Sucuri flags as with malware: Malware Detected Critical
ISSUE DETECTED DEFINITION INFECTED URL
Internal Server Error 500-error?v1 htxp://amdc1786.com/404testpage4525d2fdc
Website Malware MW:HTA:7 http://amdc1786.com/
Site error detected. Details: http://labs.sucuri.net/db/malware/500-error?v1
HTTP/1.1 500 Internal Server Error
SE visitors redirects or external link to htxp://www.116188.com/ (campaign: http://evuln.com/labs/redirect/www.116188.com/)
Visitors from search engines are redirected
to: htxp://www.116188.com/
474 sites infected with redirects to this URL
code directing to htxp://tp4.sinaimg.cn/2428793371/50/5624619302/1 Wish support - Hallo sina!

Site found to be benign: http://zulu.zscaler.com/submission/show/51b24d56d5e182c434381b5b7d3db9a3-1407271339
Netcraft risk 1/10 → http://toolbar.netcraft.com/site_report?url=http://amdc1786.com

Here I get a 404 error http://linkeddata.informatik.hu-berlin.de/uridbg/index.php?url=http%3A%2F%2Famdc1786.com%2Ftj.js&useragentheader=&acceptheader=

pol

See: http://killmalware.com/junalab.com/#
SE visitors redirects via obfuscated PHP code *
Visitors from search engines are redirected
to: htxp://aozpta.mrbonus.com/
aozpta.mrbonus dot com is reported by Yandex as suspicious
3164 sites infected with redirects to this URL
Sucuri scan reports:
Website Malware malware-entry-mwblacklisted35 htxp://junalab.com/20140418/
Website Malware malware-entry-mwblacklisted35 htxp://junalab.com/category/tool/
Website Malware malware-entry-mwblacklisted35 htxp://junalab.com/20140402/

Suspicious domain detected. Details: http://sucuri.net/malware/malware-entry-mwblacklisted35 Location: htxp://aozpta.mrbonus.com/
Suspicious domain detected. Details: http://sucuri.net/malware/malware-entry-mwblacklisted35 Location: htxp://aozpta.mrbonus.com/

External link check:
Please check this list for unknown links on your website:

htxp://www.dlmarket.jp/manufacture/index.php?consignors_id=4 → ‘’
htxp://www.dlmarket.jp/products/detail/262630 → ‘’
htxp://www.dlmarket.jp/products/detail/125456 → ‘’
htxp://www.dlmarket.jp/manufacturer.php/manufacturers_id/473 → ‘history2chart’

IDS alerts here: http://urlquery.net/report.php?id=1407272604852

Given as benign here: http://zulu.zscaler.com/submission/show/90a5349bdce8f3fd2b82c6e9bcd6c1d4-1407272473

IP badness history: https://www.virustotal.com/nl/ip-address/91.146.108.80/information/
Over 850 site domains on one and the same IP

Nothing blocked by avast!

• Description of how the malware functions is given here by the renowned expert Redleg (the fileviewer guru):
  https://productforums.google.com/forum/#!topic/webmasters/Xo0QoOnrhv0

polonus

See: http://killmalware.com/tsurkan.ru/#
SE visitors redirects
Visitors from search engines are redirected
to: htxp://redesorpserthea26.acmetoy.com/wstat/accepter.php?h=tsurkan.ru&u=/&f=60c9b82cf1cc2991008bc0dee0cfc093&d=d8e60afa912a144a8c6191b602e74808&r=/home/omivalka/public_html/tsurkan.ru
3 sites infected with redirects to this URL
index
Severity: Suspicious
Reason: Detected suspicious redirection to external web resources at HTTP level.
Details: Detected HTTP redirection to htxp://redesorpserthea26.acmetoy.com/wstat/accepter.php?h=tsurkan.ru%26u=/%26f=60c9b82cf1cc2991008bc0dee0cfc093%26d=d8e60afa912a144a8c6191b602e74808%26r=/home/omivalka/public_html/tsurkan.ru.

