Bezbedan Balkan
Portal

Welcome, Guest
You have to register before you can post on our site.

Username/Email:
  

Password
  

Search Forums

(Advanced Search)

Forum Statistics
» Members: 155
» Latest member: milicke
» Forum threads: 1,948
» Forum posts: 5,007

Full Statistics

Latest Threads
Kompromitovan zarkons.edu...
Forum: Kompromitovani resursi
Last Post: VincaSec
06-24-2025, 02:53 PM
» Replies: 0
» Views: 148
Pošta i kurirske službe -...
Forum: Phishing / Scam / Spam kampanje
Last Post: milos_rs
06-23-2025, 02:16 PM
» Replies: 134
» Views: 100,039
WhatsApp Scam - ponuda za...
Forum: Phishing / Scam / Spam kampanje
Last Post: milos_rs
06-23-2025, 02:07 PM
» Replies: 27
» Views: 18,749
Otvorena javna rasprava o...
Forum: Vesti, zanimljivosti i razno
Last Post: milos_rs
06-23-2025, 11:36 AM
» Replies: 9
» Views: 8,153
gsp.rs - JKP GSP Beograd ...
Forum: Neadekvatno zaštićeni resursi
Last Post: milos_rs
06-23-2025, 11:10 AM
» Replies: 1
» Views: 225
OKE Green piramidalna šem...
Forum: Phishing / Scam / Spam kampanje
Last Post: milos_rs
06-23-2025, 11:02 AM
» Replies: 4
» Views: 1,088
CVE‑2024‑24919: Ranjivost...
Forum: Neadekvatno zaštićeni resursi
Last Post: VincaSec
06-20-2025, 08:57 PM
» Replies: 0
» Views: 188
Potencijalno ranjivi Roun...
Forum: Neadekvatno zaštićeni resursi
Last Post: VincaSec
06-20-2025, 08:51 PM
» Replies: 0
» Views: 202
Mnogi "mediji" kao "vest"...
Forum: Phishing / Scam / Spam kampanje
Last Post: milos_rs
06-19-2025, 10:22 PM
» Replies: 0
» Views: 163
Sveopšte phishing/SPAM ka...
Forum: Phishing / Scam / Spam kampanje
Last Post: milos_rs
06-19-2025, 11:09 AM
» Replies: 15
» Views: 4,175

 
  Prodaja Rolexa na sakss.org.rs
Posted by: 1van - 11-05-2022, 12:51 PM - Forum: Kompromitovani resursi - No Replies

U izvornom kodu web sajta sakss.org.rs (Sportski auto i karting savez Srbije) mogu se videti skrivene reklame za Rolexe. Web sajt je hostovan na IP: 205.144.171.72, zemlja USA, provajder Alchemy.net.

[Image: attachment.php?aid=190]
IP se spominje i na drugim lokacijama sa malicioznim indikatorima, npr: https://any.run/report/28d045bf0f47d0404...04f361f422.

Arhivirano:
https://archive.ph/I1CG6
https://archive.ph/wEamp



Attached Files Thumbnail(s)
   
Print this item

  Prodaja Rolexa na wish.co.rs
Posted by: 1van - 11-05-2022, 12:35 PM - Forum: Kompromitovani resursi - No Replies

U izvornom kodu web sajta wish.co.rs (wish.rs) mogu se videti skrivene reklame za Rolexe. Web sajt je hostovan na IP: 93.188.2.51, zemlja Švedska, provajder Loopia.

[Image: attachment.php?aid=188]

IP se spominje na više lokacija sa malicioznim indikatorima:
- https://otx.alienvault.com/indicator/fil...ace9ecc0e/
- https://www.vmray.com/analyses/1fe427cfa...report.pdf
https://www.hybrid-analysis.com/sample/b...mentId=100

[Image: attachment.php?aid=189]

Arhivirano:
https://archive.ph/BChhI
https://archive.ph/tUcNY
https://archive.ph/x25nE



Attached Files Thumbnail(s)
       
Print this item

  Ispovjest zrtve - IRS (Internal Revenue Service)
Posted by: kernel_priest - 11-04-2022, 11:02 AM - Forum: Phishing / Scam / Spam kampanje - No Replies

Primer maliciozne poruke:

[Image: attachment.php?aid=186]


Zrtva je uradila ispovjest (slika ispod) al ukratko kao i kod DPD prevare:
- Zrtva se namami da uplati na lazni servis IRS, prije uplate dodje email koji "potvrdjuje" dugovanja.
- Zrtva kuca broj kartice i CVV i novac joj se skida sa kartice i koristi u narednim danima, sve do blokiranja kartice.

