See: https://www.virustotal.com/nl/url/77ee06bbb7c88c9e703172817a53bba083fef4bc4908e1b8a8fc9b2dae79eee9/analysis/1412771851/
Filescan: https://www.virustotal.com/nl/file/969ffcd92bd9e185825fd4053c09455676318eafc2a2e5fb2718a92281964702/analysis/1412718100/
Scan of redirect: https://www.virustotal.com/nl/url/949c95e939812752b10c5f8d7c111c1608f704b07ea6eeb66b54b8e6288dc2ce/analysis/
Detected as HEUR:Trojan.Script.Generic.
Code:
<meta http-equiv="refresh" content="1; url=htxp://com-pf39.net/space.php?a=313292&c=wl_con&s=88w ">
See: http://domain-kb.com/www/com-pf39.net → http://whois.domaintools.com/com-pf39.net
→ http://urlquery.net/report.php?id=1412006232573
For main site: http://fetch.scritch.org/%2Bfetch/?url=http%3A%2F%2Fserpilnakis.com%2FScripts%2FTrevion.php&useragent=Fetch+useragent&accept_encoding=
PHP vulnerabilities: http://www.tenable.com/pvs-plugins/8360
Apache/2.4.10 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4 vulnerable open to clickjacking attacks.
polonus