Connect Wise Control is one of the worst software that scammers use to take remote access to victim’s computers in the sense that you can only close it through task manager and it always runs on your computer’s startup, there is no way to tell that this software is running other than in task manager. I want to make a list of these domains so we can report them and make victims aware of these horrible sites using this horrible software! If you have any of these domains that look like the image below using this software please reply with them here and I will add them to the list.
The current list, updated on 2/7/23:
many ConnectWise scam domains are simply load another page in an iframe. this can be discerned by a small blank border around the page. this is often because the scam call centers are running multiple scams and are using different domains to link to the same installation.
in ntcare247.live’s case, it simply loads
I’ll try to keep on top of what ConnectWise scam domain iframes to where, since those sites are the ones that need to be flagged.
another scam domain mentioned last week is https://fcare.cc which iframes
another iframe target is
https://healthcenter.live/guest.aspx but the reported site from August that iframes that one went down
Not sure if it downloads ConnectWise…but it’s used by a scammer.
https://help247.us/ is one site I went to yesterday
Just updated the list with these domains being added
support01.us and help01.us don’t iframe anything (they used to iframe win01.top), but they now impersonate Norton and distribute ScreenConnect (labelled WinDesk) using win01.top as their server
other domains I found are win01.xyz, psupport.cc, and pccarelive.org
Ok! I have updated the list with the active domains you guys have replied with, ty!
shelp.cc - It’s another one of these links that uses the dreaded ScreenConnect.
@ScammerRevolts Not sure if this one falls into the criteria, but some chode just had me go to this one this morning…
ihelps.us In turn it downloaded support.client.jnlp
cscare.cc - It is another one of these links that uses ScreenConnect.
passist.us is the last one that came up for me.
It would be nice if Microsoft Windows Defender could remove this. Maybe someone else could code a script where it Automatically removes ConnectWise on Windows
Ok, I have updated the list with the new links, thank you, everyone!
Not getting any response from this domain, are you sure it is typed correctly?
Yes. It worked when I posted it. Whois shows its registered with Namecheap.