+- Bezbedan Balkan (https://bezbedanbalkan.net)
+-- Forum: Bezbednost državnih resursa (https://bezbedanbalkan.net/forum-5.html)
+--- Forum: Kompromitovani resursi (https://bezbedanbalkan.net/forum-6.html)
+--- Thread: Dark Web analiza esdnevnik.rs (/thread-1083.html)
Dark Web analiza esdnevnik.rs - VincaSec - 12-22-2023
Infected Device - Accounts for "esdnevnik.rs" were observed for sale on the Russian Market, On Dec 19, 2023
Code:
{
"country": "RS",
"date": "2023.12.18",
"files": "archive.zip",
"id": "13816270",
"isp": "TELEKOM-SRBIJA",
"links": [
"automotiveforum.net",
"autodijagnostika.biz",
"profile.oracle.com",
"gpsurl.com",
"login.live.com",
"animesrbija.com",
"nachtfalke.biz",
"delovionline.rs",
"discord.com",
"proelectronic.rs",
"mts.rs",
"digital-kaos.co.uk",
"4shared.com",
"m.facebook.com",
"facebook.com",
"aternos.org",
"moj.mts.rs",
"accounts.spotify.com",
"facebook.com",
"github.com",
"app.android.twitch.tv",
"login.oracle.com",
"mhhauto.com",
"yettel.rs",
"webapp.bosch.de",
"blocksmc.com",
"blocksmc.com",
"katana.facebook.com",
"192.168.1.1",
"digital-kaos.co.uk",
"katana.facebook.com",
"wattpad.wp",
"instagram.com",
"roblox.com",
"signup.live.com",
"gpszone.ro",
"app.polovniautomobili.com",
"sso.redhat.com",
"automotiveforum.net",
"accounts.google.com",
"login.live.com",
"es-la.facebook.com",
"signup.live.com",
"account.live.com",
"192.168.1.1",
"mail.mts.rs",
"uniorteos.com",
"prodajadelova.rs",
"gpszone.ro",
"digital-kaos.co.uk",
"polovniautomobili.com",
"www-v1.genymotion.com",
"kupujemprodajem.com",
"facebook.com",
"promods.net",
"euprava.gov.rs",
"repairalltv.com",
"identity.vwgroup.io",
"dragicevicauto.rs",
"controlc.com",
"minecraft.net",
"app.android.twitch.tv",
"delovionline.rs",
"servisi.euprava.gov.rs",
"euprava.gov.rs",
"mtstv.telekom.rs",
"erwin.audi.com",
"accounts.google.com",
"garageforum.org",
"instagram.com",
"mediafire.com",
"mega.nz",
"bosshop.rs",
"blocksmc.com",
"dragicevicauto.rs",
"eon.tv",
"funimate.avcrbt.com",
"client.roblox.com",
"login.live.com",
"totalav.com",
"facebook.com",
"blocksmc.com",
"olx.ba",
"sr.namemc.com",
"smartsdcard.com",
"vape.gg",
"paypal.com",
"blocksmc.com",
"ananas.rs",
"blocksmc.com",
"signup.desrae.net",
"popplayz.com",
"signup.lirehub.com",
"signup.muchasfun.net",
"worldaide.fr",
"signup.lushweb.net",
"xenonlight.rs",
"discord.com",
"manage.realvnc.com",
"signup.totemweb.net",
"radio-code.lt",
"moj.esdnevnik.rs",
"facebook.com",
"nachtfalke.biz",
"mega.nz",
"garageforum.org",
"autorepairmanuals.ws",
"profile.oracle.com",
"download-geek.com",
"katana.facebook.com",
"discord.com",
"mhhauto.com",
"nachtfalke.biz",
"polovniautomobili.com",
"accounts.google.com",
"account.live.com",
"euprava.gov.rs",
"autodijagnostika.biz",
"minecraft.net",
"worldaide.fr",
"eu.wargaming.net",
"facebook.com",
"accounts.google.com",
"funimate.avcrbt.com",
"promods.net",
"euprava.gov.rs",
"radio-code.lt",
"accounts.spotify.com",
"mojauto.rs",
"eu.wargaming.net",
"manage.realvnc.com",
