Site probably hacked?

Viruses and worms
1

50.000 websites are being hacked every single day. One example from the Netherlands, provided by http://www.xatrix.org/def.php?d=

See on Xatrix Security: wXw.novisia.nl was hacked and defaced on Thu, 08 May 2014 23:12:11 +0200.
Following a submitted report from a group or an individual called d3b~X (Indonesian ftp /~gif hack), our robots made a screenshot of the website.
At that time, the website’s IP address was 92.68.241.67 which places it in Netherlands, geographically.
See: http://dev.badips.com/info/92.68.241.67
Scan results: http://killmalware.com/www.novisia.nl/http://toolbar.netcraft.com/site_report?url=http://www.novisia.nl
Probably via a [nagios]check_ssh -p hack *
Offline now: http://urlquery.net/report.php?id=1399980396495 - empty response received for htxp://www.novisia.nl/
Reminder of compromittal: htxp://www.novisia.nl/test404page.js
500 Can’t connect to www.novisia.nl:80 (Ð’ соединении отказано) *
Content-Length: 208
Content-Type: text/plain
DNS check for hoster: http://dnscheck.sidn.nl/?time=1399980661&id=1750282&view=basic&test=standard
http://toolbar.netcraft.com/site_report?url=http://remote.hocsite.com

polonus

2

This site has been hacked in the past and might just still be vulnerable (Joomla insecurities via JCE’s Joomla extension vulnerabilities,
maliciousJavascript Injections.
For the hack and defacement see: http://www.xatrix.org/def.php?d=www.superdach.pl

No alerts here: http://sitecheck.sucuri.net/results/www.superdach.plhttp://urlquery.net/report.php?id=1399986273037

See: http://fetch.scritch.org/%2Bfetch/?url=www.superdach.pl&useragent=Fetch+useragent&accept_encoding=

The phishing going on on site is still up and active: http://support.clean-mx.com/clean-mx/phishing.php?id=4368687
flagged: https://www.virustotal.com/nl/url/b4d2eba2ec7fb3015230ee2866131fafb6f1ce75608b1a21617efe85da29284c/analysis/1399986876/

given as benign here: http://zulu.zscaler.com/submission/show/31ce69ef7fc6114edcbbfb0f0be6a395-1399986975

pol

3

Not detected on VT: htxp://desifactor.co.uk/
See detection here: http://maldb.com/desifactor.co.uk/#
Not flagged by avast!

Defacement check: Suspicion

ion: keep-alive hacked by trickster. <img src="htxp://u1307.hizliresim.com/1c/m/qh1vj…

Sucuri detects: http://sitecheck.sucuri.net/results/desifactor.co.uk/

pol