Another malicious fake scanner site
Following up on an email tip from Adrienne … what’s interesting while the fake scan is running the site tries to download/install “Install2486.cab” … however my AV kills the download …
Clicking on any of the links on the page results in the site downloading “Install2486.exe” …
This site is hosted at Hostfresh via ESTDOMAINS/PrivacyProtect which also is home to several other related fakes …
58.65.238.130 stopingspy(dot)com
58.65.238.130 online-guard(dot)net
58.65.238.130 liveprotection(dot)net
58.65.238.130 liveantispy(dot)com
58.65.238.130 killspy(dot)org
58.65.238.130 guard-center(dot)com
58.65.238.130 dr-protection(dot)com
58.65.238.131 scanner.online-guard-adv(dot)net
58.65.238.131 scanner.dr-protection-adv(dot)com
HostFresh (Hong Kong) reportedly has ties to “Russian Business Network” (RBN)
Comments Off on Another malicious fake scanner site
Filed under: Uncategorized