Connect Wise Control is one of the worst software that scammers use to take remote access to victim’s computers in the sense that you can only close it through task manager and it always runs on your computer’s startup, there is no way to tell that this software is running other than in task manager. I want to make a list of these domains so we can report them and make victims aware of these horrible sites using this horrible software! If you have any of these domains that look like the image below using this software please reply with them here and I will add them to the list.
many ConnectWise scam domains are simply load another page in an iframe. this can be discerned by a small blank border around the page. this is often because the scam call centers are running multiple scams and are using different domains to link to the same installation.
in ntcare247.live’s case, it simply loads https://ntxdr.top/guest.aspx
I’ll try to keep on top of what ConnectWise scam domain iframes to where, since those sites are the ones that need to be flagged.
another scam domain mentioned last week is https://fcare.cc which iframes https://medino.life/guest.aspx
another iframe target is https://healthcenter.live/guest.aspx but the reported site from August that iframes that one went down
support01.us and help01.us don’t iframe anything (they used to iframe win01.top), but they now impersonate Norton and distribute ScreenConnect (labelled WinDesk) using win01.top as their server
other domains I found are win01.xyz, psupport.cc, and pccarelive.org
It would be nice if Microsoft Windows Defender could remove this. Maybe someone else could code a script where it Automatically removes ConnectWise on Windows