patika, fashion, itd scam sajtovi koji kradu kreditne kartice - objedinjeni spisak

[milos_rs]

btw. na mammut-srbija.com se izgleda neko zeznuo, i nije postavio sajt, a directory listing je upaljen te se vidi neki www.yaobaodan.com.zip i https.zip sa datumom 2023-09-28 dakle sveže, ko želi da skine i pogleda.

Naravno odmah sam ih zgrabio nisam mogao da verujem da sam naizgled ubo premiju, ali brzinskim pregledom mislim da ovaj zipovan sajt nije taj od prevare nego neki drugi, ali je moguće da je od istog aktera, što znači da su neki Kinezi iza ove priče jer je ovo (valjda) neki kineski sajt u zip fajlu.

Daljim kopanjem sam naleteo na https://www.yaobaodanhh.com/img/ gde ima gomila asseta za sajt koji nešto prodaje, ali je sve očigledno ciljano na Kineze i nema asseta za ove sajtove patika prevara koje mene zanimaju.
Malo sam razočaran ali opet ovo može biti dobra indikacija da je kineski akter iza (barem dela) kampanje lažnih patika sajtova. Takođe na ovom sajtu ima i nekih APKova kao npr shadowsocksr-android-3.5.4(1).apk, poskidao sam ali nisam analizirao mogu biti maliciozni. I ima jedna lična fotografija, od potencijalnog aktera iza sajtova??? 
Ovo je sve jedna velika špekulacija ali potvrđuje da moram aktivno da nastavim da pratim ove izdate sertifikate za slučaj da opet naletim na sajt koji je tek postavljen ali iz nekog razloga nije dobro podešen te dobijem pristup fajlovima. Svi znamo da je loša konfiguracija jedan od primarnih načina curenja podataka

[1van]

Sjajno Ovo je ceo engine i za druge zemlje. Javljaj sta sve ima unutra, videcu da i ja pogledam asap.

[milos_rs]

Nova tura, iskoristio sam skriptu koju sam napisao za Air Serbia Typosquatting da mi olakša posao izvlačenja podataka:

Code:

hummelsrbija.com | Creation Date: Jun 02, 2023 06:53:36 | Registrar: ALIBABA.COM SINGAPORE E-COMMERCE PRIVATE LIMITED | Host DNS A record: 188.114.96.2
deuterserbia.com | Creation Date: Sep 27, 2023 08:41:24 | Registrar: ALIBABA.COM SINGAPORE E-COMMERCE PRIVATE LIMITED | Host DNS A record: 196.247.30.99
riekersrbija.com | Creation Date: Mar 30, 2023 06:27:55 | Registrar: 1API GmbH | Host DNS A record: 172.67.205.230
moonbootsrbija.net | Creation Date: Mar 17, 2023 08:45:44 | Registrar: Paknic Private Limited | Host DNS A record: 196.244.193.134
uggsrbijaonline.com | Creation Date: Oct 29, 2022 01:35:23 | Registrar: ALIBABA.COM SINGAPORE E-COMMERCE PRIVATE LIMITED | Host DNS A record: 196.196.194.164
asicssrbijaonline.com | Creation Date: Sep 02, 2022 11:31:12 | Registrar: Key-Systems GmbH | Host DNS A record: 196.196.204.9
vejashoessrbija.com | Creation Date: Mar 08, 2023 02:18:52 | Registrar: ALIBABA.COM SINGAPORE E-COMMERCE PRIVATE LIMITED | Host DNS A record: NOT FOUND
vans-srbija.com | Creation Date: May 06, 2022 06:56:38 | Registrar: ALIBABA.COM SINGAPORE E-COMMERCE PRIVATE LIMITED | Host DNS A record: 172.67.152.250
salomonserbia.com | Creation Date: Nov 15, 2022 09:21:34 | Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com | Host DNS A record: 104.160.6.112
aquataliasrbija.com | Creation Date: Jun 01, 2023 08:34:17 | Registrar: ALIBABA.COM SINGAPORE E-COMMERCE PRIVATE LIMITED | Host DNS A record: 104.21.63.125

[milos_rs]

