Blog for hpHosts, and whatever else I feel like writing about ....

Wednesday, 30 September 2009

Fake registry cleaner using same tactics as fake antimalware

I was sent this one a few moments ago, and was expecting it to be a fake AV (ala Total Protection etc), but no, to my surprise, it was infact, for Registry Repair 2008 (a bogus registry cleaner).

The site in question is (IP: -, AS32748)

Which then displays:

Following through, we're taken to:
IP: (, AS21844)

However, contrary to the address bar, the site loads the following via iFrame;

The certificate issued to is courtesy of GoDaddy:

1 comment:

Anonymous said...

Concerning the IP has switched from to (localhost) in DNS.

Also for reference there is a similar topic discussed on the WOT Forum