Few online scanners to detect suspicious site!

See the vulnerability here: htxp://kfv-sk.de/ → http://fetch.scritch.org/%2Bfetch/?url=http%3A%2F%2Fkfv-sk.de%2F&useragent=Fetch+useragent&accept_encoding=http://web.nvd.nist.gov/view/vuln/search-results?page_num=2281&cves=true&uscert_ta=false&uscert_vn=false&oval_query=false&adv_search=true
http://killmalware.com/pictures.kfv-sk.de/https://www.virustotal.com/nl/ip-address/82.165.127.50/information/
https://www.virustotal.com/nl/url/31aefad9e58a7042f6ebfb23b51136492476bf49c80c954e13e8e0bcbf3eb908/analysis/

Only Bitdefender TrafficLight extension blocks this site in the browser, avast! does not,

Additionally checked by Para-Noid. Thanks for that input.
Here are his scan results.

Nothing detected by:
http://quttera.com/detailed_report/kfv-sk.de
http://dnscheck.pingdom.com/?domain=+ kfv-sk.de
http://sitecheck2.sucuri.net/results/kfv-sk.de
http://www.domxssscanner.com/scan?url=http%3A%2F%2Fkfv-sk.de
http://urlquery.net/report.php?id=1396632870193

Flagged as suspicious by: http://zulu.zscaler.com/submission/show/a2f6c28aeb6357934c314b7b40bc04b5-1396632284
and http://www.ragepank.com/redirect-check/

polonus

This is an old WordPress SE visitors redirect to a site that was being flagged here 2 years ago: http://www.urlvoid.com/scan/gigop.americanunfinished.com/
with recent results: http://www.urlvoid.com/scan/gigop.americanunfinished.com/ (similar)
Very bad webrep: https://www.mywot.com/en/scorecard/gigop.americanunfinished.com
See the report from 2012: http://blog.sucuri.net/2012/03/conditional-redirect-malware-decoded-evalbase64_decode-example.html#more-3430
An infestation from this campaign recently found (115 hours ago), so it is being continued → SE visitors redirects
Visitors from search engines are redirected
to: http://gigop.americanunfinished.com/
194 sites infected with redirects to this URL
But not established here: http://www.ragepank.com/redirect-check/
To redirect all traffic from htxp://hoteldiscountdeals.org to htxp://www.hoteldiscountdeals.org (and also redirect all other domains parked into the same webspace)


RewriteEngine on
RewriteCond %{HTTP_HOST} !^www\.hoteldiscountdeals\.org
RewriteRule (.*) http://www.hoteldiscountdeals.org/$1 [R=301,L] 

See also: See: http://www.rexswain.com/cgi-bin/httpview.cgi - link: http://www.rexswain.com/cgi-bin/httpview.cgi?url=http://hoteldiscountdeals.org/xmlrpc.php&uag=Mozilla/5.0+(Windows+NT+6.0)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/33.0.1750.154+Safari/537.36&ref=http://www.rexswain.com/httpview.html&aen=&req=GET&ver=1.1&fmt=AUTO

pol

There are apparently some attack problems here: http://fetch.scritch.org/%2Bfetch/?url=http%3A%2F%2Fhoteldiscountdeals.org%2F&useragent=Fetch+useragent&accept_encoding=
One a Vegur_400-Vegur_700.font.js attack → http://stackoverflow.com/questions/6127084/cufon-toggle-css-visibility-with-jquery-fails-only-in-ie8
link author = Scott B, also read: http://security.stackexchange.com/questions/23507/cufon-or-prototype-as-an-attack-vector-for-blackhole-exploit-kit
credit to link author in reply = Mario Awad → htxp://hoteldiscountdeals.org/wp-content/themes/hotel/js/Vegur_400-Vegur_700.font.js

See malware and payload here: http://sitecheck3.sucuri.net/results/hoteldiscountdeals.org/
http://labs.sucuri.net/db/malware/malware-entry-mwblacklisted35

Site hacked because of Web application version:
WordPress version: WordPress 3.3.1
Wordpress version from source: 3.3.1
Wordpress Version 3.3.2 based on: htxp://hoteldiscountdeals.org//wp-admin/js/common.js
WordPress theme: htxp://hoteldiscountdeals.org/wp-content/themes/hotel/
WordPress version outdated: Upgrade required.

