ConnectWise scam domains list

General
, ,
1

Connect Wise Control is one of the worst software that scammers use to take remote access to victim’s computers in the sense that you can only close it through task manager and it always runs on your computer’s startup, there is no way to tell that this software is running other than in task manager. I want to make a list of these domains so we can report them and make victims aware of these horrible sites using this horrible software! If you have any of these domains that look like the image below using this software please reply with them here and I will add them to the list.

Here is a more detailed video about CW and how scammers use it to trick innocent scam victims: https://www.youtube.com/watch?v=zDxA_M5_xQw

Screenshot 2022-12-14 111235
Screenshot 2022-12-14 1112351920×1079 125 KB

The current list, updated on 4/11/2024:

https://ntcare247.live/
https://help247.us/
https://ntxdr.top/
https://fcare.cc/
https://medino.life/
https://healthcenter.live/
https://supportcare.pro/
https://247secure.info/
https://support01.us/
https://support247.help/
https://shelp.cc/
https://assist247.info/
http://ihelps.us
http://passist.us
http://cscare.cc/
https://login08.info/
https://24789.org/
https://phelp.pro/
https://carehelp.live/
https://9001sup.org/
https://sfhelp.online/
https://sfhelpback.xyz/
https://kwbackend.xyz/
https://phelp247.us/
https://tassist.me/
https://ysupport.us/
https://ntcare247.us/
https://asorg.info/
https://win01.top
https://akpd.live/
https://fsupport.cc
https://nsworld.live
https://nsworld.live/
https://vfssupport.live/
https://lphelp.online/
http://gosys.us/
https://carehelp.live/
https://whelp.cc
https://dponline.pro
https://matry.top
https://kwsupport.live/
https://mcare.help/
http://123secure.org/
https://vhelp.info/
https://asorg.info/
https://ghelps.us/
https://control.ctrl10.pw
https://kcare.cc
https://rmpk.info
https://9117.org
https://mkpks.info
https://rhelps.us/
http://jassist.us
https://sup2.supos123.org/guest.aspx
https://os123.org/
https://rcare.cc/
https://dhelps.us/
https://qcare.cc
https://kpmk.info/
https://vfsupport.live/
https://www.pcsupporthelp.com/
https://shelp.info/
https://pcsupport.life/
https://qassist.us
https://tcare.cc
https://os911.org
https://rmus.pro
https://plfsupport.site
https://rnsupport.live/
https://helpsystem.us/
https://sup2.supos911.org/
https://psorg.info/
https://rfhelp.cloud/
https://sys123.org/
https://sup2.12001.ru/
https://rdsys.us
https://knsupport.online/
https://drto.info
https://yksupport.online/
https://sfhelp.cloud/
https://kchelp.live/
https://kchbakend.xyz/
https://forg247.top/
https://careme3.us/
https://gscare.cc/
https://mdpk.us/
https://rtgs.info/
https://knsupport.live
https://gkhelp.site
https://lphelp.live/
https://lphback.link/
https://hbhelp.info
https://cancelorder.net
https://1001sup.org
https://mxhelp.cc
https://ctrlnl.site/
http://mdkp.us/
https://gxhelp.info
https://pchelp123.org
https://pnsys.info
https://ponline.info
https://kbhelp.cc/
https://ctrlsg.site/
https://pdworld.live
https://lxhelp.live/
https://sided.top/
https://pplcoffeehouse.top/
https://dbhelp.live/
https://frak.top/
https://tbhelp.live
https://smgs.us/
https://sgh1backh.site/
https://startconnect.online/
https://castcoffeehouse.top/
https://www.ctrlca.site/
https://systemcare.us/
https://ctrlkc.site/
https://support12.us/
https://goserver.live/
https://ctrlqa.site/
https://kchcoffeehouse.top/
https://smcoffeehouse.top/
https://qastcoffeehouse.top/
https://ctrlas.site/
https://ascoffeehouse.top/
https://pchelp123.org/
https://sup2.13001.ru/
https://dts1backks.site/
https://helpdt.site/
https://connectsupport.online
https://jastcoffeehouse.top/
https://ctrlja.site/
https://ctrlhc.site/
https://hchcoffeehouse.top/
https://mnps.info
https://oshelp247.site
https://gxhelp.cc
https://we19.us
https://cw.help247.site/
https://cwbk1backk.site/
https://sm.help247.site/
https://kn.help247.site/
https://www.geeksupport.live/
https://tf1backf.site/
https://sl.help247.site/
https://sl1backl.site/
https://qk.help247.site/
https://ctrlqk.site/
https://rns1backns.site/
https://vn1backn.site/
https://cgh1backh.site/
https://gast1back.site/
https://pfh1backlh.site/
https://rfh1backfh.site/
https://kast1backt.site/
https://gatcancelorder.com
https://helpsystem.cc
https://pccare247.site
https://donline.info
https://qscare.online
https://carehelp.us/
https://control.ctrl02.ru/
https://rshelp.us
https://norhelp.site/
https://helpsec123.site/
https://remoterulerm.top/
https://cr.a24.help/
