Aggregator
Exposing the Rogue Cyberheaven Compromised Chrome VPN Extensions Ecosystem – An Analysis
Here we go. It appears that the individuals behind the successful compromise of the Cyberheaven VPN Chrome extensions are currently busy or at least have several other upcoming and in the works campaigns targeting several other vendors of Chrome VPN extensions.
The first example is hxxp://censortracker.pro which apparently aims to target the legitimate (hxxp://censortracker.org).
Relate domains:
hxxp://cyberhavenext.pro - 149.28.124.84
hxxp://api.cyberhaven.pro - 149.248.2.160
Parked at 149.28.124.84:
hxxp://graphqlnetwork.pro
hxxp://yescaptcha.pro
hxxp://iobit.pro
hxxp://videodownloadhelper.pro
hxxp://uvoice.live
hxxp://castorus.info
hxxp://bookmarkfc.info
hxxp://cyberhavenext.pro
hxxp://parrottalks.info
hxxp://primusext.pro
hxxp://yujaverity.info
hxxp://internxtvpn.pro
hxxp://censortracker.pro
hxxp://vpncity.live
hxxp://wayinai.live
hxxp://moonsift.store
hxxp://readermodeext.info
hxxp://ext.linewizeconnect.com
hxxp://ussc.intl.justalkcloud.com
Parked at 149.248.2.160:
hxxp://chatgptextension.site
hxxp://api.graphqlnetwork.pro
hxxp://tkadmin9-new.tkv2.pro
hxxp://tkadmin12.tkv2.pro
hxxp://tkadmin9.tkv2.pro
hxxp://tkadmin7-new.tkv2.pro
hxxp://api.iobit.pro
hxxp://api.internetdownloadmanager.pro
hxxp://api.searchgptchat.info
hxxp://api.pieadblock.pro
hxxp://api.gptdetector.live
hxxp://tkadmin12-new.tkv2.pro
hxxp://tkapi8.tkv2.pro
hxxp://api.castorus.info
hxxp://tkadmin8.tkv2.pro
hxxp://tkadmin7.tkv2.pro
hxxp://api.searchaiassitant.info
hxxp://tkapi14.tkv2.pro
hxxp://tkadmin14-new.tkv2.pro
hxxp://tkapi13.tkv2.pro
hxxp://tkapi12.tkv2.pro
hxxp://api.ultrablock.pro
hxxp://tkadmin10.tkv2.pro
hxxp://tkadmin13.tkv2.pro
hxxp://api.internxtvpn.pro
hxxp://tkadmin13-new.tkv2.pro
hxxp://tkadmin11-new.tkv2.pro
hxxp://api.savechatgpt.site
hxxp://admin-main.tkpartner.pro
hxxp://api.wakelet.ink
hxxp://tkapi10.tkv2.pro
hxxp://tkadmin14.tkv2.pro
hxxp://tkadmin11.tkv2.pro
hxxp://tkapi9.tkv2.pro
hxxp://tkapi11.tkv2.pro
hxxp://api.yescaptcha.pro
hxxp://api.videodownloadhelper.pro
hxxp://api.parrottalks.info
hxxp://api.proxyswitchyomega.pro
hxxp://api.bookmarkfc.info
hxxp://api.dearflip.pro
hxxp://api.cyberhavenext.pro
hxxp://api.uvoice.live
hxxp://api.primusext.pro
hxxp://api.yujaverity.info
hxxp://api.censortracker.pro
hxxp://api.vidnozflex.live
hxxp://app.extensionpolicyprivacy.com
hxxp://api.tinamind.info
hxxp://admin-set.tkpartner.pro
hxxp://api.locallyext.ink
hxxp://api.vpncity.live
hxxp://app.policyextension.info
hxxp://api.wayinai.live
hxxp://api.moonsift.store
hxxp://api.readermodeext.info
hxxp://app.checkpolicy.site
hxxp://app.extensionpolicy.net
hxxp://api.linewizeconnect.com
hxxp://app.linewizeconnect.com
hxxp://app.extensionbuysell.com
hxxp://api.savgptforchrome.pro
hxxp://api.bardaiforchrome.live
hxxp://admin-new.tkv2.pro
hxxp://api.tkv2.pro
hxxp://api.searchcopilot.co
hxxp://api.chatgptextent.pro
hxxp://api.youtubeadsblocker.live
hxxp://api.geminiaigg.pro
hxxp://api.gpt4summary.ink
hxxp://api.blockadsonyt.vip
hxxp://api.chataiassistant.pro
hxxp://api.savegptforyou.live
hxxp://api.chatgptextension.site
hxxp://api.goodenhancerblocker.site
hxxp://admin.tkv2.pro
hxxp://redeem-p2p.org
