My firekeeper extension in my browser alerted me to this when visiting the URL:
=== Triggered rule ===
alert (msg:“The address you tried to access points to a Malware. Please visit http://www.malwarepatrol.net for more information”; url_content:“htxp://spth.virii.lu”; reference:url,www.malwarepatrol.net; fid:642459; rev:20130926145254;)
=== Request URL ===
htxp://spth.virii.lu/rrlf6/utilities/split.htm
Normalized URL: htxp://spth.virii.lu:80
Submission date: Thu Sep 26 17:00:19 2013
Server IP address: 80.90.43.162
Country: Luxembourg
Malicious files: 1
Suspicious files: 0
Potentially Suspicious files: 0
Clean files: 105
External links detected: 364
Iframes scanned: 0
Blacklisted: No
Malicious files: 1
/cb5/cb5418.txt
Severity: Malicious
Reason: Detected known malicious content.
Details: Threat detected according to previously retrieved information
File size[byte]: 651
File type: ASCII
MD5: AC54C53CEAD78F2967DE2BF0B48DE823
Scan duration[sec]: 0.001000
https://www.virustotal.com/en/ip-address/80.90.43.162/information/
See: http://scanurl.net/?u=http%3A%2F%2Fspth.virii.lu%2Frrlf6%2Futilities%2Fsplit.htm&uesb=Check+This+URL#results
Quttera scans as malicious: http://www.quttera.com/detailed_report/spth.virii.lu
Malicious files: 1
/cb5/cb5418.txt
Severity: Malicious
Reason: Detected known malicious content.
Details: Threat detected according to previously retrieved information
File size[byte]: 651
File type: ASCII
MD5: AC54C53CEAD78F2967DE2BF0B48DE823
Scan duration[sec]: 0.001000
Also detected by Netcraft:
=== Triggered rule ===
alert (msg:“The address you tried to access points to a Malware. Please visit http://www.malwarepatrol.net for more information”; url_content:“htxp://spth.virii.lu”; reference:url,www.malwarepatrol.net; fid:642459; rev:20130926145254;)
=== Request URL ===
http://mirror.toolbar.netcraft.com/check_url/v2/http://spth.virii.lu/1348086690/info
Is this a threat or just an innocent txt representation of a malcode tool?
Please comment?
polonus