Posts: 442
Threads: 228
Joined: Oct 2023
Reputation:
156
01-11-2024, 05:40 PM
There is no patch for stupidity - Kevin Mitnick
Posts: 442
Threads: 228
Joined: Oct 2023
Reputation:
156
Infected Device - Accounts for "purs.gov.rs" were observed for sale on the Russian Market, On Dec 15, 2023
Quote:{
"country": "RS",
"date": "2023.12.12",
"files": "archive.zip",
"id": "13742487",
"isp": "TELEKOM SRBIJA a.d.",
"links": [
"facebook.com",
"accounts.google.com",
"polovniautomobili.com",
"mercedesklub.rs",
"arenabg.com",
"aksa.rs",
"studentite.bg",
"android.kupujemprodajem.com",
"arenabg.com",
"mega.nz",
"homedecorations.rs",
"accounts.google.com",
"eplaneta.rs",
"accounts.google.com",
"localhost",
"accounts.google.com",
"shop.avala.biz",
"tezgarosi.rs",
"dreamstime.com",
"moj.mts.rs",
"delovionline.rs",
"accounts.google.com",
"m.facebook.com",
"gausi.com",
"localhost",
"mojauto.rs",
"sr.wikipedia.org",
"prijava.eid.gov.rs",
"issuu.com",
"emmezeta.rs",
"freedns.afraid.org",
"evezbaonica.zvkov.gov.rs",
"users.wix.com",
"accounts.google.com",
"euprava.gov.rs",
"maturskiradovi.net",
"smallpdf.com",
"login.yahoo.com",
"rep.avon.rs",
"issuu.com",
"moj.mts.rs",
"sr.wikipedia.org",
"mercedesklub.rs",
"euprava.gov.rs",
"facebook.com",
"sr.m.wikipedia.org",
"wordpress.com",
"kupindo.com",
"odigledolokomotive.rs",
"silux.rs",
"grandkafa.rs",
"avon.rs",
"ipsosanketa.com",
"register.coca-cola.com",
"accounts.google.com",
"25sat.rs",
"m.kupujemprodajem.com",
"accounts.google.com",
"poreklo.rs",
"servisi.pio.rs",
"login.yahoo.com",
"antikvarne-knjige.com",
"register.coca-cola.com",
"accounts.google.com",
"jugoistok.com",
"editor.triobo.com",
"doncafe25sat.rs",
"login.yahoo.com",
"id7.cloud.huawei.com",
"lalafo.rs",
"antikvarne-knjige.com",
"facebook.com",
"jugoistok.com",
"cp.freehostia.com",
"arenabg.ch",
"daewoo.forumpro.eu",
"poreskialarm.purs.gov.rs",
"shop.avala.biz",
"issuu.com",
"skypi.forumsr.com",
"localhost",
"euprava.gov.rs",
"issuu.com",
"onlineotpad.com",
"accounts.google.com",
"nsz.gov.rs",
"accounts.google.com",
"delovionline.rs",
"maturskiradovi.net",
"midi-matrix.com",
"mts.rs",
"160.99.101.201",
"secure.ancestry.com",
"cashbackworld.com",
"muzicari.org",
"accounts.google.com",
"poreskialarm.purs.gov.rs",
"facebook.com",
"facebook.com",
"goranlibrary.iz.rs",
"zoho.eu",
"digitalnagaraza-rs.withgoogle.com",
"en.yumpu.com",
"KomBank.jimba.android.asseco.hr",
"accounts.google.com",
"lalafo.rs",
"est.uni-vt.bg",
"euprava.gov.rs",
"yoosee.com",
"account.dyn.com",
"ana.rs",
"ana.rs",
"ipsosanketa.com",
"cp.freehostia.com",
"leo.rs",
"logocrisp.com",
"kupujemprodajem.com",
"sr-rs.facebook.com",
"accounts.google.com",
"dropbox.com",
"en.wikipedia.org",
"android.instagram.com",
"mlite.facebook.com",
"arenabg.com",
"auction.bg",
"aksa.com",
"panelist.cint.com",
"skypi.cheap-forum.com"
],
"outlook": "-",
"price": "10.00",
"province": "Central Serbia",
"size": "0.14Mb",
"stealer": "lumma ",
"vendor": "Mo####yf [Diamond]"
}
Infected Device - Accounts for "purs.gov.rs" were observed for sale on the Russian Market, On Jul 14, 2023
Quote:{
