Flagged by Sucuri’s: https://www.virustotal.com/nl/url/da6be13015d97a0a2a076b7907cf3fe1a3a057521f0f4213d90ded975765c8e9/analysis/1438977849/
On site is this code: http://assets.tumblr.com/assets/scripts/vendor/yahoo/rapid-3.29.js?_v=eba0b54ceda4a58e0c1ee32920e5bc09 which has
/*! scripts/polyfills/function.bind.polyfill.js */
Attacking polyfills
The goal of the attack is to run the original function instance, replacing the previously bound arguments with the new runtime values. Because the original function might rely on its privacy, it might NOT validate the inputs, assuming that some of them will always be bound to the “safe” values.
Server vulnerable: System Details:
Running on: Apache/2.2.3
Outdated Web Server Apache Found: Apache/2.2.3
Detected on IP: https://www.virustotal.com/nl/file/d4617b2aeef840b14f081f880beb4149f0de4a169efcea631cf5850cbe285294/analysis/
uMatrix has prevented the following page from loading:
-http://b3.mookie1.com/ → bad zone: Could not get name servers for ‘b3.mookie1.com’.
http://www.dnsinspect.com/mookie1.com/1438979869
Warning: WARNING: Could not resolve domain mookie1.com…
nameserver: http://toolbar.netcraft.com/site_report?url=http://ns1.themig.com
http-robots.txt: 12 disallowed entries
| /cgi-bin/ /images/ /signature/ /marketing/ /css/
|_/files/ /js/ /common/ /p3p/ /w3c/ /campaigns/ /partnerships/
and redirects to: -http://www.xaxis.com/ an advertising platform-> : http://toolbar.netcraft.com/site_report?url=http://www.xaxis.com - bad bot and ad trackers galore: https://www.mywot.com/en/scorecard/xaxis.com?utm_source=addon&utm_content=rw-viewsc (chartbeat dot com and sharethis dot com) and of course -b.3.mookie1.com which uMatrix prevented from loading.
N.B. Sucuri detects malware as: Domain detected on spam or phishing campaigns. Details: http://sucuri.net/malware/entry/MW:HTA:7
This specific URL was identified in malicious campaigns to disseminate malware.
polonus (volunteer website security analyst and website error-hunter)