See: https://www.virustotal.com/nl/url/6d18c00ee528f6d6a2c200ce5f77be8401c05c44f8c4961426f72fda10d7184c/analysis/1406839076/
and https://www.virustotal.com/nl/file/5eaacb285489e60e5e93d2877c195d12eec1ab219d9a4d9322e19157cc4f5631/analysis/1406777976/

Malcode known as a variant of Win32/AdWare.Vonteera.J but Signed file, verified signature 8)
also consider this report: http://www.scumware.org/report/D726199991E3C84405B8238DAA56A635.html

ZuluZscaler flags: http://zulu.zscaler.com/submission/show/fe0eed1c5a4615fdc9d06d2361857a09-1406839225 - >
https://www.virustotal.com/nl/file/5eaacb285489e60e5e93d2877c195d12eec1ab219d9a4d9322e19157cc4f5631/analysis/

Finally scanned at signer of executable: http://app.webinspector.com/public/reports/23608508
with expected results.

On the possible adware to be removed: Adware.Vonteera

polonus

File is blocked by Chrome actually

Hi Steven Winderlich,

Not until you decide to download: htXp://www.flashgames4all.info/Cfvgt444cW/Dcrr32ww.exe
See: http://toolbar.netcraft.com/site_report?url=http://www.flashgames4all.info
See: http://www.garyshood.com/virus/results.php?r=d726199991e3c84405b8238daa56a635

polonus

That download is blocked completely, no way around.

Site with trace error from asafaweb scan: See: https://asafaweb.com/Scan?Url=mrzstandard.com
Custom errors: Fail; extensive headers; Warning; HTTP only cookies; Warning; Clickjacking : Warning
Injection check:
Suspicious Text after HTML

Suspicious of Spam check:
Suspicion of Spam

arset=windows-874" /> louis vuitton damier azur speedylouis vuitton handbags,louis vuitton speedy handbaglouis v…
Side-wide check:
Suspicious

07, has funded the cheap
louis vuitton heels building of homes for grandmothers in nigeria and
sponsored 

Google browser diff: Not identical

Google: 4331 bytes Firefox: 4190 bytes
Diff: 141 bytes

First difference:
ef=“?do=112&go=4698”>louis vuitton damier azur speedylouis vuitton handbags louis vuitton speedy handbaglouis vuitton handb…

Site blacklisted here: http://www.phishtank.com/phish_detail.php?phish_id=2594778

Bad Web Rep: https://www.mywot.com/en/scorecard/mrzstandard.com?utm_source=addon&utm_content=popup

polonus

Is this a Bitdefender TrafficLight FP or is there real malcode on site?
MX VirusWatch alerts:
See: Up(nil): APNIC HK 118.99.31.122 to 91.238.134.53 com-oe43 dot net htxp://com-oe43.net/
Detection: https://www.virustotal.com/nl/url/4adf9a978bb59849bf76a99857e6433621bd36d1ccebbe77cee18aa0cd62d940/analysis/1407001878/
Given as clean: http://sitecheck.sucuri.net/results/com-oe43.net
also here: http://quttera.com/detailed_report/com-oe43.net
Connection time out: http://urlquery.net/report.php?id=1407002148561
DrWeb’s URL scan: htxp://com-oe43.net redirects to htxp://com-oe43.net/indexer.phpa=266107&c=wl_con&s=empty

Checking: htxp://com-oe43.net/indexer.phpa=266107&c=wl_con&s=empty
Engine version: 7.0.9.4080
Total virus-finding records: 5400120
File size: 0 bytes
File MD5: d41d8cd98f00b204e9800998ecf8427e

Very poor web rep: https://www.mywot.com/en/scorecard/com-oe43.net
and the redirect: https://www.mywot.com/en/scorecard/diet.com-oe43.net
See: http://toolbar.netcraft.com/site_report?url=http://diet.diet.com-oe43.net

polonus

Avast blocked some linked URL on the webpage.

Can confirm also blocked for me, but there is more on the site that should be blocked a la BitDefender’s,
because of spam coming from that redirect. Also webapp151.emsecure dot net seems to be involved in this scheme.

pol

Weird issue - why a site without any content is flagged by Google Safebrowsing?
Sucuri gives site as potentially harmful, and Google Safebrowsing blocks and flags.
See: http://killmalware.com/schoonmaakbedrijfnooitgedacht.nl/
Detected once: https://www.virustotal.com/nl/url/52cdace654fab4439da57f9a9d8ad86a5e776468f13d273359b81dc54896d877/analysis/
See: http://www.google.com/safebrowsing/diagnostic?site=schoonmaakbedrijfnooitgedacht.nl
ON IP: http://sameid.net/ip/84.244.181.105/ & https://www.virustotal.com/nl/ip-address/84.244.181.105/information/
See what I find as exact content on site: http://fetch.scritch.org/%2Bfetch/?url=http%3A%2F%2Fschoonmaakbedrijfnooitgedacht.nl&useragent=Fetch+useragent&accept_encoding=

Source
Code: [Select]

polonus

Again site without content - Not detected: https://www.virustotal.com/nl/url/c84a910005e0eda05fa58157cddff475f0f9e041bbb063af4d8940497d759f76/analysis/
and http://quttera.com/detailed_report/bjsumking.com
and http://urlquery.net/report.php?id=1407423629738
Outdated Web Server Nginx Found Vulnerable Header: nginx/1.2.1 → http://nginx.org/en/security_advisories.html
SE visitors redirects
Visitors from search engines are redirected
to: htxp://rymeytjtyjhn5t.justdied.com/1.php → https://www.virustotal.com/nl/url/b6d54078be7313ac985510dc7e1c10b73a890dc0b1d96b1fc98ef3e44bb70b01/analysis/
489 sites infected with redirects to this URL
Bitdefender TrafficLight alerts and blocks site.
IP badness history: https://www.virustotal.com/nl/ip-address/116.255.231.23/information/

pol

See: http://app.webinspector.com/public/reports/show_website?result=3&site=http%3A%2F%2Fdrsankowski.com
&
https://www.virustotal.com/nl/url/ad8ce626bb0b91de111ed90247c70b6b94666f839ada64c7b7bbd262b38c3554/analysis/
&
http://quttera.com/detailed_report/drsankowski.com
Instances found of http://sucuri.net/malware/entry/MW:IFRAME:HD28uspicious JavaScript code injection.
Details: Procedure [unescape] has been called with a hidden string ‘document.write(i910ac57(’’ containing execution of potentially suspicious code -Read: http://wordpress.org/support/topic/wordpress-exploit-script-inserted-into-code
Cause: Web application version:
WordPress version: WordPress 3.8.4
Wordpress version from source: 3.8.4
Wordpress Version 3.8.0 based on: htxp://drsankowski.com/wp-admin/js/common.js
WordPress directory: htxp://drsankowski.com/wp-content
WordPress theme: htxp://drsankowski.com/wp-content/themes/sankowski/
Wordpress internal path: /wp-content/themes/sankowski/index.php
WordPress version outdated: Upgrade required.
Outdated WordPress Found: WordPress Under 3.9.1

polonus

Mystery site indeed: http://guess.scritch.org/%2Bguess/?url=schoonmaakbedrijfnooitgedacht.nl Confirmed.

DrWeb’s URL Check results:
Checking: htxp://schoonmaakbedrijfnooitgedacht.nl/
Engine version: 7.0.9.4080
Total virus-finding records: 5409157
File size: 0 bytes
File MD5: d41d8cd98f00b204e9800998ecf8427e

zero = zero

pol