Lažni sajtovi raznih brendova

[1van]

Otkrili smo desetine (a broj je verovatno u stotinama) malicioznih kampanja koje su usmerene na građane Srbije (ali i regiona).
U pitanju su lažni sajtovi poznatih brendova u raznim sferama.

Npr (ima još puno):

lowaonlinesrbija[.]com has address 165.231.180.89
loakesrbijastore[.]com has address 104.21.21.113 (cloudflare)
katespadesrbija[.]com has address 196.196.152.237
puma-serbia[.]com has address 196.245.238.201
norronasrbija[.]com has address cloudflare (site down)
eccosrbijaonline[.]com redirektuje na eccosrbija.top
eccosrbijaonline[.]com has address 196.196.194.182
eccosrbija[.]top has address 196.196.194.182
gymsharksrbija[.]com has address 165.231.87.75
Tentative Pošta scam - serbian-post[.]com
northfacessrbija[.]com has address 188.114.97.2 (cloudflare)
woolrichsrbija[.]com has address 196.197.12.31
pumaisrbija[.]com has address 188.114.96. (cloudflare)
uggcizmesrbija[.]com has address 196.196.208.100
northsailssrbija[.]com has address 196.197.12.9
michaelkorsoutletsrbija[.]com has address 196.245.230.97
filainsrbija[.]com has address 5.157.8.230
miumiusrbija[.]com has address 188.114.97.2 (cloudflare)
lancastersrbija[.]com has address 196.196.208.147
jlindebergsrbija[.]com has address 196.197.12.49
gymsharksrbijaonline[.]com has address 196.196.194.185
jordansrbijapatike[.]com has address 196.245.159.154
vansshopsrbija[.]com has address 104.160.2.216
geoxsrbijaonline[.]com has address 196.247.55.198
nikeoutletsrbija[.]com has address 196.196.223.2
furlasrbija[.]com has address 196.196.38.157
huntercizmesrbija[.]com has address 188.114.97.2 (cloudflare)
longchamp-srbija[.]com has address 188.114.96.2 (cloudflare)
michaelkorssrbija[.]net has address 196.247.50.204
mango-srbija[.]com has address 165.231.36.102
...

Detalje možete videti ovde: https://bezbedanbalkan.net/thread-835.html.

Uglavnom svi ovi sajtovi na kraju žele da Vam ukradu brojeve kreditnih kartica. Uspeli smo da izvučemo kod na jednom od sajtova (nešto su pogrešili u konfiguraciji i kod je bio javno dostupan) i u toku je analiza.

[1van]

Otkrili smo i gomilu sajtova koji koriste poznate licnosti (Novak Đoković, Jovan Memedović, Miloš Biković, Ana Ivanović, Marija Šerifović, Miodrag Kostić, ...) za prevare, detalji su ovde: https://bezbedanbalkan.net/thread-845.html

Takođe pronašli smo i kampanje usmerene na AirSerbia, detalji: https://bezbedanbalkan.net/thread-846.html.

Broj otkrivenih kampanja je sada u stotinama.

[1van]

Ceo presek stanja, nakon godinu dana rada foruma, možete videti ovde: https://bezbedanbalkan.net/thread-849.html.

[1van]

PiHole projekat gde smo skupili sve phishing domene: https://github.com/aleksandarristic/blacklist.

Vizuelna kolekcija phishing domena: https://bezbedanbalkan.net/multi-brand-phishing-srbija/

Originalna tema: https://bezbedanbalkan.net/thread-835.html

[progster]

Hvala! Da odmah dodam na listu.