09-29-2024, 07:48 PM
(This post was last modified: 10-04-2024, 09:07 PM by milos_rs.
Edit Reason: dnt ne dns
)
E-security firma se bavi poslovima bezbednosti. Ne zbuniti sa udruženjem eSigurnost i eSecurity konferencijom jer nema veze sa njima.
dnt.rs je obuhvaćen istom kompromitacijom
Verovatno im je kompromitovan hosting nalog na Orion Telekom Hostingu, i postavljen sajt za nekakvo online klađenje koje cilja Indoneziju. Linkovi na sajtu vode ka slično kompromitovanim sajtovima na raznim domenima.
Pošto kontrolišu web server kao i dns zapise, mogu da naprave šta god požele, i to su i uradili, stavili sajt i kreirali nove DNS zapise, i onda izvadili čak i SSL sertifikate za sve.
Ceo dugačak spisak poddomena sledi, računam da je ovo odrađeno automatikom direktno na web hosting kontrol panelu od Oriona.
Za dnt.rs takođe ima gomila zapisa ali nisu isti, imena se generišu automatski koristeći neke predefinisane reči, na primer postoji slot25.e-security.rs a sa druge strane slot88.dnt.rs.
Koristi se broj 8 puno jer je u kineskoj i generalno azijskoj kulturi asocijacija tog broja na sreću.
Oba domena se nalaze na istom shared hosting serveru kod Orion Telekoma ali ne verujem da je sam server kompromitovan jer drugi domeni na njemu nemaju ovaj problem
Do kompromitacije verovatno došlo usled korišćenja istih naloga i šifara na više sajtova, ili infostealer kompromitacijom računara nekoga ko je imao sačuvane kredencijale za web kontrol panel za ovaj domen. Možda isti developer radi oba sajta pa su zato oba kompromitovana praktično u isto vreme.
Sertifikati su izdati 26.09 pa je verovatno tada i došlo do kompromitacije
dnt.rs je obuhvaćen istom kompromitacijom
Verovatno im je kompromitovan hosting nalog na Orion Telekom Hostingu, i postavljen sajt za nekakvo online klađenje koje cilja Indoneziju. Linkovi na sajtu vode ka slično kompromitovanim sajtovima na raznim domenima.
Pošto kontrolišu web server kao i dns zapise, mogu da naprave šta god požele, i to su i uradili, stavili sajt i kreirali nove DNS zapise, i onda izvadili čak i SSL sertifikate za sve.
Ceo dugačak spisak poddomena sledi, računam da je ovo odrađeno automatikom direktno na web hosting kontrol panelu od Oriona.
Za dnt.rs takođe ima gomila zapisa ali nisu isti, imena se generišu automatski koristeći neke predefinisane reči, na primer postoji slot25.e-security.rs a sa druge strane slot88.dnt.rs.
Koristi se broj 8 puno jer je u kineskoj i generalno azijskoj kulturi asocijacija tog broja na sreću.
Code:
beta138.e-security.rs
dewi288.e-security.rs
kapten128.e-security.rs
kaskustoto.e-security.rs
kera303.e-security.rs
kerahoki.e-security.rs
macan288.e-security.rs
royal138.e-security.rs
sensational77.e-security.rs
slot25.e-security.rs
usaha188.e-security.rs
www.beta138.e-security.rs
www.dewi288.e-security.rs
www.kapten128.e-security.rs
www.kaskustoto.e-security.rs
www.kera303.e-security.rs
www.kerahoki.e-security.rs
www.macan288.e-security.rs
www.royal138.e-security.rs
www.sensational77.e-security.rs
www.slot25.e-security.rs
www.usaha188.e-security.rs
88big.e-security.rs
alamjp.e-security.rs
asiaplay.e-security.rs
asntoto.e-security.rs
bayitoto.e-security.rs
bit88.e-security.rs
genting138.e-security.rs
giga188.e-security.rs
kombo88.e-security.rs
mayora88.e-security.rs
mulia77.e-security.rs
venus303.e-security.rs
www.88big.e-security.rs
www.alamjp.e-security.rs
www.asiaplay.e-security.rs
www.asntoto.e-security.rs
www.bayitoto.e-security.rs
www.bit88.e-security.rs
www.genting138.e-security.rs
www.giga188.e-security.rs
www.kombo88.e-security.rs
www.mayora88.e-security.rs
www.mulia77.e-security.rs
www.venus303.e-security.rs
ajslot88.e-security.rs
asiabet118.e-security.rs
badakbet.e-security.rs
bongeslot.e-security.rs
detik288.e-security.rs
dewi788.e-security.rs
dewihoki.e-security.rs
gopek178.e-security.rs
indoslot88.e-security.rs
jo777.e-security.rs
judi89.e-security.rs
mainslot88.e-security.rs
www.ajslot88.e-security.rs
www.asiabet118.e-security.rs
www.badakbet.e-security.rs
www.bongeslot.e-security.rs
www.detik288.e-security.rs
www.dewi788.e-security.rs
www.dewihoki.e-security.rs
www.gopek178.e-security.rs
www.indoslot88.e-security.rs
www.jo777.e-security.rs
www.judi89.e-security.rs
www.mainslot88.e-security.rs
afktoto.e-security.rs
autoslot88.e-security.rs
becak4d.e-security.rs
bomjudi.e-security.rs
dewahoki.e-security.rs
giga138.e-security.rs