Nova tura

Code:

pangaiasrbija.com | Creation Date: Jun 01, 2023 09:11:37 | Registrar: ALIBABA.COM SINGAPORE E-COMMERCE PRIVATE LIMITED | Host DNS A record: 196.196.198.50
lemssrbija.com | Creation Date: Jul 01, 2023 03:03:55 | Registrar: 1API GmbH | Host DNS A record: 196.196.223.3
adidasrbijashop.com | Creation Date: Sep 30, 2023 23:18:24 | Registrar: ALIBABA.COM SINGAPORE E-COMMERCE PRIVATE LIMITED | Host DNS A record: 196.196.204.16
betseyjohnsonsrbija.com | Creation Date: Jun 02, 2023 07:03:21 | Registrar: ALIBABA.COM SINGAPORE E-COMMERCE PRIVATE LIMITED | Host DNS A record: 188.114.97.2
hummelsrbija.com | Creation Date: Jun 02, 2023 06:53:36 | Registrar: ALIBABA.COM SINGAPORE E-COMMERCE PRIVATE LIMITED | Host DNS A record: 188.114.97.2
wonderssrbija.com | Creation Date: Jun 02, 2023 06:42:20 | Registrar: ALIBABA.COM SINGAPORE E-COMMERCE PRIVATE LIMITED | Host DNS A record: 172.67.177.180
nikedunkserbia.com | Creation Date: Nov 08, 2022 02:32:02 | Registrar: 1API GmbH | Host DNS A record: 196.196.194.172
do-cmartensrbija.com | Creation Date: Sep 28, 2023 06:26:57 | Registrar: ALIBABA.COM SINGAPORE E-COMMERCE PRIVATE LIMITED | Host DNS A record: NOT FOUND
doc-martensrbija.com | Creation Date: Sep 28, 2023 06:27:03 | Registrar: ALIBABA.COM SINGAPORE E-COMMERCE PRIVATE LIMITED | Host DNS A record: NOT FOUND
martens-srbija.com | Creation Date: Dec 09, 2022 11:32:18 | Registrar: ALIBABA.COM SINGAPORE E-COMMERCE PRIVATE LIMITED | Host DNS A record: 172.67.184.180
longchampsrbija.net | Creation Date: Mar 16, 2023 09:38:04 | Registrar: GRANSY S.R.O D/B/A SUBREG.CZ | Host DNS A record: 188.114.96.2
loakesrbijastore.com | Creation Date: Jun 02, 2023 01:49:51 | Registrar: ALIBABA.COM SINGAPORE E-COMMERCE PRIVATE LIMITED | Host DNS A record: 104.21.21.113
adidassrbijashop.com | Creation Date: Sep 06, 2022 07:13:59 | Registrar: WEBCC | Host DNS A record: 196.196.204.16
merrellsrbijaoutlet.com | Creation Date: Jun 06, 2023 10:14:34 | Registrar: ALIBABA.COM SINGAPORE E-COMMERCE PRIVATE LIMITED | Host DNS A record: 188.114.96.2
austrodieselsrbija.com | Creation Date: Jun 08, 2023 08:32:26 | Registrar: ALIBABA.COM SINGAPORE E-COMMERCE PRIVATE LIMITED | Host DNS A record: 172.67.174.244

[milos_rs]

neko se pita da li je sajt scam...

   

[milos_rs]

Evo nove ture...

asportuguesassrbija.com | Creation Date: Jun 02, 2023 06:55:45 | Registrar: ALIBABA.COM SINGAPORE E-COMMERCE PRIVATE LIMITED | Host DNS A record: 188.114.96.2
santonisrbija.com | Creation Date: Jun 05, 2023 10:18:59 | Registrar: ALIBABA.COM SINGAPORE E-COMMERCE PRIVATE LIMITED | Host DNS A record: 188.114.96.2
shoesrbijaonline.com | Creation Date: Jul 17, 2023 06:45:19 | Registrar: PSI-USA, Inc. dba Domain Robot | Host DNS A record: 165.231.180.47
carhartt-srbija.com | Creation Date: Jul 19, 2023 09:19:44 | Registrar: Hello Internet Corp | Host DNS A record: 196.196.223.17
jordan-serbia.com | Creation Date: Jul 19, 2023 02:23:44 | Registrar: ALIBABA.COM SINGAPORE E-COMMERCE PRIVATE LIMITED | Host DNS A record: 196.240.121.134
nikessrbijashop.com | Creation Date: Oct 03, 2023 22:59:46 | Registrar: ALIBABA.COM SINGAPORE E-COMMERCE PRIVATE LIMITED | Host DNS A record: 165.231.180.40
topoathleticsrbija.com | Creation Date: Apr 24, 2023 00:58:20 | Registrar: NETIM | Host DNS A record: 165.231.91.83
ashsrbija.com | Creation Date: Jun 01, 2023 08:34:17 | Registrar: ALIBABA.COM SINGAPORE E-COMMERCE PRIVATE LIMITED | Host DNS A record: 188.114.97.2
superdrysrbijashop.com | Creation Date: Jun 01, 2023 09:13:10 | Registrar: ALIBABA.COM SINGAPORE E-COMMERCE PRIVATE LIMITED | Host DNS A record: 188.114.96.2
supergassrbija.com | Creation Date: Apr 10, 2023 01:17:59 | Registrar: 1API GmbH | Host DNS A record: 188.114.96.2
arasrbija.com | Creation Date: May 17, 2023 04:20:39 | Registrar: ALIBABA.COM SINGAPORE E-COMMERCE PRIVATE LIMITED | Host DNS A record: 188.114.97.2
olangcizmesrbija.com | Creation Date: Aug 16, 2022 08:09:26 | Registrar: NETIM | Host DNS A record: 188.114.97.2
calvin-kleinsrbija.com | Creation Date: Feb 08, 2023 03:44:07 | Registrar: Domain Best Limited | Host DNS A record: 188.114.97.2