"github.com",
"aternos.org",
"erwin.audi.com",
"cartoonhd.in",
"app.android.twitch.tv",
"signup.desrae.net",
"moj.mts.rs",
"sr-rs.facebook.com",
"login.live.com",
"moj.esdnevnik.rs",
"app.polovniautomobili.com",
"dragicevicauto.rs",
"mega.nz",
"facebook.com",
"login.live.com",
"minecraft.net",
"polovniautomobili.com",
"autorepairmanuals.ws",
"erwin.audi.com",
"sso.redhat.com",
"euprava.gov.rs",
"prodajadelova.rs",
"wattpad.wp",
"m.facebook.com",
"facebook.com",
"instagram.com",
"signup.live.com",
"mediafire.com",
"rivercombat.com",
"5.deltawars.com",
"digital-kaos.co.uk",
"aternos.org",
"roblox.com",
"mts.rs",
"mtstv.telekom.rs",
"app.android.twitch.tv",
"manage.realvnc.com",
"192.168.1.1",
"account.acer.com",
"signup.lushweb.net",
"erwin.volkswagen.de",
"gpsurl.com",
"mhhauto.com",
"market.mashape.com",
"login.live.com",
"mts.rs",
"m.facebook.com",
"eu.wargaming.net",
"kupujemprodajem.com",
"facebook.com",
"accounts.google.com",
"login.live.com",
"popplayz.com",
"en.idcgames.com",
"signup.muchasfun.net",
"digital-kaos.co.uk",
"mtstv.telekom.rs",
"animesrbija.com",
"totalav.com",
"idp.corel.com",
"bosshop.rs",
"xenonlight.rs",
"facebook.com",
"katana.facebook.com",
"jeepz.com",
"192.168.1.1",
"jeepz.com",
"profile.oracle.com",
"mail.open.telekom.rs",
"es-la.facebook.com",
"dragicevicauto.rs",
"download-geek.com",
"delovionline.rs",
"mega.nz",
"4shared.com",
"signup.lirehub.com",
"login.live.com",
"fundimple.com",
"4shared.com",
"euprava.gov.rs",
"gpszone.ro",
"signup.live.com",
"kupujemprodajem.com",
"accounts.google.com",
"webapp.bosch.de",
"delovionline.rs",
"controlc.com",
"login.live.com",
"client.roblox.com",
"login.oracle.com",
"eon.tv",
"uniorteos.com",
"discord.com",
"instagram.com",
"servisi.euprava.gov.rs",
"identity.vwgroup.io",
"signup.totemweb.net",
"yettel.rs",
"blocksmc.com",
"blocksmc.com",
"proelectronic.rs",
"repairalltv.com",
"mediafire.com",
"mail.mts.rs",
"garageforum.org",
"automotiveforum.net",
"blocksmc.com",
"digital-kaos.co.uk",
"automotiveforum.net",
"digital-kaos.co.uk",
"facebook.com"
],
"outlook": "-",
"price": "10.00",
"province": "Central Serbia",
"size": "0.35Mb",
"stealer": "Redline ",
"vendor": "sm####ez [platinum]"
}Infected Device - Accounts for "esdnevnik.rs" were observed for sale on the Russian Market, On Dec 15, 2023
Code:
{
"country": "RS",
"date": "2023.12.12",
"files": "archive.zip",
"id": "13742522",
"isp": "TELEKOM-BB",
"links": [
"eprijave.petnica.rs",
"accounts.google.com",
"client.roblox.com",
"epicgames.com",
"moj.esdnevnik.rs",
"android.instagram.com",
"client.roblox.com",
"eucionica.rs",
"accounts.google.com",
"katana.facebook.com",
"accounts.google.com",
"instagram.com",
"client.roblox.com",
"ufcfightpass.com",
"accounts.google.com",
"client.roblox.com",
"mojsbb.rs",
"eucionica.rs",
"gameround.co",
"m.facebook.com",
"tello.ryzerobotics.com",
"mojsbb.rs",
"epicgames.com",
"prijava.eid.gov.rs",
"prijava.eid.gov.rs",
"chess.com",
"login.live.com",
"auth0.openai.com",
"nekretnine.rs",
