See: https://www.virustotal.com/nl/url/e4e16bf11462f328ae91a12ce95f34e68db1d7374aa8a997277ab7a3cec0edc3/analysis/1399824353/ (5 detections)
Missed completely: http://quttera.com/detailed_report/ww.kuaizip.com
Found up as potentially harmful: http://sitecheck.sucuri.net/results/ww.kuaizip.com

Checked for asp.net website warnings: https://asafaweb.com/Scan?Url=ww.kuaizip.com
Flagged by WOT as with malware: https://www.mywot.com/en/scorecard/kuaizip.com?utm_source=addon&utm_content=popup

iFrame check: Suspicious
htxp://kuaizip.com/shop/index.php/ads/mpu’

Javascript check: Suspicious

? " https://" : " http://“); document.write(unescape(”%3cscript src=‘" + _bdhmprotocol + "hm.baidu dot com/h.js%3f59cb33d031118d74db5b4ef1b0130c75’ type=‘text/javascript’%3e%3c/script…

Included scripts: Suspect - please check list for unknown includes

htxp://s20.cnzz.com/stat.php?id=3969160&web_id=3969160

IDS alerts: http://urlquery.net/report.php?id=1399825739283

FP? → http://md5.virscan.org/763211c2b68d97a513510ccd338b1383 → https://www.virustotal.com/nl/file/105f843f7805f3fdc4ad2b76cc05803364bd6abaf905139f17ed4a884f4c8407/analysis/

mistakes: http://www.seocert.net/analyzer.kuaizip.com → http://saferpage.de/kuaizip.com

polonus

This SEO spam seems hard to detect → http://sitecheck.sucuri.net/results/branded4good.com/blog/15-tips-great-nonprofit-event-photos/
Also flagged here: http://app.webinspector.com/public/reports/22658486
Two instances of TrojWare.JS.Agent.caa flagged there.
DrWeb’s misses it completely as does this scan: http://killmalware.com/branded4good.com/blog/15-tips-great-nonprofit-event-photos/
avast Web Shield also fails to detect.

pol

This full url: htxp://branded4good.com/blog/15-tips-great-nonprofit-event-photos/ however is being detected and blocked by avast Webshield as infected with JS:HideLink-A[Trj]

polonus

VirusTotal - branded4good.com/blog
https://www.virustotal.com/nb/file/e74cb9adaf4f95e2e3237ecaa68905891c77f51d66b26024bf1d8881319ad88c/analysis/1403299228/

Thanks Pondus, right you are. Alas this url is not flagged: htxp://branded4good.com/
I have checked that.

pol

Correct, SEO spam is in the blog

Blacklisted by Yandex: htxp://alikante-ispaniya.ru/
Site likely compromised and blacklisted: http://sitecheck.sucuri.net/results/alikante-ispaniya.ru/
Nothing flagged here: http://urlquery.net/report.php?id=1403527719774
Javascript check: Suspicious

href=“htxp://alikante-ispaniya.ru/engine/opensearch.php” title=“àëèêàíòå èñïàíèÿ. ñàéò ïðî ãîðîä àëèêàíòå è êîñòà áëàíêó.” /> <link rel=“alternate” type=“application/rss+xml” title…

Included scipts check:
Suspect - please check list for unknown includes

Suspicious Script:
alikante-ispaniya dot ru//engine/classes/js/dle_js.js
.ru/whois/?ip=‘+a+’" target=“_blank”>‘+c+“”;e[1]=’<a href=“'+dle_root+dle_admin+”?mod=iptools&ip=“+a+'” target=“blank">'+b+“”;e[2]=
Suspicious Script:
alikante-ispaniya dot ru//engine/classes/highslide/highslide.js
e=eval(this[d+“eval”])}catch(f){}!this[d]&&this[d+“text”]&&(e=this[d+“text”]);if(!this[d]&&!e&&(this[d]=hs.getnode(this.a["”+d+“id”]),!this *

Site not blocked by avast! Web Shield, but by WOT: https://www.mywot.com/en/scorecard/alikante-ispaniya.ru?utm_source=addon&utm_content=rw-viewsc