"country": "RS",
"date": "2023.07.06",
"files": "archive.zip",
"id": "11536598",
"isp": "TELEKOM-BB",
"links": [
"login.yahoo.com",
"homemadetools.net",
"secure.limundo.com",
"secure.limundo.com",
"grindplay.com",
"secure.limundo.com",
"misumi-ec.com",
"facebook.com",
"gmx.com",
"omron-ap.com",
"aliexpresshd.alibaba.com",
"android.degoo.com",
"www-dctech-com-au.secure-aus.com",
"sale.aliexpress.com",
"limundo.com",
"manualslib.com",
"twitter.com",
"login.live.com",
"spreadsheetbooster.com",
"kupujemprodajem.com",
"udemy.com",
"login.live.com",
"lakodoposla.com",
"twitter.com",
"linkedin.com",
"login.aliexpress.com",
"b2b.partcommunity.com",
"dropbox.com",
"mazdaclub.rs",
"kupindo.com",
"surveymonkey.com",
"pa.android.infostud.com",
"jakovsistem.com",
"authentication.b2c.mol.hu",
"halooglasi.com",
"hv.adeus.de",
"localhost",
"registracija.eid.gov.rs",
"equateplus.com",
"wish.com",
"endpoint2.api.enpay.rs",
"autoscout24.com",
"accounts.google.com",
"e-zdravlje.gov.rs",
"napapijri.rs",
"hv.adeus.de",
"accounts.firefox.com",
"limundo.com",
"etc.roads.org.mk",
"katana.facebook.com",
"eid.gov.rs",
"mts.rs",
"2020.limundo.com",
"accounts.google.com",
"localhost",
"instagram.com",
"prijava.eid.gov.rs",
"endpoint2.api.enpay.rs",
"Serbia.android.huawei.com",
"mobile.equatex.com",
"rs.accounts.ikea.com",
"limundo.com",
"dropbox.com",
"Serbia.android.huawei.com",
"poreskialarm.purs.gov.rs",
"rs-online.com",
"account.booking.com"
],
"outlook": "-",
"price": "10.00",
"province": "Belgrade",
"size": "0.67Mb",
"stealer": "Redline ",
"vendor": "sm####ez bronze"
}
There is no patch for stupidity - Kevin Mitnick
Posts: 442
Threads: 228
Joined: Oct 2023
Reputation:
156
Quote:"purs.gov.rs" has been detected in the "QA" Postman Collection
"id": "6d5c246a-9cca-4e6e-9778-1cf5a0a5af45",
"name": "Fiskalni racun",
"dataMode": "raw",
"data": null,
"rawModeData": "[\r\n {\r\n \"journal\": \"============ \u0424\u0418\u0421\u041a\u0410\u041b\u041d\u0418 \u0420\u0410\u0427\u0423\u041d ============\\r\\n\u041f\u0418\u0411: 112591486\\r\\n\u041f\u0440\u0435\u0434\u0443\u0437\u0435\u045b\u0435: Loads King\\r\\n\u041c\u0435\u0441\u0442\u043e \u043f\u0440\u043e\u0434\u0430\u0458\u0435: Loads King\\r\\n\u0410\u0434\u0440\u0435\u0441\u0430: Mlatisumina 5.\\r\\n\u041e\u043f\u0448\u0442\u0438\u043d\u0430: \u0412\u0440\u0430\u0447\u0430\u0440\\r\\n\u041a\u0430\u0441\u0438\u0440: \\r\\n\u0415\u0421\u0418\u0420 \u0431\u0440\u043e\u0458: 854/1.0\\r\\n-------------\u041f\u0420\u041e\u041c\u0415\u0422 \u041f\u0420\u041e\u0414\u0410\u0408\u0410-------------\\r\\n\u0410\u0440\u0442\u0438\u043a\u043b\u0438\\r\\n========================================\\r\\n\u041d\u0430\u0437\u0438\u0432 \u0426\u0435\u043d\u0430 \u041a\u043e\u043b. \u0423\u043a\u0443\u043f\u043d\u043e\\r\\nTrotinet 2 (1) (A) \\r\\n 143,45 2 286,90\\r\\n----------------------------------------\\r\\n\u0423\u043a\u0443\u043f\u0430\u043d \u0438\u0437\u043d\u043e\u0441: 286,90\\r\\n\u041f\u043b\u0430\u0442\u043d\u0430 \u043a\u0430\u0440\u0442\u0438\u0446\u0430: 243,45\\r\\n========================================\\r\\n\u041e\u0437\u043d\u0430\u043a\u0430 \u0418\u043c\u0435 \u0421\u0442\u043e\u043f\u0430 \u041f\u043e\u0440\u0435\u0437\\r\\nA VAT 9,00% 23,69\\r\\n----------------------------------------\\r\\n\u0423\u043a\u0443\u043f\u0430\u043d \u0438\u0437\u043d\u043e\u0441 \u043f\u043e\u0440\u0435\u0437\u0430: 23,69\\r\\n========================================\\r\\n\u041f\u0424\u0420 \u0432\u0440\u0435\u043c\u0435: 17.04.2022. 