Takođe sam prošao kroz forum i izvukao sve domene iz prethodnih tema o ovome:

ralphlaurensrbija.com | Creation Date: Jun 11, 2021 07:43:32 | Registrar: NameSilo, LLC | Host DNS A record: 196.196.19.231
clarks-srbija.com | Creation Date: Aug 10, 2022 03:16:31 | Registrar: ALIBABA.COM SINGAPORE E-COMMERCE PRIVATE LIMITED | Host DNS A record: 172.67.181.53
geoxslovenija.com | Creation Date: Dec 01, 2021 01:10:48 | Registrar: NameSilo, LLC | Host DNS A record: 196.247.144.54
nikesrbijaonline.com | Creation Date: Aug 18, 2021 09:47:11 | Registrar: ALIBABA.COM SINGAPORE E-COMMERCE PRIVATE LIMITED | Host DNS A record: NOT FOUND
nikesrbija.me | Creation Date: Aug 24, 2022 07:20:29 | Registrar: Dynadot, LLC | Host DNS A record: NOT FOUND
nikesrbijashop.com | Creation Date: Nov 24, 2022 02:20:24 | Registrar: GANDI SAS | Host DNS A record: 15.197.130.221
newbalancesrbija.com | Creation Date: Nov 11, 2022 09:12:36 | Registrar: WEBCC | Host DNS A record: NOT FOUND
adidasoutletsrbija.com | Creation Date: Nov 30, 2022 01:19:55 | Registrar: ALIBABA.COM SINGAPORE E-COMMERCE PRIVATE LIMITED | Host DNS A record: 196.196.204.16
adidassrbija.com | Creation Date: May 12, 2020 00:44:41 | Registrar: Key-Systems GmbH | Host DNS A record: NOT FOUND
martenssrbija.com | Creation Date: Sep 23, 2021 00:29:46 | Registrar: WEBCC | Host DNS A record: 199.59.242.150
asics-srbija.com | Creation Date: Dec 24, 2021 01:49:28 | Registrar: NETIM | Host DNS A record: 172.67.145.71
maddensrbija.net | Creation Date: Dec 13, 2021 08:05:06 | Registrar: DYNADOT LLC | Host DNS A record: 165.231.175.26
salomonxisrbija.com | Creation Date: Mar 05, 2022 07:49:35 | Registrar: WEBCC | Host DNS A record: 172.67.192.114
adidasoutletsrbija.com | Creation Date: Nov 30, 2022 01:19:55 | Registrar: ALIBABA.COM SINGAPORE E-COMMERCE PRIVATE LIMITED | Host DNS A record: 196.196.204.16
adidasserbia.com | Creation Date: Jun 08, 2023 02:41:59 | Registrar: ALIBABA.COM SINGAPORE E-COMMERCE PRIVATE LIMITED | Host DNS A record: 188.114.97.2
vivobarefootsrbija.com | Creation Date: Aug 20, 2021 07:08:06 | Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com | Host DNS A record: 196.242.16.138
belenkasrbija.com | Creation Date: Feb 25, 2023 06:39:41 | Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com | Host DNS A record: 5.157.42.254
merrellsrbija.com | Creation Date: Aug 02, 2022 07:13:19 | Registrar: GRANSY S.R.O D/B/A SUBREG.CZ | Host DNS A record: 196.240.45.33
merrellserbia.com | Creation Date: Nov 24, 2022 00:53:26 | Registrar: ALIBABA.COM SINGAPORE E-COMMERCE PRIVATE LIMITED | Host DNS A record: 196.240.45.33
merrellsrbijashop.net | Creation Date: Jun 09, 2023 01:18:51 | Registrar: Paknic Private Limited | Host DNS A record: 188.114.97.2
merrell-serbia.com | Creation Date: Dec 05, 2022 08:49:23 | Registrar: ALIBABA.COM SINGAPORE E-COMMERCE PRIVATE LIMITED | Host DNS A record: 104.21.92.190
merrell-srbija.com | Creation Date: Aug 02, 2022 09:14:59 | Registrar: NETIM | Host DNS A record: 165.231.180.4
nikesrbijapatike.com | Creation Date: Aug 25, 2023 07:07:00 | Registrar: ALIBABA.COM SINGAPORE E-COMMERCE PRIVATE LIMITED | Host DNS A record: 165.231.180.38
nikesrbijaeshop.com | Creation Date: Aug 16, 2023 04:14:33 | Registrar: ALIBABA.COM SINGAPORE E-COMMERCE PRIVATE LIMITED | Host DNS A record: 165.231.180.40
nikestoresrbija.com | Creation Date: Aug 08, 2023 01:23:24 | Registrar: ALIBABA.COM SINGAPORE E-COMMERCE PRIVATE LIMITED | Host DNS A record: 196.245.238.121
nikesrbija.com | Creation Date: Jul 13, 2022 03:18:19 | Registrar: ALIBABA.COM SINGAPORE E-COMMERCE PRIVATE LIMITED | Host DNS A record: 104.21.77.63
nikesrbijars.com | Creation Date: Dec 08, 2022 08:19:20 | Registrar: ALIBABA.COM SINGAPORE E-COMMERCE PRIVATE LIMITED | Host DNS A record: 5.157.51.179
ralph-laurenakcija.co | Creation Date: 2022-04-11T01:24:31Z | Registrar: 1API GmbH | Host DNS A record:  104.21.39.115
mammutsam.store | Creation Date: 2023-06-28T09:54:16.0 | Registrar: Namecheap | Host DNS A record: NOT FOUND

