See: http://killmalware.com/twistedtruths.info/
Missed: https://www.virustotal.com/nl/url/915e7fcb01b6a36dff313656f5dd214a414bb88e22c838ec63fbeb78e34c10a4/analysis/1460810076/
Quttera flags the malicious javascript code: /index.html
Severity: Malicious
Reason: Detected encoded JavaScript code commonly used to hide malicious behaviour.
Details: Website is defaced
System Details:
Running on: Apache/2.4.12 *
Powered by: PHP/5.4.43
Overview
By default, excessive information about the server and frameworks used by an server application are returned in the response headers. These headers can be used to help identify security flaws which may exist as a result of the choice of technology exposed in these headers.
Result
The address you entered is unnecessarily exposing the following response headers which divulge its choice of web platform:
Server: Apache/2.4.12 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4
X-Powered-By: PHP/5.4.43
Configuring the application to not return unnecessary headers keeps this information silent and makes it significantly more difficult to identify the underlying frameworks.
Websites are at risk of a clickjacking attack when they allow content to be embedded within a frame. An attacker may use this risk to invisibly load the target website into their own site and trick users into clicking on links which they never intended to. An “X-Frame-Options” header should be sent by the server to either deny framing of content, only allow it from the same origin or allow it from a trusted URIs.
Result
It doesn’t look like an X-Frame-Options header was returned from the server which means that this website could be at risk of a clickjacking attack. Add a header to explicitly describe the acceptable framing practices (if any) for this site.
Re: http://toolbar.netcraft.com/site_report?url=http://www.twistedtruths.info
and http://toolbar.netcraft.com/site_report?url=http://vic.victoryehosting.com
See: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fvic.victoryehosting.com%2Fcgi-sys%2Fdefaultwebpage.cgi
We have insecurity because we see a self-signed certificate installed: Self-signed certificate is installed
-victoryehosting.com
This is not a Symantec certificate.
Please contact the Certificate Authority for further verification.
You have 1 error
Wrong certificate installed.
The domain name does not match the certificate common name or SAN.
Warnings
BEAST
The BEAST attack is not mitigated on this server.
RC4
This server uses the RC4 cipher algorithm which is not secure. Disable the RC4 cipher suite and update the server software to support the Advanced Encryption Standard (AES) cipher algorithm. Contact your web server vendor for assistance.
SSLv3
This server uses the SSLv3 protocol which is not secure. Disable the SSLv3 protocol and enable a higher protocol version. Contact your web server vendor for assistance.
Root installed on the server.
For best practices, remove the self-signed root from the server.
This server is vulnerable to:
Poodle (SSLv3)
This server is vulnerable to a Poodle (SSLv3) attack. If you have not disabled SSLv3 fallback support, disable it now and use TLS 1.2 or higher.
Certificate information
Common name:
-vic.victoryehosting.com
SAN:
Valid from:
2015-Nov-19 09:17:53 GMT
Valid to:
2016-Nov-18 09:17:53 GMT
Certificate status:
Unknown
Revocation check method:
Not available
Organization:
Organizational unit:
City/locality:
State/province:
Country:
Certificate Transparency:
Not Enabled
Serial number:
021becf5
Algorithm type:
SHA256withRSA
Key size:
2048
Certificate chainShow details
vic.victoryehosting.comRoot certificate
Server configuration
Host name:
162.144.249.165
Server type:
Apache/2.4.12 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4
IP address:
162.144.249.165
Port number:
443
SSL/TLS compression:
Not Enabled
Heartbeat (extension):
Enabled
RC4:
Enabled
OCSP stapling:
Not Enabled
Protocols enabled:
TLS1.2
TLS1.1
TLS1.0
SSLv3
Protocols not enabled:
SSLv2
Vulnerabilities checked:
Heartbleed
Poodle (TLS)
Poodle (SSLv3)
FREAK
BEAST
CRIME
polonus (volunteer website security analyst and website error-hunter)