Suspicious URL 69.172.201.208 http://www.esword.com

1. Suspicious URL and IP
2. Reported by neonprimetime security
3. http://neonprimetime.blogspot.com
4.  
5. *****
6. 69.172.201.208
7. http://www.esword.com/track.php?uid=www551ada1d3ae7b0.73675921&d=esword.com&sr=1280x1024
8.  
9. ****
10.  
11. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
12. <html>
13.  
14. <head>
15. <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
16. <meta http-equiv="Content-Script-Type" content="text/javascript">
17. <script type="text/javascript">
18. function getCookie(c_name) { // Local function for getting a cookie value
19. if (document.cookie.length > 0) {
20. c_start = document.cookie.indexOf(c_name + "=");
21. if (c_start != -1) {
22. c_start = c_start + c_name.length + 1;
23. c_end = document.cookie.indexOf(";", c_start);
24.  
25. if (c_end == -1)
26. c_end = document.cookie.length;
27.  
28. return unescape(document.cookie.substring(c_start, c_end));
29. }
30. }
31. return "";
32. }
33.  
34. function setCookie(c_name, value, expiredays) { // Local function for setting a value of a cookie
35. var exdate = new Date();
36. exdate.setDate(exdate.getDate() + expiredays);
37. document.cookie = c_name + "=" + escape(value) + ((expiredays == null) ? "" : ";expires=" + exdate.toGMTString()) + ";path=/";
38. }
39.  
40. function getHostUri() {
41. var loc = document.location;
42. return loc.toString();
43. }
44. setCookie('YPF8827340282Jdskjhfiw_928937459182JAX666', '67.53.251.228', 10);
45. try {
46. location.reload(true);
47. } catch (err1) {
48. try {
49. location.reload();
50. } catch (err2) {
51. location.href = getHostUri();
52. }
53. }
54. </script>
55. </head>
56.  
57. <body>
58. <noscript>This site requires JavaScript and Cookies to be enabled. Please change your browser settings or upgrade your browser.</noscript>
59. </body>
60.  
61. </html>