Trojan.Script.Heuristic-js.iacgm detected?

[polonus]

Missed here: https://app.webinspector.com/public/reports/27040063
See detection: http://sitecheck.sucuri.net/results/learningtoliveoutloud.com (Defacement and Hacked).
See: http://www.slideshare.net/cate2bill/trojanscriptheuristic-jsiacgm
Quttera detects: index.html
Severity:   Potentially Suspicious
Reason:   Detected potentially suspicious content.
Details:   Suspicious script content
Offset:   2679
Threat dump:   color hex
Threat dump MD5:   83B45E804EF71D8B847D21767A02E94B
File size[byte]:   7282
File type:   HTML

Page/File MD5:   A4D39505E64E8BEDC49C76D0F835C62D
Scan duration[sec]:   0.108000

IP Badness: https://www.virustotal.com/nl/ip-address/192.185.225.117/information/

Code detected: http://ddecode.com/hexdecoder/?results=784f3b06ef1f8cead0dadc665f6d2914

pol

[Pondus]

VirusTotal
https://www.virustotal.com/nb/file/c449c1111429ae14c1a578956f47a53c67e4f0e53abf1551cfd380adac3b715b/analysis/1416865668/

[polonus]

Thanks, Pondus, we are being protected.

polonus

[polonus]

Update, another ecent example with this malcode: http://killmalware.com/italiansmoke.tk/#
Missed here: https://www.virustotal.com/nl/url/b3363501cef089c9da814a415485772534e8f1494e2d4cccf0836e2d091f3d68/analysis/1432067612/
and here: http://quttera.com/detailed_report/italiansmoke.tk
Detected: https://sitecheck.sucuri.net/results/italiansmoke.tkISSUE DETECTED   DEFINITION   INFECTED URL
Defacement   MW:DEFACED:01   htxp://italiansmoke.tk
Defacement   MW:DEFACED:01   htxp://italiansmoke.tk/404javascript.js
Web site defaced. Details: http://sucuri.net/malware/entry/MW:DEFACED:01
<title>Hacked by people_hurt</title>

polonus

[polonus]

Still going strong: http://killmalware.com/italiansmoke.tk/#
See: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fitaliansmoke.tk%2F
Number of sources found: 22
Number of sinks found: 7
For http://192.185.5.247/ I get a HostGator ERROR 404 - PAGE NOT FOUND
Website Risk Status 9 red out of 10: http://toolbar.netcraft.com/site_report?url=http://192.185.5.247
Various IDS alerts here: https://urlquery.net/report.php?id=1439072998461
uMatrix has prevented the following page from loading:
htxp://luu.lightquartrate.com/
-> http://static.re-markable00.re-markable.net/ CSS
What is this Israeli link doing there: http://toolbar.netcraft.com/site_report?url=http://dng.diningtablesearch.com
bad zone: Could not get name servers for 'dng.diningtablesearch.com'.
For the main domain: http://www.dnsinspect.com/diningtablesearch.com/1439073539
WARNING: Connection to 1 mail servers failed. Could not resolve domain diningtablesearch.com.
because it is registered and no website: http://whois.domaintools.com/diningtablesearch.com
ssl-cert: Subject: commonName=aal.coupmatch.com tls-nextprotoneg:
Phishing going on from this external link: http://gnr.cimapping.net/
http://toolbar.netcraft.com/site_report?url=http%3A%2F%2Fgnr.cimapping.net%2F
Also a strange code inject for -cfs.u-ad.info/cfspushadsv2/request
to block this properly, read: https://adblockplus.org/forum/viewtopic.php?t=20435
-> http://toolbar.netcraft.com/site_report?url=http://cfs.u-ad.info
-> http://searchdns.netcraft.com/?host=*.u-ad.info

polonus

[polonus]

Update could lead to the coclusion the site is maliciously defaced: -http://killmalware.com/italiansmoke.tk/#
See: -https://lolware.net/2015/04/28/nginx-fuzzing.html & -http://1col.ru/www.italiansmoke.tk

pol