Website with various SE redirects and vulnerable code....

[polonus]

Bitdefender TrafficLight flags the website as malware site: htxp://tweeps.us
Quttera detects one suspicious file -> index
Severity:   Suspicious
Reason:   Detected suspicious redirection to external web resources at HTTP level.
Details:   Detected HTTP redirection to -http://clcktrck.net/path/lp.php?trvid=10003%26trvx=3721aa50%26search=detox%20cleanse%20reviews%26smid=DfzfI371aWL71X8fx7N9t5J34kg09eG%26dom=-tweeps.us.
File size[byte]:   0
File type:   Unknown
Page/File MD5:   00000000000000000000000000000000
Scan duration[sec]:   0.001000

Detected libraries to be retired:
jquery - 1.7.2 : (active1) -http://tweeps.us
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
backbone.js - 0.9.2 : (active1) -http://tweeps.us
handlebars.js - 1.0.beta.6 : (active1) -http://tweeps.us
Info: Severity: medium
https://github.com/wycats/handlebars.js/pull/68
Info: Severity: medium
https://github.com/wycats/handlebars.js/pull/1083
(active) - the library was also found to be active by running code
2 vulnerable libraries detected

Three XSS attacks exploitable: http://www.domxssscanner.com/scan?url=http%3A%2F%2Ftweeps.us%2Fcdn-cgi%2Fse%2Fjavascripts%2Fmodernizr.js

Chain of redirects found: http://killmalware.com/tweeps.us/#

I now get: "The page you are looking for cannot be found". "SmartErrors powered by CloudFlarePrivacy policy".
Unique IDs about your web browsing habits have been insecurely sent to third parties.

 ajax.cloudflare.com __cfduid
 tweeps.us __cfduid
d5fb79cb4xxxxxxxxxxxxxxxxxx1445965753  local.adguard.com

See Cloudflare abuse for IP: https://www.virustotal.com/en/ip-address/104.24.103.115/information/

Consider also: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fapi.swiftype.com%2Fapi%2Fv1%2Fpublic%2Fengines%2Fsearch%3Fcallback%3DjQuery17207577266006264836_1452341845795%26q%3D%26engine_key%3DzpEY3X5Wncvrsw2Ab6e2%26_%3D1452341845832

ssl-google-analytics.com code but link to -9b.5b.c0ad.ip4.static.sl-reverse.com was blocked by MBAM as malicious.
See reverse DNS: http://toolbar.netcraft.com/site_report?url=http://api.swiftype.com

polonus

[polonus]

Update - abuse from now parked website.
Given as clean: http://killmalware.com/tweeps.us/#  &  http://quttera.com/detailed_report/tweeps.us
Checking for cloaking
There is a difference of 6868 bytes between the version of the page you serve to Chrome and the version you serve to GoogleBot. This probably means some code is running on your site that's trying to hide from browsers but make Google think there's something else on the page. provider nor the domain owner maintain any relationship with the advertisers, on the other side consone it.
Scripts
Found 3 unsafe scripts out of 0 script tags
Stylesheets
Found 2 unsafe stylesheets out of 0 stylesheet tags  -> https://sritest.io/#report/a7f4e468-90c0-43af-abba-af76bb64c168

Blocked by ad- and script blockers come: Script loaded: -http://d32ffatx74qnju.cloudfront.net/scripts/js3caf.js
Script loaded: -http://www.google.com/adsense/domains/caf.js
Script loaded: -http://www.parkingcrew.net/scripts/sale_form.js
Script loaded: -http://www.google-analytics.com/ga.js

polonus

[polonus]

That campaign seems still alive, recent update: http://killmalware.com/dearwisead.space/

Re: https://www.virustotal.com/en-gb/url/41fae95cfdc6f8112eb4d58661ead0ed31bf03cb6c54572359d653d34bf61204/analysis/1438120034/

See: https://aw-snap.info/file-viewer/?tgt=http%3A%2F%2Fwww.dearwisead.space&ref_sel=GSP2&ua_sel=ff&fs=1

Typical case of CloudFlare abuse: http://toolbar.netcraft.com/site_report?url=http://104.31.74.46
address: https://www.threatminer.org/host.php?q=104.31.74.46

5 issues: http://mxtoolbox.com/domain/www.dearwisead.space/

polonus (volunteer website security analyst and website error-hunter)

P.S. Also checked this redirect: https://www.mywot.com/en/scorecard/laboratoriobaldan.com?utm_source=addon&utm_content=rw-viewsc