Newly registered website, see: https://www.virustotal.com/en/url/d7c2d1aeb4be330d4233549b014169bbc14e31850249c7543decddf1ef041591/analysis/
Netcraft website risk status leaves no room for doubt - risk status = 10 out of 10 red: http://toolbar.netcraft.com/site_report/?url=+380-fitness.com-388.net%2Fdocllft%2Fintforsllft%2F
See all the issues here: http://www.dnsinspect.com/388.net/1427556927
found different NS records on these name servers:
The main domain - sub-domain in bad zone: http://whois.domaintools.com/com-388.net
380-fitness dot com-388 dot net,46.105.166.22,Multiple IPs,
Spamhaus blacklisted: com-388.net is listed in the DBL
PHP exploitable to Null Byte Injection: http://blog.benjaminwalters.net/?p=22139
There are a number of ways to prevent Poison Null Byte injections within PHP. These include escaping the NULL byte with a backslash, however, the most recommended way to do so is to completely remove the byte by using code similar to the following:
$foo[‘foo’]= str_replace(chr(0), ‘’, $foo[‘foo’]);
Replace the null-byte character when saving the value from $_POST into the session!
That prevents a possible later and unsafe reuse of $_SESSION[‘foo’]
Remove Nullbytes on every string used. Here we have go.php to go after.
info credits go to Shomz & Comfreek. user2394911.
Flagged for phishing here: https://urlquery.net/report.php?id=1427557162174
polonus