Another malicious fake scanner site
Following up on an email tip from Adrienne ... what's interesting while the fake scan is running the site tries to download/install "Install2486.cab" ... however my AV kills the download ...
Clicking on any of the links on the page results in the site downloading "Install2486.exe" ...
This site is hosted at Hostfresh via ESTDOMAINS/PrivacyProtect which also is home to several other related fakes ...
58.65.238.130 stopingspy(dot)com
58.65.238.130 online-guard(dot)net
58.65.238.130 liveprotection(dot)net
58.65.238.130 liveantispy(dot)com
58.65.238.130 killspy(dot)org
58.65.238.130 guard-center(dot)com
58.65.238.130 dr-protection(dot)com
58.65.238.131 scanner.online-guard-adv(dot)net
58.65.238.131 scanner.dr-protection-adv(dot)com
HostFresh (Hong Kong) reportedly has ties to "Russian Business Network" (RBN)