Blocked by WOT and webutation: http://www.webutation.net/go/review/consumertipsdaily.org?req=chrome
Flagged on many instances by VT: https://www.virustotal.com/nl/url/b03111c787aa4f11d6d546ce0b725c40c5cd4ff5a5e79b3c204c48607f07e77a/analysis/1383402944/
Phishing and other frauds, disease vector,spam according to http://urlquery.net/report.php?id=7390685
See IDS severity 1: http://doc.emergingthreats.net/bin/view/Main/2015878
Exploitable: http://www.cvedetails.com/vulnerability-list/vendor_id-74/product_id-128/version_id-142889/PHP-PHP-5.3.18.html

On redirect to htxps://wahinstitute.net/?t202kw=affi&sid=
I get these included scripts alerted:

Suspect - please check list for unknown includes
htxps://wahinstitute.net/js/jscripts-lib.php → http://jsunpack.jeek.org/?report=312c31a8a35696ee8de894542d5b3a2d42bf01be

htxps://wahinstitute.net/js/exitpop.php → http://jsunpack.jeek.org/?report=9ea65ead9320cd7fb07cea26617628bb0a3ba88c
(inserted on themes to go in footer.php)

Quttera comes up with 4 potentially suspicious -
//////////////
/program-available.php?
Severity: Potentially Suspicious
Reason: Detected procedure that is commonly used in suspicious activity.
Details: Too low entropy detected in string [[‘\nToday's Special 61% OFF Discount\n**************‘]] of length 702 which may point to obfuscation or shellcode.
Threatdump: http://jsunpack.jeek.org/?report=4a7af539e48544a01b10bffa58f2ef4b01a41c38
//////////////////index.html
Severity: Potentially Suspicious
Reason: Detected procedure that is commonly used in suspicious activity.
Details: Too low entropy detected in string [[’
\n Today's Special 50% OFF Discount\n ‘]] of length 673 which may point to obfuscation or shellcode.
Threatdump: http://jsunpack.jeek.org/?report=f77ab01654159005e491269a38c69d2ede45ab1c
//////////////////
/1/program-available.php?
Severity: Potentially Suspicious
Reason: Detected procedure that is commonly used in suspicious activity.
Details: Too low entropy detected in string [[’
\nToday's Special 61% OFF Discount\n**************‘]] of length 702 which may point to obfuscation or shellcode.
Threatdump: http://jsunpack.jeek.org/?report=02093071d935edafa73e92a56b034a3bb3ffde6e
//////////////////////////////////////
/#
Severity: Potentially Suspicious
Reason: Detected procedure that is commonly used in suspicious activity.
Details: Too low entropy detected in string [[’
*************\n Today's Special 50% OFF Discount\n *************’]] of length 673 which may point to obfuscation or shellcode.
Threatdump: http://jsunpack.jeek.org/?report=0c8955ce6fa3389079f56beb15d73b033354ce67

pol

Another one: http://urlquery.net/report.php?id=8790923
See: http://jsunpack.jeek.org/?report=7013f04b0a946d7dfb60f878dc02a7a8dc120886
See: http://maldb.com/www.kp.ru/daily/diatlov-pass/

 <div id="uslotitem6326"></div>   

see: http://jsunpack.jeek.org/?report=db3bbdcbfe9c7eaee69d4b7d293166de2837127a

polonus

Listed at PhishTank http://www.phishtank.com/phish_detail.php?phish_id=1952046

Hi Pondus,

Hey, thanks :slight_smile:
That is a valuable precision for those that will alert this via the WOT webrep reports!

pol

and those listed at PhishTank are blocked by openDNS