01-23-2024, 01:03 AM
Infected Device - Accounts for "webmail.rts.rs" were observed for sale on the Russian Market, On May 16, 2023
Code:
{
"country": "RS",
"date": "2023.05.09",
"files": "archive.zip",
"id": "10801495",
"isp": "TELEKOM-BB",
"links": [
"icashier.alipay.com",
"mega.nz",
"esol.britishcouncil.org",
"passport.alibaba.com",
"basilplay.com",
"wayn.com",
"etihadguest.com",
"student.fil.bg.ac.rs",
"epower.amadeus.com",
"my.filesfetcher.com",
"esol.britishcouncil.org",
"virtuelnaucionica.com",
"zumzi.com",
"trainers-youthapplications.coe.int",
"grupko.rs",
"controller.access.network",
"futurelearn.com",
"affiliate.rosewholesale.com",
"ekupi.rs",
"yourtvschedule.com",
"sfi1.biz",
"slobodni.net",
"dresslink.com",
"baza.zenskiprostor.org",
"login.rosewholesale.com",
"websurvey.opinionbar.com",
"transcovalle.com.co",
"rmv.de",
"freelotto.com",
"passport.dresslink.com",
"mega.nz",
"eutorrents.to",
"funacumen.com",
"favgame.net",
"way2media.net",
"iwitness.usc.edu",
"mybitcoiner.com",
"vhaonline.usc.edu",
"rs.titlovi.com",
"esol.britishcouncil.org",
"coupon.aliexpress.com",
"checkmytrip.com",
"mobile.lufthansa.com",
"liveworksheets.com",
"adobeid.services.adobe.com",
"wattpad.com",
"secure.ikea.com",
"cinemaz.to",
"sofaeshop.com",
"shoppingcart.aliexpress.com",
"m.lalafo.rs",
"login.aliexpress.com",
"aliexpress.com",
"phrenos.eu",
"phrenos.eu",
"iwmf.submittable.com",
"fastserbia.com",
"halooglasi.com",
"torrenting.com",
"app.dock.io",
"etihadguest.com",
"ana.rs",
"balkandownload.org",
"passport.lenovo.com",
"old.arhiva.me",
"pinterest.com",
"impactpool.org",
"wizzair.com",
"rarbg2018.org",
"scribd.com",
"account.live.com",
"youthapplications.coe.int",
"youthapplications.coe.int",
"youthapplications.coe.int",
"kupujemprodajem.com",
"serbianforum.org",
"inoreader.com",
"secure.booking.com",
"torrentdownloads.me",
"tumblr.com",
"booking.com",
"rs.iqos.com",
"academia.edu",
"issuu.com",
"accounts.google.com",
"courses.onlineenglishskills.com",
"dropbox.com",
"easyjet.com",
"m.austrian.com",
"mts.rs",
"gateway.hbogo.eu",
"signup.deusmedia.net",
"dobos.rs",
"m.kupujemprodajem.com",
"episodate.com",
"login.live.com",
"book.austrian.com",
"torrenting.com",
"torrenting.com",
"login.live.com",
"login.aliexpress.com",
"paypal.com",
"89.45.196.133",
"api.appcargo.com",
"aliexpresshd.alibaba.com",
"mediaclient.netflix.com",
"google.rs",
"youthapplications.coe.int",
"linkedin.com",
"admin.youthapplications.coe.int",
"admin.youthapplications.coe.int",
"ebankweb.kombank.com",
"webmail.rts.rs",
"register.wyfegypt.com",
"ecas.ec.europa.eu",
"ebanking.kombank.com",
"my.m.workplace.com",
"lufthansa.com",
"my.workplace.com",
"openmusiclibrary.org",
"camperoutlets.com",
"rs.titlovi.com",
"moj.mts.rs",
"login.microsoftonline.com",
"sr-rs.facebook.com",
"facebook.com",
"m.facebook.com",
