FakeAV scan page and blackhole here.

Viruses and worms
1

See: http://urlquery.net/report.php?id=3802514
There are no IDS alerts but there is a blackhole exploit on the same IP

It locks chrome,FF,IE…dont go there without script protection!!.It doesnt harm your machine in anyway but just locks the browser and doesnt allow you to exit.If you fall prey to this open up the task manager and kill the browser and you should be safe again.

Undetected…reported to avast.

2

Good find, read also: http://safeweb.norton.com/report/show?name=200.63.97.55
Recorded attack was for included: .:/usr/lib/php:/usr/local/lib/php
due to this exploit: http://www.exploit-db.com/exploits/12192/
and via Joomla → http://forum.joomla.org/viewtopic.php?f=621&t=706027
Sucuri → htxp://v5k45.ru/9o35drIVs8LH09Gn21eAVla3I2FKmOOLF/BsfCZqY3e2BIVFsJnUlKHmiKU42FK2dT3D.php
→ The address you entered is unnecessarily exposing the following response headers which divulge its choice of web platform:

  1. Server: nginx/0.7.67
  2. X-Powered-By: PHP/5.2.17
    → It looks like a cookie is being set without the “HttpOnly” flag being set (name : value): 1. cookie_fid : 5412
    → It doesn’t look like an X-Frame-Options header was returned from the server which means that this website could be at risk of a clickjacking attack
    Also consider: https://www.virustotal.com/en/ip-address/200.63.97.55/information/

polonus

pol

3

The Website is being blocked by Norton, cause it has Phishing Attacks by this URLs:

hxxp://200.63.97.55/~miltonm/language/images/ca7a46b12ac2617ecfeca05b1f551501

hxxp://200.63.97.55/~miltonm/language/images/163b732b7acfa15d7870adecea7e6326

4

Hi Steven Winderlich,

Those are noth PHISHING attacks. See:
http://jsunpack.jeek.org/?report=0fc4a2ba63f3ce1ba930dac8df4c7ea5952435bd
and
http://jsunpack.jeek.org/?report=762d03bb5f616cea9dec490895f5055afacec8d8
Website has suspended status…see: https://www.virustotal.com/en/ip-address/200.63.97.55/information/
seems to be dead according to here: http://support.clean-mx.de/clean-mx/phishing.php?id=3471867
not being blacklisted now: http://www.ipvoid.com/scan/200.63.97.55/

Damian

5

This is what Norton says: http://safeweb.norton.com/report/show?url=http%3A%2F%2F200.63.97.55%2F~miltonm%2Flanguage%2F

The site is also blocked by Chrome as a Phishing Site. Picture added. (In German)

6

This is a scan of the age that Norton says its a pphishing site in the Link above: https://www.virustotal.com/de/url/1b539283f42d7071c7855d6d8b56be656215dd7dd49a6957276b5274f39c0cc1/analysis/1374178869/

And thats the downloaded File: https://www.virustotal.com/de/file/af62c522a141e91a8baacf42bc37506fd0729b1758c6254971196d2aed10ed2e/analysis/1330482437/

It is clean.