Normally VT does not flag such sites: https://www.virustotal.com/nl/url/607059facef1d8f23acc5cff30e4caf1ea574f0459f679d87d50ebe1a99e8f9c/analysis/1444767803/
Here they are always given be it malicious or benign: http://killmalware.com/handa-wanda.com/#
Sucuri has it also:
ISSUE DETECTED DEFINITION INFECTED URL
Defacement MW:DEFACED:01 -http://www.handa-wanda.com
Defacement MW:DEFACED:01 -http://www.handa-wanda.com/404testpage4525d2fdc **
Defacement MW:DEFACED:01 -http://www.handa-wanda.com/404javascript.js
Defacement MW:DEFACED:01 -http://www.handa-wanda.com/404javascript.js
Web site defaced. Details: http://sucuri.net/malware/entry/MW:DEFACED:01
Hacked BY AlaaCoolspan.SpellE{}
See code ** here: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.handa-wanda.com%2F404testpage4525d2fdc (6 sources and 12 sinks found up).
Quttera flags one malicious file:
index.html
Severity: Malicious
Reason: Detected malicious PHP content
Details: Website Potentially Defaced
Offset: 220
Threat dump, see : http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.handa-wanda.com%2Findex.html
Threat dump MD5: 5E56CC92D2216C221F49C12898F0106F
File size[byte]: 16022
File type: HTML
Page/File MD5: 24C1CD0EC35305EB4D7F43172EBC72A6
polonus
