Site: htxp://detelefoon.be/landcodes triggers JS:Iframe-XJ[Trj] in search?q=cache:detelefoon dot be[gzip]
Two potentially suspicious flagged here: http://quttera.com/detailed_report/detelefoon.be
No detections here: http://urlquery.net/report.php?id=642629
Wordpress internal path: /home/telefoon/public_html/wp-content/themes/flexfit/index.php
WordPress version outdated: Upgrade required
Benign: http://zulu.zscaler.com/submission/show/ad082e99d1a354a4c8d44d2073fdd707-1357652196
Is the detectopn right or a FP?
But a flag here and a Surf with Caution given: http://www.avgthreatlabs.com/sitereports/domain/detelefoon.be/
because: http://www.avgthreatlabs.com/webthreats/info/blackhole-exploit-kit/
But I tend towards a right detection: === Triggered rule ===
alert (msg:“The address you tried to access points to a Malware. Please visit http://www.malwarepatrol.net for more information”; url_content:“http://web.archive.org/”; reference:url,www.malwarepatrol.net; fid:350030; rev:20130108130652;)
=== Request URL ===
http://web.archive.org/web/*/detelefoon.
Code hick-up: (script) detelefoon dot be/wp-content/themes/flexfit/framework/js/jquery.mobilemenu.js?ver=1.0
status: (referer=detelefoon.be/)saved 1751 bytes 7d0cf338ec86dc5aa61bc0d2f21ccc5cfccb9bae
info: [decodingLevel=0] found JavaScript
error: undefined variable jQuery
error: undefined variable $.fn
error: line:1: SyntaxError: missing ; before statement:
error: line:1: var $.fn = 1;
error: line:1: …^
suspicious: /jsunpack.url element = undefined
polonus