"facebook.com",
"facebook.com",
"m.facebook.com",
"winwin.rs",
"speak.social",
"webgate.ec.europa.eu",
"us04web.zoom.us",
"webgate.ec.europa.eu",
"ikea.com",
"ikea.com",
"kompis.ikea.com",
"festivalscope.com",
"wetransfer.com",
"limundo.com",
"192.168.1.1",
"moj.mts.rs",
"192.168.1.1",
"prijava.eid.gov.rs",
"rs.accounts.ikea.com",
"balkandownload.org",
"m.correctst.com",
"webalkans.eu",
"us04web.zoom.us",
"gateway.hbogo.rs",
"zoom.us",
"klubzdravlja.rs",
"ndi.tevan.rs",
"cosmonet.rs",
"roomstyler.com",
"ipassport.homestyler.com",
"account.booking.com",
"canopylab.com",
"aikb.net",
"webgate.ec.europa.eu",
"akvamast.rs",
"wobyhaus.co.rs",
"2020.limundo.com",
"jysk.rs",
"formaideale.rs",
"katana.facebook.com",
"rc.smalltownboys",
"gateway.hbogo.rs",
"account.xiaomi.com",
"oceantrade.club",
"accounts.google.com",
"accounts.google.com",
"accounts.google.com",
"mts.rs",
"servisi.euprava.gov.rs",
"prijevodi-titlovi.org",
"velog.rs",
"autoskolagas.co.rs",
"signup.sakarri.net",
"registracija.eid.gov.rs",
"tehnomanija.rs",
"auth.wetransfer.com",
"auth.wetransfer.com",
"swiss.com",
"swiss.swiss.yoc.com",
"netflix.com",
"survey.daedalusonline.eu",
"online-auction.state.gov",
"servisi.euprava.gov.rs",
"accounts.bahn.de",
"amazon.com",
"account.wps.com",
"bg.parkingservis.rs",
"loyalty.maxi.delhaize.com",
"play.hbomax.com",
"accounts.lidl.com",
"eparking.rs",
"austrian.com",
"android.connector.austrian.com",
"n391.network-auth.com",
"ebanking.nlbkb.rs",
"rs.factcool.com",
"mts.rs",
"metal-alati.rs",
"mobile.lot.pl",
"connect.navigo.fr",
"app.euplf.eu",
"lot.com",
"amazon.com",
"amazon.com",
"amazon.co.uk",
"amazon.com",
"zac-hs.dsuj.pl",
"amazon.co.uk",
"figma.com",
"ecas.ec.europa.eu",
"ecas.ec.europa.eu",
"ecas.ec.europa.eu",
"login.microsoftonline.com",
"prijava.eid.gov.rs",
"app.airhelp.com",
"daedalusonline.eu",
"webgate.ec.europa.eu",
"webgate.ec.europa.eu",
"app.secretflying.com",
"secretflying.com",
"shoppster.rs",
"acfreedom.broadlink.com",
"midrop.xiaomi.com",
"booking.com",
"atapp.ecobill.cloud",
"login.alditalk-kundenbetreuung.de",
"ananas.rs",
"mimaks.rs",
"mimaks.rs",
"auth0.openai.com",
"accounts.dm.rs",
"signin.dm.rs",
"vpos.sia.eu",
"airtable.com",
"auth.services.adobe.com",
"mcarthurglen.my.site.com",
"web.flypgs.com",
"web.flypgs.com",
"login.microsoftonline.com",
"dropbox.com",
"instagram.com",
"instagram.com",
"android.instagram.com",
"ecas.ec.europa.eu",
"login.microsoftonline.com",
"ecas.ec.europa.eu",
"webgate.ec.europa.eu",
"youthpass.eu",
"webgate.ec.europa.eu",
"mediaclient.netflix.com",
"facebook.com",
"admin.youthapplications.coe.int",
"youthapplications.coe.int",
"canopylab.com",
"admin.youthapplications.coe.int",
"youthapplications.coe.int",
"youthapplications.coe.int",
"youthapplications.coe.int",
"play.hbomax.com",
"zac-hs.dsuj.pl",
"icashier.alipay.com",
"mega.nz",
