Most scanners do not detect this website malware....

[polonus]

See: http://sitecheck.sucuri.net/results/tohouri.com
ISSUE DETECTED   DEFINITION   INFECTED URL
Website Malware   malware-entry-mwblacklisted35   htxp://tohouri.com/en/publications ( View Payload )
Suspicious domain detected. Details: http://sucuri.net/malware/malware-entry-mwblacklisted35
Location: htxp://ibontu.25u.com/
SE visitors redirects
Visitors from search engines are redirected
to: htxp://ibontu.25u.com/
9775 sites infected with redirects to this URL
List of blacklisted external links: 1
htxp://twitter.com/share
List of blacklisted external links: 1
htxp://twitter.com/share

CMS issue: Web application details:
Application: Drupal - http://www.drupal.org
Google Analytics installed: UA-3720428-2
Running cPanel 11.42.1.29: tohouri dot com:2082
Drupal not updated. We recommend versions 6.33 or 7.32 (or higher).
Outdated Drupal Found: Drupal under 6.31 or 7.27

The weatherstickers could be broken by extensions or ad-blocked:
http://help.wunderground.com/knowledgebase/articles/129031-why-are-the-weather-sticker-images-broken

polonus

[polonus]

Scan resultrs  banners dot wunderground dot com

tarting 5.51 ( ScanVerify.com ) at 2014-11-27 09:12 CST
scan report for banners.wunderground.com (38.102.136.101) -> ip/38.102.136.101.json
Re: https://www.robtex.com/en/advisory/ip/38/102/136/101/
Host is up (0.044s latency).
Not shown: 998 filtered ports
PORT    STATE  SERVICE VERSION
80/tcp  open   http    Apache httpd 1.3.42 ((Unix) PHP/5.3.2)
| http-methods: Potentially risky methods: TRACE
|_See ScanVerify.com/nsedoc/scripts/http-methods.html
|_http-title: 403 Forbidden
443/tcp closed https
this is a whitelist of known legitimate email servers to reduce the chances of false 
Trusted Forwarder SPF Global Whitelist  Bonded Sender

sbl.spamhaus.org     link         Direct UBE sources, verified spam services and ROKSO spammers 
xbl.spamhaus.org     link         Illegal 3rd party exploits, including proxies, worms and trojan exploits 

pol

[Pondus]

no malicious code .... just a URL
https://www.virustotal.com/nb/file/f8e038c63c5173f984a84821bb46b58ebb0819459022302a80fb2a48c5885b43/analysis/1417101431/
https://www.virustotal.com/nb/file/ded72d40dc3c05524809eda33f1930890839add4af7930e6e184dfae83a8031a/analysis/1417101577/

[polonus]

Hi Pondus,

I trust Sucuri here, moreover considering the IP badness history: https://www.virustotal.com/en/ip-address/192.254.224.61/information/

VT results are important and often redommended standard,
but it is known to me that (bad hat) SEO Spam and defacements/hacks are very often not being flagged by VirusTotal.
What is the criterium here? That code must be infectious as such and hacks also?
Well, fraudulent redirects (spam fraud, defacement) etc. are not considered malicious in this strict sense here 

I think this is a big blind spot where VT is concerned, same goes for some other scanners that miss SEO Spam for instance.
Killmalware is a good exeption to that rule. Quttera is also gettting better and better in detecting these various forms of abuse.

Also adware that is hidden but not malign as such is often spared by AV solutions,
even in PUP scannningm often because of legit implications.
That is for instance why several forms of Conduit crapware is being missed by major AV.
So here this is a grey area but the undetected is out there, the so-called virus X-Files   

polonus

polonus

[Pondus]

tohouri.com/ give no redirect when entering

ibontu.25u.com/ redirects to june26.com/

[polonus]

Here I give an example of abuse that is there, but that VT ignores or does not detect (I do not know what to think of this):
Been defaced/hacked since 22 hours ago: http://sitecheck.sucuri.net/results/karismahairdressing.com
Exploit used: http://marc.info/?l=full-disclosure&m=106365781917123&w=2
Flagged and description here: http://killmalware.com/karismahairdressing.com/#
Missed: https://www.virustotal.com/en/url/0e59b420676f20ce3be67aecfd0099b5ae656a26062adaf1d2e2cb8c35b26fa1/analysis/1417104200/
Missed: http://quttera.com/detailed_report/karismahairdressing.com
Even here external element mentioned but not flagged  ->
http://zulu.zscaler.com/submission/show/c5addaf3657eeaa53edc6ae8bc09a5bf-1417104462
http://urlquery.net/report.php?id=1417104659774
So do not leave this link: https://www.facebook.com/permalink.php?id=197705186938936&story_fbid=554733231236128
DrWeb URL scanning extensions flags clicking that external link (to defaced site).

polonus