Now we have heard the verdict from base (detection with various FP), in retrospect we could give some remarks on the site-detects bordering on being unwanted adware for some users (others that block won't come into contact with it even).
So just a couple of remarks for the VT example given in post #2 having issues next to it probably being a FP
-> wXw.makamundo.com.htm,,,Not in namespace,
Server errors: Unable to properly scan your site.
Unable to connect.
http://sitecheck.sucuri.net/scanner/?scan=http%3A%2F%2Fwww.makamundo.com.htmNo SOA record found for wXw.makamundo.com.
No SOA record was found when querying the name server.
This is most probably due to a misconfiguration at the name server - a zone must have a SOA record.
Nameserver 208.109.255.25 does not do DNSSEC extra processing. Nameserver 216.69.185.25 does not do DNSSEC extra processing.
Avast! WebShield here still flags here as infested with JS;Includer-BAO[Trj].
Web Security Test Results come up with the following detections:
Suspicious iFrame Check:
Suspicious
htxp://adf.ly/5668242/exo'
htxp://adf.ly/5668242/plug'
htxp://adf.ly/5668242/juicy'
htxp://widget.plugrush.com/makamundo.com/5imx'
//ads.exoclick dot m/iframe.php?idzone=832320&size=728x90'
htxp://adserver.juicyads.com/adshow.php?adzone=266917'
htxp://adserver.juicyads.com/adshow.php?adzone=274847'
//ads.exoclick dot com/iframe.php?idzone=827182&size=300x250'
//ads.exoclick dot com/iframe.php?idzone=827176&size=300x250'
//ads.exoclick dot com/iframe.php?idzone=823268&size=300x250'
htxp://widget.plugrush.com/makamundo.com/5imo'
htxp://widget.plugrush.com/makamundo.com/5j7u'
htxp://adserver.juicyads.com/adshow.php?adzone=291743'
htxp://adserver.juicyads.com/adshow.php?adzone=291744' (also as Eddy mentioned in his posting).
Included script:
Suspect - please check list for unknown includes
htxp://syndication.exoclick.com/splash.php?idzone=821938&type=4 (is being blocked by several extensions)
Outdated vulnerable PHP version found: php/5.4.24
external link to htxps://d31qbv1cthcecs.cloudfront.net/atrk.js ->
http://jsfiddle.net/B5m87/ probably benign - no strict transport security -
various https- no-best-policy issues flagged
For website code, see:
http://www.rexswain.com/cgi-bin/httpview.cgi?url=http://www.makamundo.com/&uag=MSIE+8.0+Trident&ref=http://www.google.com&aen=&req=GET&ver=1.1&fmt=AUTOWhat Eddy reports on exoclick is valid according to WOT,
controversial results:
https://www.mywot.com/en/scorecard/exoclick.com?utm_source=addon&utm_content=popup-donutsinvolved in generating smut-ads! bad web rep.
Even here there is a flag:
http://www.urlvoid.com/scan/exoclick.com/ WOT
Site may be malware free, still might be considered as at least controversial -
well with ABP and no script extensions in the browser installedbrowser users do not need to read this posting,
because they are protected against any eventual risks anyway,
polonus