See: http://killmalware.com/catambiental.com.ar/#
see: https://www.virustotal.com/en/url/870ebf44ffdde27a55a1c4eb12061705e90b4413e3c9a8e63c68ad233c107e48/analysis/1417444422/
Blacklisted: http://quttera.com/detailed_report/www.catambiental.com.ar
Website Defaced (hacked.( View Payload )
Defacement MW:DEFACED:01 htxp://www.catambiental.com.ar/404testpage4525d2fdc
Defacement MW:DEFACED:01 htxp://www.catambiental.com.ar/404javascript.js
Defacement MW:DEFACED:01 htxp://www.catambiental.com.ar/404javascript.js
IP badness history: https://www.virustotal.com/en/ip-address/75.102.8.66/information/
avast detects from IP: VBS:Dropper-DF [Trj] & HTML:Phishing-Q [Trj] & HTML:Phishing-AC [Trj]
The defacepage code is like this one: htxps://www.facebook.com/xPhir3x/posts/393238374073879
so-called SHORTCUT ICON C99shell defacement hack → htxps://hackrianil.wordpress.com/2013/06/12/htmlhead-titlehackedtitlelink-relshortcut-icon-hrefhttpfiles-softicons-comdownloadweb-ic/
pol