I sniffed the code of this suspicious site here: http://web-sniffer.me/sniffer/6910623-www.zenlifet3.org.html
And towards the end I found this iframe src=htxp://bigdeal777.com/gate.php? etc etc producing an avast Webshield alert for JS:ScriptPE-inf[Trj]
and blocking access to it…
A similar iFrame redirect found on another site, see: http://urlquery.net/report.php?id=19407
also going to bigdeal777 dot com with JS:ScriptPE-inf[Trj]…
This site has infected 251 domains ( http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=bigdeal777.com )
site blacklisted by sucuri’s → http://labs.sucuri.net/?blacklist=bigdeal777.com
and a IDS flag on mentioned urlquery scan for “ET SHELLCODE Possible Call with No Offset TCP Shellcode”,
See a description here: http://www.networkforensics.com/tag/agility/
(link source article from Gary Golomb in Forensics and Reverse Engineering Series)
polonus