hxxp://cdqk.link
hxxp://jokabet.co
hxxp://bc-game.link
hxxp://brunoplay.nl
hxxp://qgxl.link
hxxp://ws9.us
hxxp://t4q.us
hxxp://5kw.us
hxxp://r4o.us
hxxp://e4f.us
hxxp://mfkyb.biz
hxxp://gmpy.info
hxxp://zd4.us
hxxp://cayj.info
hxxp://vnpa.info
hxxp://elzd.info
hxxp://mefq.info
hxxp://afhc.info
hxxp://d4v.us
hxxp://eu1.us
hxxp://ouww.info
hxxp://tczc.info
hxxp://xwgc.info
hxxp://bipe.info
hxxp://bldx.info
hxxp://cw8.us
hxxp://xz9.us
hxxp://4jv.us
hxxp://o1v.us
hxxp://rh0.us
hxxp://v5j.us
hxxp://2vo.us
hxxp://fj6.us
hxxp://6zk.us
hxxp://k0r.us
hxxp://u9c.us
hxxp://g4v.us
hxxp://o7c.us
hxxp://ou2.us
hxxp://c9o.us
hxxp://i1z.us
hxxp://wdia.info
hxxp://j4j.us
hxxp://k9d.us
hxxp://6wu.us
hxxp://lj6.us
hxxp://g4c.us
hxxp://u6b.us
hxxp://j4o.us
hxxp://ah4.us
hxxp://zd8.us
hxxp://c9u.us
hxxp://t8x.us
hxxp://0iz.us
hxxp://8xu.us
hxxp://6od.us
hxxp://8na.us
hxxp://hw4.us
hxxp://s8r.us
hxxp://n1e.us
hxxp://p5c.us
hxxp://e5q.us
hxxp://yo8.us
hxxp://4dw.info
hxxp://d7p.info
hxxp://wy5.info
hxxp://z2q.info
hxxp://k9i.info
hxxp://kztw.info
hxxp://rdwr.info
hxxp://stzb.info
hxxp://hqtb.info
hxxp://jcdy.info
hxxp://hwnr.info
hxxp://ussn.info
hxxp://bfuy.info
hxxp://mhkz.info
hxxp://qoma.info
hxxp://yvbe.info
hxxp://bmpq.info
hxxp://adtw.info
hxxp://qfko.info
hxxp://azpf.info
hxxp://hpme.info
hxxp://kqno.info
hxxp://wkdn.info
hxxp://rzyn.info
hxxp://hhnr.info
hxxp://uqho.info
hxxp://yojy.info
hxxp://uomz.info
hxxp://gocf.info
hxxp://xuix.info
hxxp://irrb.info
hxxp://ehgi.info
hxxp://oqtb.info
hxxp://ezvp.info
hxxp://yevg.info
hxxp://tovo.website
hxxp://uggm.website
hxxp://ajxj.website
hxxp://ayeq.website
hxxp://nepy.website
hxxp://kjnh.website
hxxp://dbgz.website
hxxp://zoxj.website
hxxp://xduk.website
hxxp://xdje.website
hxxp://gpzn.website
hxxp://hxpc.website
hxxp://yemu.website
hxxp://nmfl.website
hxxp://ldiu.website
hxxp://vlei.website
hxxp://bktc.website
hxxp://znkn.website
hxxp://prcu.website
hxxp://vekn.link
hxxp://fswk.website
hxxp://carc.website
hxxp://vgcb.website
hxxp://zqvh.website
hxxp://sqhx.info
hxxp://htct.info
hxxp://qnmy.website
hxxp://stah.info
hxxp://dgwb.info
hxxp://fbro.website
hxxp://bzcr.info
hxxp://kgzg.website
hxxp://uspt.website
hxxp://dhfa.info
hxxp://jbza.website
hxxp://wdhy.website
hxxp://ridp.website
hxxp://lybg.website
hxxp://iktx.info
hxxp://wknj.info
hxxp://ghnt.info
hxxp://gnji.info
hxxp://fvre.info
hxxp://dobb.info
hxxp://qrsw.website
hxxp://xddj.website
hxxp://kgmy.info
hxxp://uthr.website
hxxp://jaer.website
hxxp://yvpr.info
hxxp://nxpj.info
hxxp://pbpp.info
hxxp://zmjp.website
hxxp://njki.info
hxxp://txsz.info
hxxp://isva.website
hxxp://flaa.website
hxxp://tifr.info
hxxp://dijl.website
hxxp://ntft.website
hxxp://yket.info
hxxp://rbft.website
hxxp://unkw.link
hxxp://nujt.link
hxxp://ubpm.link
hxxp://ucre.link
hxxp://mkjc.link
hxxp://hxkp.link
hxxp://itbk.link
hxxp://nqqo.info
hxxp://fwqx.info
hxxp://xwho.info
hxxp://kmic.info
hxxp://fwuf.info
hxxp://hmeq.link
hxxp://fjms.link
hxxp://zrdk.link
hxxp://enym.link
hxxp://vnaj.link
hxxp://caxh.link
hxxp://syzb.link
hxxp://bsve.link
hxxp://spoa.link
hxxp://bmtg.link
hxxp://dgzv.link
hxxp://cqui.info
hxxp://ebwu.info
hxxp://aznx.info
hxxp://lcni.info
hxxp://pcpf.info
hxxp://cped.link
