When scanning -http://panjitengkorak.host.org/ I get an error here:
Checking: -http://analytics.hosting24.com/count.php
File size: 0 bytes
File MD5: d41d8cd98f00b204e9800998ecf8427e

-http://analytics.hosting24.com/count.php - cannot get file attributes with error: No such file or directory
Here the Linkscan is given clean: http://vscan.urlvoid.com/analysis/6284ddde9ce3b7b74810ec492bd9b400/aW5kZXg=/
And here: http://www.virustotal.com/file-scan/report.html?id=e2aabba2cdd02c7f3bc4a31b0269893e0c8db9260b43cbf0daf664c4ee5d62cb-1321723309

Here I get a detection for a Phishing attack: http://safeweb.norton.com/report/show?url=http%3A%2F%2Fpanjitengkorak.host.org%2F
Also see: http://urlquery.net/queued.php?id=9058 Suspicious in 2 instances
So what is it, malware daily dirt or a real malcode detection?

Site now under maintanance, probably because of -analytics.hosting24.com/count.php
info: [decodingLevel=0] found JavaScript
error: line:161: SyntaxError: missing ; after for-loop condition:
This analytics code also creates 3 html errors. Possibly remainders of a MW:JS attack?

polonus

Report 2011-11-19 17:40:47 (GMT 1)
Website panjitengkorak.host.org
Domain Hash 03ac4468ef17bce0c269533c2cd0b108
IP Address 62.75.203.94 [SCAN]
IP Hostname static-ip-62-75-203-94.inaddr.ip-pool.com
IP Country DE (Germany)
AS Number 8972
AS Name PLUSSERVER-AS PlusServer AG, Germany
Detections 4 / 23 (17 %)
Status DANGEROUS

http://www.browserdefender.com/site/panjitengkorak.host.org/
http://malc0de.com/database/index.php?search=panjitengkorak.host.org
http://www.mywot.com/en/scorecard/panjitengkorak.host.org
http://global.sitesafety.trendmicro.com/

Report 2011-11-19 18:35:48 (GMT 1)
IP Address 62.75.203.94
IP Hostname static-ip-62-75-203-94.inaddr.ip-pool.com
IP Country DE
AS Number N/A
AS Name N/A
Detections 3 / 26 (12 %)
Status DANGEROUS

http://maliciousnetworks.org/
http://www.malwaredomainlist.com/mdl.php?search=62.75.203.94
http://www.mywot.com/en/scorecard/62.75.203.94

Hi Asyn,

Good report, well I mean the report you gave, not the status of it: dangerous.
Thanks for the check on this site.
Rightly so it was given in the Viruswatchlist 20111119/028788 - Up(nil): unknown_html_RFI_eval RIPE GB sbonner at -hostmaster.com 62.75.203.94 to 62.75.203.94 -host.org
-http://panjitengkorak.host.org

polonus

I can’t get a read of -analytics.hosting24.com/count.php either. Saw various script stuff in the HTML, but they were for stuff like removing the scroll bars, changing mouse, etc…

The link to the questioned site at the bottom of the coding is a dead link; most likely an old detection.

Tested in [b]Firefox v1.5.0.1[/b], [b]Opera v8.52[/b], [b]Konqueror v3.5.1[/b], and [b]IE v6[/b].

http://wepawet.iseclab.org/view.php?hash=4dc592deb81a87124c065485411964b1&t=1321724483&type=js

http://analytics.hosting24.com/count.php 200 empty

http://maliciousnetworks.org/ipinfo.php?as=8972

If you click the picture in urlquery link there is a message on the site that say it is under Maintenance http://urlquery.net/report.php?id=9058

Wepawet - and it seems correct as this does not show much
http://wepawet.iseclab.org/view.php?hash=3fa5edc43d32f23eea2c2b02a72e87b1&t=1321727479&type=js