panjislot.e-security.rs
qqgalaxy.e-security.rs
rusuntogel.e-security.rs
vegasslot77.e-security.rs
viva99.e-security.rs
winjos.e-security.rs
www.afktoto.e-security.rs
www.autoslot88.e-security.rs
www.becak4d.e-security.rs
www.bomjudi.e-security.rs
www.dewahoki.e-security.rs
www.giga138.e-security.rs
www.panjislot.e-security.rs
www.qqgalaxy.e-security.rs
www.rusuntogel.e-security.rs
www.vegasslot77.e-security.rs
www.viva99.e-security.rs
www.winjos.e-security.rs
becek196.e-security.rs
boswin77.e-security.rs
bumi303.e-security.rs
dara88.e-security.rs
detik11.e-security.rs
helenaslot.e-security.rs
hobi188.e-security.rs
indojoker88.e-security.rs
jarwo123.e-security.rs
mampir123.e-security.rs
nusabet88.e-security.rs
sgp4d.e-security.rs
www.becek196.e-security.rs
www.boswin77.e-security.rs
www.bumi303.e-security.rs
www.dara88.e-security.rs
www.detik11.e-security.rs
www.helenaslot.e-security.rs
www.hobi188.e-security.rs
www.indojoker88.e-security.rs
www.jarwo123.e-security.rs
www.mampir123.e-security.rs
www.nusabet88.e-security.rs
www.sgp4d.e-security.rs
88dewi.e-security.rs
ace77.e-security.rs
alfabet188.e-security.rs
aman788.e-security.rs
asiahoki77.e-security.rs
becekwin.e-security.rs
detikslot.e-security.rs
hsowin.e-security.rs
mbs88.e-security.rs
mimpi88.e-security.rs
pom77.e-security.rs
rajaeropa.e-security.rs
www.88dewi.e-security.rs
www.ace77.e-security.rs
www.alfabet188.e-security.rs
www.aman788.e-security.rs
www.asiahoki77.e-security.rs
www.becekwin.e-security.rs
www.detikslot.e-security.rs
www.hsowin.e-security.rs
www.mbs88.e-security.rs
www.mimpi88.e-security.rs
www.pom77.e-security.rs
www.rajaeropa.e-security.rs
audy88.e-security.rs
ayo788.e-security.rs
bejo88.e-security.rs
bumi138.e-security.rs
detik55.e-security.rs
dewi188.e-security.rs
giga88.e-security.rs
rupiah88.e-security.rs
sableng88.e-security.rs
sakautoto.e-security.rs
untung88.e-security.rs
vigorjp.e-security.rs
www.audy88.e-security.rs
www.ayo788.e-security.rs
www.bejo88.e-security.rs
www.bumi138.e-security.rs
www.detik55.e-security.rs
www.dewi188.e-security.rs
www.giga88.e-security.rs
www.rupiah88.e-security.rs
www.sableng88.e-security.rs
www.sakautoto.e-security.rs
www.untung88.e-security.rs
www.vigorjp.e-security.rs
1001win.e-security.rs
bajaj4d.e-security.rs
bigslot188.e-security.rs
cuan123.e-security.rs
detik365.e-security.rs
giga5000.e-security.rs
indohoki77.e-security.rs
kaya303.e-security.rs
koinslot168.e-security.rs
totoking4d.e-security.rs
trivabet.e-security.rs
warungtoto.e-security.rs
www.1001win.e-security.rs
www.bajaj4d.e-security.rs
www.bigslot188.e-security.rs
www.cuan123.e-security.rs
www.detik365.e-security.rs
www.giga5000.e-security.rs
www.indohoki77.e-security.rs
www.kaya303.e-security.rs
www.koinslot168.e-security.rs
www.totoking4d.e-security.rs
www.trivabet.e-security.rs
www.warungtoto.e-security.rs
Oba domena se nalaze na istom shared hosting serveru kod Orion Telekoma ali ne verujem da je sam server kompromitovan jer drugi domeni na njemu nemaju ovaj problem
Code:
e-security.rs has address 77.105.36.121
e-security.rs mail is handled by 0 e-security.rs.
dnt.rs has address 77.105.36.121
dnt.rs mail is handled by 0 dnt.rs.
Do kompromitacije verovatno došlo usled korišćenja istih naloga i šifara na više sajtova, ili infostealer kompromitacijom računara nekoga ko je imao sačuvane kredencijale za web kontrol panel za ovaj domen. Možda isti developer radi oba sajta pa su zato oba kompromitovana praktično u isto vreme.
Sertifikati su izdati 26.09 pa je verovatno tada i došlo do kompromitacije
Code:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:05:9d:69:80:59:0d:da:85:64:2a:7f:58:30:f4:9e:eb:dc
Signature Algorithm: sha256WithRSAEncryption
Issuer: (CA ID: 295815)
commonName = R11
organizationName = Let's Encrypt
countryName = US
Validity
Not Before: Sep 26 11:15:26 2024 GMT
Not After : Dec 25 11:15:25 2024 GMT
Subject:
commonName = slot25.e-security.rs
Data:
Version: 3 (0x2)
[url=https://crt.sh/?serial=0461c259eae0c91858be1f2b2625728aa176]Serial Number:[/url]
04:61:c2:59:ea:e0:c9:18:58:be:1f:2b:26:25:72:8a:a1:76
Signature Algorithm: sha256WithRSAEncryption
[url=https://crt.sh/?caid=295815]Issuer:[/url] (CA ID: 295815)
commonName = R11
organizationName = Let's Encrypt
countryName = US
Validity
Not Before: Sep 26 11:09:21 2024 GMT
Not After : Dec 25 11:09:20 2024 GMT
Subject:
commonName = bighoki.dnt.rs