https://stwps.org
PayPal and McAfee Scammers using this site.
Added:
www.conline.life
Delhi popup scammers using this today
https://jpcare.live
Geek squad scammers today
Seems I am unable to resolve https://jpcare.live/, I am guessing it has already been taken down?
Seems they were using alex host and it was last seen 3 months ago:
IP Addresses | Organization | First Seen | Last Seen | Duration Seen |
---|---|---|---|---|
193.233.203.146 | ALEXHOST SRL | 2024-02-14 (4 months) | 2024-02-26 (3 months) | 12 days |
213.232.235.244 | ALEXHOST SRL | 2024-02-11 (4 months) | 2024-02-14 (4 months) | 3 days |
Going to https://193.233.203.146 seems to work, I will add the domain along with the IP.
URLScan: 193.233.203.146 - urlscan.io
The domain currently has no DNS records, maybe they are shutting it down and planning to move a new domain for the server they are hosting CW on.
Oh Boy:
Domain | Rank | Hosting Provider | Mail Provider |
---|---|---|---|
sub.verify.czechia.competent-shockley.193-233-203-146.plesk.page | ALEXHOST SRL | β | |
www.rkhelp.us | ALEXHOST SRL | β | |
www.rkhelp.live | ALEXHOST SRL | β | |
heuristic-albattani.193-233-203-146.plesk.page | ALEXHOST SRL | β | |
rbcare.info | ALEXHOST SRL | β | |
rscare.info | ALEXHOST SRL | β | |
www.rscare.online | ALEXHOST SRL | β | |
rkhelp.info | ALEXHOST SRL | β | |
nortn.live | ALEXHOST SRL | β | |
rbcare.online | ALEXHOST SRL | β | |
www.jpcare.info | ALEXHOST SRL | β | |
www.uvcare.live | ALEXHOST SRL | β | |
rbcare.us | ALEXHOST SRL | β | |
www.mfhelp.live | ALEXHOST SRL | β | |
www.rshelp.us | ALEXHOST SRL | β | |
rshelp.live | ALEXHOST SRL | β | |
jpcare.info | ALEXHOST SRL | β | |
www.optimistic-pike.193-233-203-146.plesk.page | ALEXHOST SRL | β | |
wtcare.live | ALEXHOST SRL | β | |
www.rkhelp.cc | ALEXHOST SRL | β | |
www.rkhelp.online | ALEXHOST SRL | β | |
uvcare.live | ALEXHOST SRL | β | |
rscare.cc | ALEXHOST SRL | β | |
www.rbcare.live | ALEXHOST SRL | β | |
rshelp.info | ALEXHOST SRL | β | |
www.rbcare.info | ALEXHOST SRL | β | |
brhelp.info | ALEXHOST SRL | β | |
wtcare.info | ALEXHOST SRL | β | |
www.brhelp.info | ALEXHOST SRL | β | |
www.helpsystem.info | ALEXHOST SRL | β | |
rkhelp.online | ALEXHOST SRL | β | |
www.rshelp.info | ALEXHOST SRL | β | |
jxhelp.live | ALEXHOST SRL | β | |
www.rshelp.cc | ALEXHOST SRL | β | |
pp247.live | ALEXHOST SRL | β | |
netfx.live | ALEXHOST SRL | β | |
rscare.help | ALEXHOST SRL | β | |
cshelp13.live | ALEXHOST SRL | β | |
optimistic-pike.193-233-203-146.plesk.page | ALEXHOST SRL | β | |
www.rbcare.online | ALEXHOST SRL | β | |
www.cashapphelp011.live | ALEXHOST SRL | β | |
www.wtcare.info | ALEXHOST SRL | β | |
www.rscare.cc | ALEXHOST SRL | β | |
mfhelp.live | ALEXHOST SRL | β | |
helpsystem.info | ALEXHOST SRL | β | |
www.rbcare.us | ALEXHOST SRL | β | |
verify.czechia.ntx.optimistic-pike.193-233-203-146.plesk.page | ALEXHOST SRL | β | |
www.rshelp.live | ALEXHOST SRL | β | |
charming-shamir.193-233-203-146.plesk.page | ALEXHOST SRL | β | |
competent-shockley.193-233-203-146.plesk.page | ALEXHOST SRL | β | |
rbcare.live | ALEXHOST SRL | β | |
www.rscare.info | ALEXHOST SRL | β | |
www.competent-shockley.193-233-203-146.plesk.page | ALEXHOST SRL | β | |
www.rscare.live | ALEXHOST SRL | β | |
rkhelp.live | ALEXHOST SRL | β | |
rscare.live | ALEXHOST SRL | β | |
rkhelp.cc | ALEXHOST SRL | β | |
www.nortn.live | ALEXHOST SRL | β | |
rshelp.us | ALEXHOST SRL | β | |
193-233-203-146.plesk.page | ALEXHOST SRL | β | |
www.rkhelp.info | ALEXHOST SRL | β | |
