Site with potentially suspicious content flagged?

polonus · 2015-08-03T16:25:02.000Z

See: https://www.virustotal.com/nl/url/23d06f9541fe96a366f3e129f4e4e5a98f2db17b378fa8a55e8955ca6dfe0c01/analysis/1438616932/
and then nada: https://www.virustotal.com/nl/file/82c419b7377c98a3e91643dae6c112864af0100f14c0dd3f9b374d9784b6fd6d/analysis/1431524765/
Potentially Suspicious files: 1
index.html
Severity: Potentially Suspicious
Reason: Detected unconditional redirection to external web resource.
Details:
Threat dump:

[[<meta http-equiv="refresh" content="0;url=htxp://imptestrm.com/rg-erdr.php?_dnm=babycitystroller.com%26_cfrg=2%26_drid=as-drid-2555965863243342%26_bkt=11426" />]]

Threat dump MD5: 75C82A8F44192AADAA9BD295F48CB79D
File size[byte]: 1729
File type: HTML
Page/File MD5: 8212C4CFA940A00AD9963559888BDCF4
Scan duration[sec]: 0.011000
uMatrix has prevented the following page from loading:
htxp://imptestrm.com/rg-erdr.php?_dnm=babycitystroller.com%26_cfrg=2%26_drid=as-drid-
2555965863243342%26_bkt=11426 Norton flags annoyance factor - SWBPL
Bitdefender TrafficLight blocks site as with malware. Error: Supplied URL could not be fetched.
jquery.1.8.min5059.js?v=20 could denote a PHISH.

polonus

Pondus · 2015-08-03T19:35:48.000Z

html scan
https://www.virustotal.com/en/file/82c419b7377c98a3e91643dae6c112864af0100f14c0dd3f9b374d9784b6fd6d/analysis/1438630426/

URL is blocked by Opera …

polonus · 2015-08-03T20:06:06.000Z

I see redirecting malware missed here from inside that code: e.g. 2015-07-19 2 d.rmgserving.com/rmgdsc/newcafv2.js?1.1 Malware
http://www.domxssscanner.com/scan?url=http%3A%2F%2Fimptestrm.com
Results from scanning URL: -http://imptestrm.com
Number of sources found: 1
Number of sinks found: 10
Results from scanning URL: -http://c.rmgserving.com/rmgdsc/newcafv2.js?1.1
Number of sources found: 0
Number of sinks found: 0
→ http://retirejs.github.io/retire.js/

pol

Pondus · 2015-08-03T20:08:11.000Z

F-Secure reply

===========================================================
The submitted website has been verified to be malicious and the appropriate rating is now updated.

Announcements