20:14:17\\r\\n\u041f\u0424\u0420 \u0431\u0440\u043e\u0458 \u0440\u0430\u0447\u0443\u043d\u0430: F7CBZMLQ-Dt1Ov1o0-1900\\r\\n\u0411\u0440\u043e\u0458\u0430\u0447 \u0440\u0430\u0447\u0443\u043d\u0430: 1652/1900\u041f\u041f\\r\\n========================================\\r\\n======== \u041a\u0420\u0410\u0408 \u0424\u0418\u0421\u041a\u0410\u041b\u041d\u041e\u0413 \u0420\u0410\u0427\u0423\u041d\u0410 =========\\r\\n\",\r\n \"orderID\": \"G37WG-F9X5F-FBA-1\",\r\n \"messages\": \"Success\",\r\n \"invoiceType\": \"NORMAL\",\r\n \"merchantTin\": \"111606273\",\r\n \"invoiceNumber\": \"G37WG-F9X5F-FBA-1\",\r\n \"invoiceCounter\": \"G37WG-F9X5F-consolid-2\",\r\n \"transactionType\": \"SALE\",\r\n \"verificationUrl\": \"https://sandbox.suf.purs.gov.rs/v/?vl=A0Y3Q0JaTUxRRHQxT3YxbzBsBwAAdAYAAAjHKwAAAAAAAAABgDi7kEAAAAAGIRnzXKM9ykNaa08%2FKU6sgWo%2FTFfBh87m9vQUGRtO40%2FJSdHzXP3bjZ00Q0kyNcUchWniheoljobIjbxlIYfqcF%2BdWAArYMiV6ys2Qs5tekgLLqZgJw2jnCFyY8wu8gMMoQFBjBn%2BfYL6%2F%2Bqh2KfBucKLaBGxBtbIu4ZbPOPRGZ2f1CO%2BeUSB15fQkJlzP7j2vQZ1adkZB0NS1qGrfm7jju%2FCaJs1h2w7Sshoj%2Fo2x75DDiaV8lKd9JqVTyo2vNgszPWtYPUARNK7qhv69nmeJv86TSrUIvCUGjrk8LJ3Dd2XRGW92eVDiG2j96hcD84Kyt1K3buWnB45e3OImH8M2xxy7kQRJmDWy5f9fhFKhiJv0DjIcfjXbNQNsRIRIs%2FZa2ydWT60C8p%2BChVGiWm1Nm4IOh7cr8cN0oa9gY8fFrAJR4C8jboQoQeXWq63XkayjQJsUn7UCVLLSCtnaJ77sS6ugcWulr85vUMuw%2FM0U1ZKI%2BByqbSuZNPo417DThOLvn1V0kDH5WL1QlviGflrcmo5r2EDH9YGYn3VAwETBBWhYun27DkmJ%2B%2BkR0R2QxTUAEP4cKB8PMrNQBE4xMadIikwKIPeFzr%2B466Bes6MUUn41lm5l1Qzs9DRZbLRTvJj6Nfh0mzxFBafE35%2F4D6VXgQx7liovuscJnF4OG48Xd78bUJ%2Bq1iMB4K3UOoHo%2FU%3D \",\r\n \"fiscalizationDate\": \"2022-05-31 10:58:30\"\r\n }\r\n]\r\n\r\n// OrderID should be child order ID if it is DS order or grandchild order ID in case of AD order, if transaction type is SALE.\r\n// If invoice correction needs to be issued then in case of lost, damaged and failed delivery statuses, orderID should be child order ID for DS orders and grandchild order ID for AD orders, but\r\n// In case of returns and claims, customer case ID should be used as orderID.\r\n// MerchantTin should be Merchant pib number.\r\n// And transactionType should be SALE for invoice and REFUND for invoice correction.\r\n// Other fields in this request are not relevant and can be copied from this example",
"purs.gov.rs" has been detected in the "elefakt API" Swagger API documentation
Quote:"verificationUrl": {
"type": "string",
"example": "https://sandbox.suf.purs.gov.rs/v/?vl=A1dERUdFQURTRHQxT3YxbzC%2FAAAATwAAAICEHgAAAAAAAAABgyxwwhcDAAw...."
},
There is no patch for stupidity - Kevin Mitnick
Posts: 442
Threads: 228
Joined: Oct 2023
Reputation:
156
There is no patch for stupidity - Kevin Mitnick
|
