Blog for hpHosts, and whatever else I feel like writing about ....

Friday, 11 March 2011

Fake scanner that DOESN'T lead to a fake AV?

That certainly appears to be the case with a site I came across today. The following, if loaded in a browser, displays what we're used to seeing when a site wants to infect our machine with a fake AV;

www(.)sosgt.com/indexm.php




In this case however, we're given a purchase page.



Clicking to proceed to the checkout, takes us to;

hxxps://secureonlinestore.net/secureorder/orders.php



Incase you're wondering, this is actually just a frame that loads;

https://usd.swreg.org/cgi-bin/s.cgi?s=43835&p=43835-199&q=1&v=0&d=0&a=affilsos&vp=19.95

The SSL cert for secureonlinestore.net itself, is provided by RapidSSL;

CN = secureonlinestore.net
OU = Domain Control Validated - RapidSSL(R)
OU = See www.rapidssl.com/resources/cps (c)11
OU = GT15704604
O = secureonlinestore.net
C = LI
SERIALNUMBER = a0LzVzEMmQs9-BozcBuk7r-4WnS5MWJI




Details for both sites;

sosgt.com

IP: 94.75.233.51
IP PTR: vpn5.vzihostmz.com
ASN: 16265 94.75.192.0/18 LEASEWEB LEASEWEB AS

Registration Service Provided By: Unpicked.com
Contact:
Visit: http://www.unpicked.com

Domain name: sosgt.com

Registrant Contact:
-
Alen Aniston (31alenaniston@gmail.com)

Fax:
Gaikar 22
Referral URL:www.unpicked.com
Prague, CZ 21991
CZ

Administrative Contact:
-
Alen Aniston (31alenaniston@gmail.com)
+420.2495614
Fax: +420.2495614
Gaikar 22
Referral URL:www.unpicked.com
Prague, CZ 21991
CZ

Technical Contact:
-
Alen Aniston (31alenaniston@gmail.com)
+420.2495614
Fax: +420.2495614
Gaikar 22
Referral URL:www.unpicked.com
Prague, CZ 21991
CZ

Status: Locked

Name Servers:
dns1.name-services.com
dns2.name-services.com
dns3.name-services.com
dns4.name-services.com
dns5.name-services.com

Creation date: 27 Feb 2011 19:03:00
Expiration date: 27 Feb 2012 14:03:00


secureonlinestore.net

IP: 213.133.101.29
IP PTR: 213-133-101-29.clients.your-server.de
ASN: 24940 213.133.96.0/19 HETZNER-AS Hetzner Online AG RZ

Registration Service Provided By: Unpicked.com
Contact:
Visit: http://www.unpicked.com

Domain name: secureonlinestore.net

Registrant Contact:
SecureOnlineStore Inc.
Andrew Bradley (abradley@asia.com)

Fax:
53/54, Latviu st
Referral URL:www.unpicked.com
Vilnius, LI 2600
LT

Administrative Contact:
SecureOnlineStore Inc.
Andrew Bradley (abradley@asia.com)
37052725555
Fax: 37052725555
53/54, Latviu st
Referral URL:www.unpicked.com
Vilnius, LI 2600
LT

Technical Contact:
SecureOnlineStore Inc.
Andrew Bradley (abradley@asia.com)
37052725555
Fax: 37052725555
53/54, Latviu st
Referral URL:www.unpicked.com
Vilnius, LI 2600
LT

Status: Locked

Name Servers:
dns1.name-services.com
dns2.name-services.com
dns3.name-services.com
dns4.name-services.com
dns5.name-services.com

Creation date: 04 Feb 2011 10:22:00
Expiration date: 04 Feb 2012 05:22:00

2 comments:

thecompguy said...

Nice work steve, i posted my netbook on gumtree to get the first reply from a guy who claims he lives in nottingham but cant get to leeds due to working and another reply from some guy from africa in both cases wanting bank details for payment ?? nevr in a mont hof sundays did i fall for any of it, considering i already had stated CASH ONLY !!

thecompguy said...

Nice work steve, i posted my netbook on gumtree to get the first reply from a guy who claims he lives in nottingham but cant get to leeds due to working and another reply from some guy from africa in both cases wanting bank details for payment ?? nevr in a mont hof sundays did i fall for any of it, considering i already had stated CASH ONLY !!