rscare.online | ALEXHOST SRL | β | |
hungry-dubinsky.193-233-203-146.plesk.page | ALEXHOST SRL | β | |
www.cashapphelp105.info | ALEXHOST SRL | β | |
rkhelp.us | ALEXHOST SRL | β | |
www.wtcare.live | ALEXHOST SRL | β | |
ms4care.live | ALEXHOST SRL | β | |
rshelp.cc | ALEXHOST SRL | β | |
www.rscare.help | ALEXHOST SRL | β | |
www.ms4care.live | ALEXHOST SRL | β |
Results for the other IP: https://213.232.235.244
Domain | Rank | Hosting Provider | Mail Provider |
---|---|---|---|
www.mshelp19.info | ALEXHOST SRL | β | |
w2help.live | ALEXHOST SRL | β | |
www.abhelp.info | ALEXHOST SRL | β | |
help01.cc | ALEXHOST SRL | β | |
mshelp06.info | ALEXHOST SRL | β | |
www.help02.cc | ALEXHOST SRL | β | |
bdcare.live | ALEXHOST SRL | β | |
mshelp08.info | ALEXHOST SRL | β | |
www.cphelp.live | ALEXHOST SRL | β | |
mshelp05.info | ALEXHOST SRL | β | |
www.mshelp15.info | ALEXHOST SRL | β | |
www.mshelp13.info | ALEXHOST SRL | β | |
www.mshelp11.info | ALEXHOST SRL | β | |
mshelp09.info | ALEXHOST SRL | β | |
www.mshelp16.info | ALEXHOST SRL | β | |
www.rclaim.online | ALEXHOST SRL | β | |
mshelp19.info | ALEXHOST SRL | β | |
mshelp11.info | ALEXHOST SRL | β | |
www.mshelp08.info | ALEXHOST SRL | β | |
www.bdcare.info | ALEXHOST SRL | β | |
ihelp24.live | ALEXHOST SRL | β | |
www.mshelp20.info | ALEXHOST SRL | β | |
mshelp15.info | ALEXHOST SRL | β | |
www.bshelp.support | ALEXHOST SRL | β | |
cshelp17.live | ALEXHOST SRL | β | |
abhelp.info | ALEXHOST SRL | β | |
mshelp16.info | ALEXHOST SRL | β | |
www.cshelp17.live | ALEXHOST SRL | β | |
www.mshelp17.info | ALEXHOST SRL | β | |
bdcare.info | ALEXHOST SRL | β | |
mshelp13.info | ALEXHOST SRL | β | |
mhelp24.live | ALEXHOST SRL | β | |
mshelp02.info | ALEXHOST SRL | β | |
www.mshelp06.info | ALEXHOST SRL | β | |
www.mshelp02.info | ALEXHOST SRL | β | |
www.bdcare.live | ALEXHOST SRL | β | |
www.mshelp18.info | ALEXHOST SRL | β | |
help02.cc | ALEXHOST SRL | β | |
www.mhelp24.live | ALEXHOST SRL | β | |
mshelp03.info | ALEXHOST SRL | β | |
mshelp14.info | ALEXHOST SRL | β | |
www.mshelp07.info | ALEXHOST SRL | β | |
nochelp.live | ALEXHOST SRL | β | |
www.abhelp.live | ALEXHOST SRL | β | |
www.bscare.info | ALEXHOST SRL | β | |
abhelp.live | ALEXHOST SRL | β | |
www.mshelp12.info | ALEXHOST SRL | β | |
www.mshelp14.info | ALEXHOST SRL | β | |
www.w2help.live | ALEXHOST SRL | β | |
www.help01.cc | ALEXHOST SRL | β | |
mshelp12.info | ALEXHOST SRL | β | |
www.nochelp.live | ALEXHOST SRL | β | |
www.mshelp04.info | ALEXHOST SRL | β | |
www.zxcare.live | ALEXHOST SRL | β | |
www.ihelp24.live | ALEXHOST SRL | β | |
mshelp18.info | ALEXHOST SRL | β | |
www.mshelp09.info | ALEXHOST SRL | β | |
mihelp.info | ALEXHOST SRL | β | |
akhelp.info | ALEXHOST SRL | β | |
www.rcare.live | ALEXHOST SRL | β | |
mshelp20.info | ALEXHOST SRL | β | |
cshelp19.live | ALEXHOST SRL | β | |
rcare.live | ALEXHOST SRL | β | |
mshelp17.info | ALEXHOST SRL | β | |
mshelp04.info | ALEXHOST SRL | β | |
mshelp07.info | ALEXHOST SRL | β | |
www.mshelp05.info | ALEXHOST SRL | β |
Added:
https://www.mshelp19.info
https://w2help.live
https://www.abhelp.info
https://help01.cc
https://mshelp06.info
https://www.help02.cc
https://bdcare.live
https://mshelp08.info
https://www.cphelp.live
https://mshelp05.info
https://www.mshelp15.info
https://www.mshelp13.info
https://www.mshelp11.info
https://mshelp09.info
https://www.mshelp16.info
https://www.rclaim.online
https://mshelp19.info
https://mshelp11.info
https://www.mshelp08.info
https://www.bdcare.info
