See: Redirects to: htxp://domain.dot.tk/p/?d=COFFER.TK&i=162.216.19.183&c=1&ro=0&ref=http%3A%2F%2Fsucuri.net&_=1421343478884
see: http://quttera.com/detailed_report/coffer.tk & http://sitecheck.sucuri.net/results/coffer.tk
See: https://www.mywot.com/en/scorecard/coffer.tk?utm_source=addon&utm_content=contextmenu

polonus

The suspicious code:

 [<meta http-equiv="refresh" content="1; URL=htxp://domain.dot.tk/p/?d=COFFER.TK%26i=178.238.237.230%26c=49%26ro=0%26ref=google.com%26_=1421343479759"/>]

→ https://www.virustotal.com/nl/ip-address/178.238.237.230/information/
Listed here: http://www.phishtank.com/user_submissions.php?page=6&username=GaryDee
See: https://www.countryipblocks.net/country_ip_location_database24.php?ipgroup=178.238.237
malware blocked: htxp://ciar.org/ttk/hitrecent.cgi?n=100&page=1501

pol

no detection on code
https://www.virustotal.com/en/file/b5adbae0dc0fd5406f9109eef5874b9be9a1c99d0792bbbe66d566be3e3b22f1/analysis/1421344474/

site seems down if checked at down for evryone

however this say other http://urlquery.net/report.php?id=1421344496952 see url at display in top of pic
it seems to redirect to adw … and a new evrytime you enter