See: http://killmalware.com/cqpos.net/#
Warnings: https://asafaweb.com/Scan?Url=cqpos.net
http://quttera.com/detailed_report/cqpos.net#collapseEight
List of referenced blacklisted domains/hosts: 69
Javascript included from a blacklisted domain. Details: http://sucuri.net/malware/entry/MW:BLK:2
Javascript: -js.17meiliba.com
external link malicious: htxp://js.users.51.la/17468139.js
Trojans detected:
Object: http://k.sdtsm.com/1421018280/guodou_105_6337.exe
SHA1: a0f24a5de750e183add80b80b618dd5b06997da4
Name: Application.Win32.ShouQu.B avast detects as Win32:Malware-gen
Malware Code. Found by Comodo Cloud checking. Re: http://hashtool.eshigee.eu/hashes/cQpos<ó

polonus

Our webforum friend, Pondus, just provided me with the executable scanned that was found to contain the malware:
-k.sdtsm.com/1421018280/guodou_105_6337.exe
https://www.virustotal.com/en/file/0779f4792803dc39e344e7658d719616d5457f44879ab084c6bc0682c8b3bdae/analysis/1421019145/

Thank you again Pondus for this evaluation ;D

WOT flags: https://www.mywot.com/en/scorecard/k.sdtsm.com/1421018280/guodou_105_6337.exe?utm_source=addon&utm_content=contextmenu

IDS alert severity 2 flagged on the urlquery dot net scan: https://urlquery.net/report.php?id=1420286853436
On the alert read my previous posting here: https://forum.avast.com/index.php?topic=146797.0

Damian

Update, consider: https://urlquery.net/report.php?id=1425949549393
and http://killmalware.com//
Hidden/Malicious iFrames - Code: 0,

Content cannot be read! → links to: http://go.microsoft.com/fwlink/?linkid=8180

page has been removed: htxp://kojbhbf.com.iplanetwork.com/en/502.shtml
This blocked by Google Safebrowsing p-> htxp://kojbhbf.com/Resource/
Response body:

<html><head><title>Error</title></head><body>ϵͳ�Ҳ���ָ�����ļ���
</body></html>

Malicious link detected: Results from scanning URL: htxp://js.users.51.la/17434654.js
Number of sources found: 11
Number of sinks found: 3

Two warnings here: https://asafaweb.com/Scan?Url=kojbhbf.com%2FResource

polonus