hxxp://mcgz.link
hxxp://obea.me
hxxp://jtnd.me
hxxp://wyxug.com
hxxp://rpveb.com
hxxp://vkvs.link
hxxp://xclw.info
hxxp://chbw.link
hxxp://fwqs.info
hxxp://czek.link
hxxp://cnfs.info
hxxp://uywc.info
hxxp://fsns.link
hxxp://qeeq.info
hxxp://wdss.link
hxxp://niud.info
hxxp://ntzd.info
hxxp://xqvo.info
hxxp://ysga.info
hxxp://yobl.info
hxxp://peez.info
hxxp://anlk.info
hxxp://scwy.info
hxxp://pfhs.info
hxxp://hcki.info
hxxp://rhmj.info
hxxp://llgr.info
hxxp://vpcq.info
hxxp://kovh.info
hxxp://tumb.info
hxxp://nzda.info
hxxp://hxlj.info
hxxp://cvec.info
hxxp://wcyh.info
hxxp://svxu.info
hxxp://qoja.info
hxxp://wkms.info
hxxp://hbfo.info
hxxp://isxd.info
hxxp://dwwu.info
hxxp://ardx.info
Sample malicious MD5s known to have been involved in the campaign include:
b5f4ce10f08c734e7fec0028b0d27695ab9d0976c8250174edf2d7e1700313dc
a66ab39203c41336a04af8018239c292b63b0c7c67f9567b27beeeefc820b894
896108307f58fff94832f2c1c956a0d55e989976f7b438bea5829a18cf9bde8e
00c3eb47451af23873ef5360a9d3496a77b3deab0eb3f53f318d4496a1b093ad
c1bc36b29409c92144ca63a41326b2839299a73bed5cab3b809414fec45e2ee0
45b103f94e846302d00724d0aa8b5b2decb0f07a8a5a91ec38dab222779ed8d3
The post Exposing the Rogue Cyberheaven Compromised Chrome VPN Extensions Ecosystem – An Analysis appeared first on Security Boulevard.
Exposing the Rogue Cyberheaven Compromised Chrome VPN Extensions Ecosystem - An Analysis
Создан суперконденсатор с рекордной плотностью солнечной энергии
ReverEnginnering a hack.
(图作者 | @Aoemax)
(图作者 | @Aoemax)
Smuggling payloads and tools in, using WIM images, Part 2
CVE-2016-2107 | Oracle Enterprise Manager 12.1.4/12.2.2/12.3.2 Ops Center cryptographic issues (EDB-39768 / Nessus ID 91033)
Хакеры из Китая взломали Министерство финансов США
CVE-2024-13085 | PHPGurukul Land Record System 1.0 /admin/login.php username sql injection
Daily Dose of Dark Web Informer - December 31st, 2024
CVE-2015-6996 | Apple Mac OS X up to 10.11.0 IOAcceleratorFamily memory corruption (HT205375 / EDB-39380)
CVE-2013-5688 | AjaXplorer up to 5.0.2 index.php dir path traversal (EDB-28191 / Nessus ID 70496)
CVE-2006-4178 | FreeBSD 5.2/5.2.1/5.3/5.4/5.5 bzero length denial of service (EDB-28648 / BID-20158)
CVE-2018-15120 | pango up to 1.42.3 libpango memory corruption (USN-3750-1 / EDB-45263)
CVE-2010-2351 | Novell Netware 5.0/5.1/6.0/6.5 memory corruption (EDB-13906 / XFDB-59501)
CVE-2019-13383 | CentOS-WebPanel.com CentOS Web Panel 0.9.8.846 Login HTTP Response Username information disclosure (ID 153667 / EDB-47125)
CVE-2024-13084 | PHPGurukul Land Record System 1.0 search-property.php searchdata sql injection
Get Excited: Innovations in Privileged Access Mgmt
An Exciting Paradigm Shift in Managing Non-Human Identities Are we truly harnessing the power of Non-Human Identities (NHIs) in cybersecurity? A new wave of innovations in privileged access management has created an exciting shift in the cybersecurity landscape, ensuring end-to-end protection for organizations working in the cloud. From financial services and healthcare to travel and […]
The post Get Excited: Innovations in Privileged Access Mgmt appeared first on Entro.
The post Get Excited: Innovations in Privileged Access Mgmt appeared first on Security Boulevard.