A friend of mine which has ESET installed told me that my web site (still not in production, but in stage) is giving him security alerts about blocked urls that the site is trying to load.
I used http://sitecheck.sucuri.net/ to check the site and the result was that indeed in lots of pages there's a try to load a script like this:
[ Moderated - Don't paste potential malware script here please. ]
All of those tries have "rr.nu" but the subdomain varies, and everywhere I check I get that those urls are suspicious at best, and malicious.
Any ideas how those scripts are being loaded and why?