https://connectclick.top/
https://tdhelp.live/
https://gc.24s.help/
https://cg.24s.help/
https://cgh1backh.site/
https://wk.24s.help/
https://bs.24s.help/
https://dokd.net/
https://assist247.site/
https://wccare.live/
https://wccare.info/
http://helpfultechlab.top/
https://hscare.us/
https://bshelp.info/
https://s4.catreenpr.is/
https://ideafusion.top/
https://m2care.cc/
https://s8.catreenpr.is/
https://s1.catreenpr.is/
https://s2.catreenpr.is/
https://s3.catreenpr.is/
https://s5.catreenpr.is/
https://s7.catreenpr.is/
https://s9.catreenpr.is/
https://desktool.buzz/
http://foggyatmosphere.live/
https://g2care.cc/
https://va.c24.help/
https://ctrlva.site/guest
https://ascare.cc/
https://hghelp.online/
https://prex04.8996.is
https://prex19.olinatok.is
https://tdcare.live/
https://prex20.olinatok.is
https://tdcare.online
https://prex27.allengt.is
https://hghelp.live/
https://tdcare.us/
https://prex21.allengt.is
https://pcsystem.cc/
https://nc.c24.help/
https://cr.c24.help/
https://crbk1backk.site/guest
http://ascare.cc/
https://qg.c24.help/
https://cassist.screenconnect.com/
https://gast1back.site/guest
https://ga.f24.help/
https://dokd.net/
https://ppcare.info
https://pokd.info/
https://sec117.org/
http://peril.buzz/
https://akonline.info/
https://nxcare.info/
https://cv.f24.help/
https://www.247pc.help/
https://mc1back.site/guest
https://kw.f24.help/
https://helpkc.site/guest
https://rshelp.us/
https://prex15.olinatok.is/
https://prex14.olinatok.is/
https://prex13.olinatok.is/
https://prex12.olinatok.is/
https://prex11.olinatok.is/
https://prex16.olinatok.is/
https://prex17.olinatok.is/
https://prex18.olinatok.is/
https://prex19.olinatok.is/
https://rbcare.cc/
https://prex20.olinatok.is/
https://prex09.8996.is/
https://prex08.8996.is/
https://prex07.8996.is/
https://prex06.8996.is/
https://prex05.8996.is/
https://prex04.8996.is/
https://prex01.8996.is/
https://prex10.8996.is/
https://rn.f24.help/
https://rns1backns.site/guest
https://chelp247.org/
https://fcare.online/
https://prex03.top/guest.aspx
https://ph.e24.help/
https://help84.us/
http://peril.buzz
http://www.ascare.info
https://kodv.info/
https://chelp247.org/
https://jdmk.info
http://supportcenter.cc/
http://bestsupport.online/
https://help2us.cc/
https://mw.e24.help/
https://helpntn.site/
https://ph.e24.help/
https://pplh1backh.site/guest
https://bws1backss.site/guest
https://bw.e24.help/
https://vn.e24.help/
https://qshelp.us/
https://rt.e24.help/
https://rt1back.site/login
https://dk.g24.help/
https://viewerdirect.buzz/
http://uk.s24.help/
https://cancelhelp.live/
https://deskplus.buzz/
https://va.s24.help/
https://yg.s24.help/
Secure Support Server
https://oscare247.org/
https://cpback.giize.com/guest
https://pcs.q24.help/
https://mk.s24.help/
https://ca.l24.help/
https://castback.giize.com/guest
https://cf03.cw1bafcks.sclogins.net/guest
https://cw.l24.help/
https://sk.s24.help/
https://gobw.top/
https://68dp.skmeggoard.rns1backns.site
https://as.l24.help/
https://az.l24.help/
https://bs.l24.help/
https://bw.l24.help/
https://ca.l24.help/
https://cf.l24.help/
https://cg.l24.help/
https://ck.l24.help/
https://cr.l24.help/
https://cs.l24.help/
https://ct.l24.help/
https://cv.l24.help/
https://cw.l24.help/
https://dt.l24.help/
https://fw.l24.help/
https://ga.l24.help/
https://gc.l24.help/
https://gt.l24.help/
https://ja.l24.help/
https://jp.l24.help/
https://js.l24.help/
https://jt.l24.help/
https://ka.l24.help/
https://kn.l24.help/
https://kt.l24.help/
https://kw.l24.help/
https://lp.l24.help/
https://mc.l24.help/
https://mk.l24.help/
https://mp.l24.help/
https://mw.l24.help/
https://nc.l24.help/
https://nk.l24.help/
https://nl.l24.help/
https://pf.l24.help/
https://ph.l24.help/
https://pl.l24.help/
https://pp.l24.help/
https://qa.l24.help/
https://qc.l24.help/
https://qg.l24.help/
https://qk.l24.help/
https://rf.l24.help/
https://rm.l24.help/
https://rn.l24.help/
https://sf.l24.help/
https://sl.l24.help/
https://sm.l24.help/
https://ta.l24.help/
https://tf.l24.help/
https://va.l24.help/
https://vf.l24.help/
https://vk.l24.help/
https://vn.l24.help/
https://wk.l24.help/
https://wl.l24.help/
https://yg.l24.help/
https://yk.l24.help/
https://as.n24.help/
https://az.n24.help/
https://bs.n24.help/
https://bw.n24.help/
https://ca.n24.help/
https://cf.n24.help/
https://cg.n24.help/
https://ck.n24.help/
https://cr.n24.help/
https://cs.n24.help/
https://ct.n24.help/
https://cv.n24.help/
https://cw.n24.help/
https://dt.n24.help/
https://fw.n24.help/
https://ga.n24.help/
https://gc.n24.help/
https://gt.n24.help/
