See: https://www.virustotal.com/nl/url/edab9b6af4e49d646984eb22bd98a802e0e520b86514cb661250764589fce314/analysis/1384904508/
Potentially suspicious file detected: http://quttera.com/detailed_report/hiddensecret.co
Detected procedure that is commonly used in suspicious activity.
Details: Too low entropy detected in string [[‘#WFItem html{color:#000 !important;background:#FFF !important;} #WFItem body,’]] of length 14640 which may point to obfuscation or shellcode. (source quttera scan)
flagged at VirusWatch archives as: Up(nil): unknown_html ARIN US abuse at liquidweb dot com 69.167.180.160 to 69.167.180.160 hiddensecret dot co htxp://hiddensecret.co/
Detected at urlquery: http://urlquery.net/report.php?id=7826132
IDS alert: ET POLICY Maxmind geoip check to /app/geoip.js → Fraudulent IP abuse IDS detection going on.

pol