+- Bezbedan Balkan (https://bezbedanbalkan.net)
+-- Forum: Bezbednost privatnih resursa (https://bezbedanbalkan.net/forum-12.html)
+--- Forum: Kompromitovani resursi (https://bezbedanbalkan.net/forum-13.html)
+--- Thread: Bleklistovani domaci sajtovi (/thread-161.html)
Bleklistovani domaci sajtovi - Petar - 10-16-2022
http://autoplacevi.rs/
https://sitecheck.sucuri.net/results/autoplacevi.rs
https://www.virustotal.com/gui/url/2b411c5598e16151a167ea6fdc91ba4999c73a2281a3c186291da30aa25769d7?nocache=1
http://euroguma.rs
https://www.fortiguard.com/webfilter?q=euroguma.rs&version=9
https://www.virustotal.com/gui/url/2b411c5598e16151a167ea6fdc91ba4999c73a2281a3c186291da30aa25769d7?nocache=1https://inovacije.gov.rs/
RE: Bleklistovani domaci sajtovi - maxxa - 10-17-2022
Uh lista blacklistovanih je velika
Šta kažu ostali, da za svaki sajt otvaramo novu temu ili da rokamo sve ovde?
RE: Bleklistovani domaci sajtovi - 1van - 10-17-2022
Kako god vama lakše, čitaju nas svakako
RE: Bleklistovani domaci sajtovi - maxxa - 10-18-2022
Ja bih nastavio ovde jer ima toga dosta
RE: Bleklistovani domaci sajtovi - maxxa - 10-18-2022
osim euroguma tu je i beoguma:
hxxp[:]//beoguma.com/rs-plugin/js/jquery[.]themepunch[.]revolution[.]min[.]js
hash: B3BE6A5785A68DDF5F708D50ECEB9D52
JS/Agent.PIV trojan
https://www.virustotal.com/gui/url/7a0a5836494fb6c91e64660b51a116f081516034a3ec5321121272b98465ff6c
RE: Bleklistovani domaci sajtovi - maxxa - 10-18-2022
hxxp[:]//www[.]img[.]rs/js/accordion/custom[.]js
hxxp[:]//www[.]img[.]rs/js/carousel/custom[.]js
hxxp[:]//www.img[.]rs/js/carousel/jquery[.]flexslider[.]js
hxxp[:]//www.img[.]rs/js/carousel/jquery[.]jcar
https://www.virustotal.com/gui/url/507701512034ac9fd0f5ba9fcbf5f14822eac6cf07a497e0934366ed61b377db
Zanimljivo je da sucuri, urlquery i scumware ne nalaze da je nešto maliciotno, fortiguard kaže Category: Malicious Websites
RE: Bleklistovani domaci sajtovi - maxxa - 10-18-2022
hxxp[:]//inter-auto[.]rs/wp-content/plugins/contact-form-7/includes/js/scripts[.]js?ver=4.3.1
JS/Agent.PHC trojan: 54C189361DFCB2224F81F38A521D2440
hxxp[:]//inter-auto[.]rs/wp-content/themes/interauto/js/jquery[.]bxslider[.]min[.]js?ver=4.4.25
JS/Agent.PHC trojan: 5E9747B704DD158CF2DE13705C420601
hxxp[:]//inter-auto[.]rs/wp-content/plugins/contact-form-7/includes/js/jquery[.]form[.]min[.]js?ver=3.51.0-2014.06.20
JS:Trojan.Cryxos.6843: 099FD03DD941CAB737A488E5AEE027E8
hxxp[:]//inter-auto[.]rs/wp-content/themes/interauto/js/jquery[.]fancybox[.]pack[.]js?ver=4.4.25
JS/Agent.PHC trojan: 4060E299A709EC281D882A8F9A71B958
hxxp[:]//inter-auto[.]rs/wp-content/themes/interauto/js/jquery[.]bxslider[.]min[.]js
JS/Agent.PHC trojan: 5E9747B704DD158CF2DE13705C420601
https://www.virustotal.com/gui/url/92f182c1b71acf0b73b99505852adcaa35c707769f8715faa8a4d075fda5fa4d
RE: Bleklistovani domaci sajtovi - Petar - 10-31-2022
flylondonsrbija[.]rs
https://urlscan.io/result/63745e4c-293f-446d-a999-7763f021b81b/ kako izgleda
https://www.virustotal.com/gui/domain/flylondonsrbija.rs
--- sporni fajlovi:
/runtime-es5.648fda581d7a6cd478a6.js
/polyfills-es5.5e657f60015c1df344ba.js
/polyfills-es2015.1c036d218568a752e64f.js
/main-es2015.165e48017044d4593db0.js
/main-es5.165e48017044d4593db0.js
https://www.fortiguard.com/webfilter?q=flylondonsrbija.rs&version=9
RE: Bleklistovani domaci sajtovi - Petar - 10-31-2022
http: // www.vakel[.]rs
"Error: TLS certificate does not match the host name"
Outdated/vulnerable Apache
https://www.virustotal.com/gui/url/ce218683d3a3c910ba0d9ed5f13fb99a3d96988c412d26ce5f23af7a5e675d38?nocache=1
https://sitecheck.sucuri.net/results/vakel.rs
https://threatcenter.crdf.fr/check.php
Webroot:
RE: Bleklistovani domaci sajtovi - Petar - 10-31-2022
IMPULSCENTAR [.] RS
https://sitecheck.sucuri.net/results/IMPULSCENTAR.RS
https://www.virustotal.com/gui/url/58dc1942d0e5cc07fde82a6a355610775c66df53ac335653dfdff8d5491c6232
webroot:
Dosta cudnih JS funkcija.
Veroratno je potrbna dodatna dublja analiza.
https://urlquery.net/report/31eb0c97-6891-499c-b036-1d0e59bb5fbe
Anyrun ne prepoznaje ni jedan tip iz Mitre&ATT&CK matrice sto je veoma redak slucaj, meni je ovo dosta sumnjivo jer moze znaciti da namerno sve napravljeno da bas ove tehnike moze zaobici.