Malicious defacement of website detected...

polonus · September 22, 2015, 4:57pm

See: http://killmalware.com/kimbuttar.com/#
Analysis of the hack: https://rstforums.com/forum/97995-hacked-peyman-siyahi.rst
See: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.kimbuttar.com%2F *
Missed as allegedly non-malicious: https://www.virustotal.com/nl/url/7f1ac2739385b7a36e4e4903c6426114d43f00f555e18a81adb67a7e2118a41c/analysis/1442940370/
Given as potentially suspicious: index.html
Severity: Potentially Suspicious
Reason: Detected procedure that is commonly used in suspicious activity.
Details: Detected obfuscated JavaScript content commonly used used to hide suspicious activity
Threat dump: View code see *
Threat dump MD5: 1061E66EAE85667B59E85692D2B53F6F
File size[byte]: 12327
File type: HTML
Page/File MD5: B0200B8F658D6AC9609769D569F4D4C5
Scan duration[sec]: 0.056000

polonus

Pondus · September 22, 2015, 5:13pm

polonus · September 22, 2015, 5:56pm

We are being protected by Avast.

polonus

Pondus · September 22, 2015, 6:23pm

Message from F-Secure

================================================================
The HTML file does not contains any malicious code. It just the hacker obfuscated script for the page.
However we have add a compromised rating for the URL for now.