+- Bezbedan Balkan (https://bezbedanbalkan.net)
+-- Forum: Bezbednost državnih resursa (https://bezbedanbalkan.net/forum-5.html)
+--- Forum: Kompromitovani resursi (https://bezbedanbalkan.net/forum-6.html)
+--- Thread: Dark Web analiza purs.gov.rs (/thread-1150.html)
Dark Web analiza purs.gov.rs - VincaSec - 01-11-2024
https://socradar.io/labs/dark-web-report/results/f2a8840be88c4256b6098e890ec31717
https://www.hudsonrock.com/search?domain=purs.gov.rs
RE: Dark Web analiza purs.gov.rs - VincaSec - 01-11-2024
Infected Device - Accounts for "purs.gov.rs" were observed for sale on the Russian Market, On Dec 15, 2023
Quote:{
"country": "RS",
"date": "2023.12.12",
"files": "archive.zip",
"id": "13742487",
"isp": "TELEKOM SRBIJA a.d.",
"links": [
"facebook.com",
"accounts.google.com",
"polovniautomobili.com",
"mercedesklub.rs",
"arenabg.com",
"aksa.rs",
"studentite.bg",
"android.kupujemprodajem.com",
"arenabg.com",
"mega.nz",
"homedecorations.rs",
"accounts.google.com",
"eplaneta.rs",
"accounts.google.com",
"localhost",
"accounts.google.com",
"shop.avala.biz",
"tezgarosi.rs",
"dreamstime.com",
"moj.mts.rs",
"delovionline.rs",
"accounts.google.com",
"m.facebook.com",
"gausi.com",
"localhost",
"mojauto.rs",
"sr.wikipedia.org",
"prijava.eid.gov.rs",
"issuu.com",
"emmezeta.rs",
"freedns.afraid.org",
"evezbaonica.zvkov.gov.rs",
"users.wix.com",
"accounts.google.com",
"euprava.gov.rs",
"maturskiradovi.net",
"smallpdf.com",
"login.yahoo.com",
"rep.avon.rs",
"issuu.com",
"moj.mts.rs",
"sr.wikipedia.org",
"mercedesklub.rs",
"euprava.gov.rs",
"facebook.com",
"sr.m.wikipedia.org",
"wordpress.com",
"kupindo.com",
"odigledolokomotive.rs",
"silux.rs",
"grandkafa.rs",
"avon.rs",
"ipsosanketa.com",
"register.coca-cola.com",
"accounts.google.com",
"25sat.rs",
"m.kupujemprodajem.com",
"accounts.google.com",
"poreklo.rs",
"servisi.pio.rs",
"login.yahoo.com",
"antikvarne-knjige.com",
"register.coca-cola.com",
"accounts.google.com",
"jugoistok.com",
"editor.triobo.com",
"doncafe25sat.rs",
"login.yahoo.com",
"id7.cloud.huawei.com",
"lalafo.rs",
"antikvarne-knjige.com",
"facebook.com",
"jugoistok.com",
"cp.freehostia.com",
"arenabg.ch",
"daewoo.forumpro.eu",
"poreskialarm.purs.gov.rs",
"shop.avala.biz",
"issuu.com",
"skypi.forumsr.com",
"localhost",
"euprava.gov.rs",
"issuu.com",
"onlineotpad.com",
"accounts.google.com",
"nsz.gov.rs",
"accounts.google.com",
"delovionline.rs",
"maturskiradovi.net",
"midi-matrix.com",
"mts.rs",
"160.99.101.201",
"secure.ancestry.com",
"cashbackworld.com",
"muzicari.org",
"accounts.google.com",
"poreskialarm.purs.gov.rs",
"facebook.com",
"facebook.com",
"goranlibrary.iz.rs",
"zoho.eu",
"digitalnagaraza-rs.withgoogle.com",
"en.yumpu.com",
"KomBank.jimba.android.asseco.hr",
"accounts.google.com",
"lalafo.rs",
"est.uni-vt.bg",
"euprava.gov.rs",
"yoosee.com",
"account.dyn.com",
"ana.rs",
"ana.rs",
"ipsosanketa.com",
"cp.freehostia.com",
"leo.rs",
"logocrisp.com",
"kupujemprodajem.com",
"sr-rs.facebook.com",
"accounts.google.com",
"dropbox.com",
"en.wikipedia.org",
"android.instagram.com",
"mlite.facebook.com",
"arenabg.com",
"auction.bg",
"aksa.com",
"panelist.cint.com",
"skypi.cheap-forum.com"