Zato pazite se!

[Image: attachment.php?aid=187]

Izvor: https://www.linkedin.com/posts/tatjanara...54816-VbnG



Attached Files Thumbnail(s)
       
Print this item

  DPD/Njuskalo kurirske transportne prevare na nasim prostorima
Posted by: kernel_priest - 11-03-2022, 11:45 AM - Forum: Phishing / Scam / Spam kampanje - No Replies

Prvi put sam cuo nekad 2010 god za ovakav vid prevara:
Osoba prodaje prozivod ili kupuje. Prevarant salje link za kurirsku/transportnu sluzbu a tu se trazi da se unese broj kartice, CVV i druge info
Sajt sluzbe za transport il kurirske sluzbe - izgleda identicno pravim (njuskalo, DPD i slicno) - tako da ljudi koji po prvi put rade ovako nesto mogu nasjesti.

Takodje prevarant stupa u kontakt sa vama, prodavajuci vam maglu.

Zahvaljujem se Ognjenu na informacijama

Evo slike kako to izgleda


   

Print this item

  KeePass, SolarWinds NPM, PDF Reader Pro .... Na udaru RAT-ova
Posted by: y0d4 - 11-03-2022, 11:15 AM - Forum: Vesti, zanimljivosti i razno - No Replies

Cyber criminals, su poceli svoje remote access tool-ove da integrisu u legitimne programe poput pdf reader-a, keepass-a i drugih.
Obratiti paznju na adrese odakle skidate programe !!

https://blogs.blackberry.com/en/2022/11/...ds-keepass

p.s: u prilogu primer fake stranice, originalni URL za keepass je keepass.info a ne keepas.org



Attached Files Thumbnail(s)
       
Print this item

  Phishing - lokalizovano, placanje racuna
Posted by: kernel_priest - 11-03-2022, 09:25 AM - Forum: Phishing / Scam / Spam kampanje - No Replies

Mailovi dolaze sa debanoirblog[.]com

Na telefonu je jako tesko prepoznati posiljaoca - vecina android mail klijenata prikazuje tek osnovne podatke (bez maila odakle se salje) tako da bi ovaj phishing mogao da bude sa vecim % prolaznosti.  Mail je lokalizovan (kao da salje firma iz Srbije)

Obasnjenje strategije napadaca: Sadrzaj ne postoji (PDF/racun) - reply-to sluzi jer prvobitni host debanoirblog jer kompromitovan i iskoristen da posalje na hiljade mailova prema listi koju ima napadac. Svaki email ima uniq ID: email+ numericki kod (u ovom slucaju 56801). Prilikom reply se verifikuje postojanje poslatog maila sa ta dva faktora - sa druge strane se nalazi operateri koji preuzimaju "kllijenta" i klasicna prevara moze da pocne. Cilj je otudjivanje novca, kartice i drugog.
Kasnije se zrtvi salje upustvo kako da posalje novac da bi obustavili transakciju.
Cak i ako ne uzme novac - napadac ima verifikovanu email adresu kojiu moze da koristi za buduce napade.


Dodatne informacije:
debanoirblog[.]com. 300 IN MX 1 debanoirblog[.]com.
debanoirblog[.]com. 300 IN A 92[.]52[.]217[.]177


Na slikama su primjer header maila, mail i zaglavlje na mail klijentu



[Image: attachment.php?aid=182]





[Image: attachment.php?aid=181]



zaglavlje maila:



[Image: attachment.php?aid=180]



Attached Files Thumbnail(s)
           
Print this item

  Phishing sa zastrašujućom porukom
Posted by: 1van - 11-02-2022, 03:07 PM - Forum: Phishing / Scam / Spam kampanje - Replies (11)

Ispod je poruka, sa verovatno malicioznim prilogom, koja ima za cilj da uplaši žrtvu - koristeći "autoritet", i navede je na otvaranje priloženih malicioznih dokumenata ili dalju komunikaciju. Ono što možemo da primetimo je da osoba koja je ovo kreirala ne zna baš najbolje jezike i stanje granica u regionu. Ali je i takođe zanimljivo primetiti trud oko korišćenja logotipa i imena/potpisa/pečata sa ovog područja.