https://ja.n24.help/
https://jp.n24.help/
https://js.n24.help/
https://jt.n24.help/
https://ka.n24.help/
https://kn.n24.help/
https://kt.n24.help/
https://kw.n24.help/
https://lp.n24.help/
https://mc.n24.help/
https://mk.n24.help/
https://mp.n24.help/
https://mw.n24.help/
https://nc.n24.help/
https://nk.n24.help/
https://nl.n24.help/
https://pf.n24.help/
https://ph.n24.help/
https://pl.n24.help/
https://pp.n24.help/
https://qa.n24.help/
https://qc.n24.help/
https://qg.n24.help/
https://qk.n24.help/
https://rf.n24.help/
https://rm.n24.help/
https://rn.n24.help/
https://sf.n24.help/
https://sl.n24.help/
https://sm.n24.help/
https://ta.n24.help/
https://tf.n24.help/
https://va.n24.help/
https://vf.n24.help/
https://vk.n24.help/
https://vn.n24.help/
https://wk.n24.help/
https://wl.n24.help/
https://yg.n24.help/
https://yk.n24.help/
https://as.s24.help/
https://az.s24.help/
https://bs.s24.help/
https://bw.s24.help/
https://ca.s24.help/
https://cf.s24.help/
https://cg.s24.help/
https://ck.s24.help/
https://cr.s24.help/
https://cs.s24.help/
https://ct.s24.help/
https://cv.s24.help/
https://cw.s24.help/
https://dt.s24.help/
https://fw.s24.help/
https://ga.s24.help/
https://gc.s24.help/
https://gt.s24.help/
https://ja.s24.help/
https://jp.s24.help/
https://js.s24.help/
https://jt.s24.help/
https://ka.s24.help/
https://kn.s24.help/
https://kt.s24.help/
https://kw.s24.help/
https://lp.s24.help/
https://mc.s24.help/
https://mk.s24.help/
https://mp.s24.help/
https://mw.s24.help/
https://nc.s24.help/
https://nk.s24.help/
https://nl.s24.help/
https://pf.s24.help/
https://ph.s24.help/
https://pl.s24.help/
https://pp.s24.help/
https://qa.s24.help/
https://qc.s24.help/
https://qg.s24.help/
https://qk.s24.help/
https://rf.s24.help/
https://rm.s24.help/
https://rn.s24.help/
https://sf.s24.help/
https://sl.s24.help/
https://sm.s24.help/
https://ta.s24.help/
https://tf.s24.help/
https://va.s24.help/
https://vf.s24.help/
https://vk.s24.help/
https://vn.s24.help/
https://wk.s24.help/
https://wl.s24.help/
https://yg.s24.help/
https://yk.s24.help/
https://gkdb.xyz/
https://s4g9.tf1bacerkf.loginlink2.site/
https://udcare.info/
https://hkyt1.top
https://ader1.top/
https://m3.pchelp800.org/
https://96ds1.m3324.loginlink2.site
https://kphelp.info/
https://lijw1.top
https://g3639.loginlink2.site:8443/guest
https://gcompro.org/
mcomfix.org
https://bpnh2.top/
https://hqhelp.live/
https://mkuy1.top/
https://ater1.top/
https://wccare.info/
https://bdcare.info
https://cjcare.info
https://dfcare.info
https://dlcare.info
https://dpcare.info
https://dvcare.info
https://dwcare.info
https://ghcare.info
https://gkcare.info
https://glcare.info
https://jpcare.info
https://mfcare.info
https://pscare.info
https://qzcare.info
https://rwcare.info
https://sscare.info
https://vscare.info
https://wccare.info
https://wtcare.info
https://yscare.info
https://bdcare.live
https://bmcare.live
https://bscare.live
https://cjcare.live
https://dpcare.live
https://dwcare.live
https://ghcare.live
https://glcare.live
https://gxcare.live
https://hmcare.live
https://ecare.live
https://mecare.live
https://mfcare.live
https://pscare.live
https://pycare.live
https://qzcare.live
https://rbcare.live
https://rscare.live
https://rwcare.live
https://sscare.live
https://udcare.live
https://vscare.live
https://wccare.live
https://wdcare.live
https://ybcare.live
https://zxcare.live
https://zxcare.live
https://mscare.online
https://ppcare.online
https://pscare.online
https://rscare.online
https://abhelp.info
https://avhelp.info
https://brhelp.info
https://dkhelp.info
https://hfhelp.info
https://jkhelp.info
https://kphelp.info
https://kthelp.info
https://mqhelp.info
https://pfhelp.info
https://prhelp.info
https://pshelp.info
https://rkhelp.info
https://rshelp.info
https://sqhelp.info
https://tphelp.info
https://uchelp.info
https://vrhelp.info
https://c2help.info
https://s4help.info
https://v2help.info
https://x4help.info
https://abhelp.live
https://aqhelp.live
https://brhelp.live
https://dkhelp.live
https://dlhelp.live
https://fthelp.live
https://hfhelp.live
https://hqhelp.live
https://jkhelp.live
https://kphelp.live
https://kthelp.live
https://mqhelp.live
https://nphelp.live
https://pjhelp.live
https://prhelp.live
https://pshelp.live
https://rphelp.live
https://rshelp.live
https://rthelp.live
https://sqhelp.live
https://tphelp.live
https://urhelp.live
https://vrhelp.live
https://wchelp.live
https://m2help.live
https://p2help.live
https://q4help.live
https://s4help.live
https://v2help.live
https://w2help.live
https://x4help.live

