Blog for hpHosts, and whatever else I feel like writing about ....

Monday 2 November 2009

virscan.org ripoff

"Serious" over the Malwarebytes forums alerted me to a site that was suspected of ripping off the VirScan.org site (provides a service along the lines of VirusTotal), www.hrppw.com.cn.

I fired off an e-mail to the virscan.org guys to see if they knew anything about it and appears they weren't aware of it. I thought I'd upload a file to see how exactly they were doing this, whether they were actually running this on their site, or simply submitted to the real virscan.org site and lifting the results, but alas, all I got when trying to check this was;



I've not yet gone through the sites source code and Javascript files to check this yet.

The site is hosted not surprisingly, in China at;

AS: 4134 222.75.128.0/18 CHINANET-BACKBONE
IP: 222.75.167.61

Domain Name: hrppw.com.cn
ROID: 20070409s10011s43854380-cn
Domain Status: ok
Registrant Organization: zhoukaidong
Registrant Name: 周开东
Administrative Email: 6809830@qq.com
Sponsoring Registrar: 北京众鑫乾坤网络科技有限公司
Name Server:ns1.namerich.com
Name Server:ns2.namerich.com
Registration Date: 2007-04-09 17:45
Expiration Date: 2010-04-09 17:45

inetnum: 222.75.167.0 - 222.75.167.127
netname: CHINANET-NX
descr: XBEMY-SCHOOL
country: CN
admin-c: CH93-AP
tech-c: ZL127-AP
mnt-by: MAINT-CHINANET-NINGXIA
changed: security110@163.com 20071210
status: ASSIGNED NON-PORTABLE
source: APNIC

person: Chinanet Hostmaster
nic-hdl: CH93-AP
e-mail: anti-spam@ns.chinanet.cn.net
address: No.31 ,jingrong street,beijing
address: 100032
phone: +86-10-58501724
fax-no: +86-10-58501724
country: CN
changed: dingsy@cndata.com 20070416
mnt-by: MAINT-CHINANET
source: APNIC

person: zhaolong li
address: 44 jiefangdong street,ningxia,750001,
address: china
country: CN
phone: +86-951-6018000
fax-no: +86-951-6019000
e-mail: lzl@public.yc.nx.cn
nic-hdl: ZL127-AP
mnt-by: MAINT-NEW
changed: lzl@public.yc.nx.cn 20010220
source: APNIC


Google shows this site previously existed on the same IP, as deepwow.com, and with identical content;

http://209.85.229.132/search?q=cache:CEvmmB-JV3YJ:deepwow.com/report/d9b2db5851315e997645e3a035eb1904.html+%22deepwow.com%22&cd=1&hl=en&ct=clnk&gl=uk

Domain Name : deepwow.com
PunnyCode : deepwow.com
Creation Date : 2008-10-13 13:25:49
Updated Date : 2008-10-13 13:25:47
Expiration Date : 2009-10-13 13:25:41

Registrant:
Organization : zhang lei
Name : zhang lei
Address : zheng zhou
City : zheng zhou
Province/State : Henan
Country : cn
Postal Code : 450003

Administrative Contact:
Name : zhang lei
Organization : zhang lei
Address : zheng zhou
City : zheng zhou
Province/State : Henan
Country : cn
Postal Code : 450003
Phone Number : 86-0371-60132888
Fax : 86-0371-60132888
Email : tissot28244428@sina.com

Technical Contact:
Name : zhang lei
Organization : zhang lei
Address : zheng zhou
City : zheng zhou
Province/State : Henan
Country : cn
Postal Code : 450003
Phone Number : 86-0371-60132888
Fax : 86-0371-60132888
Email : tissot28244428@sina.com

Billing Contact:
Name : zhang lei
Organization : zhang lei
Address : zheng zhou
City : zheng zhou
Province/State : Henan
Country : cn
Postal Code : 450003
Phone Number : 86-0371-60132888
Fax : 86-0371-60132888
Email : tissot28244428@sina.com

WhoIs server: whois.paycenter.com.cn

No comments: