Inittially nothing detected via recommended scan: http://sitecheck.sucuri.net/results/vur.me/s/michael721
Site has a history of launching various malcode from 2010 to now, lasting to be active from 2,2 to 8,2 hrs (Clean MX data -
latest data not available as Clean MX is being Ddos-attacked at the mo 
Flagged IDS alert for ET SHELLCODE Excessive Use of HeapLib Objects Likely Malicious Heap Spray Attempt Severity 1
https://urlquery.net/report.php?id=7392780
Also flagged on VT: https://www.virustotal.com/nl/url/378b5d73ce5dcf65f961f12f6edfd4f54d58a2045f5986282a713aac09f44340/analysis/
We see such an attack reported here by BotHunter 192.168.1.34
0.8 VIEW 2
1:22013222 {tcp} Inbound Attack: (experimental) ET SHELLCODE Excessive Use of HeapLib Objects Likely Malicious Heap Spray Attempt MAC_Dst: 00:01:64:FF:CE:EA; 1165<-80 followed by an EGG DOWNLOAD and a SHELLCODE EXPLOIT attempt.
Modified sig from GMane: https://lists.emergingthreats.net/pipermail/emerging-sigs/2011-July/014649.html
On that particular exploit read: https://www.corelan.be/index.php/2011/12/31/exploit-writing-tutorial-part-11-heap-spraying-demystified/
link credits go to Corelan’s Peter van Eeckhoute.
Quttera flags this on site:
/javascript%3Afalse;document.write%28
Severity: Potentially Suspicious
Reason: Detected unconditional redirection to external web resource.
Details:
Threat dump: *N.B.
File size[byte]: 1532
File type: ASCII
MD5: 50C0BAA15EAE58C88D95B87C5F4714D1
Scan duration[sec]: 0.001000
- NB → flagged also here: http://urlquery.net/report.php?id=1272303 → http://www.mywot.com/en/scorecard/goto-pro.com?utm_source=addon&utm_content=popup-donuts (Digital Marketer engaging on Twitter **)
Google browser difference for site:
Not identical
Google: 2053 bytes Firefox: 1344 bytes
Diff: 709 bytes
First difference:
t=‘htxp://goto-pro.com/images/buttons_1x1.jpg’ /> <meta property=‘og:image’ content='http://g… **
To be checked on: htxp://goto-pro.com/go/to.pl?l=recommended&cu=1 → ‘your browser doesn’t support f’
Virus mbl_595401 on htxp://vur.me/cancertruth/naturalclearvision seems dead since: 2013-08-14 23:07:16 when it was closed.
This malcreation was on longest for 8,2 hrs “unknown html” on htxp://vur.me/s/Auto-Click-Profits1
polonus