Note: This site is distributing Rogue “Fake” Anti-Malware product. Do not visit, pay, or download the software discussed below.
We found new rogue domain today. This time we are greeted with javascript and redirect to a 502 (Bad Gateway).
You may be wondering why we see a 502 error rather than the typical incomplete template.
The redirection takes us to antivirus-scanner.com and that site is hosted by EstBoxes. EstBoxes is a former customer of Atrivo (InterCage). Atrivo was forced to remove EstBoxes as a customer after their last upstream provider (PIE) pulled the plug on them for ignoring abuse complaints about all of the malware and botnets on their network.
So you can thank all of the people that helped take down Atrivo in effort to remove many malicious sites from the internet. Shoutout to the team at HostExploit! You can read their CyberCrime USA whitepaper here.
Site: hxxp://Antivirus-Alert.com
Server Data:
IP Address: 203.117.111.47
IP Location Singapore – Singapore – Starhubinternet
Response Code: 200
Domain Status: Registered And Active Website