"esol.britishcouncil.org",
"passport.alibaba.com",
"basilplay.com",
"wayn.com",
"etihadguest.com",
"student.fil.bg.ac.rs",
"epower.amadeus.com",
"my.filesfetcher.com",
"esol.britishcouncil.org",
"virtuelnaucionica.com",
"zumzi.com",
"trainers-youthapplications.coe.int",
"grupko.rs",
"controller.access.network",
"futurelearn.com",
"affiliate.rosewholesale.com",
"ekupi.rs",
"yourtvschedule.com",
"sfi1.biz",
"slobodni.net",
"dresslink.com",
"baza.zenskiprostor.org",
"login.rosewholesale.com",
"websurvey.opinionbar.com",
"transcovalle.com.co",
"rmv.de",
"freelotto.com",
"passport.dresslink.com",
"mega.nz",
"eutorrents.to",
"funacumen.com",
"favgame.net",
"way2media.net",
"iwitness.usc.edu",
"mybitcoiner.com",
"vhaonline.usc.edu",
"rs.titlovi.com",
"esol.britishcouncil.org",
"coupon.aliexpress.com",
"checkmytrip.com",
"mobile.lufthansa.com",
"liveworksheets.com",
"adobeid.services.adobe.com",
"wattpad.com",
"secure.ikea.com",
"cinemaz.to",
"sofaeshop.com",
"shoppingcart.aliexpress.com",
"m.lalafo.rs",
"login.aliexpress.com",
"aliexpress.com",
"phrenos.eu",
"phrenos.eu",
"iwmf.submittable.com",
"fastserbia.com",
"halooglasi.com",
"torrenting.com",
"app.dock.io",
"etihadguest.com",
"ana.rs",
"balkandownload.org",
"passport.lenovo.com",
"old.arhiva.me",
"pinterest.com",
"impactpool.org",
"wizzair.com",
"rarbg2018.org",
"scribd.com",
"account.live.com",
"youthapplications.coe.int",
"youthapplications.coe.int",
"youthapplications.coe.int",
"kupujemprodajem.com",
"serbianforum.org",
"inoreader.com",
"secure.booking.com",
"torrentdownloads.me",
"tumblr.com",
"booking.com",
"rs.iqos.com",
"academia.edu",
"issuu.com",
"accounts.google.com",
"courses.onlineenglishskills.com",
"easyjet.com",
"m.austrian.com",
"mts.rs",
"gateway.hbogo.eu",
"signup.deusmedia.net",
"dobos.rs",
"m.kupujemprodajem.com",
"episodate.com",
"login.live.com",
"book.austrian.com",
"torrenting.com",
"torrenting.com",
"login.aliexpress.com",
"89.45.196.133",
"api.appcargo.com",
"aliexpresshd.alibaba.com",
"mediaclient.netflix.com",
"google.rs",
"youthapplications.coe.int",
"linkedin.com",
"admin.youthapplications.coe.int",
"admin.youthapplications.coe.int",
"ebankweb.kombank.com",
"register.wyfegypt.com",
"ebanking.kombank.com",
"my.m.workplace.com",
"lufthansa.com",
"my.workplace.com",
"openmusiclibrary.org",
"camperoutlets.com",
"rs.titlovi.com",
"moj.mts.rs",
"login.microsoftonline.com",
"sr-rs.facebook.com",
"facebook.com",
"m.facebook.com",
"facebook.com",
"winwin.rs",
"speak.social",
"webgate.ec.europa.eu",
"us04web.zoom.us",
"webgate.ec.europa.eu",
"ikea.com",
"ikea.com",
"kompis.ikea.com",
"festivalscope.com",
"wetransfer.com",
"limundo.com",
"192.168.1.1",
"moj.mts.rs",
"192.168.1.1",
"balkandownload.org",
"m.correctst.com",
"webalkans.eu",
"us04web.zoom.us",
"zoom.us",
"klubzdravlja.rs",
"ndi.tevan.rs",
