Todays scammers URLs
10 views
Skip to first unread message
ad...@reviews.wox.org
Jun 5, 2025, 8:33:04 PMJun 5
to 2600-au...@googlegroups.com
Just encountered another scam victim, they seem all to
mostly be using "support.client" now which is a vnc-like
app that masks itself in your appdata (in fake apps folder)
and system32 folder (depending on version) and runs resident
with no front end. It seems to be a semi-legit tool, but
scammers seem to have complete unrestricted access to use it
at the moment, and it is the most annoying to dig out if you
have not encountered it before.
Also some scammers try to be clever and also install tight
or ultravnc or anydesk or logmeinrescue or supportdesk as a
decoy, while actually using support.client to remote in and
clean out the clients bank accounts.
Todays scammer seemed to be using these websites:
www dot gxcare dot cc (which without a valid redirector,
presumably from a scam page just dumps you on a blank
looking page that generates a unique id)
and/or
www dot gthelp9 dot top (which seems to require a secret
number to redirect you to the backdoor payload download)
To download their payloads.
Once again facebook is the attack vector, which seems to be
the most popular strategy lately - usually with a sponsored
ad that redirects victims to a fullscreen scam windows error
message that directs the victim to call them, or if they
recognise the id of the PC, and already have a victim phone
number in their scammed users database, they actually call
you (that's a new one!)
Also of course the same ad will redirect any IP's owned by
facebook to a legitimate looking site, so no matter how many
times you report these scam ads on facebook, they will just
respond with "nothing about this ad violates community
guidelines"
Frankly if I had the ear of donald trump I would have him
ban Facebook from being allowed to run in-feed advertising,
and have him black list ALL OF INDIA AND PAKISTAN from the
DNS root servers, routing tables and domain registry
companies until their corrupt government REALLY crack down
on these scammers instead of just take bribes from them..
but I dont, so I cant.
As always the easiest way to spot a scammer, even a really
good social engineer, is to be mindful that most large
corporations are just pieces of shit now, and will never
cold call you, never supply any sort of contact number, or
way to call you, wont offer to call you, except to send spam
to your mobile, and seldom even have a contact us or
complaints page anymore, so if something on your computer
directs you to any sort of way to contact any sort of
company in any way at all, 99% of the time it will be a scammer.
*shrug* Sad that this is the world we live in.
Sic em boys.
--
New and improved 2600... well.. ..we drew on some flames and polished it a bit..
--
Google - making sure, life is no more, than 1984...
--
In politics - Later never happens.
mostly be using "support.client" now which is a vnc-like
app that masks itself in your appdata (in fake apps folder)
and system32 folder (depending on version) and runs resident
with no front end. It seems to be a semi-legit tool, but
scammers seem to have complete unrestricted access to use it
at the moment, and it is the most annoying to dig out if you
have not encountered it before.
Also some scammers try to be clever and also install tight
or ultravnc or anydesk or logmeinrescue or supportdesk as a
decoy, while actually using support.client to remote in and
clean out the clients bank accounts.
Todays scammer seemed to be using these websites:
www dot gxcare dot cc (which without a valid redirector,
presumably from a scam page just dumps you on a blank
looking page that generates a unique id)
and/or
www dot gthelp9 dot top (which seems to require a secret
number to redirect you to the backdoor payload download)
To download their payloads.
Once again facebook is the attack vector, which seems to be
the most popular strategy lately - usually with a sponsored
ad that redirects victims to a fullscreen scam windows error
message that directs the victim to call them, or if they
recognise the id of the PC, and already have a victim phone
number in their scammed users database, they actually call
you (that's a new one!)
Also of course the same ad will redirect any IP's owned by
facebook to a legitimate looking site, so no matter how many
times you report these scam ads on facebook, they will just
respond with "nothing about this ad violates community
guidelines"
Frankly if I had the ear of donald trump I would have him
ban Facebook from being allowed to run in-feed advertising,
and have him black list ALL OF INDIA AND PAKISTAN from the
DNS root servers, routing tables and domain registry
companies until their corrupt government REALLY crack down
on these scammers instead of just take bribes from them..
but I dont, so I cant.
As always the easiest way to spot a scammer, even a really
good social engineer, is to be mindful that most large
corporations are just pieces of shit now, and will never
cold call you, never supply any sort of contact number, or
way to call you, wont offer to call you, except to send spam
to your mobile, and seldom even have a contact us or
complaints page anymore, so if something on your computer
directs you to any sort of way to contact any sort of
company in any way at all, 99% of the time it will be a scammer.
*shrug* Sad that this is the world we live in.
Sic em boys.
--
New and improved 2600... well.. ..we drew on some flames and polished it a bit..
--
Google - making sure, life is no more, than 1984...
--
In politics - Later never happens.
ad...@reviews.wox.org
Jun 5, 2025, 8:43:40 PMJun 5
to 2600-au...@googlegroups.com
Also as an addendum here - the most common vector BROWSER is
CHROME, because google has been systematically crippling or
disabling ad blockers and internet security plugins to force
users to view their bullshit advertisments, tools which
normally prevent these full screen scam pages from even
being able to load.. at least not without putting a warning
in big bold letters on your screen first.
So the problem here really is twofold:
1: Facebook are a bunch of greedy fuckwits deliberately
turning a blind eye and essentially partners in these scams
by allowing the scam-ad ecosystem to thrive for money
2: Google has very much ripped down the don't be evil sign,
set fire to it and tea bagged the ashes, and are actively
sabotaging ends users computers to make them deliberately
unsafe to force them to view THEIR bullshit scam-ad
ecosystem too.. (and a secondary attack vector actually is
javascript payloads IN official google ads on search results)
CHROME, because google has been systematically crippling or
disabling ad blockers and internet security plugins to force
users to view their bullshit advertisments, tools which
normally prevent these full screen scam pages from even
being able to load.. at least not without putting a warning
in big bold letters on your screen first.
So the problem here really is twofold:
1: Facebook are a bunch of greedy fuckwits deliberately
turning a blind eye and essentially partners in these scams
by allowing the scam-ad ecosystem to thrive for money
2: Google has very much ripped down the don't be evil sign,
set fire to it and tea bagged the ashes, and are actively
sabotaging ends users computers to make them deliberately
unsafe to force them to view THEIR bullshit scam-ad
ecosystem too.. (and a secondary attack vector actually is
javascript payloads IN official google ads on search results)
Reply all
Reply to author
Forward
0 new messages