09-29-2023, 12:39 PM
Naleteo sam prateći izdate sertifikate za moj "patika scam" projekat na par domena kao što su npr. aairserbia.com i alrserbia.com i video da prikazuju oglase ili redirektuju na neke treće reklamne sajtove. Uradio sam onda šta je verovatno uradio i napadač, koristio typosquatting generator i napravio spisak potencijalnih domena za airserbia.com, posle čega sam napisao skripticu da prođe kroz ceo spisak i izbaci whois/dns informacije onih koji su registrovani:
Ima i nekih starijih koju su istekli i vode na "buy this domain" stranice :
Očigledno je da je "napadač" jedan te isti za sve domene koji su pri GoDaddy-u, datumi registracije su veoma slični kod svih, i IP adresa na koji odlaze takođe.
Zanimljiv mi je i provajder kod kojeg je web hosting, privatelayer[.]com, primaju razne kriptovalute, nemaju zvaničnu adresu ni ime firme na sajtu, IP adrese su registrovane na entitet u Panami, poznata off-shore destinacija. Daljim guglanjem sam našao da se ovaj provajder reklamira kao offshore i bulletproof hosting, što me na kraju nije ni čudilo jer mi je to bila sumnja od početka. Cene su naravno paprene jer ako hoćeš da se sakriješ od vlasti, to mora i da se plati.
Ima raznih domena na koje se redirektuje sa ovih gore typosquattovanih, ali nisam išao u dubinsku analizu. uBlock origin blokira sve ove domene na koje redirektuju uz upozorenje da su Badware risks - "For sites documented to put users at risk of installing adware/crapware/malware, having login credentials stolen, etc. The purpose is to at least ensure a user is warned of the risks ahead."
Code:
arserbia.com | Creation Date: Mar 14, 2023 20:30:51 | Registrar: GoDaddy.com, LLC | Host DNS A record: 81.17.29.148
aiserbia.com | Creation Date: Oct 09, 2017 09:50:09 | Registrar: GoDaddy.com, LLC | Host DNS A record: 212.129.3.5
airsrbia.com | Creation Date: Mar 01, 2021 19:38:04 | Registrar: GoDaddy.com, LLC | Host DNS A record: 77.247.179.86
airsebia.com | Creation Date: Jul 19, 2021 22:01:31 | Registrar: NameCheap, Inc. | Host DNS A record: 103.224.182.244
airserbi.com | Creation Date: May 23, 2023 19:36:17 | Registrar: GoDaddy.com, LLC | Host DNS A record: 81.17.29.149
ajrserbia.com | Creation Date: May 03, 2023 22:55:45 | Registrar: GoDaddy.com, LLC | Host DNS A record: 81.17.18.195
akrserbia.com | Creation Date: Apr 06, 2023 20:47:56 | Registrar: GoDaddy.com, LLC | Host DNS A record: 81.17.29.150
alrserbia.com | Creation Date: Apr 06, 2023 20:51:58 | Registrar: GoDaddy.com, LLC | Host DNS A record: 81.17.29.147
aorserbia.com | Creation Date: Mar 14, 2023 20:32:14 | Registrar: GoDaddy.com, LLC | Host DNS A record: 81.17.29.148
aitserbia.com | Creation Date: Apr 06, 2023 20:47:45 | Registrar: GoDaddy.com, LLC | Host DNS A record: 192.187.111.222
airderbia.com | Creation Date: Mar 14, 2023 20:32:10 | Registrar: GoDaddy.com, LLC | Host DNS A record: 81.17.29.148
airsergia.com | Creation Date: May 08, 2023 19:27:43 | Registrar: GoDaddy.com, LLC | Host DNS A record: 81.17.29.146
airservia.com | Creation Date: Apr 06, 2023 20:44:19 | Registrar: GoDaddy.com, LLC | Host DNS A record: 212.32.237.101
airserbka.com | Creation Date: Mar 14, 2023 20:29:32 | Registrar: GoDaddy.com, LLC | Host DNS A record: 81.17.29.146
airserbis.com | Creation Date: Mar 14, 2023 20:28:55 | Registrar: GoDaddy.com, LLC | Host DNS A record: 81.17.18.196
airserbiw.com | Creation Date: Apr 06, 2023 20:43:41 | Registrar: GoDaddy.com, LLC | Host DNS A record: 81.17.29.146
ariserbia.com | Creation Date: Jun 12, 2023 20:06:53 | Registrar: GoDaddy.com, LLC | Host DNS A record: 81.17.29.150
airesrbia.com | Creation Date: May 08, 2023 19:27:31 | Registrar: GoDaddy.com, LLC | Host DNS A record: 81.17.18.197
airsebria.com | Creation Date: Apr 06, 2023 20:48:34 | Registrar: GoDaddy.com, LLC | Host DNS A record: 81.17.18.196
aairserbia.com | Creation Date: Mar 21, 2023 20:24:04 | Registrar: GoDaddy.com, LLC | Host DNS A record: 81.17.18.195
aiirserbia.com | Creation Date: Apr 14, 2023 21:01:43 | Registrar: GoDaddy.com, LLC | Host DNS A record: 81.17.29.148
