scrcpy icon indicating copy to clipboard operation
scrcpy copied to clipboard
verified publisher icon Genymobile

Possible impersonation: scrcpy.org

Open rhystedstone opened this issue 7 months ago • 2 comments

Looks like someone's set up a website pretending to be Genymobile - complete with tracking and bad screenshots. Came up first as a search result. http://scrcpy.org

rhystedstone avatar May 19 '25 00:05 rhystedstone

Yes, scrcpy.org is a fake, but I don't know what to do.

https://github.com/Genymobile/scrcpy/issues/6076#issuecomment-2865714986

rom1v avatar May 19 '25 06:05 rom1v

Report abuse, try via email.

Registrar Information Registrar: NameCheap, Inc. IANA ID: 1068 Abuse Email: [email protected] Abuse Phone: +1.9854014545

WHOIS

zigiMX avatar May 19 '25 16:05 zigiMX

~~Also, since it uses Cloudflare's DNS services, you may want to contact them to terminate their service:~~

$ whois scrcpy.org | grep ^Name
Name Server: marlowe.ns.cloudflare.com
Name Server: tate.ns.cloudflare.com

UPDATE: The domain owner has switched the service provider to Namecheap:

whois scrcpy.org | grep ^Name
Name Server: dns1.namecheaphosting.com
Name Server: dns2.namecheaphosting.com

This website did claim they are unofficial, though:

Image

but in a way that most users will not notice, I can't see that there's any goodwill behind this site.

The proper way to address this is to probably host an official website and convince the search engines to lower the impersonated site's rankings.

brlin-tw avatar Jul 01 '25 16:07 brlin-tw

Note that this shows up in more than one search engines' results. I have tried Google (currently shows as the second result) and Bing (shows as the first result). I tried to report this to Bing, but I am not sure that I did it correctly. I suspect that it is listed in other popular search engines as well.

IF that is not actually a bad website, then perhaps it can be taken over, or at least be updated to point at the official sources, and have updated documentation.

mdell-seradex avatar Jul 02 '25 05:07 mdell-seradex

Note that one can gather domain abuse contacts quickly by using the RrSG ACID Tool.

brlin-tw avatar Jul 02 '25 11:07 brlin-tw

You can also report abuse to the registry of the .org TLD, which is currently PIR.

Their abuse report page: Report Domain Abuse - PIR

Screenshot

brlin-tw avatar Jul 03 '25 12:07 brlin-tw

Also the impersonating website clearly doesn't want to be taken down, as they changed the logo/appearance because of it:

Screenshot

The previous version, for the record.

Maybe they should just learn better and add the UNOFFICIAL marking to the title and main page of their website, but I guess it will interfere with their agenda.

brlin-tw avatar Jul 03 '25 12:07 brlin-tw

I just noticed the banner myself. You'd think they could link to the latest GitHub release. I wonder if you could take down the SourceForge releases? SourceForge even says this on their site AND has other releases including 3.3.1.

This is an exact mirror of the scrcpy project, hosted at https://github.com/Genymobile/scrcpy. SourceForge is not affiliated with scrcpy. For more information, see the SourceForge Open Source Mirror Directory.

mdell-seradex avatar Jul 03 '25 17:07 mdell-seradex

We are also facing a similar problem in our project, and have currently gained partial success in mitigating it. Refer to Mitigate fake "official" website woeusb-dot-com · Issue #150 · WoeUSB/WoeUSB for more information.

brlin-tw avatar Sep 17 '25 06:09 brlin-tw

Thank you for the ref.

I had contacted Cloudflare (it was about #6323), they replied:

Hello,

Cloudflare received your phishing report regarding: genymobile[.]org

We are unable to process your report for the following reason(s):

We were unable to confirm phishing at the URL(s) provided.


Please be aware Cloudflare offers network service solutions including pass-through security services, a content distribution network (CDN) and registrar services. Due to the pass-through nature of our services, our IP addresses appear in WHOIS and DNS records for websites using Cloudflare. Cloudflare cannot remove material from the Internet that is hosted by others.

Please reply to this message, keeping the report identification number in the subject line intact, with the required information.

To respond to this issue, please reply to [[email protected]](mailto:[email protected]).

Thanks,
The Cloudflare Team.

I just send an e-mail to [email protected], will see.

rom1v avatar Sep 17 '25 08:09 rom1v

@rom1v

I had contacted Cloudflare (it was about https://github.com/Genymobile/scrcpy/issues/6323), they replied:

We were unable to confirm phishing at the URL(s) provided.

This is because the website doesn't fit the definition of phishing, which means the website visitors must be tricked into inputting sensitive information into the website. You need to report it under the alternate abuse category(malware/copyright/trademark) (also see Cloudflare Terms of Use 7. (b) and (d)).

Unfortunately, not all categories work unless we have clear evidence that the website owner is an evil actor, which may be difficult, as the website may only serve malicious content when the website visitor is in a certain geographic location(e.g., Ukraine).

Fortunately, Cloudflare will usually reveal the hosting provider of the server that is actually serving the content, and we can proceed with reporting abuse to them.

brlin-tw avatar Sep 17 '25 10:09 brlin-tw