Re: https://www.virustotal.com/nl/url/616283de8b795ba178795f2f908065e478f6c53a8d64fb05891a5e8ef391b058/analysis/1423063952/
index
Severity: Suspicious
Reason: Detected suspicious redirection to external web resources at HTTP level.
Details: Detected HTTP redirection to htxp://173.245.86.201/.
File size[byte]: 0
File type: Unknown
Page/File MD5: 00000000000000000000000000000000
Scan duration[sec]: 0.001000
See: http://anti-hacker-alliance.com/index.php?details=173.245.86.201 & https://malwr.com/analysis/YzhjMmFmMzI0NTZlNDYyZmE0MjU2YmEzMTBmOGZhNTU/

Parked, expired - IP badness history: https://www.virustotal.com/nl/ip-address/173.245.86.201/information/
Registered and active: http://whois.domaintools.com/hesadera.com

DNS errors and fail: http://www.dnsinspect.com/hesadera.com/1423064710
NS & SOA = 0 :o

Injection Check:
Suspicious Text after HTML

318123000:2015-02-04 07:34:27

Javascript Check; Suspicious:

var gl={trackingurl:‘htxp://hesadera.com/tracking.php’,searchurl:'http://hesadera.com/ind

Vuln.: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fhesadera.com%2F
& Results from scanning URL: htxp://cdn.yousee.com/js/b/jquery.min.js
Number of sources found: 91
Number of sinks found: 13

blacklisted link in code to: -afs.googleusercontent.com
Re: https://www.virustotal.com/nl/domain/afs.googleusercontent.com/information/

External link to: https://www.virustotal.com/nl/domain/a1.dnbizcdn.com/information/

avast detected HTML:RedirME-inf [Trj] on website.

polonus