See: http://urlquery.net/report.php?id=1399248093872 *
see IDS alerts there, but missed altogether here: https://www.virustotal.com/nl/url/a9221a3f24936382e062cb40a125f3b7eb2c27255c5e98cb8ff2f11207a133cf/analysis/1399249126/
These guys also missed it: http://sitecheck.sucuri.net/results/irr.ru#sitecheck-details
See: irr dot ru,178.248.236.14,ns dot hands dot ru,Parked/expired, (kraken’s virus tracker result)
While most scanner miss it, we have detection here:
http://maldb.com/irr.ru/real-estate/apartments-sale/new/apartamenty-65-kv-m-v-mfk-vodnyy-advert313618040.html
The chain of redirects found:
to: htxp://pass.pronto.ru/client/controller.php?suid=4c7ba245a111abc72e000000&return_path=htxp%3a%2f%2firr.ru%2fcontrollers%2fpassport%2fauth.php%3freturn_uri%3d%252f
Redirect to this URL found in 0 sites
to: htxp://irr.ru/controllers/passport/auth.php?return_uri=%2f&&message=not_used_cookie&rnd=5702
Redirect to this URL found in 0 sites

Site is not being blocked?

polonus

Update - external link * web rep: https://www.mywot.com/en/scorecard/advombat.ru?utm_source=addon&utm_content=popup
Leads to ransomware - http://www.malwaredomainlist.com/mdl.php?search=advombat.ru
Even more reason for a blocking.

D

Read how actual such an attack could have been:
http://www.fireeye.com/blog/technical/cyber-exploits/2013/05/ie-zero-day-is-used-in-dol-watering-hole-attack.html
link article author = Yichong Lin |

Def. of watering hole attack: http://en.wikipedia.org/wiki/Watering_Hole

This was a recent attack, here a description of a similar attack a full year ago by Jaime Blasco:
http://www.alienvault.com/open-threat-exchange/blog/new-internet-explorer-zeroday-was-used-in-the-dol-watering-hole-campaign
This happens by malicious redirecting through malcious servers.

polonus