holpo
1
Defacement signatures
goddogproducciones dot com is defaced! See more details below.
The following signature was found:
!-- Hacked by No Name Cyber Team –
This signature was found in 17 websites.
Re: http://killmalware.com/goddogproducciones.com/
See: ISSUE DETECTED DEFINITION INFECTED URL
Website Malware malware-entry-mwanomalysp7?v53 htxp://goddogproducciones.com
Website Malware malware-entry-mwanomalysp7?v53 htxp://goddogproducciones.com/404javascript.js
Known javascript malware. Details: http://labs.sucuri.net/db/malware/malware-entry-mwanomalysp7?v53
Missed: https://www.virustotal.com/en/url/72c3aa46d89162e15badda860ec7ab71a09db323e8ed5b008e00156bf955d622/analysis/1427668093/
See: attached for the suspicious file that Quttera detects.
Suricata IDS alerts for “ET WEB_CLIENT Hex Obfuscation of Script Tag % Encoding”,
see here: https://urlquery.net/report.php?id=1427668260150
polonus
holpo
2
Riskware.Script.BetterSurf.ctbzhb not being detected by Avast Web Shield, no warning either.
polonus
holpo
3
Another example: http://killmalware.com/rateapartner.com/
Not here: http://www.bonasera.org/?tag=wwwrateapartnercom
http://rateapartner.com links to the following External Domains:
==>apisurftasticnet-a.akamaihd.net
==>youtube.com
Detected Riskware.Script.BetterSurf.ctbzhb
List of scripts included
htxp://apisurftasticnet-a.akamaihd.net/gsrs?is=amp1lmeg&bp=PB&g=f47f4329-19a1-4111-a256-13a763f5939d
Defacement MW:DEFACED:01 htxp://rateapartner.com
Defacement MW:DEFACED:01 htxp://rateapartner.com/404javascript.js
Web site defaced. Details: http://sucuri.net/malware/entry/MW:DEFACED:01
.:: Hacked By Taz ::.
Missed by Quttera's: http://quttera.com/detailed_report/rateapartner.com
pol
holpo
4
holpo
5