diff --git a/malware4.pl b/malware4.pl
index c55a1e3..14b72c3 100644
--- a/malware4.pl
+++ b/malware4.pl
@@ -129,7 +129,7 @@ my @regexen = (
     qr/<\?php\s+\@\'\$.+?x7\=http\:\/\/.+?\.php\s+cache=.+?\(\)\;\Z/is,
     qr/<\?php\s+set\_magic\_quotes\_runtime\(0\)\;\s+if\(strtolower\(substr\(PHP\_OS\,0\,3\)\).+?Command\s+completed<\/b><\/center>\"\;\s+\}\s+exit\;\s+\?>/is,
     qr/<\?php\s+\/\*([A-z0-9]{1,20})\*\/if\(isset\(\$\_COOKIE\[\"([A-z0-9]{1,20})\"\]\)\)\/\*([A-z0-9]{1,20})\*\/\{\$\_COOKIE\[\"([A-z0-9]{1,20})\"\]\(\$\_COOKIE\[\"([A-z0-9]{1,20})\"\]\)\;exit\;\/\*([A-z0-9]{1,20})\*\/\}.+?\"\)\{return\s+preg\_match\(\"\/\(google\.co\.jp\|yahoo\.co\.jp\|bing\)\/.+?return\s+\$([A-z0-9]{1,20})\;\}\Z/is,
-    qr/<\?if\(\$\_GET\[\'mod\'\]\)\{if\(\$\_GET\[.+?file\_get\_contents\(\'http\:\/\/.+?gethostbyname.+?dbl\.spamhaus\.org\'\)\;.+?header\(\'HTTP\/1\.1\s+301\s+Moved\s+Permanently\'\)\;header\(\'Location\:\s+http\:\/\/([A-z0-9]{1,20})\.([A-z0-9]{1,20})\'\)\;\s+\?>/is,
+    qr/<\?if\(\$\_GET\[\'mod\'\]\)\{if\(\$\_GET\[.+?file\_get\_contents\(\'http\:\/\/.+?gethostbyname.+?dbl\.spamhaus\.org\'\)\;.+?\?>/is,