https://ihelp24.live
https://www.mshelp20.info
https://mshelp15.info
https://www.bshelp.support
https://cshelp17.live
https://abhelp.info
https://mshelp16.info
https://www.cshelp17.live
https://www.mshelp17.info
https://bdcare.info
https://mshelp13.info
https://mhelp24.live
https://mshelp02.info
https://www.mshelp06.info
https://www.mshelp02.info
https://www.bdcare.live
https://www.mshelp18.info
https://help02.cc
https://www.mhelp24.live
https://mshelp03.info
https://mshelp14.info
https://www.mshelp07.info
https://nochelp.live
https://www.abhelp.live
https://www.bscare.info
https://abhelp.live
https://www.mshelp12.info
https://www.mshelp14.info
https://www.w2help.live
https://www.help01.cc
https://mshelp12.info
https://www.nochelp.live
https://www.mshelp04.info
https://www.zxcare.live
https://www.ihelp24.live
https://mshelp18.info
https://www.mshelp09.info
https://mihelp.info
https://akhelp.info
https://www.rcare.live
https://mshelp20.info
https://cshelp19.live
https://rcare.live
https://mshelp17.info
https://mshelp04.info
https://mshelp07.info
https://www.mshelp05.info
https://sub.verify.czechia.competentshockley.193233203146.plesk.page
https://www.rkhelp.us
https://www.rkhelp.live
https://heuristicalbattani.193233203146.plesk.page
https://rbcare.info
https://rscare.info
https://www.rscare.online
https://rkhelp.info
https://nortn.live
https://rbcare.online
https://www.jpcare.info
https://www.uvcare.live
https://rbcare.us
https://www.mfhelp.live
https://www.rshelp.us
https://rshelp.live
https://jpcare.info
https://www.optimisticpike.193233203146.plesk.page
https://wtcare.live
https://www.rkhelp.cc
https://www.rkhelp.online
https://uvcare.live
https://rscare.cc
https://www.rbcare.live
https://rshelp.info
https://www.rbcare.info
https://brhelp.info
https://wtcare.info
https://www.brhelp.info
https://www.helpsystem.info
https://rkhelp.online
https://www.rshelp.info
https://jxhelp.live
https://www.rshelp.cc
https://pp247.live
https://netfx.live
https://rscare.help
https://cshelp13.live
https://optimisticpike.193233203146.plesk.page
https://www.rbcare.online
https://www.cashapphelp011.live
https://www.wtcare.info
https://www.rscare.cc
https://mfhelp.live
https://helpsystem.info
https://www.rbcare.us
https://verify.czechia.ntx.optimisticpike.193233203146.plesk.page
https://www.rshelp.live
https://charmingshamir.193233203146.plesk.page
https://competentshockley.193233203146.plesk.page
https://rbcare.live
https://www.rscare.info
https://www.competentshockley.193233203146.plesk.page
https://www.rscare.live
https://rkhelp.live
https://rscare.live
https://rkhelp.cc
https://www.nortn.live
https://rshelp.us
https://193233203146.plesk.page
https://www.rkhelp.info
https://rscare.online
https://hungrydubinsky.193233203146.plesk.page
https://www.cashapphelp105.info
https://rkhelp.us
https://www.wtcare.live
https://ms4care.live
https://rshelp.cc
https://www.rscare.help
https://www.ms4care.live
So AlexHost is hosting ALL the above CW Sites I just listed, all these domains point at these 2 servers:
IP Addresses | Organization | First Seen | Last Seen | Duration Seen |
---|---|---|---|---|
193.233.203.146 | ALEXHOST SRL | 2024-02-14 (4 months) | 2024-02-26 (3 months) | 12 days |
213.232.235.244 | ALEXHOST SRL | 2024-02-11 (4 months) | 2024-02-14 (4 months) | 3 days |
https://alexhost.com/ is personally facilitating these scammerβs ability to steal from victims and keep 24/7 access to victims computers. I made reports in the past to this host and I see some of the same domains.
