Hi Pondus,
Zulu will also miss detection on site: http://zulu.zscaler.com/submission/show/de5c8ca5ffefad868cb01dda8499face-1399654936
See: http://myip.ms/info/whois/27.254.69.81 → http://sameid.net/ip/27.254.69.81/
I have this inside JScode blocked as with bad web rep also: htxp://lvs.truehits.in.th/goggen.php? (found inside script with a tricky loader of it’s own)
and for this one htxp://lvs.truehits.in.th/func/th_common_1.4.js
see: https://www.virustotal.com/nl/ip-address/203.151.21.62/information/
polonus