See: http://maldb.com/id-designer.de/#
Flagged here: http://sitecheck.sucuri.net/results/id-designer.de/
Suspicious conditional redirect: http://labs.sucuri.net/db/malware/malware-entry-mwhta7
Historical PHP release with vulnerabilities: http://www.cvedetails.com/vulnerability-list/vendor_id-74/product_id-128/version_id-66891/PHP-PHP-4.4.9.html
Google detects malware and blocks the site.
Javascript Check:
Suspicious
vascriptusingdocumentwrite(a){document.write(“<script src="”+a+“" type="text/javascript"></script>”)}function setstaticrequestparameters(){var a=“”;var b=“”;var c=“”;var d=“”;…
Quttera finds suspicious file: index
Severity: Suspicious
Reason: Detected suspicious redirection to external web resources at HTTP level. Code: 302, htxp://medsonline.eu/
Redirect to external server!
Details: Detected HTTP redirection to htxp://medsonline.eu/. → https://www.mywot.com/en/scorecard/medsonline.eu?utm_source=addon&utm_content=popup-donuts (PHISH- and Scam-site)
see history of that malware campaign 90 sites infested → http://evuln.com/labs/medsonline.eu/
File size[byte]: 18446744073709551615
File type: Unknown
MD5: 00000000000000000000000000000000
Scan duration[sec]: 0.001000
Potential suspicious file: /?framerequest=1
Severity: Potentially Suspicious
Reason: Detected unconditional redirection to external web resource.
Details:
Threat dump: Not handling [] because it doest’t look like a URL (remove any spaces)
File size[byte]: 17556
File type: HTML
MD5: 10DDD603DE053CCA723DA33934F2DA12
Scan duration[sec]: 0.038000
See: http://jsunpack.jeek.org/?report=3eb4ebe93dbdca43cc4e47d121bfd781e2d92f25
requested URL/ /pwtrack/ was not found on this server…
Going to a blacklisted malware site: htxp://www.banem.de/pwtrack/ - blacklisted and likely compromised site →
→ http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=banem.de
http://sitecheck.sucuri.net/results/www.banem.de/pwtrack/ Unable to properly scan your site. Site returning error (40x): HTTP/1.1 404 Not Found
polonus