Pondus
2
sucuri also see that redirect url. http://sitecheck.sucuri.net/results/yabies.com
Malware entry: MW:HTA:7. http://labs.sucuri.net/db/malware/malware-entry-mwhta7
GET / HTTP/1.1
Host: yabies dot com
Referer: htxp://www.google.com/search?q=redirect+check1
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Mon, 19 Aug 2013 17:02:26 GMT
Location: [b]htxp://niu-sae.com/stats.php[/b]
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Length: 413
Content-Type: text/html; charset=iso-8859-1
malicious