Yes and the above sites are still active today, 05/27/24
7個讚
Reached out to host and registrar for
“https://b3699.olikonre.org:8443/guest”
"https://apl.help15.org/
“https://stwps.org/”
“https://mdlre.org/”
Received this back
“We have informed the reseller about your complaint, and he will investigate this issue. If we do not receive any update from them, we will suspend the domain after 2024-06-01 21:02:04 CEST and it will stop working.”
The .live sites are tricky; I’ve been flagging them as malicious with different providers and online safeguards as well.
4個讚
can someone take down wchelp.live?
6個讚
take this down too - tphelp.info with code 43747
5個讚
https:stwps.org
6個讚
https://qsjd546d.cfd/Guest32xw.aspx/?Session=2e413877-f780-4675-891f-1a2755fc9806
another auto-download site!
8個讚
an elderly friend of mine nearly got scammed, here are some of the URLs I found in her browser history, they seem to be somehow related to this.
https://g3639.olikonre.org:8443/Bin/support.Client.exe
https://www.gdwn.site/
https://ygfc76iygf6ify.z1.web.core.windows.net/Er0Win8helpline76/index.html
they also used “UltraViewer”, but that seems to be legitimate software.
7個讚
Check this page out, it tells you what your elderly friend needs to do.
I’d also suggest running Free Anti-Scam Threat Scanner | Seraph Secure on the system.
I will explain; both are legitimate software. One is self hosted, and one isn’t. Both are being mis-used by the scammers in-order to gain persistent access to the device to watch over time. They are related as they are self hosted connectwise instances. Sadly, due to the nature of how they set these up connectwise can’t take them down. I hope this explained why they feel related.
8個讚
https://g3639.olikonre.org:8443/Bin/support.Client.exe is screenconnect, it is masked by https://www.gdwn.site/ (they want the victim to see gdwn.site so if it gets reported the backend server stays up)
7個讚