Almost every CW site that I find is hosted by AlexHost or https://screenconnect.connectwise.com/ themselves. what a horrible situation, hopefully, this is all worth the money on AlexHostβs side and the many business partners CW has on their side to develop this software for.
Domains are usually hosted by https://www.namesilo.com/.
Correct, these IPβs matches the list I posted before about some hosts that host CW sites, AlexHost is a big part of it:
213.232.235.244 host01 Alexhost
37.221.67.16 host06 Alexhost
79.124.40.39 ip-40-39.4vendeta.com Tamatiya
193.233.203.146 host05 Alexhost
193.233.203.208 host03 Alexhost
141.11.95.129 IPXO
79.124.60.189 ip-60-189.4vendeta.com Tamatiya
85.239.34.90 mic02 Alexhost
89.37.197.244 IPXO
37.221.67.53 alex06 Alexhost
159.253.120.215 mic03 Alexhost
88.214.23.125 Virmach
85.239.33.5 host04 Alexhost
172.98.14.153 Virmach
185.255.122.67 BeeHosted
193.233.202.124 host02 Alexhost
Also, the system behind these domains, is an old version of a new system I found yesterday behind these scammers: Netflix support scam (844) 200-2106 - #2 by bobbes
This system partially uses the same route-names and regarding selecting themes and configuring CW-domains, works the same as the old system, on which I could identify it. Not sure yet if this is the same group that uses it, or if it is just an internal system that is being sold between groups. Iβll keep monitoring it for all the domains added to this list.
https://fwshelp.live/ active today and
https://srna.site
Added to the list @southerculture β Thanks mate!
https://carewise.live (active and using by fake Norton scammers)
https://secureapp.me Delhi Tech scammers today
https://newcontrol.ctrlx1.ru:8443/
Fake Geek Squad from Patna/Kolkata and Hyderabad,
The Patna IP is using a VPN I thinkβ¦
Pdhelp.org is a ConnectWise page
Rescanned the domains, added a new condition to it, to also support 3 characters, based on new domains added here.
Good news? Most AlexHost websites I shared before are gone.
Bad news? A lot of new domains popped up scanning with 3 characters.
All domains with the title βSupportβ having an input for a ConnectWise code.
Mostly on 2 IP addresses. Both hosted by⦠drumrolllll⦠AlexHost.
This time not Moldova, but The Netherlands.
SR, I have their system (the new version, Laravel) too, if you want it to investigate it.
