Ransomeware IP address and sedo parked malware....

[polonus]

See: http://urlquery.net/report.php?id=1495308994259
and on IP: https://ransomwaretracker.abuse.ch/ip/70.32.1.32/
PHISH...related is Results from scanning URL: -http://www.google.com/adsense/domains/caf.js
Number of sources found: 115
Number of sinks found: 157

hxtp://www.google.com/adsense
Detected libraries:
angularjs - 1.5.9 : (active1) -https://ajax.googleapis.com/ajax/libs/angularjs/1.5.9/angular.min.js
Info: Severity: medium
https://github.com/mozilla/addons-linter/issues/1000#issuecomment-282083435
http://pastebin.com/raw/kGrdaypP
Info: Severity: medium
https://github.com/angular/angular.js/blob/master/CHANGELOG.md
(active) - the library was also found to be active by running code
1 vulnerable library detected  -> http://www.domxssscanner.com/scan?url=https%3A%2F%2Fajax.googleapis.com%2Fajax%2Flibs%2Fangularjs%2F1.5.9%2Fangular.min.js
(vulnerable to injection exploits and stealing of session tokens).

polonus (volunteer website security analyst and website error-hunter)

[polonus]

Update - recent example - https://urlquery.net/report/9b5b5eb1-bfbe-444f-8dcc-dbb5c51ecba5
Re: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=cHx9a1tuZ159e3cubnt0YHxzc3t0c2BzXn1bcHRzYGpzMy5qcw%3D%3D~enc
Re: https://www.virustotal.com/#/url/c16f2301b6b606f60fb5b037c9301d66d0451a99fe6c88ec19591989a4025a75/detection
Consider: https://www.virustotal.com/#/file/a606134e35db97024d04789609660c94f87f660dc259d91db5180e32787d4dad/details
XSS - 15 sources and 20 sinks inside -http://parkingcrew.net/assets/scripts/js3.js
Re: https://www.virustotal.com/#/domain/parkingcrew.net

polonus