See: http://www.domxssscanner.com/scan?url=http%3A%2F%2Faspt.su%2F%3Bst%3D1445025607713%3Btitle%3D%25D0%2590%25D0%25A1%25D0%259F%25D0%25A2%2520%25D1%2582%25D0%25B5%25D1%2581%25D1%2582%25D0%25B8%25D1%2580%25D0%25BE%25D0%25B2%25D0%25B0%25D0%25BD%25D0%25B8%25D0%25B5%2520%25D0%25B4%25D0%25BB%25D1%258F%2520%25D1%2580%25D0%25B0%25D0%25B1%25D0%25BE%25D1%2582%25D0%25BD%25D0%25B8%25D0%25BA%25D0%25BE%25D0%25B2%2520%25D0%259E%25D0%2590%25D0%259E%2520%25D0%25A0%25D0%2596%25D0%2594%3Bs%3D1176*885%3Bvp%3D1159*775%3Btouch%3D0%3Bhds%3D0%3Bflash%3D10.0%3Bsid%3De5763073%3Bver%3D60%3Bnt%3D%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%3B_%3D0.9474006456948668%3Be%3DRT%2Fload%3Bet%3D144502561

landing at: -http://tmserver-1.com/197ktl61js0t9ycw3y8c0qx61qwuo9y0j7mxdu9
probably detected Webzilla abuse as DrWeb flags: https://www.virustotal.com/nl/url/a38b4c5a4c6bc902e4528f8ba6bae4807b27ae07d053a6a58175bf7122a188be/analysis/

then redirecting here: https://www.virustotal.com/nl/url/0fa852f6953f2e7f16c6ffeee70e2cde83ba261da9ca59fa937c4d55dff6ca86/analysis/1445029305/ (detected via Malzilla scan) malicious: https://www.virustotal.com/nl/url/0fa852f6953f2e7f16c6ffeee70e2cde83ba261da9ca59fa937c4d55dff6ca86/analysis/1445029305/
malware confirmed here: http://urlquery.net/report.php?id=1445029498326 continued Webzilla abuse!

-http://darangi.ru/8xtl1k5coxs5svcdqvoa2s8gz3n9mo9hy7ek0kkpq78b88qjd4evexo38zt2 is present in the Dr.Web database of unwanted sites!

-http://tmserver-1.com/197ktl61js0t9ycw3y8c0qx61qwuo9y0j7mxdu9 is present in the Dr.Web database of unwanted sites!

polonus