Website Outdated cPanel Found cPanel Security cPanel 11.42.1.16
Outdated Web Server Apache Found Vulnerabilities on Apache 2.2 Apache/2.2.25

Not alerted here: http://urlquery.net/report.php?id=1407398164168

pol

Website Malware malware-entry-mwblacklisted35 htxp://patsecova.com/index.php?appservlang=th
Suspicious domain detected. Details: http://sucuri.net/malware/malware-entry-mwblacklisted35
Location: htxp://kmlps.mrslove.com/ 1579 sites infected with redirects to this URL, re:
https://www.virustotal.com/nl/url/07df993dc412cefa5e07749ee56443fc3b790c6b68c98fd90d5a1a7b22d2824d/analysis/1369806746/

Vulnerabilities: http://www.cvedetails.com/vulnerability-list/vendor_id-74/product_id-128/PHP-PHP.html
via AppServ Open Project 2.5.10
PHP Information Version 5.2.6
Apache Web Server เวอร์ชั่น 2.2.8
PHP Script Language เวอร์ชั่น 5.2.6
MySQL Database เวอร์ชั่น 5.0.51b
phpMyAdmin Database Manager เวอร์ชั่น 2.10.3

polonus

http://killmalware.com/mgtravel.net/#
See: Blacklisting status
Yandex reports mgtravel.net as suspicious website
Blacklisted
SE visitors redirects
Visitors from search engines are redirected
to: htXp://www.caribsoft-online.biz/templates/rhuk_solarflare_ii/images/index.php
1165 sites infected with redirects to this URL
See: https://www.virustotal.com/nl/url/f45ee3c2c6f99718e52490cacd03f632929cd7dee6f7966016dc19146d85f2a7/analysis/1407702697/
Blacklisted and site probably compromised via CPanel.
IP badness histort: https://www.virustotal.com/nl/ip-address/79.124.75.132/information/

polonus

Asafaweb scan results - error and three warnings: https://asafaweb.com/Scan?Url=lhfzsysg.com
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727 via proxy1.1
suspicious file detected:
index
Severity: Suspicious
Reason: Detected suspicious redirection to external web resources at HTTP level.
Details: Detected HTTP redirection to htxp://t.9coku.com/mm/t.htm?lhfzsysg.com.
173 sites infected with redirects to this URL
File size[byte]: 0
103.30.7
File type: Unknown

IPO badness history with 136 domains on same IP: https://www.virustotal.com/nl/ip-address/103.30.7.64/information/

pol

Website: 00x dot ru → http://quttera.com/detailed_report/00x.ru
Status: Infected With Malware. I
SE visitors redirects
Chain of redirects found:
to: htXp://goldline.pro/?partner=pashkela consider: http://labs.sucuri.net/?details=glbonus.in
15 sites infected with redirects to this URL
to: htxp://glbonus.in/?partner=pashkela
122 sites infected with redirects to this URL
to: htxp://goo.gl/qsao2y
3250 sites infected with redirects to this URL
Website Malware MW:HTA:7 htxp://00x.ru
System Details:
Running on: Apache/2.2.25
System info: (Unix) mod_ssl/2.2.25 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 mod_fcgid/2.3.6

Suspicious conditional redirect. Details: http://sucuri.net/malware/entry/MW:HTA:7
Redirects users to:htxp://goo.gl/qSaO2y

Web application details:
Running cPanel 11.38.2.6: 00x.ru:2082
cPanel version 11.38.2.6 outdated: Upgrade required.
Outdated cPanel Found: cPanel 11.38.2.6
Outdated Web Server Apache Found: Apache/2.2.25

pol

And there is more to the previous scan: http://urlquery.net/report.php?id=1407780894347
in the form of an external link to u6151.55.spylog dot com
→ bad web rep: https://www.mywot.com/en/scorecard/spylog.com?utm_source=addon&utm_content=popup
PHISHing and tracking going on via that external link, read : http://www.wilderssecurity.com/threads/xxx-spylog-com.35828/

polonus

Parked and expired site. See: http://killmalware.com/ergosystem.com/
IP badness history: https://www.virustotal.com/nl/ip-address/66.151.181.49/information/
Javascript Check supicious: Suspicious

script type=“text/javascript”>document.write(unescape(‘%3cscript type=“text/javascript” src="’ + ((‘https:’ == document.location.protocol) ? ‘https:’ : ‘http:’) + '//cbi.boldchat.c… *
Google Browser Difference: Not identical