airrserbia.com | Creation Date: May 29, 2023 13:35:17 | Registrar: COSMOTOWN, INC. | Host DNS A record: 198.58.118.167
airserrbia.com | Creation Date: Apr 06, 2023 20:44:03 | Registrar: GoDaddy.com, LLC | Host DNS A record: 81.17.29.148
airserbbia.com | Creation Date: Apr 06, 2023 20:53:26 | Registrar: GoDaddy.com, LLC | Host DNS A record: 81.17.18.196
airserbiia.com | Creation Date: Apr 06, 2023 20:53:25 | Registrar: GoDaddy.com, LLC | Host DNS A record: 81.17.29.148
airserbiaa.com | Creation Date: Apr 14, 2023 21:03:07 | Registrar: GoDaddy.com, LLC | Host DNS A record: 81.17.29.150
auirserbia.com | Creation Date: Apr 06, 2023 20:53:01 | Registrar: GoDaddy.com, LLC | Host DNS A record: 81.17.29.147
aiurserbia.com | Creation Date: Apr 14, 2023 21:01:32 | Registrar: GoDaddy.com, LLC | Host DNS A record: 81.17.29.147
akirserbia.com | Creation Date: Mar 14, 2023 20:30:49 | Registrar: GoDaddy.com, LLC | Host DNS A record: 81.17.18.197
aoirserbia.com | Creation Date: Apr 06, 2023 20:46:29 | Registrar: GoDaddy.com, LLC | Host DNS A record: 81.17.29.147
aiorserbia.com | Creation Date: Mar 14, 2023 20:31:27 | Registrar: GoDaddy.com, LLC | Host DNS A record: 81.17.18.196
airserdbia.com | Creation Date: Mar 21, 2023 20:23:23 | Registrar: GoDaddy.com, LLC | Host DNS A record: 81.17.29.147
airsergbia.com | Creation Date: Apr 06, 2023 20:48:57 | Registrar: GoDaddy.com, LLC | Host DNS A record: 81.17.29.147
airservbia.com | Creation Date: Apr 04, 2023 20:17:39 | Registrar: GoDaddy.com, LLC | Host DNS A record: 81.17.29.150
airserbvia.com | Creation Date: Apr 06, 2023 20:50:31 | Registrar: GoDaddy.com, LLC | Host DNS A record: 81.17.18.196
airserbija.com | Creation Date: Dec 12, 2016 02:49:57 | Registrar: eNom, LLC | Host DNS A record: 173.239.5.6
airserbkia.com | Creation Date: May 08, 2023 19:27:18 | Registrar: GoDaddy.com, LLC | Host DNS A record: 81.17.18.197
airserbika.com | Creation Date: Apr 14, 2023 21:01:36 | Registrar: GoDaddy.com, LLC | Host DNS A record: 81.17.18.198
airserboia.com | Creation Date: Apr 12, 2023 19:37:30 | Registrar: GoDaddy.com, LLC | Host DNS A record: 81.17.29.146
airserbiaz.com | Creation Date: Apr 04, 2023 20:20:09 | Registrar: GoDaddy.com, LLC | Host DNS A record: 81.17.29.150
airserbiax.com | Creation Date: May 03, 2023 22:51:22 | Registrar: GoDaddy.com, LLC | Host DNS A record: 81.17.18.194
airserbias.com | Creation Date: May 03, 2023 22:54:12 | Registrar: GoDaddy.com, LLC | Host DNS A record: 81.17.18.197
airserbiaq.com | Creation Date: Mar 14, 2023 20:32:16 | Registrar: GoDaddy.com, LLC | Host DNS A record: 81.17.29.149Ima i nekih starijih koju su istekli i vode na "buy this domain" stranice :
Code:
irserbia.com | Creation Date: Aug 29, 2022 07:13:24 | Registrar: Cloud Yuqu LLC | Host DNS A record: 103.120.80.157
airserboa.com | Creation Date: Sep 12, 2022 21:27:07 | Registrar: ABOVE.COM PTY LTD. | Host DNS A record: 103.224.182.242
airseriba.com | Creation Date: Aug 29, 2022 09:51:47 | Registrar: Chengdu west dimension digital technology Co., LTD | Host DNS A record: 103.120.80.155Očigledno je da je "napadač" jedan te isti za sve domene koji su pri GoDaddy-u, datumi registracije su veoma slični kod svih, i IP adresa na koji odlaze takođe.
Zanimljiv mi je i provajder kod kojeg je web hosting, privatelayer[.]com, primaju razne kriptovalute, nemaju zvaničnu adresu ni ime firme na sajtu, IP adrese su registrovane na entitet u Panami, poznata off-shore destinacija. Daljim guglanjem sam našao da se ovaj provajder reklamira kao offshore i bulletproof hosting, što me na kraju nije ni čudilo jer mi je to bila sumnja od početka. Cene su naravno paprene jer ako hoćeš da se sakriješ od vlasti, to mora i da se plati.
Ima raznih domena na koje se redirektuje sa ovih gore typosquattovanih, ali nisam išao u dubinsku analizu. uBlock origin blokira sve ove domene na koje redirektuju uz upozorenje da su Badware risks - "For sites documented to put users at risk of installing adware/crapware/malware, having login credentials stolen, etc. The purpose is to at least ensure a user is warned of the risks ahead."