Phishing from IP now dead? → http://support.clean-mx.de/clean-mx/phishing.php?id=3677431

polonus

• a feeling of deja-vu here: https://forum.avast.com/index.php?topic=143182.0

D

Another site example with suspicious code:
See: http://app.webinspector.com/public/reports/22783307
Nothing here: http://sitecheck.sucuri.net/results/nsk.megafon.ru
Detected here: http://quttera.com/detailed_report/nsk.megafon.ru
Severity: Suspicious
Reason: Detected encoded JavaScript code commonly used to hide suspicious behaviour.
Details: Detected encoded JavaScript code used to hide suspicious activity
Threat dump: var searchIndex = {“\u043a\u0430\u043a”:[9,11,12,14,74 etc etc

polonus

Site blacklisted, but is it also being detected?
Re: https://safeweb.norton.com/report/show_mobile?name=d8inc.net
Potentially harmful because site likely compromised: http://sitecheck.sucuri.net/results/d8inc.net

pol

See: http://sitecheck.sucuri.net/results/bearingcompany.org/
ISSUE DETECTED DEFINITION INFECTED URL
Website Malware malware-entry-mwblacklisted35 htxp://bearingcompany.org/factory-photoes/ ( View Payload )

SE visitors redirects
Visitors from search engines are redirected
to: htxp://ibontu.25u.com/ → https://www.virustotal.com/en/domain/ibontu.25u.com/information/
9757 sites infected with redirects to this URL

polonus

Be cautious → : http://www.avgthreatlabs.com/website-safety-reports/domain/narod.ru/
VirusWatch has Up(nil): unknown_html RIPE VG abuse at compubyte dot g 193.109.247.224 to 193.109.247.224 narod dot ru htxp://anti-toyota.narod.ru/engine/4zz-fe/index.html
https://www.mywot.com/en/scorecard/anti-toyota.narod.ru?utm_source=addon&utm_content=popup
Nothing here: http://sitecheck.sucuri.net/results/anti-toyota.narod.ru/engine/4zz-fe/index.html
WOT flags: http://www.urlvoid.com/scan/anti-toyota.narod.ru/

pol

See: http://app.webinspector.com/public/reports/22825301
Active suspicious connections detected:
http://s.m2pub.com/player.html?a=11880119&rt=generic&closeButton=Left&backgroundColor=transparent&size=728x90&context=c15471780&ci=9&r=http%3A%2F%2Fwww.google.com%2F&u=http%3A%2F%2Fwww.online.dramacaf …
is infected with the s.m2pub.com virus → http://malwaretips.com/blogs/s-m2pub-com-removal/
Not being detected here:
https://www.virustotal.com/en/url/95efdde6a3787879740d59120fed7cbc7e7b7de4cf72ef71681f85b1ccf9ecea/analysis/1404055177/
Also missed here: http://sitecheck.sucuri.net/results/www.online.dramacafe.tv

polonus

See: https://www.virustotal.com/en/domain/www.massimocitro.com/information/
and
http://killmalware.com/massimocitro.com/#
Confirmed here: http://sitecheck.sucuri.net/results/www.massimocitro.com

pol

This one is being given as suspicious: http://killmalware.com/mykolpakcentral.com/
Infection confirmed here: http://sitecheck.sucuri.net/results/www.soobk.com/
Website Malware MW:IFRAME:HD202 htxp://www.soobk.com/
Website Malware MW:IFRAME:HD202 htxp://www.soobk.com/?page_id=2
Website Malware malware-entry-mwblacklisted35 htxp://www.soobk.com/?p=1
Website Malware MW:IFRAME:HD202 htxp://www.soobk.com/?cat=1
Website Malware MW:IFRAME:HD202 htxp://www.soobk.com/?author=1
Website Malware malware-entry-mwblacklisted35 htxp://www.soobk.com/?m=201405
Re:
https://www.virustotal.com/en/url/5fdf15bfdbd08ba5c1d0018e9a89ccd0adab95029abb973a902571bbf2bb26ce/analysis/1404221961/
WordPress version outdated: Upgrade required.
Outdated WordPress Found: WordPress Under 3.9.1

