Malware on IP: http://support.clean-mx.de/clean-mx/viruses.php?ip=90.156.201.117&sort=id%20DESC
with a few still alive and up.
SSUE DETECTED DEFINITION INFECTED URL
Website Malware php-error-headers-already-sent htxp://www.rodnoverie.org/glavnaja/tochki-prodazh.html
Website Malware php-error-headers-already-sent htxp://www.rodnoverie.org/glavnaja/knizhnaja-polka.html
Website Malware php-error-headers-already-sent htxp://www.rodnoverie.org/glavnaja/trebovanija-k-materialu.html
Site error detected. Details: http://sucuri.net/malware/php-error-headers-already-sent
Parse error: syntax error, unexpected T_EXIT in /home/content/16/8848416/html/cache/mod_login/tutto/all.php on line
200
Found to be 100% malicious here: http://zulu.zscaler.com/submission/show/68b2d386815346281cb5fcee471bff38-1406397403
Malicious external element: htxp://vkontakte.ru/js/api/openapi.js
IP badness history: https://www.virustotal.com/nl/ip-address/90.156.201.117/information/
pol
SEO redirection on parked domain with outdated CMS:
See: http://killmalware.com/caseinistria.com/ → http://urlquery.net/report.php?id=1406409496284
Yandex blacklisted: https://www.virustotal.com/nl/url/e197355faedb8664aa8f3865552197cbc95c456fd2607ba03ce3bdb8c6774481/analysis/1406409445/
Quttera detects: index
Severity: Suspicious
Reason: Detected suspicious redirection to external web resources at HTTP level. [What’s this?]
Details: Detected HTTP redirection to htxp://gpt0.ru/in.cgi?3.
Server redirect status: Code: 301, htxp://gpt0.ru/in.cgi?3 Redirect to external server!
174 sites infected with redirects to this URL
Javascript check:
Suspicious
h" content=“0; url=htxp://gpt0.ru/in.cgi?3>njs=1”>gpt0.ru - informationen zum thema gpt0. diese website steht zum verkauf!<link rel=“shortcut icon” …
404 error check: Suspicious
Suspicious 404 Page:
.ru/in.cgi?3>njs=1">gpt0 dot ru - informationen zum thema gpt0. diese website steht zum verkauf!</ti
External links to be checked: Please check this list for unknown links on your website:
htxp://www.sedo.com/services/parking.php3?language=d&partner → ‘domain-parking-programm’
htxp://www.networkadvertising.org/managing/opt_out.asp → ‘here’
htxp://www.sedo.de/search/details.php4?partnerid=14457&langu → ‘domain erwerben’
htxp://www.sedo.de/search/details.php4?partnerid=14457&langu → ‘sie kã¶nnen die domain gpt0.’
Site vulnerable because Web application details:
Plesk version 10.4 outdated: Upgrade required.
Running Plesk 10.4: caseinistria dot com:8443
Outdated Plesk Found: Plesk 10.4
pol
Update → http://killmalware.com/changeshypnosis.com/
SE visitors redirects
Visitors from search engines are redirected
to: htxp://176.9.179.140/
1616 sites infected with redirects to this URL
Another one with SEO visitors redirect with a php-error-headers-already-sent error!
Re: https://www.virustotal.com/nl/url/1b95bbedef6dd38d65e9f22bd445f0b4506ef3fb0110807e3208c31f9f321e9b/analysis/#additional-info
index
Severity: Suspicious
Reason: Detected suspicious redirection to external web resources at HTTP level.
Details: Detected HTTP redirection to http://176.9.179.140/.
File size[byte]: 0
File type: Unknown
Page/File MD5: 00000000000000000000000000000000
Scan duration[sec]: 0.001000
ISSUE DETECTED DEFINITION INFECTED URL
Internal Server Error php-error-headers-already-sent htxp://changeshypnosis.com
Website Malware MW:HTA:7 htxp://changeshypnosis.com
Site error detected. Details: http://sucuri.net/malware/php-error-headers-already-sent
Parse error: syntax error, unexpected ‘<’ in /home/content/51/6239751/html/index.php(1) : runtime-created function(1) : eval()'d code(1) : eval()'d code(1) : eval()'d code(1) : eval()'d code(1) : eval()'d code on line 1
Re: http://urlquery.net/report.php?id=1426377284258
Read about error: https://productforums.google.com/forum/#!topic/adsense/0C_0leXzpIU
polonus