See: http://killmalware.com/evictee.com/ Missed detection: https://www.virustotal.com/nl/url/6280f0afd1a3659d58d27e771ca1330827120d4118c4a8dc1a29198e380fc10e/analysis/1441832820/ index Severity: Suspicious Reason: Detected suspicious redirection to external web resources at HTTP level. Details: Detected HTTP redirection to -http://lovelogo.com/domain/EVICTEE. File size[byte]: 0 File type: Unknown Page/File MD5: 00000000000000000000000000000000 Scan duration[sec]: 0.001000
The address you entered is unnecessarily exposing the following response headers which divulge its choice of web platform:
Server: cloudflare-nginx X-Powered-By: PHP/5.3.10-1ubuntu3.11 There is also a clickjacking warning!
Some strange patterns, compare: http://www.domxssscanner.com/scan?url=http%3A%2F%2Flovelogo.com%2Fdomain%2Fevictee%2Fjs%2Fjquery.min.js
with this for instance: http://www.domxssscanner.com/scan?url=http%3A%2F%2Flovelogo.com%2Fdomain%2Fevictee%2Fjs%2Fjs%2Fjs%2Fjs%2Fjs%2Fjs%2Fjs%2Fjs%2Fjs%2Fjs%2Fjs%2Fjs%2Fjs%2Fjquery.min.js
Same malicious redirects have been found here: http://evuln.com/labs/redirect/lovelogo.com/ Cloudflare abuse: http://toolbar.netcraft.com/site_report?url=http://lovelogo.com See report: http://www.dnsinspect.com/evictee.com/1441834013 & http://toolbar.netcraft.com/site_report?url=http%3A%2F%2Fevictee.com
Malware history of IP: https://www.virustotal.com/nl/ip-address/50.63.202.15/information/ WARNING: Connection to 1 mail servers failed.
GoDaddy abuse, see scan: https://asafaweb.com/Scan?Url=lovelogo.com%2Fdomain%2FEVICTEE
Good no sources are found up: http://www.domxssscanner.com/scan?url=http%3A%2F%2Flovelogo.com%2Fdomain%2FEVICTEE+
vuln: http://www.cvedetails.com/vulnerability-list/vendor_id-6538/Jquery.html
polonus (volunteer website security analyst and website error-hunter)
Abuse on secureserver dot net has been reported: https://groups.google.com/forum/#!topic/news.admin.net-abuse.email/MJXyqAPtLSo and see: http://www.rackaid.com/blog/godaddy-blacklist/ Another abuse reported: http://security.stackexchange.com/questions/89553/break-in-attempts-from-secureserver-net
These folks have to clean up their act and act competent rather than sloppy.
polonus
