Tokom pregleda jednog sajta koji nadgleda više drugih domena radi otkrivanja narušavanja izgleda, primetio sam upad hakerske grupe koja ostavlja svoje poruke direktno na stranicama.
Nakon dodatne provere, ustanovio sam da je više kompromitovanih sajtova hostovano na istoj IP adresi, što ukazuje da je ugrožen ceo server. Sajtovi imaju identične izmene, što dodatno potvrđuje da je napad sistematski.
185.119.89.81 - DNS A records from IP
https://hackertarget.com/reverse-ip-lookup/
https://whois.domaintools.com/185.119.89.81
Nakon dodatne provere, ustanovio sam da je više kompromitovanih sajtova hostovano na istoj IP adresi, što ukazuje da je ugrožen ceo server. Sajtovi imaju identične izmene, što dodatno potvrđuje da je napad sistematski.
185.119.89.81 - DNS A records from IP
https://hackertarget.com/reverse-ip-lookup/
Code:
wpt-eqf9.185-119-89-81.cprapid.com
autodiscover.wpt-eqf9.185-119-89-81.cprapid.com
cpanel.wpt-eqf9.185-119-89-81.cprapid.com
cpcalendars.wpt-eqf9.185-119-89-81.cprapid.com
cpcontacts.wpt-eqf9.185-119-89-81.cprapid.com
mail.wpt-eqf9.185-119-89-81.cprapid.com
webdisk.wpt-eqf9.185-119-89-81.cprapid.com
webmail.wpt-eqf9.185-119-89-81.cprapid.com
www.wpt-eqf9.185-119-89-81.cprapid.com
wpt-r021.185-119-89-81.cprapid.com
cpanel.wpt-r021.185-119-89-81.cprapid.com
cpcalendars.wpt-r021.185-119-89-81.cprapid.com
cpcontacts.wpt-r021.185-119-89-81.cprapid.com
mail.wpt-r021.185-119-89-81.cprapid.com
webdisk.wpt-r021.185-119-89-81.cprapid.com
webmail.wpt-r021.185-119-89-81.cprapid.com
www.wpt-r021.185-119-89-81.cprapid.com
dpm72.com
bar.dpm72.com
www.bar.dpm72.com
barajevo.dpm72.com
www.barajevo.dpm72.com
www.cloud.dpm72.com
demobarajevo.dpm72.com
www.demobarajevo.dpm72.com
mail.dpm72.com
www.mail.dpm72.com
subotica.dpm72.com
www.subotica.dpm72.com
time.dpm72.com
www.time.dpm72.com
wheretogo.fun
digitalhousepower.rs
www.belapalanka.digitalhousepower.rs
www.bgm.digitalhousepower.rs
www.bgmapi.digitalhousepower.rs
cloud.digitalhousepower.rs
www.cloud.digitalhousepower.rs
www.wpt-r021.185-119-89-81.cprapid.com.digitalhousepower.rs
kelebijskasuma.com.digitalhousepower.rs
www.kelebijskasuma.com.digitalhousepower.rs
demomc.digitalhousepower.rs
www.demomc.digitalhousepower.rs
lapovo.digitalhousepower.rs
www.lapovo.digitalhousepower.rs
mail.digitalhousepower.rs
www.mail.digitalhousepower.rs
mailmc.digitalhousepower.rs
malocrnice.digitalhousepower.rs
www.malocrnice.digitalhousepower.rs
mape.digitalhousepower.rs
www.mape.digitalhousepower.rs
mapeapi.digitalhousepower.rs
www.novisad.digitalhousepower.rs
www.becej.ls.gov.rs.digitalhousepower.rs
lapovo.ls.gov.rs.digitalhousepower.rs
www.lapovo.ls.gov.rs.digitalhousepower.rs
malocrnice.ls.gov.rs.digitalhousepower.rs
www.malocrnice.ls.gov.rs.digitalhousepower.rs
novisad.ls.gov.rs.digitalhousepower.rs
www.novisad.ls.gov.rs.digitalhousepower.rs
kelebijskasuma.rs.digitalhousepower.rs
www.kelebijskasuma.rs.digitalhousepower.rs
markoitijana.rs.digitalhousepower.rs
www.markoitijana.rs.digitalhousepower.rs
www.rsm.digitalhousepower.rs
server.digitalhousepower.rs
subotica.digitalhousepower.rs
www.subotica.digitalhousepower.rs
testcloud.digitalhousepower.rs
www.testcloud.digitalhousepower.rs
trgoviste.digitalhousepower.rs
www.trgoviste.digitalhousepower.rs
vp.digitalhousepower.rs
www.vp.digitalhousepower.rs
mail.barajevo.bg.ls.gov.rs
www.mail.barajevo.bg.ls.gov.rs
vpb.barajevo.bg.ls.gov.rs
www.vpb.barajevo.bg.ls.gov.rs
lapovo.ls.gov.rs
www.mail.lapovo.ls.gov.rs
static.lapovo.ls.gov.rs
www.static.lapovo.ls.gov.rs
malocrnice.ls.gov.rs
www.mail.malocrnice.ls.gov.rs
novisad.ls.gov.rs
subotica.ls.gov.rs
www.bu.subotica.ls.gov.rs
cpanel.subotica.ls.gov.rs
cpcalendars.subotica.ls.gov.rs
cpcontacts.subotica.ls.gov.rs
www.hr.subotica.ls.gov.rs
www.hu.subotica.ls.gov.rs
mail.subotica.ls.gov.rs
www.mail.subotica.ls.gov.rs
vis.subotica.ls.gov.rs
www.vis.subotica.ls.gov.rs
webdisk.subotica.ls.gov.rs
webmail.subotica.ls.gov.rs
velikaplana.ls.gov.rs
files.velikaplana.ls.gov.rs
www.files.velikaplana.ls.gov.rs
mail.velikaplana.ls.gov.rs
www.mail.velikaplana.ls.gov.rs
media.velikaplana.ls.gov.rs
www.media.velikaplana.ls.gov.rs
markoitijana.rs
where2go.vip
api.where2go.vip
mail.where2go.vip
www.mail.where2go.vip
mape.where2go.vip
www.mape.where2go.vip
mapeapi.where2go.vip
www.mapeapi.where2go.vip
www.night.where2go.vip
rs.where2go.vip
www.wheretogo.rs.where2go.vip
www.rs.where2go.vip
www.testapi.where2go.vip
www.testapp.where2go.viphttps://whois.domaintools.com/185.119.89.81
Quote:IP Location - Serbia Beograd United Internet Ltd.
ASN - AS207604 UNITED United Internet Ltd., RS (registered Sep 08, 2022)
Resolve Host - server.digitalhousepower.rs
IP Address - 185.119.89.81
inetnum: 185.119.89.0 - 185.119.89.255
netname: UNITED-RS
descr: United Internet Ltd.
descr: Belgrade, Republic of Serbia
remarks: INFRA-AW
country: RS
There is no patch for stupidity - Kevin Mitnick