See: https://www.virustotal.com/file/f036c80469e1ba8a7c4610a1abe26fb01db96c955af79eb330eeb777b2d02acd/analysis/
See: http://zulu.zscaler.com/submission/show/95223b653aac2853d8e28b616ee96c69-1342221292 not detected
Content after de html tag is considered suspicious → The malware infects users that visit a compromised website using
escaped characters ^^%2f, %3d, %2f, ^^ %3d, %2f,^^ %3d, %2f, % …
Site blacklisted in Opera browser. Unable to connect…download file is of 0 bytes
because my avast Networkshield blocks this malware site as URL:Mal

So we are being protected, folks,

polonus

site seems to be down http://www.downforeveryoneorjustme.com/http://mayors.freecollegereport.net/w.php?f=625ef

urlquery http://urlquery.net/report.php?id=90035

No Pondus,

As I opened up the fileviewer I get “The location line in the header above has redirected the request to: http://yahoo.com”
Clever malcreants there, my friend. Seen all of the code on that page and the malcode at the bottom as well,

polonus

Hi Pondus,

A similar attack but this time redirecting to google, has been described here by Jerome: htxps://badwarebusters.org/main/itemview/29414

There is a redirect in place that although benign (it redirects to Google), indicates that there has been an unauthorized change of your system.

Check the .htaccess files on your server.

Header returned by request for: hxtp://www.studychineseworld.com

HTTP/1.1 301 Moved Permanently
Date: Wed, 20 Jun 2012 16:06:26 GMT
Server: Apache
Location: http://google.com
Content-Length: 300
Connection: close
Content-Type: text/html; charset=iso-8859-1
The location line in the header above has redirected the request to: htxp://google.com

Jerome
supportATsparktrust.com

The above explains it in details,

polonus