Author Topic: Is this website safe or used by hackers? (Read 3381 times)

REDACTED · « **on:** November 26, 2016, 07:36:34 PM »

Hi,

I wanted to access the website of a small film distribution company called Vitra Film (www.vitrafilm.com.pl/index.php). I typed in "vitrafilm.com.pl" - it shows a white page with text something like "Brazilian Hackers ... hacked by KingBack" etc. and plays music. Is this site safe / only blocked like that? Or is it used by hackers to gain access to computers connecting with it?

I have avast Pro Antivirus - it didn't react in any way. Does that mean it's safe?

Pondus · « **Reply #1 on:** November 26, 2016, 07:39:01 PM »

It is hacked / defaced (you may need to click rescan to see it) >> http://killmalware.com/www.vitrafilm.com.pl/index.php#

Blacklisted >> https://www.virustotal.com/en/url/cc4b57d1c58bafffdd246a96400b33409f1fc6dc560f90a466c1feeabffa537a/analysis/1480185493/

Defaced >> https://sitecheck.sucuri.net/results/www.vitrafilm.com.pl

Eddy · « **Reply #2 on:** November 26, 2016, 07:42:29 PM »

www.vitrafilm.com.pl and vitrafilm.com.pl are two different sites.

REDACTED · « **Reply #3 on:** November 26, 2016, 07:47:06 PM »

Thank you for the quick response. So do I have anything to worry about if I accessed it?

Pondus · « **Reply #4 on:** November 26, 2016, 07:48:47 PM »

Defaced websites are usually not malicious, and this seems to be the case here

HTML scan
https://www.virustotal.com/en/file/23b0a2730ea8b6edd1ee610dad53becb636612ebcb3d49a9dbb7a3da056bb1a5/analysis/1480186367/

REDACTED · « **Reply #5 on:** November 26, 2016, 07:58:21 PM »

All green means all good, thank you for the answer

polonus · « **Reply #6 on:** November 27, 2016, 01:32:20 AM »

Witam radekk,

The website is being flagged for PHISHing: http://urlquery.net/report.php?id=1480206082588
Gmane flags: -79.96.61.44 to -79.96.61.44 -vitrafilm.com.pl htxp://www.vitrafilm.com.pl/phpThumb/cache/a/af/dd/usaa_com/inetlogon/servelet_usaa/index2.php?jid=;b7242a6ea4dc97c9fbd4f88211e5e6a7b7242a6ea4dc97c9fbd4f88211e5e6a7 (this was 5 months ago)
They should do a shellshock test on that idea web server v. v0/800, because it could be vulnerable.
You were right as there is a link to hackers -> GET /DefacePage/negro dot cur HTTP/1.1 Host: -hellox.persiangig.com
Read about it here: htxp://smartbusinesslounge.com/index.php_hack (blocked as it should come like that here).

pozdrawiam,

polonus

REDACTED · « **Reply #7 on:** November 27, 2016, 12:10:48 PM »

Witam

But as a random person who just opened the website, do I need to worry about anything?

Malwarebytes Anti-Malware, avast Pro and F-Secure Online Scanner say I'm clean.
I also checked the hosts file in my system32 - nothing unusual.

polonus · « **Reply #8 on:** November 27, 2016, 03:25:43 PM »

Cześć radekk,

Strona trochę dla mnie pojderzana.
Suspicious. Better not visit until cleansed properly.

Server Redirect / Status Code: 0, Content cannot be read!

Site-Wide Check

Suspicious

hgxdspxq9ag2mr6wtrtaskhwsehw">ci*lis kaufen deutsch, ci*lis rezeptfrei packstation, ci*alis in kanada ...</a></h3><div cl

pharma spam.

Defaced, see line 54: https://aw-snap.info/file-viewer/?tgt=http%3A%2F%2Fwww.vitrafilm.com.pl&ref_sel=GSP2&ua_sel=ff&fs=1

What defacement, see and read here: https://gist.github.com/anonymous/d75ffd4a86e342869325

You may inform the admin of the site, and refer to this thread,

pozdrawiam,

polonus

REDACTED · « **Reply #9 on:** November 27, 2016, 03:38:55 PM »

I've sent an email to the owner of the site.

Nie jestem w żaden sposób powiązany z tą stroną, ot przypadkowy użytkownik

Mam tylko nadzieję, że nie naraziłem własnego komputera na niebezpieczeństwo.

Pozdrawiam

polonus · « **Reply #10 on:** November 27, 2016, 04:36:02 PM »

Cześć radekk,

Hasło to PHISHING.

Może przez tych cwaniaków będzie SPAM z Gdańska i nic więcej!
Re: http://urlquery.net/report.php?id=1480259691651
Phishwatch
Up(nil):   79.96.61.44    to 79.96.61.44   -vitrafilm.com.pl   -http://www.vitrafilm.com.pl/phpThumb/cache/a/af/dd/usaa_com/inetlogon/servelet_usaa/contact.php
Up(nil):   79.96.61.44    to 79.96.61.44   -vitrafilm.com.pl   -http://www.vitrafilm.com.pl/phpThumb/cache/a/af/dd/usaa_com/inetlogon/servelet_usaa/index2.php
Up(nil):   79.96.61.44    to 79.96.61.44   -vitrafilm.com.pl   -http://www.vitrafilm.com.pl/phpThumb/cache/a/af/dd/usaa_com/inetlogon/servelet_usaa/pin.php
Up(nil):   79.96.61.44    to 79.96.61.44   -vitrafilm.com.pl   -http://www.vitrafilm.com.pl/phpThumb/cache/a/af/dd/usaa_com/inetlogon/servelet_usaa/question.php
Up(nil):   216.55.166.38    to 216.5

pozdrawiam

polonus

REDACTED · « **Reply #11 on:** November 28, 2016, 11:44:23 AM »

Świetnie! Wielkie dzięki za zainteresowanie i pomoc

Pozdrawiam!

Author Topic: Is this website safe or used by hackers? (Read 3381 times)

REDACTED

Is this website safe or used by hackers?

Pondus

Re: Is this website safe or used by hackers?

Eddy

Re: Is this website safe or used by hackers?

REDACTED

Re: Is this website safe or used by hackers?

Pondus

Re: Is this website safe or used by hackers?

REDACTED

Re: Is this website safe or used by hackers?

polonus

Re: Is this website safe or used by hackers?

REDACTED

Re: Is this website safe or used by hackers?

polonus

Re: Is this website safe or used by hackers?

REDACTED

Re: Is this website safe or used by hackers?

polonus

Re: Is this website safe or used by hackers?

REDACTED

Re: Is this website safe or used by hackers?