http://urlquery.net/report.php?id=2125280

@ polonus,

Apparently the entire site is infected with flash malware code. Am in contact with webmaster as this is ongoing atm. If you can contact them directly, I think they might appreciate the help.

Sucuri give nothing. http://sitecheck.sucuri.net/results/kstp.com/

quttera say clean. http://quttera.com/detailed_report/kstp.com

Hi mchain,

This redirect is to a site that has a poor rep: http://www.mywot.com/en/scorecard/b.scorecardresearch.com?utm_source=addon&utm_content=popup-donuts it is on code line 889: < img src=“htxp://b.scorecardresearch.com/p?c1=2&c2=15551634&cv=2.0&cj=1” />
listed in the OpenDNS block tool…Do not know if that is without the site owner’s knowledge or info?

polonus

@ polonus,

Thanks for that information. I’ll pass that on if that is ok with you. Will wait for your ok.

@ pondus,

Thanks. Reason for posting this is because flash-enabled streaming video anywhere on the site would run audio for only one second, and run video for only three seconds and then hang. Odd behavior that and thought that alone was enough to look into. Urlquery does show something going on related to flash, (not exactly sure what Suricata /w Emerging Threats is) so…

Well the Wepawet scan gave this

see: http://www.threatexpert.com/report.aspx?md5=f6091c72a827d29861cca93a58428df6
with Outbound traffic (potentially malicious)

Malware¶

Additional (potential) malware:
URL Type Hash Analysis
http://kstp.com/photoGallery/2013-04-10-923/
N/A N/A

polonus