"cosmonet.rs",
"roomstyler.com",
"ipassport.homestyler.com",
"account.booking.com",
"canopylab.com",
"aikb.net",
"webgate.ec.europa.eu",
"wobyhaus.co.rs",
"2020.limundo.com",
"jysk.rs",
"formaideale.rs",
"katana.facebook.com",
"rc.smalltownboys",
"gateway.hbogo.rs",
"account.xiaomi.com",
"oceantrade.club",
"accounts.google.com",
"accounts.google.com",
"accounts.google.com",
"mts.rs",
"servisi.euprava.gov.rs",
"prijevodi-titlovi.org",
"velog.rs",
"autoskolagas.co.rs",
"signup.sakarri.net",
"registracija.eid.gov.rs",
"tehnomanija.rs",
"auth.wetransfer.com",
"swiss.com",
"swiss.swiss.yoc.com",
"netflix.com",
"survey.daedalusonline.eu",
"online-auction.state.gov",
"servisi.euprava.gov.rs",
"accounts.bahn.de",
"amazon.com",
"account.wps.com",
"bg.parkingservis.rs",
"loyalty.maxi.delhaize.com",
"play.hbomax.com",
"austrian.com",
"android.connector.austrian.com",
"n391.network-auth.com",
"metal-alati.rs",
"mobile.lot.pl",
"connect.navigo.fr",
"app.euplf.eu",
"lot.com",
"amazon.com",
"amazon.com",
"amazon.co.uk",
"figma.com",
"ecas.ec.europa.eu",
"ecas.ec.europa.eu",
"ecas.ec.europa.eu",
"login.microsoftonline.com",
"app.airhelp.com",
"daedalusonline.eu",
"webgate.ec.europa.eu",
"webgate.ec.europa.eu",
"app.secretflying.com",
"secretflying.com",
"acfreedom.broadlink.com",
"shoppster.rs",
"rs.factcool.com",
"mts.rs",
"m.facebook.com",
"midrop.xiaomi.com",
"192.168.101.1",
"accounts.lidl.com",
"rs.accounts.ikea.com",
"atapp.ecobill.cloud",
"login.alditalk-kundenbetreuung.de",
"akvamast.rs",
"paypal.com",
"amazon.co.uk",
"mimaks.rs",
"mimaks.rs",
"accounts.dm.rs",
"signin.dm.rs",
"vpos.sia.eu",
"prijava.eid.gov.rs",
"facebook.com",
"ananas.rs",
"airtable.com",
"auth.services.adobe.com",
"eparking.rs",
"ebanking.nlbkb.rs",
"mcarthurglen.my.site.com",
"web.flypgs.com",
"web.flypgs.com",
"webmail.rts.rs",
"login.live.com",
"auth0.openai.com",
"login.microsoftonline.com",
"dropbox.com",
"dropbox.com"
],
"outlook": "-",
"price": "10.00",
"province": "Belgrade",
"size": "0.30Mb",
"stealer": "Racoon ",
"vendor": "el####ro [platinum]"
}Infected Device - Accounts for "webmail.rts.rs" were observed for sale on the Russian Market, On May 08, 2023
Code:
{
"country": "RS",
"date": "2023.05.04",
"files": "archive.zip",
"id": "10714944",
"isp": "Serbia Broadband",
"links": [
"login.yahoo.com",
"pinterest.com",
"portal.edb.rs",
"192.0.2.1",
"login.yahoo.com",
"wetransfer.com",
"accounts.google.com",
"webmail.rts.rs",
"192.0.2.1",
"portal.edb.rs",
"wish.com",
"limundo.com",
"myairbridge.com",
"best.aliexpress.com",
"mojsbb.rs",
"eon.tv",
"moj.esdnevnik.rs",
"twitter.com",
"netflix.com",
"play.hbomax.com",
"myegnatiapass.gr"
],
"outlook": "-",
"price": "10.00",
"province": "Belgrade",
"size": "0.39Mb",
"stealer": "Vidar ",
"vendor": "Hy####ad [platinum]"
}
There is no patch for stupidity - Kevin Mitnick