ET POLICY Maxmind geoip check to /app/geoip.js site not blocked?

[polonus]

Blocked by WOT and webutation: http://www.webutation.net/go/review/consumertipsdaily.org?req=chrome
Flagged on many instances by VT: https://www.virustotal.com/nl/url/b03111c787aa4f11d6d546ce0b725c40c5cd4ff5a5e79b3c204c48607f07e77a/analysis/1383402944/
Phishing and other frauds, disease vector,spam according to http://urlquery.net/report.php?id=7390685
See IDS severity 1: http://doc.emergingthreats.net/bin/view/Main/2015878
Exploitable: http://www.cvedetails.com/vulnerability-list/vendor_id-74/product_id-128/version_id-142889/PHP-PHP-5.3.18.html

On redirect to  htxps://wahinstitute.net/?t202kw=affi&sid=
I get these included scripts alerted:

Suspect - please check list for unknown includes
htxps://wahinstitute.net/js/jscripts-lib.php -> http://jsunpack.jeek.org/?report=312c31a8a35696ee8de894542d5b3a2d42bf01be

htxps://wahinstitute.net/js/exitpop.php -> http://jsunpack.jeek.org/?report=9ea65ead9320cd7fb07cea26617628bb0a3ba88c
(inserted on themes to go in footer.php)

Quttera comes up with 4 potentially suspicious -
//////////////
/program-available.php?
Severity:    Potentially Suspicious
Reason:    Detected procedure that is commonly used in suspicious activity.
Details:   Too low entropy detected in string [['*************************************************\nToday\'s Special 61% OFF Discount\n**************']] of length 702 which may point to obfuscation or shellcode.
Threatdump: http://jsunpack.jeek.org/?report=4a7af539e48544a01b10bffa58f2ef4b01a41c38
//////////////////index.html
Severity:    Potentially Suspicious
Reason:    Detected procedure that is commonly used in suspicious activity.
Details:   Too low entropy detected in string [['************************************************\n Today\'s Special 50% OFF Discount\n *************']] of length 673 which may point to obfuscation or shellcode.
Threatdump: http://jsunpack.jeek.org/?report=f77ab01654159005e491269a38c69d2ede45ab1c
//////////////////
/1/program-available.php?
Severity:    Potentially Suspicious
Reason:    Detected procedure that is commonly used in suspicious activity.
Details:   Too low entropy detected in string [['*************************************************\nToday\'s Special 61% OFF Discount\n**************']] of length 702 which may point to obfuscation or shellcode.
Threatdump: http://jsunpack.jeek.org/?report=02093071d935edafa73e92a56b034a3bb3ffde6e
//////////////////////////////////////
/#
Severity:    Potentially Suspicious
Reason:    Detected procedure that is commonly used in suspicious activity.
Details:   Too low entropy detected in string [['************************************************\n Today\'s Special 50% OFF Discount\n *************']] of length 673 which may point to obfuscation or shellcode.
Threatdump: http://jsunpack.jeek.org/?report=0c8955ce6fa3389079f56beb15d73b033354ce67

pol

[polonus]

Another one: http://urlquery.net/report.php?id=8790923
See: http://jsunpack.jeek.org/?report=7013f04b0a946d7dfb60f878dc02a7a8dc120886
See: http://maldb.com/www.kp.ru/daily/diatlov-pass/ 

Code: [Select]

<div id="uslotitem6326"></div>   see: http://jsunpack.jeek.org/?report=db3bbdcbfe9c7eaee69d4b7d293166de2837127a

polonus

[Pondus]

Listed at PhishTank   http://www.phishtank.com/phish_detail.php?phish_id=1952046

[polonus]

Hi Pondus,

Hey, thanks 
That is a valuable precision for those that will alert this via the WOT webrep reports!

pol

[Pondus]

and those listed at PhishTank are blocked by openDNS