Known javascript malware: http://labs.sucuri.net/db/malware/mwjs-iframe-injected691?v17
Flagged here: https://www.virustotal.com/nl/url/a6b583d4df6730e0a81180a78bbbe2d21765450abff4757151e8205bc80c1df9/analysis/1391295725/
Given as benign here: http://zulu.zscaler.com/submission/show/0659c4401937cc00f8198f8a0305203a-1391295900
Malware has been closed: http://support.clean-mx.de/clean-mx/viruses.php?review=77.91.206.20&sort=email+asc,review+desc
It is frustrating that several website scanners will still flag a site as with malcode as it already has been closed after 1.3 hours of time at 2014-02-01 00:07:20. So this has to be evaluated every time through live scanning or at the proper resources!
The unknown_html_RFI_shell malcode that now has been closed was initiated through a Superuser tracerouting attempt via debug info.
We have seen quite an amount of these automated probes and attack attempts lately.
See WhatWeb data: htxp://www.sasenergia.pt/ [200] HTTPServer[Apache],
Adobe-Flash, Google-Analytics [UA-38251232-1],
Apache, IP[77.91.206.20],
Blacklisted URLs on AS: 1105 → http://sitevet.com/db/asn/AS8426
JQuery, Title[SAS Energia],
Country[PORTUGAL][PT]
Site security still questionable, see: http://jsunpack.jeek.org/?report=d88a27915818a56160a6adf852642c84cfbc4c95
Technology report on site: http://builtwith.com/sasenergia.pt
source code: http://www.rexswain.com/cgi-bin/httpview.cgi?url=http://www.sasenergia.pt/&uag=MSIE+8.0+Trident&ref=http://www.google.com&aen=&req=GET&ver=1.1&fmt=AUTO
pol