ephelp.cc | 93.185.167.129 |
---|---|
wccare.cc | 159.253.120.215 |
s2help.cc | 159.253.120.215 |
avhelp.info | 159.253.120.215 |
fscare.help | 193.233.203.187 |
bscare.info | 213.232.235.244 |
bdcare.live | 213.232.235.245 |
zxcare.live | 213.232.235.246 |
dpcare.info | 159.253.120.215 |
wccare.info | 159.253.120.215 |
wccare.live | 159.253.120.215 |
dpcare.live | 159.253.120.215 |
kthelp.top | 91.92.247.175 |
kuhelp.top | 91.92.247.176 |
kfhelp.top | 91.92.247.177 |
pohelp.top | 91.156.65.19 |
ppcare.online | 159.253.120.215 |
abhelp.live | 213.232.235.244 |
avhelp.info | 159.253.120.215 |
dkhelp.info | 159.253.120.215 |
dkhelp.live | 159.253.120.215 |
eehelp.live | 93.185.167.129 |
fthelp.live | 159.253.120.215 |
wchelp.live | 159.253.120.215 |
kprcare.live | 93.185.167.129 |
pypal.live | 93.185.167.129 |
wsihelp.live | 93.185.167.129 |
fpkcare.live | 193.27.90.71 |
gfgcare.live | 93.185.167.129 |
grdcare.live | 193.27.90.71 |
gwscare.live | 93.185.167.129 |
hppcare.live | 93.185.167.129 |
ioscare.live | 93.185.167.129 |
itwcare.live | 93.185.167.129 |
kijcare.live | 93.185.167.129 |
kjicare.live | 93.185.167.129 |
kprcare.live | 93.185.167.129 |
kytcare.live | 193.27.90.71 |
ljpcare.live | 193.27.90.71 |
lpkcare.live | 193.27.90.71 |
ltxcare.live | 93.185.167.129 |
poicare.live | 93.185.167.129 |
rbhcare.live | 93.185.167.129 |
rcdcare.live | 193.27.90.71 |
rdecare.live | 93.185.167.129 |
sdgcare.live | 193.27.90.71 |
sedcare.live | 93.185.167.129 |
sepcare.live | 93.185.167.129 |
slocare.live | 193.27.90.71 |
specare.live | 193.27.90.71 |
stbcare.live | 193.27.90.71 |
tcvcare.live | 93.185.167.129 |
tiucare.live | 93.185.167.129 |
tjpcare.live | 93.185.167.129 |
vchcare.live | 193.27.90.71 |
wbdcare.live | 193.27.90.71 |
wescare.live | 93.185.167.129 |
wsucare.live | 93.185.167.129 |
wutcare.live | 193.27.90.71 |
bgtcare.live | 193.27.90.71 |
dqacare.live | 193.27.90.71 |
alphelp.live | 193.27.90.71 |
ardhelp.live | 193.27.90.71 |
avshelp.live | 93.185.167.129 |
bkthelp.live | 93.185.167.129 |
brxhelp.live | 93.185.167.129 |
bvdhelp.live | 193.27.90.71 |
ckhhelp.live | 193.27.90.71 |
cpehelp.live | 193.27.90.71 |
csrhelp.live | 93.185.167.129 |
dcxhelp.live | 93.185.167.129 |
dfahelp.live | 193.27.90.71 |
doehelp.live | 193.27.90.71 |
dphhelp.live | 193.27.90.71 |
dprhelp.live | 193.27.90.71 |
ebshelp.live | 93.185.167.129 |
erghelp.live | 193.27.90.71 |
esthelp.live | 193.27.90.71 |
fdyhelp.live | 93.185.167.129 |
frxhelp.live | 93.185.167.129 |
ftehelp.live | 93.185.167.129 |
futhelp.live | 193.27.90.71 |
fwshelp.live | 193.27.90.71 |
gdrhelp.live | 193.27.90.71 |
htrhelp.live | 193.27.90.71 |
htwhelp.live | 93.185.167.129 |
jpkhelp.live | 93.185.167.129 |
jsdhelp.live | 193.27.90.71 |
juihelp.live | 193.27.90.71 |
klthelp.live | 193.27.90.71 |
klwhelp.live | 93.185.167.129 |
kphhelp.live | 93.185.167.129 |
kwshelp.live | 93.185.167.129 |
kyfhelp.live | 193.27.90.71 |
lqzhelp.live | 93.185.167.129 |
ltshelp.live | 93.185.167.129 |
njdhelp.live | 93.185.167.129 |
nrxhelp.live | 193.27.90.71 |
pkohelp.live | 193.27.90.71 |
qpthelp.live | 93.185.167.129 |
rtuhelp.live | 93.185.167.129 |
udyhelp.live | 193.27.90.71 |
ufshelp.live | 193.27.90.71 |
unjhelp.live | 93.185.167.129 |
vgdhelp.live | 93.185.167.129 |
wdphelp.live | 193.27.90.71 |
wedhelp.live | 193.27.90.71 |
wsihelp.live | 93.185.167.129 |
wsohelp.live | 193.27.90.71 |
wswhelp.live | 93.185.167.129 |
xhrhelp.live | 193.27.90.71 |
zxrhelp.live | 93.185.167.129 |
Added to this list
https://token24.life/ / https://drbm.info:8443/ (from Stream)
https://s3699.mukutukula.cyou:8443/guest (iframe from https://CYHELP.TOP )
https://ghbd.link:8443/ (iframe from http://mnkd.info/ )