Badness history for IP: http://support.clean-mx.de/clean-mx/viruses.php?review=31.170.160.95&sort=id%20DESC

OpenCandy malware OVERDUE! Overdue!543.7 hrs up and active!

polonus

See: http://killmalware.com/polybake.com/# → http://sitecheck.sucuri.net/results/polybake.com
redirecting via iFrame to htxp://nmsbaseball.com/post.php?id=55899 with a bad web rep: https://www.mywot.com/en/scorecard/nmsbaseball.com?utm_source=addon&utm_content=popup
Warning: https://www.google.nl/interstitial?url=http://www.nmsbaseball.com/
IP malware history: http://support.clean-mx.com/clean-mx/viruses.php?ns2=ns2.namecity.com&sort=email%20asc,review%20desc&response=alive (all up and alive long OVERDUE! malware).
A general IP block for IP address: 62.233.121.75 seems advisable.
See: http://www.projecthoneypot.org/ip_62.233.121.75
and :o http://sameid.net/ip/62.233.121.75/

polonus

Site with SEO Spam not flagged?
See: http://app.webinspector.com/public/reports/show_website?site=http%3A%2F%2Fcarrollprimarycare.com
Confirmed malware here: http://sitecheck.sucuri.net/results/carrollprimarycare.com

Malware on IP: Up(nil): unknown_html_RFI_shell ARIN US ipadmin at websitewelcome dot com 192.185.137.150 to 192.185.137.150 salesleadgenerationinfofromlynx dot com hxtp://salesleadgenerationinfofromlynx.com/ 2014-01-27
This URL hosts a threat identified as: CYSC.BLACKLISTED.GEN.
Nothing flagged here: http://quttera.com/detailed_report/carrollprimarycare.com
Confirmed: https://www.virustotal.com/en/url/f5a631076cdcb7d9afe3d838c00d5598d81e8059fb164e9a5b799a342ea53a2f/analysis/1404318305/

pol

Missed by an awful lot of scanners, site with Object: htxp://remingtonsnj.com/
SHA1: 3a5a0a1ddc1de3a9f939a319284d057be9f397cf
Name: TrojWare.JS.Agent.caa
Detection confirmed here: http://sitecheck.sucuri.net/results/remingtonsnj.com
Site vulnerable for SEO Spam infection because of WordPress version outdated: Upgrade required.
Outdated WordPress Found: WordPress Under 3.9.1

Known Spam detected. Details: http://sucuri.net/malware/entry/MW:SPAM:SEO
Vi3gr3 spam
*Known javascript malware. Details: http://sucuri.net/malware/entry/MW:SPAM:SEO
t=‘’;}}x[l-a]=z;}document.write(‘<’+x[0]+’ ‘+x[4]+’>.‘+x[2]+’{‘+x[1]+’}</‘+x[0]+’>');}xViewState();

E.g. missed here: http://zulu.zscaler.com/submission/show/a2ac88d091dd00eac21fb78d348527d4-1404326397
and here: http://urlquery.net/report.php?id=1404326831424

pol

Also not blocked by Trend Micro which are known for their good website blocking.

Custom errors: Fail → https://asafaweb.com/Scan?Url=www.segogo.net
Blacklisted: http://sitecheck.sucuri.net/results/segogo.net
Blacklisting status
Google reports segogo.net as suspicious website
1 domain found on 199.114.247.152. Thus Segogo.net looks like dedicated hosting / dedicated server.

polonus

Long OVERDUE! Phishing site not flagged: http://support.clean-mx.de/clean-mx/phishing.php?id=4549050
and http://app.webinspector.com/public/reports/show_website?site=http%3A%2F%2Fwww.casadosfrangos.com
See: http://support.clean-mx.de/clean-mx/view_phishcontent.php?id=4549050&url=http%3A%2F%2Fwww.casadosfrangos.com%2Fcache%2Fgoogledocs
Missed here: https://www.virustotal.com/nl/url/667424a0d4118ec1e9d959ba3852460b789a5d8658ef28db6b4bb788be634104/analysis/1404560942/ and here: http://urlquery.net/report.php?id=1404561260500

IP badness history: https://www.virustotal.com/nl/ip-address/50.87.4.145/information/

pol