one to add to the list https://cyhelp.top
Looks like I have been behind on these for a bit, added:
https://pothelp.top/
https://token24.life/
https://drbm.info:8443/
https://swhelp.org/
http://ufshelp.live/
https://s3699.mukutukula.cyou:8443/guest
https://cyhelp.top/
https://ghbd.link:8443/
http://mnkd.info/
Some are down but seeing as these domains popup and go down all the time I have still added them all in.
PayPal refund rvthelp.live
From https://pthelp.top/ - link to
https://g3699.jadonparod.cyou:8443/guest
http://ptrcare.live/ - branded as Microsoft, seems to time out quite a lot
https://pghelp.top/
Fake PayPal using this site today
Added:
https://rvthelp.live/
https://pthelp.top/
https://pthelp.top/
https://g3699.jadonparod.cyou:8443/guest
http://ptrcare.live/
https://pghelp.top/
https://ms.help1.top/
Fake pop-up scammers using this site today.
add to you list pthelp.top
https://wvhelp.org/
Fake Mcafee scammers today
Added:
https://nfhelp.top/
https://kwhelp.top/
https://zhelp.top/
https://qhelp.top/
https://ms.help1.top/
https://pcnet121.org/
https://sup2.pcn121.ru:9449/Services/PageService.ashx/GetLiveData
https://wvhelp.org/
https://vghelp.top/ ConnectWise
As seen on Bull’s stream:
Another from Bull’s
As seen on Funguy’s stream:
I reported https://ayghelp.live/ to Cloudflare, they use CF as a proxy to block/mitigate request flooding. CF may (or may not) take the site down, but it’s worth reporting anyway: https://abuse.cloudflare.com/phishing
If you examine the HTTP response headers you’ll see that cloudflare/cf is in the response.
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GEqoqHkuMFC7ZN5PfcBON182hcOCLC0uFPf3XYzIPJAV1qx4lV9DsDHKHC54W6p88B6oVUgtSMGDDzWKxgrFFBQJNty3UVMp7tOSngU3F6%2Fwd3l1pJs%2F4wBHtCldfxc%3D"}],"group":"cf-nel","max_age":604800}
A lot of *.top domains for some reason:
https://bqhelp.top/
https://m.rqhelp.top
https://pjhelp.top/
https://phelp.top/
ConnectWise backend URLs:
https://b3966.madulitonla.icu:8443/Services/PageService.ashx/GetLiveData
https://bmck.us:8443/Services/PageService.ashx/GetLiveData
https://engajroker.cyou:8443/Services/PageService.ashx/GetLiveData
https://engajroker.icu:8443/Services/PageService.ashx/GetLiveData
https://gitokearist.cyou:8443/Services/PageService.ashx/GetLiveData
https://gitokearist.icu:8443/Services/PageService.ashx/GetLiveData
https://molatorila.cyou:8443/Services/PageService.ashx/GetLiveData
https://molatorister.icu:8443/Services/PageService.ashx/GetLiveData
https://phelp.top/Services/PageService.ashx/GetLiveData
https://sup2.pcn121.ru:8443/Services/PageService.ashx/GetLiveData
https://ttre987k.cfd/Services/PageServicex352.ashx/GetLiveData