15 Likes
2

many ConnectWise scam domains are simply load another page in an iframe. this can be discerned by a small blank border around the page. this is often because the scam call centers are running multiple scams and are using different domains to link to the same installation.

in ntcare247.live’s case, it simply loads https://ntxdr.top/guest.aspx

I’ll try to keep on top of what ConnectWise scam domain iframes to where, since those sites are the ones that need to be flagged.

another scam domain mentioned last week is https://fcare.cc which iframes https://medino.life/guest.aspx

another iframe target is https://healthcenter.live/guest.aspx but the reported site from August that iframes that one went down

3 Likes
3

https://supportcare.pro/

Not sure if it downloads ConnectWise…but it’s used by a scammer.

2 Likes
4

https://help247.us/ is one site I went to yesterday

3 Likes
5

Just updated the list with these domains being added :+1:

3 Likes
6

https://support247.help/

2 Likes
7

support01.us and help01.us don’t iframe anything (they used to iframe win01.top), but they now impersonate Norton and distribute ScreenConnect (labelled WinDesk) using win01.top as their server

other domains I found are win01.xyz, psupport.cc, and pccarelive.org

2 Likes
8

Here’s another SR – https://247secure.info/

1 Like
9

Ok! I have updated the list with the active domains you guys have replied with, ty!

1 Like
10

shelp.cc - It’s another one of these links that uses the dreaded ScreenConnect.

1 Like
11

@ScammerRevolts Not sure if this one falls into the criteria, but some chode just had me go to this one this morning…

ihelps.us In turn it downloaded support.client.jnlp

2 Likes
12

ihelps.us iframes https://marian.ink/guest.aspx

2 Likes
13

cscare.cc - It is another one of these links that uses ScreenConnect.

2 Likes
14

cscare.cc iframes https://login08.info/guest.aspx

2 Likes
15

passist.us is the last one that came up for me.

2 Likes
16

It would be nice if Microsoft Windows Defender could remove this. Maybe someone else could code a script where it Automatically removes ConnectWise on Windows

1 Like
17

Ok, I have updated the list with the new links, thank you, everyone!

2 Likes
18

Another one
Wllbackend.xyz

1 Like
19

Not getting any response from this domain, are you sure it is typed correctly?

2 Likes
20

Yes. It worked when I posted it. Whois shows its registered with Namecheap.

2 Likes