Izvor: 
1. https://twitter.com/NSVeselko/status/158...4691506186
2. https://twitter.com/RadojevGoran/status/...8692623362

Arhivirano:
1. https://archive.ph/P0QXR
2. https://archive.ph/6t3Xx

[Image: attachment.php?aid=177]

[Image: attachment.php?aid=178]

[Image: attachment.php?aid=179]



Attached Files Thumbnail(s)
           
Print this item

  Phishing - krađa lozinki preko "istekla vam je lozinka" upozorenja na mejl
Posted by: milos_rs - 11-02-2022, 09:22 AM - Forum: Phishing / Scam / Spam kampanje - No Replies

Prilično čest phishing...

[Image: attachment.php?aid=174]

link otvara sajt gde traži da se uloguješ

[Image: attachment.php?aid=173]

link je hXXps://validacija-lozinke-administratora-servera-rs-21.s3.us-west-004.backblazeb2[.]com/index.html#[email protected]

mejl došao iz bosne, verovatno preko procurelih kredencijala:

Code:
Received: from pl14.fakat.net ([46.4.55.78]:52962)
    by cp11.ulimitserver.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    (Exim 4.95)
    (envelope-from <[email protected]>)



Attached Files Thumbnail(s)
       
Print this item

  Forum SPAM
Posted by: 1van - 11-01-2022, 12:47 PM - Forum: Phishing / Scam / Spam kampanje - Replies (27)

U ovoj temi objavljivaću SPAM poruke koje stižu putem kontakt forme foruma. Možda nekome posluži prilikom Malware/OSINT/... analiza.

Quote:E-mail: mewediste911 @ mail.ru
Forum profile: Guest
IP Address: 176.214.77.51
Message:
Вoзврaт 103 338 р 
Подробнее: AAAbezbedanbalkan.netBBB

Quote:E-mail: lalith+trezoradsf @ yieldwars.com
Forum profile: Guest
IP Address: 18.184.165.105
Message:
Trezor is a cryptocurrency hardware wallet that offers secure storage for your digital assets. Trezor is easy to use and integrates seamlessly with popular cryptocurrencies such as Bitcoin, Ethereum, Litecoin, and more.

Read more:
hXXps :// cryptoblockcon[.]com/how-grand-trezor-2m-theverge

Quote:E-mail: no.reply.feedbackform @ gmail.com
Forum profile: Guest
IP Address: 87.249.132.11
Message:
Gооd dаy!  bezbedanbalkan.net

Did yоu knоw thаt it is pоssiblе tо sеnd mеssаgе fully lаwfully?
Wе sеll а nеw mеthоd оf sеnding соmmеrсiаl оffеr thrоugh соntасt fоrms. Suсh fоrms аrе lосаtеd оn mаny sitеs.
Whеn suсh prоpоsаls аrе sеnt, nо pеrsоnаl dаtа is usеd, аnd mеssаgеs аrе sеnt tо fоrms spесifiсаlly dеsignеd tо rесеivе mеssаgеs аnd аppеаls.
аlsо, mеssаgеs sеnt thrоugh соntасt Fоrms dо nоt gеt intо spаm bесаusе suсh mеssаgеs аrе соnsidеrеd impоrtаnt.
Wе оffеr yоu tо tеst оur sеrviсе fоr frее. Wе will sеnd up tо 50,000 mеssаgеs fоr yоu.
Thе соst оf sеnding оnе milliоn mеssаgеs is 49 USD.

This оffеr is сrеаtеd аutоmаtiсаlly. Plеаsе usе thе соntасt dеtаils bеlоw tо соntасt us.

Contact us.
Telegram - @ FeedbackMessages
Skype  live : contactform_18
WhatsApp - +375259112693
We only use chat.

Quote:E-mail: lalith+teslerb @ yieldwars.com
Forum profile: Guest
IP Address: 45.159.249.194
Message:
I have readen this topic:
hXXps :// yieldwars[.]com/tesler-wiki

It looks interesting, but i'm afraid of giving my money to someone in the internet.
Can you please give me more information? What do you think about it?
Print this item

Exclamation Svest o bezbednosti - Posteri, nalepnice, i slično
Posted by: 1van - 11-01-2022, 12:28 PM - Forum: Odgovor na incidente i svest o bezbednosti - Replies (8)

U ovoj temi možemo da delimo postere, nalepnice, i sličan materijal koji služi za podizanje svesti o bezbednosti.

Za početak evo jednog postera od mene. To je obrada originalnog postera sa Kiwicon 2009 (https://kiwicon.org/site_media/poster_shit.pdf). Preporučujem štampanje u nekom velikom formatu i postavljanje u zajedničke prostorije kompanije.


[Image: attachment.php?aid=171]



Attached Files Thumbnail(s)
   
Print this item