Taking out ConnectWise sites

SouthernCulture_x · 27 مايو 2024، 1:05م

Yes and the above sites are still active today, 05/27/24

Scamtopus · 27 مايو 2024، 7:15م

Reached out to host and registrar for
“https://b3699.olikonre.org:8443/guest”
"https://apl.help15.org/
“https://stwps.org/”
“https://mdlre.org/”

Received this back
“We have informed the reseller about your complaint, and he will investigate this issue. If we do not receive any update from them, we will suspend the domain after 2024-06-01 21:02:04 CEST and it will stop working.”

The .live sites are tricky; I’ve been flagging them as malicious with different providers and online safeguards as well.

SouthernCulture_x · 28 مايو 2024، 4:13م

https://tshelp.site

SouthernCulture_x · 28 مايو 2024، 5:22م

https://prex06.login7.cfd

SouthernCulture_x · 28 مايو 2024، 7:02م

https://askf1.login2.top

Matherchod · 28 مايو 2024، 7:15م

can someone take down wchelp.live?

Matherchod · 28 مايو 2024، 7:26م

take this down too - tphelp.info with code 43747

SouthernCulture_x · 28 مايو 2024، 11:08م

https://bhelp.live

SouthernCulture_x · 30 مايو 2024، 4:35م

https:stwps.org

SouthernCulture_x · 30 مايو 2024، 8:55م

https://jpcare.live

SouthernCulture_x · 30 مايو 2024، 9:23م

https://qsjd546d.cfd/Guest32xw.aspx/?Session=2e413877-f780-4675-891f-1a2755fc9806
another auto-download site!

xeldehyde · 30 مايو 2024، 10:45م

an elderly friend of mine nearly got scammed, here are some of the URLs I found in her browser history, they seem to be somehow related to this.

https://g3639.olikonre.org:8443/Bin/support.Client.exe
https://www.gdwn.site/
https://ygfc76iygf6ify.z1.web.core.windows.net/Er0Win8helpline76/index.html

they also used “UltraViewer”, but that seems to be legitimate software.

ReconScammer · 30 مايو 2024، 11:14م

https://redd.it/1c90c5z

Check this page out, it tells you what your elderly friend needs to do.

I’d also suggest running Free Anti-Scam Threat Scanner | Seraph Secure on the system.

I will explain; both are legitimate software. One is self hosted, and one isn’t. Both are being mis-used by the scammers in-order to gain persistent access to the device to watch over time. They are related as they are self hosted connectwise instances. Sadly, due to the nature of how they set these up connectwise can’t take them down. I hope this explained why they feel related.

SouthernCulture_x · 31 مايو 2024، 4:52م

https://cs.help6.org

SouthernCulture_x · 31 مايو 2024، 6:49م

https://gdwn.site

verumignis · 1 يونيو 2024، 1:42م

https://g3639.olikonre.org:8443/Bin/support.Client.exe is screenconnect, it is masked by https://www.gdwn.site/ (they want the victim to see gdwn.site so if it gets reported the backend server stays up)

SouthernCulture_x · 1 يونيو 2024، 3:45م

https://sec247.org

SouthernCulture_x · 3 يونيو 2024، 3:37م

https://mfrb.site

SouthernCulture_x · 3 يونيو 2024، 7:16م

www.compnet112.org

SouthernCulture_x · 3 يونيو 2024، 11:37م

https://www.stwps.org