Website only blacklisted or with malware?

Viruses and worms
1

See: https://www.virustotal.com/nl/url/e5069e31d176875df807108e450b5c1f5f267ff57434ad62ec4c1f6fdce964c7/analysis/#additional-info
See: http://killmalware.com/dubs.ru/
Sucuri detects malware: ISSUE DETECTED DEFINITION INFECTED URL
Website Malware MW:JS:GEN2?web.html.flash-injection.001 -http://www.dubs.ru/
Website Malware MW:JS:GEN2?web.html.flash-injection.001 -http://www.dubs.ru/404testpage4525d2fdc
Website Malware MW:JS:GEN2?web.html.flash-injection.001 -http://www.dubs.ru/404javascript.js
Website Malware MW:JS:GEN2?web.html.flash-injection.001 -http://www.dubs.ru/?page_id=741
Website Malware MW:JS:GEN2?web.html.flash-injection.001 -http://www.dubs.ru/?page_id=739
Website Malware MW:JS:GEN2?web.html.flash-injection.001 -http://www.dubs.ru/?page_id=740
Known javascript malware. Details: http://sucuri.net/malware/entry/MW:JS:GEN2?web.html.flash-injection.001

43 malicious files detected by Quttera’s: Detected reference to malicious blacklisted domain www.dubs.ru, referencing to a Quttera’s blacklisted domain. Blacklisted: http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=dubs.ru
PHP version’s security vulnerabilities":
http://www.cvedetails.com/vulnerability-list/vendor_id-74/product_id-128/version_id-178361/PHP-PHP-5.5.20.html
Vulnerability and malcode on plug-in: htxp://www.dubs.ru/vk.com/js/api/openapi.js/?97/ - vulnerable to K7AntiVirus, Exploit
( 04c5605f1 ) → http://jsunpack.jeek.org/?report=196607f6e7ae5fb8ca08488b52334902178c747f - length extension attack via bot miners!

General IP badness history: https://www.virustotal.com/nl/ip-address/5.101.152.42/information/

polonus (volunteer website security analyst and website error-hunter)

For a tracker tracker report from external links on website see attached report - do not try to open links up in a common browser - they are just been given as a harmless txt file (pol)

2

Update: http://killmalware.com/dubs.ru/# still a threat.
Google considers website as harmful.
See: htxp://fetch.scritch.org/%2Bfetch/?url=http%3A%2F%2Fwww.dubs.ru%2F&useragent=Fetch+useragent&accept_encoding=
XSS vuln.: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.dubs.ru%2Fxmlrpc.php
Attached tracker tracker report - do not open links inside a browser. Info for research purposes only.

polonus

3

Update: See: http://killmalware.com/websitevenue.ru/
Re: http://www.leakedin.com/2015/03/08/potential-leak-of-data-hacking-notification-3530/
Re: http://pastebin.com/raw.php?i=A9tfN6Dj
Web application details:
Running cPanel 11.36.0.21: -websitevenue.ru:2082
cPanel version 11.36.0.21 outdated: Upgrade required.
Outdated cPanel Found: cPanel 11.36.0.21

The defacer’s signature was found in 15 websites: http://evuln.com/labs/hackedby/57507/

pol

4

For the majority of the defaced websites via logol dot ru, see the security header situation there:
Tragic - security headers all missing and one with a warning.
Server is not following best policies on configuration, ispmanager external cloud log-in import bug not patched?
Questions, questions, but we find various defacements here.

polonus