Na prodaju e-mail nalozi (OWA) na ems.rs
#1
Cena: 14$

[Image: attachment.php?aid=520]


Attached Files Image(s)
   
Reply
#2
Usput imamo i da je jedna od IP adresa (91.201.138.4) koja pripada ems.rs kompromitovana: https://www.abuseipdb.com/check/91.201.138.4.

[Image: attachment.php?aid=821]


Attached Files Image(s)
   
“If you think you are too small to make a difference, try sleeping with a mosquito.” - Dalai Lama XIV
Reply
#3
Upravo sam dobio info da prodaja ovih naloga još uvek traje.

[Image: attachment.php?aid=824]


Attached Files Image(s)
   
“If you think you are too small to make a difference, try sleeping with a mosquito.” - Dalai Lama XIV
Reply
#4
DNS zone za ems.rs: https://intodns.com/ems.rs, arhivirano: https://archive.ph/LsVlM

NS 1: 91.201.136.36
NS 2: 91.201.138.35 <- Iz ovog opsega, i u posedu JP Elektromreza Srbije Beograd, kompromitovana je IP 91.201.138.4: https://www.abuseipdb.com/check/91.201.138.4.
NS 3: 13.93.12.34 <- Nije u Srbiji (Microsoft Azure)
A: 49.12.166.11 <- Nije u Srbiji (Nemačka)
MX 1: 91.201.138.76
MX 2: 91.201.138.77


Attached Files Image(s)
   
“If you think you are too small to make a difference, try sleeping with a mosquito.” - Dalai Lama XIV
Reply
#5
Zanimljivo za IP 49.12.166.11 gde se hostuje ems.rs:

- Prijavljen za SPAM 2017/2018 godine: https://threatbook.io/ip/49.12.166.11
- Kompromitovan veb sajt na istoj IP, godina 2023: https://bezbedanbalkan.net/thread-645.html
- Kompromitovan veb sajt na istoj IP, godina 2023: https://bezbedanbalkan.net/thread-437.html
“If you think you are too small to make a difference, try sleeping with a mosquito.” - Dalai Lama XIV
Reply
#6
Novi dokazi, izvor BIRN: https://balkaninsight.com/2023/07/27/for...ld-online/.

[Image: attachment.php?aid=997]


Attached Files Image(s)
   
“If you think you are too small to make a difference, try sleeping with a mosquito.” - Dalai Lama XIV
Reply
#7
(04-24-2023, 08:58 AM)1van Wrote: Zanimljivo za IP 49.12.166.11 gde se hostuje ems.rs:

- Prijavljen za SPAM 2017/2018 godine: https://threatbook.io/ip/49.12.166.11
- Kompromitovan veb sajt na istoj IP, godina 2023: https://bezbedanbalkan.net/thread-645.html
- Kompromitovan veb sajt na istoj IP, godina 2023: https://bezbedanbalkan.net/thread-437.html

Zašto je ovo zanimljivo? ?

U pitanju je shared hosting server.
Reply
#8
Upravo je to zanimljivo, zašto se sajt sa potencijalno osetljivim informacijama hostuje na (više puta kompromitovanom) shared hostingu?
“If you think you are too small to make a difference, try sleeping with a mosquito.” - Dalai Lama XIV
Reply
#9
Kompromitovana su dva naloga u periodu od 3h. Koristimo LVE izolaciju tako da jedan korisnik ne može ni na koji način da "preskoči ogradu" i ugrozi druge korisnike. Da li imaš dokaze da je shared hosting odnosno server kompromitovan?
Reply
#10
Hvala na potvrdi kompromitacije hostova na serveru gde se nalazi i EMS.
“If you think you are too small to make a difference, try sleeping with a mosquito.” - Dalai Lama XIV
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)