6:08pm

So I reported through GName and they shut down those three sites ( pp9, t4k, s3p ) pretty quick.

Edit: So you need include a screen shot. Ideally they have PayPal or other logos in the screenshot. I don’t know if they care unless they see a fake/copied logo. (Most connect wise sites simply have a place to enter a code.)

Edit: NameSilo reporting: https://www.namesilo.com/phishing-report

I think most reporting sites want to see PayPal logos etc. I’m not sure how convincing it is to post a site with no trademarked images.

Other sites found:

https://upohelp.top
https://sup2.bkd210.ru:8118 (down?)
https://pxgcare.help (backed by ConnectWise)
https://www.kb3help.top

6/18

https://hctcare.help

SouthernCulture_x · June 18, 2025, 6:44pm

https://nyvcare.help/
https://mxnlive.help/

dubloox3 · June 19, 2025, 4:19am

clones for mxnlive.help

site	registered on	registrar
https://zznet.help/	2025-06-14	NameSilo
https://ktmlive.help/	2025-05-28	NameSilo

unfortunately the script relies on urlscan.io to find the clones, so if it wasn’t submitted, it won’t find them + (luckily) they don’t last long anymore

dubloox3 · June 19, 2025, 4:28am

another example why I struggle to find clones: when pisol.help was posted no clones where found, now I find a couple, submitted in the meantime

site	registered on	registrar
https://jrzlive.help/	2025-05-28	NameSilo,
https://rztlive.help/	2025-05-28	NameSilo,
https://qmsol.help/	2025-06-12	NameSilo,
https://zmsol.help/	2025-06-05	NameSilo,

SouthernCulture_x · June 19, 2025, 1:13pm

All of you working on this project are doing excellent work! Every effort made on taking them out is making progress, the sites are significantly decreasing.

SouthernCulture_x · June 19, 2025, 7:54pm

dubloox3 · June 20, 2025, 4:25am

Site	Registered on	Registrar
https://knbphelp.us/	2025-05-30	Namecheap
https://rybphelp.top/	2025-06-12	Gname.com

FantasticsSnow · June 20, 2025, 2:47pm

BHOCARE.HELP domain

Matherchod · June 20, 2025, 3:21pm

hp3help.top
hs9help.top

SouthernCulture_x · June 20, 2025, 4:37pm

https://gkma.us:9113/

https://bdycare.help/
https://ctmcare.help/

dubloox3 · June 20, 2025, 9:23pm

https://pyacare.help/

SouthernCulture_x · June 21, 2025, 12:25pm

https://hqxcare.help/

dubloox3 · June 21, 2025, 3:19pm

https://jtccare.help/

dubloox3 · June 22, 2025, 10:35am

ran the new script "Script to find new ConnectWise sites " on some of the hashes predefined, this is the list of the current results for these hashes:
39ad554ecb56c04433cd9a618e019e0c4670c5f255c089266c779d1cbd141e4e
3270f59b64211cf247d6f01056e6a97ffd39acd40a815d3b3ff3431d894774ca
1f9bf98e43b7dd4317006be99ecbcf871b0ec475dd6dcb656bb8439239d0e4e5
9b9339876c1a3666f1c61d7a29fdcee0a55c819f6b57c5cd09872a811c4aa861
f3a74cc8eaf2dbdb157e4631b084cee9b0b4a7da241a31aefe380b17dca98c6e

(some are probably suspended already but mb worth knowing the status quo):

dubloox3 · June 22, 2025, 7:13pm

new clone sites:
https://ipxz32-rd.top/
https://mjpcare.help/
looks like the script works

dubloox3 · June 23, 2025, 4:43am

new clone sites:
https://absol.help/