],
"outlook": "-",
"price": "10.00",
"province": "Central Serbia",
"size": "0.14Mb",
"stealer": "lumma ",
"vendor": "Mo####yf [Diamond]"
}
Infected Device - Accounts for "purs.gov.rs" were observed for sale on the Russian Market, On Jul 14, 2023
Quote:{
"country": "RS",
"date": "2023.07.06",
"files": "archive.zip",
"id": "11536598",
"isp": "TELEKOM-BB",
"links": [
"login.yahoo.com",
"homemadetools.net",
"secure.limundo.com",
"secure.limundo.com",
"grindplay.com",
"secure.limundo.com",
"misumi-ec.com",
"facebook.com",
"gmx.com",
"omron-ap.com",
"aliexpresshd.alibaba.com",
"android.degoo.com",
"www-dctech-com-au.secure-aus.com",
"sale.aliexpress.com",
"limundo.com",
"manualslib.com",
"twitter.com",
"login.live.com",
"spreadsheetbooster.com",
"kupujemprodajem.com",
"udemy.com",
"login.live.com",
"lakodoposla.com",
"twitter.com",
"linkedin.com",
"login.aliexpress.com",
"b2b.partcommunity.com",
"dropbox.com",
"mazdaclub.rs",
"kupindo.com",
"surveymonkey.com",
"pa.android.infostud.com",
"jakovsistem.com",
"authentication.b2c.mol.hu",
"halooglasi.com",
"hv.adeus.de",
"localhost",
"registracija.eid.gov.rs",
"equateplus.com",
"wish.com",
"endpoint2.api.enpay.rs",
"autoscout24.com",
"accounts.google.com",
"e-zdravlje.gov.rs",
"napapijri.rs",
"hv.adeus.de",
"accounts.firefox.com",
"limundo.com",
"etc.roads.org.mk",
"katana.facebook.com",
"eid.gov.rs",
"mts.rs",
"2020.limundo.com",
"accounts.google.com",
"localhost",
"instagram.com",
"prijava.eid.gov.rs",
"endpoint2.api.enpay.rs",
"Serbia.android.huawei.com",
"mobile.equatex.com",
"rs.accounts.ikea.com",
"limundo.com",
"dropbox.com",
"Serbia.android.huawei.com",
"poreskialarm.purs.gov.rs",
"rs-online.com",
"account.booking.com"
],
"outlook": "-",
"price": "10.00",
"province": "Belgrade",
"size": "0.67Mb",
"stealer": "Redline ",
"vendor": "sm####ez bronze"
}
RE: Dark Web analiza purs.gov.rs - VincaSec - 01-11-2024
Quote:"purs.gov.rs" has been detected in the "QA" Postman Collection
"id": "6d5c246a-9cca-4e6e-9778-1cf5a0a5af45",
"name": "Fiskalni racun",
"dataMode": "raw",
"data": null,
"rawModeData": "[\r\n {\r\n \"journal\": \"============ \u0424\u0418\u0421\u041a\u0410\u041b\u041d\u0418 \u0420\u0410\u0427\u0423\u041d ============\\r\\n\u041f\u0418\u0411: 112591486\\r\\n\u041f\u0440\u0435\u0434\u0443\u0437\u0435\u045b\u0435: Loads King\\r\\n\u041c\u0435\u0441\u0442\u043e \u043f\u0440\u043e\u0434\u0430\u0458\u0435: Loads King\\r\\n\u0410\u0434\u0440\u0435\u0441\u0430: Mlatisumina 5.\\r\\n\u041e\u043f\u0448\u0442\u0438\u043d\u0430: \u0412\u0440\u0430\u0447\u0430\u0440\\r\\n\u041a\u0430\u0441\u0438\u0440: \\r\\n\u0415\u0421\u0418\u0420 \u0431\u0440\u043e\u0458: 854/1.0\\r\\n-------------\u041f\u0420\u041e\u041c\u0415\u0422 \u041f\u0420\u041e\u0414\u0410\u0408\u0410-------------\\r\\n\u0410\u0440\u0442\u0438\u043a\u043b\u0438\\r\\n========================================\\r\\n\u041d\u0430\u0437\u0438\u0432 \u0426\u0435\u043d\u0430 \u041a\u043e\u043b. \u0423\u043a\u0443\u043f\u043d\u043e\\r\\nTrotinet 2 (1) (A) \\r\\n 143,45 2 286,90\\r\\n----------------------------------------\\r\\n\u0423\u043a\u0443\u043f\u0430\u043d \u0438\u0437\u043d\u043e\u0441: 