I was sent this one a few moments ago, and was expecting it to be a fake AV (ala Total Protection etc), but no, to my surprise, it was infact, for Registry Repair 2008 (a bogus registry cleaner).
The site in question is securonline.net (IP: 72.44.94.153 - ns2.2amnetwork.com, AS32748)
Which then displays:
Following through, we're taken to:
cart.secureorderstore.com/secureorder/securorder.php
IP: 66.98.218.29 (mail3.smscentar.com, AS21844)
However, contrary to the address bar, the site loads the following via iFrame;
usd.swreg.org/cgi-bin/s.cgi?s=43835&p=43835-regrep&v=0&d=0&q=1&c=USD&bb=1
The certificate issued to secureorderstore.com is courtesy of GoDaddy:
Wednesday 30 September 2009
Subscribe to:
Post Comments (Atom)
1 comment:
Concerning securonline.net the IP has switched from 72.44.94.153 to 127.0.0.1 (localhost) in DNS.
Also for reference there is a similar topic discussed on the WOT Forum
Post a Comment