"premierleague.pl.com",
"login.goethe.de",
"account.booking.com",
"eprijave.petnica.rs",
"accounts.google.com",
"client.roblox.com",
"epicgames.com",
"moj.esdnevnik.rs",
"android.instagram.com",
"client.roblox.com",
"eucionica.rs",
"accounts.google.com",
"katana.facebook.com",
"accounts.google.com",
"instagram.com",
"client.roblox.com",
"ufcfightpass.com",
"accounts.google.com",
"client.roblox.com",
"mojsbb.rs",
"eucionica.rs",
"gameround.co",
"m.facebook.com",
"tello.ryzerobotics.com",
"mojsbb.rs",
"epicgames.com",
"prijava.eid.gov.rs",
"prijava.eid.gov.rs",
"chess.com",
"login.live.com",
"auth0.openai.com",
"nekretnine.rs",
"premierleague.pl.com",
"login.goethe.de",
"account.booking.com",
"accounts.google.com",
"login.live.com",
"accounts.autodesk.com",
"moj.esdnevnik.rs",
"prijava.eid.gov.rs",
"prijava.eid.gov.rs",
"rtsplaneta.rs",
"eprijave.petnica.rs",
"accounts.google.com",
"client.roblox.com",
"epicgames.com",
"moj.esdnevnik.rs",
"android.instagram.com",
"client.roblox.com",
"eucionica.rs",
"accounts.google.com",
"katana.facebook.com",
"accounts.google.com",
"instagram.com",
"client.roblox.com",
"ufcfightpass.com",
"accounts.google.com",
"client.roblox.com",
"mojsbb.rs",
"eucionica.rs",
"gameround.co",
"m.facebook.com",
"tello.ryzerobotics.com",
"mojsbb.rs",
"epicgames.com",
"prijava.eid.gov.rs",
"prijava.eid.gov.rs",
"chess.com",
"login.live.com",
"auth0.openai.com",
"nekretnine.rs",
"premierleague.pl.com",
"login.goethe.de",
"account.booking.com",
"accounts.google.com",
"login.live.com",
"accounts.autodesk.com",
"moj.esdnevnik.rs",
"prijava.eid.gov.rs",
"prijava.eid.gov.rs",
"rtsplaneta.rs"
],
"outlook": "-",
"price": "10.00",
"province": "Belgrade",
"size": "0.61Mb",
"stealer": "lumma ",
"vendor": "Mo####yf [Diamond]"
}RE: Dark Web analiza esdnevnik.rs - VincaSec - 12-22-2023
Code:
{
"country": "RS",
"date": "2023.12.12",
"files": "archive.zip",
"id": "13742505",
"isp": "CETIN Ltd. Belgrade",
"links": [
"signup.eune.leagueoflegends.com",
"192.168.0.1",
"moodle.koncar.edu.rs",
"eu.battle.net",
"accblizzard.net",
"forums.getgud.cc",
"coinbase.com",
"ewtwow.com",
"us.battle.net",
"wowhead.com",
"login.live.com",
"twitch.tv",
"wago.io",
"moj.esdnevnik.rs",
"faceit.com",
"steamcommunity.com",
"faceit.com",
"myteamspeak.com",
"prijava.eid.gov.rs",
"katana.facebook.com",
"steamcommunity.com",
"discord.com",
"trovo.live",
"egift-now.com",
"twitch.tv",
"discord.com",
"instagram.com",
"katana.facebook.com",
"mediafire.com",
"wish.contextlogic.com",
"auth.riotgames.com",
"registracija.eid.gov.rs",
"passport.twitch.tv",
"m.spankbang.com",
"amazon.com",
"letmejerk.com",
"faceit.com",
"katana.facebook.com",
"pornhubpremium.com",
"orca.facebook.com",
"us04web.zoom.us",
"id7.cloud.huawei.com",
"paypal.com",
"login.live.com",
"pornhubpremium.com",
"movie-streams-online.com",
"moodle.koncar.edu.rs",
"mobile.twitter.com",
"moj.esdnevnik.rs",
"twitter.com",
"lectio2.viser.edu.rs",
"hotspot.metropolitan.ac.rs",
"na.account.amazon.com",
"sso.teachable.com",
