Blacklisted and with included javascript!

See: http://killmalware.com/027zufun.com/ (131 other sites on AS so blacklisted).
Blacklisted: http://www.google.com/safebrowsing/diagnostic?site=http%3A%2F%2F027zufun.com&hl=en
Detected twice: https://www.virustotal.com/nb/url/5a8c30c5c91132c7f48f5a73d382ca902ab146fb340bd26fab61761e2f6b43b8/analysis/#additional-info
See: http://sitecheck.sucuri.net/results/027zufun.com#sitecheck-details
Two warnings here: https://asafaweb.com/Scan?Url=027zufun.com
External links from website blocked by Google Safe Webbrowsing: htxp://sz-hy.com.cn/ & hxtp://loveyearbaby.com/
Connection time out here: http://urlquery.net/report.php?id=1418765892915
Analyzing the code see it connecting out to web.51 dot la:82/go.asp (blocked for me by an extension) → https://www.virustotal.com/nb/ip-address/222.187.221.13/information/ also from code consider: htxp://js.lwtzdec.com/all.js (Blacklisted and Compromised Site)
Read: http://security.stackexchange.com/questions/66729/what-does-this-javascript-file-do-is-this-a-virus

See: http://jsunpack.jeek.org/?report=488c95ecf334cfeb9661f9ad9a262337cc5d4920
Open link in browser with NoScript extension active and inside a VM/sandbox, for security research only!

For Image is not a constructor error, which is overriding the default Image constructor, - the remedy is to rename the variable Image to
something else.

Max time runnin exceeded for php.btzhzy dott com/pc.php iframe malcode, malicious code found. Script contains blacklisted domain: php.btzhzy dot com → http://www.site-scan.com/eng/show_headers.php?REQUEST=GET&URL=http://php.btzhzy.com%20&MODIFIED=0

<html><head><title>Error</title></head><body><head><title>Directory Listing Denied</title></head>
<body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</body></body></html>

Host not found by dns. Down or permanently down: http://myip.ms/info/search/1/stxt/btzhzy.com/k/831154562/btzhzy_com.html
Given as http:,Not in namespace, IP down on AS-QUADRANET - QuadraNet, Inc,US → http://sitevet.com/db/asn/AS29761

Good it is being blacklisted!

polonus

A likewise detection: http://killmalware.com/fangshui580.com/
See: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.fangshui580.com%2Findex.html
external link from code going here: http://jsunpack.jeek.org/?report=d9e77f1a008560d3aed8799236236aee0c0924cd
See also: https://www.virustotal.com/nl/url/facc345301b111b8ebbfac9b1fc39b513796c7a68839130e9db69f632e9ace7b/analysis/1421450256/
Taken down? http://urlquery.net/report.php?id=1421450317400
Warnings: https://asafaweb.com/Scan?Url=www.fangshui580.com%2Findex.html
Code going out to:

document.getElementById("bdshell_js").src = "htxp://bdimg.share.baidu.com/static/js/shell_v2.js?cdnversion=" + Math.ceil(new Date()/3600000);

baidu share async load!
Website blacklisted: http://www.google.com/safebrowsing/diagnostic?site=http%3A%2F%2Fwww.fangshui580.com&hl=en
Yandex discovered that some of the files and programs available for download on this site are infected with a virus.

polonus