Where we have found it on a se redirected webpage: http://killmalware.com/pasadenaelectrician.net/#

Why my uBlock0 extension blocked it: because of the following filter
||adtrack.voicestar.com^
Found in: MVPS HOSTS

DOM XSS issues: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fadtrack.voicestar.com%2Feuinc%2Fnumber-changer.js

Background how rewrite in Google Tag Manager works: http://mudd.com/blog/marchex-javascript-rewrite-in-google-tag-manager/

Insecure IDs tracking on se redirected website: This website is insecure.
66% of the trackers on this site could be protecting you from NSA snooping. Tell pasadenaelectrician.net to fix it.
All trackers
At least 3 third parties know you are on this webpage.

-adtrack.voicestar.com * what we blocked
-shaaaaaaaaaaaaa.com
-pasadenaelectrician.net -pasadenaelectrician.net

Also consider: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fpasadenaelectrician.net%2F
See: http://toolbar.netcraft.com/site_report?url=http://pasadenaelectrician.net

And just this one insecure: https://sritest.io/#report/3045305f-9647-4eac-93c7-b9d8dfb6bcc9
→ http://www.domxssscanner.com/scan?url=http%3A%2F%2Fadtrack.voicestar.com%2Feuinc%2Fnumber-changer.js

polonus (volunteer website security analyst and website error-hunter)

Likewise threat analyzed here: https://www.threatcrowd.org/domain.php?domain=agouraelectrician.net

Here the earlier mentioned malware in this threat is also being flagged: http://urlquery.net/report.php?id=1479567337320

IP malware history: http://www.malwareurl.com/ns_listing.php?as=AS8560
with -ksoltani.com -ns29.1and1.com => -217.160.80.149
-ns30.1and1.com => -217.160.81.149
(AS8560) SCHLUND
-74.208.215.181 =Trojan JS 2016-10-21 → http://urlquery.net/report.php?id=1479567689107

polonus

polonus