Login

***Petar*** · (This post was last modified: 10-16-2022, 07:25 PM by Petar.)

http://autoplacevi.rs/
https://sitecheck.sucuri.net/results/autoplacevi.rs
https://www.virustotal.com/gui/url/2b411...?nocache=1

Filename: autoplacevi.rs-siteguardian.png Size: 81.23 KB 10-16-2022, 06:47 PM

http://euroguma.rs
https://www.fortiguard.com/webfilter?q=e...&version=9
https://www.virustotal.com/gui/url/2b411...je.gov.rs/

Filename: euroguma.rs-blacklist.png Size: 43.82 KB 10-16-2022, 07:25 PM

***maxxa*** · 10-17-2022, 09:27 AM

Uh lista blacklistovanih je velika Big Grin

Šta kažu ostali, da za svaki sajt otvaramo novu temu ili da rokamo sve ovde?

1van · 10-17-2022, 09:35 AM

Kako god vama lakše, čitaju nas svakako Smile

***maxxa*** · 10-18-2022, 07:45 AM

Ja bih nastavio ovde jer ima toga dosta Smile

***maxxa*** · 10-18-2022, 08:49 AM

osim euroguma tu je i beoguma:
hxxp[:]//beoguma.com/rs-plugin/js/jquery[.]themepunch[.]revolution[.]min[.]js
hash: B3BE6A5785A68DDF5F708D50ECEB9D52
JS/Agent.PIV trojan

https://www.virustotal.com/gui/url/7a0a5...b98465ff6c

***maxxa*** · (This post was last modified: 10-18-2022, 09:03 AM by maxxa.)

hxxp[:]//www[.]img[.]rs/js/accordion/custom[.]js
hxxp[:]//www[.]img[.]rs/js/carousel/custom[.]js
hxxp[:]//www.img[.]rs/js/carousel/jquery[.]flexslider[.]js
hxxp[:]//www.img[.]rs/js/carousel/jquery[.]jcar

https://www.virustotal.com/gui/url/50770...ed61b377db

Zanimljivo je da sucuri, urlquery i scumware ne nalaze da je nešto maliciotno, fortiguard kaže Category: Malicious Websites

***maxxa*** · (This post was last modified: 10-18-2022, 11:55 AM by maxxa.)

hxxp[:]//inter-auto[.]rs/wp-content/plugins/contact-form-7/includes/js/scripts[.]js?ver=4.3.1
JS/Agent.PHC trojan: 54C189361DFCB2224F81F38A521D2440

hxxp[:]//inter-auto[.]rs/wp-content/themes/interauto/js/jquery[.]bxslider[.]min[.]js?ver=4.4.25
JS/Agent.PHC trojan: 5E9747B704DD158CF2DE13705C420601

hxxp[:]//inter-auto[.]rs/wp-content/plugins/contact-form-7/includes/js/jquery[.]form[.]min[.]js?ver=3.51.0-2014.06.20
JS:Trojan.Cryxos.6843: 099FD03DD941CAB737A488E5AEE027E8

hxxp[:]//inter-auto[.]rs/wp-content/themes/interauto/js/jquery[.]fancybox[.]pack[.]js?ver=4.4.25
JS/Agent.PHC trojan: 4060E299A709EC281D882A8F9A71B958

hxxp[:]//inter-auto[.]rs/wp-content/themes/interauto/js/jquery[.]bxslider[.]min[.]js
JS/Agent.PHC trojan: 5E9747B704DD158CF2DE13705C420601

https://www.virustotal.com/gui/url/92f18...75fda5fa4d

***Petar*** · 10-31-2022, 09:29 AM

flylondonsrbija[.]rs

https://urlscan.io/result/63745e4c-293f-...3f021b81b/ kako izgleda
https://www.virustotal.com/gui/domain/fl...nsrbija.rs
--- sporni fajlovi:
/runtime-es5.648fda581d7a6cd478a6.js
/polyfills-es5.5e657f60015c1df344ba.js
/polyfills-es2015.1c036d218568a752e64f.js
/main-es2015.165e48017044d4593db0.js
/main-es5.165e48017044d4593db0.js

https://www.fortiguard.com/webfilter?q=f...&version=9

Filename: flylondonsrbija.PNG Size: 79.34 KB 10-31-2022, 09:28 AM

***Petar*** · 10-31-2022, 12:11 PM

http: // www.vakel[.]rs

"Error: TLS certificate does not match the host name"
Outdated/vulnerable Apache

https://www.virustotal.com/gui/url/ce218...?nocache=1
https://sitecheck.sucuri.net/results/vakel.rs

Filename: vakel.rs.png Size: 27.42 KB 10-31-2022, 12:08 PM

https://threatcenter.crdf.fr/check.php

Filename: vakel.rs-crdf.png Size: 25.47 KB 10-31-2022, 12:09 PM

Webroot:

***Petar*** · 10-31-2022, 12:21 PM

IMPULSCENTAR [.] RS

https://sitecheck.sucuri.net/results/IMPULSCENTAR.RS
https://www.virustotal.com/gui/url/58dc1...d5491c6232

webroot:

Filename: impulscentar.rs-webroot.png Size: 77.66 KB 10-31-2022, 12:14 PM

Dosta cudnih JS funkcija.
Veroratno je potrbna dodatna dublja analiza.
https://urlquery.net/report/31eb0c97-689...0e59bb5fbe

Anyrun ne prepoznaje ni jedan tip iz Mitre&ATT&CK matrice sto je veoma redak slucaj, meni je ovo dosta sumnjivo jer moze znaciti da namerno sve napravljeno da bas ove tehnike moze zaobici.

Login
Username/Email:
Password:	Lost Password?
	Remember me