IP badness history: https://www.virustotal.com/nl/ip-address/192.185.111.192/information/

polonus

Missed here: http://sitecheck.sucuri.net/scanner/?scan=http%3A%2F%2Fcolorectalsurgerycenter.com
and here:
malicious redirect but site not being blocked by avast!
Header returned by request for: htxp://colorectalsurgerycenter.com/ → 184.168.53.1

HTTP/1.1 302 Moved Temporarily
Date: Sat, 05 Apr 2014 22:27:17 GMT
Server: Apache
Location: htxp://www.cibonline.org/cache/mod_poll/7c7478fde2f89a23.php

The location line in the header above has redirected the request to: htxp://www.cibonline.org/cache/mod_poll/7c7478fde2f89a23.php
Redirect to this URL found in 3938 sites → https://www.mywot.com/en/scorecard/cibonline.org?utm_source=addon&utm_content=popup

Read on this multi iFrame campaign: http://www.webroot.com/blog/2013/11/13/malicious-multi-hop-iframe-campaign-affects-thousands-of-web-sites-leads-to-cve-2011-3402/ link article author = Dancho Danchev access to site blocked by Google Safebrowsing

polonus

Flagged here: https://www.virustotal.com/nl/url/510f2320d2cd2daaf507e6a6897b6fc83f6c852bfb5d8d3a798e633e643cdf28/analysis/
and certainly here: http://urlquery.net/report.php?id=1396738600159
Missed here: http://killmalware.com/6blctpogenru.blogspot.no/
100/100% malicious: http://zulu.zscaler.com/submission/show/47e6c5959ce062a30d39031122e930f6-1396738407

avast detects HYML:Script-inf on site. We are being protected!

pol

P.S. This external link is malicious and starts immediately with document write…see:
https://www.virustotal.com/nl/url/f8754a48d1bdfee583b93436d005e4037609066dc292371a7343dae01bf2fae3/analysis/1396739088/
and this one is blocked by Google Safebrowsing: htxp://iptrafn.zapto.org/follownb.php?i=819

D

Site benign or with issues?
Benign: http://zulu.zscaler.com/submission/show/3277574dd86dcf3045353298f50c4b79-1396739641
Benign: http://quttera.com/detailed_report/traffictrader.net
IP reported: http://multirbl.valli.org/lookup/204.13.167.6.html
Bad web rep: https://www.mywot.com/en/scorecard/204.13.167.6?utm_source=addon&utm_content=popup
Suspicious: http://app.webinspector.com/public/reports/21114340
Flagged thrice: https://www.virustotal.com/nl/url/e1c89bd98eae7a815abeb15a49aa499c65a55b166c7a3450288af0551cff9c50/analysis/1396739596/
Flagged and malicious code given: http://maldb.com/traffictrader.net/

pol

RBN site not alerted: http://urlquery.net/report.php?id=1395639474090
See: https://www.virustotal.com/nl/url/53784c321bb9b8c06ab0212e3615c3a6876f061836b75a85eee33af329fea3e9/analysis/
Nor flagged here: http://sitecheck2.sucuri.net/results/www.cultofmac.com/

pol

Not detected cyber crime site: 188.240.34.210,188.240.34.210,IPv4 address, → Dexter bot https://www.virustotal.com/nl/url/ed034e125b946bb8f427abaaa2353093fcc7331d1e7d724a89877197e33f67e5/analysis/1397134875/
Most of the malware on IP dead or closed: http://62.67.194.183/clean-mx/viruses.php?email=admin@chnet.ro&response=
Server redirect status: Code: 404, Content cannot be read!
Bitdefender Traffic Light blocks double quad address as malcious.

pol