sve sam ih stavio na glavni spisak na vrhu ove teme, zaključno sa ovim nalazi se ukupno 140 domena na spisku

[Aleksandar.Ristić]

Samo note: pošto radim deduplikaciju i sortiranje svaki put kada update-ujem repo sa domenima iz teme, primetio sam neslaganje u broju. Ovo su domeni koji se pominju više puta:

•       3 | loakesrbijastore.com
  
•       2 | adidasoutletsrbija.com
  
•       2 | aquataliasrbija.com
  
•       2 | ashsrbija.com
  
•       2 | asportuguesassrbija.com
  
•       2 | betseyjohnsonsrbija.com
  
•       2 | hummelsrbija.com
  
•       2 | superdrysrbijashop.com
  

[milos_rs]

Da, to sam i očekivao da će se desiti u nekom trenutku, pošto ne proveravam da li sam prethodno već uneo određeni domen, moraću da ubacim još automatike u proces da to proveravam.

Nego sa druge strane ne znam zašto ja češljam domene ručno, kada AI odlično radi posao:

   

[1van]

Iz "Mamut" fajlova:

[04-Aug-2023 14:22:11 Asia/Shanghai] PHP Warning:  file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed in F:\phpstudy_pro\WWW\www.jx.com\includes\modules\payment\cajipay\cajipay_front_core.php on line 2
[04-Aug-2023 14:22:11 Asia/Shanghai] PHP Warning:  file_get_contents(): Failed to enable crypto in F:\phpstudy_pro\WWW\www . jx . com\includes\modules\payment\cajipay\cajipay_front_core.php on line 2
[04-Aug-2023 14:22:11 Asia/Shanghai] PHP Warning:  file_get_contents(https :// gateway . sslinpay . xyz): failed to open stream: operation failed in F:\phpstudy_pro\WWW\www.jx.com\includes\modules\payment\cajipay\cajipay_front_core.php on line 2

[18-Aug-2022 15:57:37 Asia/Shanghai] PHP Warning:  move_uploaded_file(D:\phpstudy_pro\WWW\www.jx.com/tempEP/veja.csv): failed to open stream: Permission denied in D:\phpstudy_pro\WWW\www.jx.com\zyz1717\includes\functions\extra_functions\easypopulate_functions.php on line 57
[18-Aug-2022 15:57:37 Asia/Shanghai] PHP Warning:  move_uploaded_file(): Unable to move 'C:\Windows\php2728.tmp' to 'D:\phpstudy_pro\WWW\www.jx.com/tempEP/veja.csv' in D:\phpstudy_pro\WWW\www.jx.com\zyz1717\includes\functions\extra_functions\easypopulate_functions.php on line 57

2022-07-27 10:39:31 [Message]===================================================
Curl error: Failed to connect to payment.139.mx port 443: Timed out
[EndMessage]====================================================================

[1van]

U "Mamut" podacima se nalaze i Paypal logovi. Ako pretražimo Google za na prvi pogled testni mejl autora ove kampanje doćićemo do gomile pravih Paypal logova (podaci prevarenih ljudi verovatno) na drugim lažnim sajtovima širom sveta!

Ovo je prevelika kampanja i bilo bi dobro da sakupimo sve podatke i pošaljemo CERT-ovima širom sveta.