286,90\\r\\n\u041f\u043b\u0430\u0442\u043d\u0430 \u043a\u0430\u0440\u0442\u0438\u0446\u0430: 243,45\\r\\n========================================\\r\\n\u041e\u0437\u043d\u0430\u043a\u0430 \u0418\u043c\u0435 \u0421\u0442\u043e\u043f\u0430 \u041f\u043e\u0440\u0435\u0437\\r\\nA VAT 9,00% 23,69\\r\\n----------------------------------------\\r\\n\u0423\u043a\u0443\u043f\u0430\u043d \u0438\u0437\u043d\u043e\u0441 \u043f\u043e\u0440\u0435\u0437\u0430: 23,69\\r\\n========================================\\r\\n\u041f\u0424\u0420 \u0432\u0440\u0435\u043c\u0435: 17.04.2022. 20:14:17\\r\\n\u041f\u0424\u0420 \u0431\u0440\u043e\u0458 \u0440\u0430\u0447\u0443\u043d\u0430: F7CBZMLQ-Dt1Ov1o0-1900\\r\\n\u0411\u0440\u043e\u0458\u0430\u0447 \u0440\u0430\u0447\u0443\u043d\u0430: 1652/1900\u041f\u041f\\r\\n========================================\\r\\n======== \u041a\u0420\u0410\u0408 \u0424\u0418\u0421\u041a\u0410\u041b\u041d\u041e\u0413 \u0420\u0410\u0427\u0423\u041d\u0410 =========\\r\\n\",\r\n \"orderID\": \"G37WG-F9X5F-FBA-1\",\r\n \"messages\": \"Success\",\r\n \"invoiceType\": \"NORMAL\",\r\n \"merchantTin\": \"111606273\",\r\n \"invoiceNumber\": \"G37WG-F9X5F-FBA-1\",\r\n \"invoiceCounter\": \"G37WG-F9X5F-consolid-2\",\r\n \"transactionType\": \"SALE\",\r\n \"verificationUrl\": \"https://sandbox.suf.purs.gov.rs/v/?vl=A0Y3Q0JaTUxRRHQxT3YxbzBsBwAAdAYAAAjHKwAAAAAAAAABgDi7kEAAAAAGIRnzXKM9ykNaa08%2FKU6sgWo%2FTFfBh87m9vQUGRtO40%2FJSdHzXP3bjZ00Q0kyNcUchWniheoljobIjbxlIYfqcF%2BdWAArYMiV6ys2Qs5tekgLLqZgJw2jnCFyY8wu8gMMoQFBjBn%2BfYL6%2F%2Bqh2KfBucKLaBGxBtbIu4ZbPOPRGZ2f1CO%2BeUSB15fQkJlzP7j2vQZ1adkZB0NS1qGrfm7jju%2FCaJs1h2w7Sshoj%2Fo2x75DDiaV8lKd9JqVTyo2vNgszPWtYPUARNK7qhv69nmeJv86TSrUIvCUGjrk8LJ3Dd2XRGW92eVDiG2j96hcD84Kyt1K3buWnB45e3OImH8M2xxy7kQRJmDWy5f9fhFKhiJv0DjIcfjXbNQNsRIRIs%2FZa2ydWT60C8p%2BChVGiWm1Nm4IOh7cr8cN0oa9gY8fFrAJR4C8jboQoQeXWq63XkayjQJsUn7UCVLLSCtnaJ77sS6ugcWulr85vUMuw%2FM0U1ZKI%2BByqbSuZNPo417DThOLvn1V0kDH5WL1QlviGflrcmo5r2EDH9YGYn3VAwETBBWhYun27DkmJ%2B%2BkR0R2QxTUAEP4cKB8PMrNQBE4xMadIikwKIPeFzr%2B466Bes6MUUn41lm5l1Qzs9DRZbLRTvJj6Nfh0mzxFBafE35%2F4D6VXgQx7liovuscJnF4OG48Xd78bUJ%2Bq1iMB4K3UOoHo%2FU%3D \",\r\n \"fiscalizationDate\": \"2022-05-31 10:58:30\"\r\n }\r\n]\r\n\r\n// OrderID should be child order ID if it is DS order or grandchild order ID in case of AD order, if transaction type is SALE.\r\n// If invoice correction needs to be issued then in case of lost, damaged and failed delivery statuses, orderID should be child order ID for DS orders and grandchild order ID for AD orders, but\r\n// In case of returns and claims, customer case ID should be used as orderID.\r\n// MerchantTin should be Merchant pib number.\r\n// And transactionType should be SALE for invoice and REFUND for invoice correction.\r\n// Other fields in this request are not relevant and can be copied from this example",
"purs.gov.rs" has been detected in the "elefakt API" Swagger API documentation
Quote:"verificationUrl": {
"type": "string",
"example": "https://sandbox.suf.purs.gov.rs/v/?vl=A1dERUdFQURTRHQxT3YxbzC%2FAAAATwAAAICEHgAAAAAAAAABgyxwwhcDAAw...."
},
RE: Dark Web analiza purs.gov.rs - VincaSec - 01-12-2024