Google: 53961 bytes Firefox: 50282 bytes
Diff: 3679 bytes

First difference:
ink href=“htxp://images.buydomains.com/images/micro.png” rel=“shortcut icon”> <link rel="can…

External link: https://checkout.dev.buydomains.com
Suspicious web rep: https://www.mywot.com/en/scorecard/boldchat.com?utm_source=addon&utm_content=popup *

Outdated software and vulnerable to SEO spam: Outdated Web Server Apache Found Vulnerabilities on Apache 2.2 Apache/2.2.15

Suspicious file reported here: http://quttera.com/detailed_report/ergosystem.com
index
Severity: Suspicious
Reason: Detected suspicious redirection to external web resources at HTTP level.
Details: Detected HTTP redirection to htxp://www.buydomains.com/lander/ergosystem.com?domain=ergosystem.com%26utm_source=ergosystem.com%26utm_medium=click%26utm_campaign=TDFS-OO-BDLander%26traffic_id=TDFS-OO-BDLander%26traffic_type=tdfs.
File size[byte]: 0

pol

See: http://killmalware.com/handsgg.ru/# & https://www.virustotal.com/nl/url/cc7f310ae20c2ca8a4666dd6f7ccace1d74b413e8bbc8d930d8eac58cbcf07f9/analysis/
Detected: http://sitecheck.sucuri.net/results/clineagency.com
System Details:
Running on: nginx

Web application details:
Application: WordPress 3.4.1 - http://www.wordpress.org
Running cPanel 11.42.1.25: clineagency.com:2082

Web application version:
WordPress version: WordPress 3.4.1
Wordpress version from source: 3.4.1
Wordpress Version 3.3 or 3.4 based on: htxp://clineagency.com/wp-includes/js/autosave.js
WordPress theme: htxp://clineagency.com/wp-content/themes/twentyeleven/
WordPress version outdated: Upgrade required.
Outdated WordPress Found: WordPress Under 3.9.1

Read from our forum member, !Donovan: https://websiteanalystsresource.wordpress.com/tag/portrelay-com/

polonus

See: https://www.virustotal.com/nl/url/34b39df83b6a367b330e0453984813f735dd874decdcd9768a9a212d241d8a74/analysis/1408108630/
Blaclisted by Yandex: http://quttera.com/detailed_report/asphalt5.ru

ISSUE DETECTED DEFINITION INFECTED URL
Website Malware mwjs-iframe-injected691?v2 htxp://asphalt5.ru/media/system/js/mootools-core.js
Website Malware mwjs-iframe-injected691?v2 htxp://asphalt5.ru/media/system/js/core.js
Website Malware mwjs-iframe-injected691?v2 htxp://asphalt5.ru/media/system/js/caption.js
Website Malware mwjs-iframe-injected691?v2 htxp://asphalt5.ru/media/widgetkit/js/jquery.js
Website Malware mwjs-iframe-injected691?v2 htxp://asphalt5.ru/cache/widgetkit/widgetkit-b35d7d42.js
Website Malware mwjs-iframe-injected691?v2 htxp://asphalt5.ru/templates/yoo_vox/warp/js/warp.js
Known javascript malware. Details: http://labs.sucuri.net/db/malware/mwjs-iframe-injected691?v2
document.write(‘’);
Re: http://urlquery.net/report.php?id=1408108535841

polonus

VirusTotal
https://www.virustotal.com/en/file/2032356eae4d1d19a42563a3ecdbd376f0f69a525e8662572031f5eba280baed/analysis/1408112656/
https://www.virustotal.com/en/file/e09708089ab891a507336a96c5b3d2d674a4b9468b5d8687b630f059d3ffe102/analysis/1408112882/