Avast! Web Shield detected JS:Iframe-AQP[Trj] on htxp://www.vahshat.rozblog.com/post/539|{gzip}

Missed here: http://quttera.com/detailed_report/www.vahshat.rozblog.com
and here also missed: https://www.virustotal.com/nl/url/1e1452e789c99bb8e9492c72b6ac70e8e11522110f59f64c706ace64796669e2/analysis/

But detection is valid as we see here: http://urlquery.net/report.php?id=3183349

2016102 =96 ET TROJAN DNS Reply Sinkhole =96 Microsoft - 199.2.137.0/24 (trojan.rules)
Microsoft and google respectively control their own sinkholes…
An IDS alert from an externally facing dns server - requests that return an adress in the said block.
One would see traffic from “infected” machines heading for these blocks.
avast! Web Shield did that brilliantly!

Keep your avast! Shields up and running, folks, mighty important for your everyday protection online!

polonus

Well Virus Tracker classifies as wXw.vahshat.rozblog.com,79.127.127.68,Criminals,
See: https://www.virustotal.com/nl/ip-address/79.127.127.68/information/
But there are still users that like to venture out there: http://unblocksit.es/unblock/r98.ir/
3100 sites on one and the same IP: http://sameid.net/ip/79.127.127.68/
rozblog com is not blocked for me: htxp://rozblog.com/ while I get it as rozblog.com,79.127.127.68,ns1.rozblog.com,Parked/expired,
is a down or dead PHISHING site: http://support.clean-mx.de/clean-mx/phishing?id=3673664

polonus

sucuri http://sitecheck.sucuri.net/results/www.vahshat.rozblog.com

VirusTotal
https://www.virustotal.com/nb/file/b4f14d695d8f97f030f8aef0dbe86e8edf81ab4de8b16693306b52553c6bf0a5/analysis/1390159352/

The redirect site at Virus Tracker is classified as: ads.rzb dot ir,79.127.127.66,ns1.rozblog dot com,Criminals,
No alerts here: http://urlquery.net/report.php?id=8897181
Attack performed there: Unknown: failed to open stream: Permission denied in Unknown on line 0 Fatal error: Unknown: Failed opening required ‘/home/u2XXXXXXX4/public_html/shell/c99.php’ (include_path=‘.:/usr/lib/php’) in Unknown on line 0

pol