Hi,
I wanted to access the website of a small film distribution company called Vitra Film (www.vitrafilm.com.pl/index.php). I typed in “vitrafilm.com.pl” - it shows a white page with text something like “Brazilian Hackers … hacked by KingBack” etc. and plays music. Is this site safe / only blocked like that? Or is it used by hackers to gain access to computers connecting with it?
I have avast Pro Antivirus - it didn’t react in any way. Does that mean it’s safe?
It is hacked / defaced (you may need to click rescan to see it) >> http://killmalware.com/www.vitrafilm.com.pl/index.php#
Blacklisted >> https://www.virustotal.com/en/url/cc4b57d1c58bafffdd246a96400b33409f1fc6dc560f90a466c1feeabffa537a/analysis/1480185493/
Defaced >> https://sitecheck.sucuri.net/results/www.vitrafilm.com.pl
www.vitrafilm.com.pl and vitrafilm.com.pl are two different sites.
Thank you for the quick response. So do I have anything to worry about if I accessed it?
Defaced websites are usually not malicious, and this seems to be the case here
All green means all good, thank you for the answer 
Witam radekk,
The website is being flagged for PHISHing: http://urlquery.net/report.php?id=1480206082588
Gmane flags: -79.96.61.44 to -79.96.61.44 -vitrafilm.com.pl htxp://www.vitrafilm.com.pl/phpThumb/cache/a/af/dd/usaa_com/inetlogon/servelet_usaa/index2.php?jid=;b7242a6ea4dc97c9fbd4f88211e5e6a7b7242a6ea4dc97c9fbd4f88211e5e6a7 (this was 5 months ago)
They should do a shellshock test on that idea web server v. v0/800, because it could be vulnerable.
You were right as there is a link to hackers → GET /DefacePage/negro dot cur HTTP/1.1 Host: -hellox.persiangig.com
Read about it here: htxp://smartbusinesslounge.com/index.php_hack (blocked as it should come like that here).
pozdrawiam,
polonus
Witam
But as a random person who just opened the website, do I need to worry about anything?
Malwarebytes Anti-Malware, avast Pro and F-Secure Online Scanner say I’m clean.
I also checked the hosts file in my system32 - nothing unusual.
Cześć radekk,
Strona trochę dla mnie pojderzana.
Suspicious. Better not visit until cleansed properly.
Server Redirect / Status Code: 0, Content cannot be read!
Site-Wide Check
Suspicious
hgxdspxq9ag2mr6wtrtaskhwsehw">cilis kaufen deutsch, cilis rezeptfrei packstation, ci*alis in kanada …<div cl
pharma spam.
Defaced, see line 54: https://aw-snap.info/file-viewer/?tgt=http%3A%2F%2Fwww.vitrafilm.com.pl&ref_sel=GSP2&ua_sel=ff&fs=1
What defacement, see and read here: https://gist.github.com/anonymous/d75ffd4a86e342869325
You may inform the admin of the site, and refer to this thread,
pozdrawiam,
polonus
I’ve sent an email to the owner of the site.
Nie jestem w żaden sposób powiązany z tą stroną, ot przypadkowy użytkownik Mam tylko nadzieję, że nie naraziłem własnego komputera na niebezpieczeństwo.
Pozdrawiam
Cześć radekk,
Hasło to PHISHING.
Może przez tych cwaniaków będzie SPAM z Gdańska i nic więcej!
Re: http://urlquery.net/report.php?id=1480259691651
Phishwatch
Up(nil): 79.96.61.44 to 79.96.61.44 -vitrafilm.com.pl -http://www.vitrafilm.com.pl/phpThumb/cache/a/af/dd/usaa_com/inetlogon/servelet_usaa/contact.php
Up(nil): 79.96.61.44 to 79.96.61.44 -vitrafilm.com.pl -http://www.vitrafilm.com.pl/phpThumb/cache/a/af/dd/usaa_com/inetlogon/servelet_usaa/index2.php
Up(nil): 79.96.61.44 to 79.96.61.44 -vitrafilm.com.pl -http://www.vitrafilm.com.pl/phpThumb/cache/a/af/dd/usaa_com/inetlogon/servelet_usaa/pin.php
Up(nil): 79.96.61.44 to 79.96.61.44 -vitrafilm.com.pl -http://www.vitrafilm.com.pl/phpThumb/cache/a/af/dd/usaa_com/inetlogon/servelet_usaa/question.php
Up(nil): 216.55.166.38 to 216.5
pozdrawiam
polonus
Świetnie! Wielkie dzięki za zainteresowanie i pomoc
Pozdrawiam!