Yes and the above sites are still active today, 05/27/24
7 Likes
Reached out to host and registrar for
“https://b3699.olikonre.org:8443/guest”
"https://apl.help15.org/
“https://stwps.org/”
“https://mdlre.org/”
Received this back
“We have informed the reseller about your complaint, and he will investigate this issue. If we do not receive any update from them, we will suspend the domain after 2024-06-01 21:02:04 CEST and it will stop working.”
The .live sites are tricky; I’ve been flagging them as malicious with different providers and online safeguards as well.
4 Likes
7 Likes
7 Likes
7 Likes
can someone take down wchelp.live?
6 Likes
take this down too - tphelp.info with code 43747
5 Likes
8 Likes
https:stwps.org
6 Likes
7 Likes
https://qsjd546d.cfd/Guest32xw.aspx/?Session=2e413877-f780-4675-891f-1a2755fc9806
another auto-download site!
8 Likes
an elderly friend of mine nearly got scammed, here are some of the URLs I found in her browser history, they seem to be somehow related to this.
https://g3639.olikonre.org:8443/Bin/support.Client.exe
https://www.gdwn.site/
https://ygfc76iygf6ify.z1.web.core.windows.net/Er0Win8helpline76/index.html
they also used “UltraViewer”, but that seems to be legitimate software.
7 Likes
Check this page out, it tells you what your elderly friend needs to do.
I’d also suggest running Free Anti-Scam Threat Scanner - Seraph Secure on the system.
I will explain; both are legitimate software. One is self hosted, and one isn’t. Both are being mis-used by the scammers in-order to gain persistent access to the device to watch over time. They are related as they are self hosted connectwise instances. Sadly, due to the nature of how they set these up connectwise can’t take them down. I hope this explained why they feel related.
8 Likes
8 Likes
7 Likes
https://g3639.olikonre.org:8443/Bin/support.Client.exe is screenconnect, it is masked by https://www.gdwn.site/ (they want the victim to see gdwn.site so if it gets reported the backend server stays up)
7 Likes
8 Likes
8 Likes
8 Likes
5 Likes