"na.account.amazon.com",
"pinterest.com",
"letmejerk.com",
"netflix.com",
"mega.nz",
"skrillpayments.moneybookers.com",
"twitter.com",
"pvpro.com",
"mobile.twitter.com",
"moodle.koncar.edu.rs",
"eu.battle.net",
"gateway.hbogo.rs",
"app.android.twitch.tv",
"pornfd.com",
"viser.edu.rs",
"letmejerk.com",
"accounts.epicgames.com",
"orca.facebook.com",
"m.spankbang.com",
"pornhubpremium.com",
"mega.nz",
"trka.rs",
"login.live.com",
"us.battle.net",
"faceit.com",
"balkan-school.com",
"balkan-school.com",
"prijavise.net",
"myteamspeak.com",
"sr.wikipedia.org",
"127.0.0.1",
"discord.com",
"tinder.com",
"android.snapchat.com",
"facebook.com",
"auth.services.adobe.com",
"steamcommunity.com",
"twitch.tv",
"login.live.com",
"moodle.koncar.edu.rs",
"eu.battle.net",
"tlauncher.org",
"auth.riotgames.com",
"account.mobalytics.gg",
"epicgames.com",
"auth.riotgames.com"
],
"outlook": "-",
"price": "10.00",
"province": "Central Serbia",
"size": "1.84Mb",
"stealer": "lumma ",
"vendor": "Mo####yf [Diamond]"
}Code:
{
"country": "RS",
"date": "2023.12.12",
"files": "archive.zip",
"id": "13742497",
"isp": "TELEKOM SRBIJA a.d.",
"links": [
"auth.linktr.ee",
"roblox.com",
"login.decathlon.net",
"geoguessr.com",
"auth.linktr.ee",
"roblox.com",
"instagram.com",
"instagram.com",
"pinterest.com",
"moj.esdnevnik.rs",
"roblox.com",
"roblox.com",
"aternos.org",
"clara.io",
"roblox.com",
"roblox.com",
"archiveofourown.org",
"pinterest.com",
"ocene.shoyo.com",
"iamsober.thehungrywasp.com",
"android.instagram.com",
"instagram.com",
"getsby.com",
"android.instagram.com",
"last.fm",
"id.vk.com",
"id.vk.com",
"android.vkontakte.com",
"musically.zhiliaoapp.com",
"tiktok.com",
"register.malispace.com",
"client.roblox.com",
"account.xiaomi.com",
"account.hoyoverse.com",
"idp.esdnevnik.rs",
"instagram.com",
"roblox.com",
"roblox.com",
"login.decathlon.net",
"geoguessr.com",
"auth.linktr.ee",
"auth.linktr.ee",
"moj.esdnevnik.rs",
"roblox.com",
"roblox.com",
"roblox.com",
"roblox.com",
"roblox.com",
"accounts.shutterstock.com",
"osu.ppy.sh",
"roblox.com",
"aternos.org",
"app.roll20.net",
"signup.ddo.com",
"aternos.org",
"pianoshelf.com",
"accounts.snapchat.com",
"osu.ppy.sh",
"archiveofourown.org",
"instagram.com",
"aternos.org",
"tiktok.com",
"instagram.com",
"instagram.com",
"tiktok.com",
"accounts.google.com",
"osu.ppy.sh"
],
"outlook": "-",
"price": "10.00",
"province": "Central Serbia",
"size": "1.67Mb",
"stealer": "lumma ",
"vendor": "Mo####yf [Diamond]"
}RE: Dark Web analiza esdnevnik.rs - 1van - 01-02-2024
Koliko vidim iz logova nemamo ništa što bi dokazalo pristup sistemima koji idu dalje od pristupa koje npr. imaju profesori:
eucionica.rs 216.239.32.21 216.239.34.21 216.239.36.21 216.239.38.21
moodle.koncar.edu.rs 172.67.157.122 104.21.58.72
moj.esdnevnik.rs 212.200.188.121
esdnevnik.rs 212.200.188.122
I link ka staroj analizi: https://bezbedanbalkan.net/thread-534.html
Mada ovaj loger je zanimljiv:
iamsober.thehungrywasp.com
idp.esdnevnik.rs 212.200.188.121