See: http://zulu.zscaler.com/submission/show/bea2844a76400b4fb575632851863afa-1343301750
Found and alerted here: https://zeustracker.abuse.ch/monitor.php?host=www.jfdigital.info&id=d6fd07b423339a883bed261396eddd0d
As site location line in the header above has redirected the request to: htxp://www.jfdigital.info/cgi-sys/suspendedpage.cgi
which is being blocked as URL:Mal, see: http://www.scumware.org/report/108.163.232.202
avast detects file as Win32:Zbot-OAM [Trj]: see: https://www.virustotal.com/file/6771d555ca0179ebc13595095354572055d6978031c4b4d5e49eaea513fd43d7/analysis/

htxp://host192-168-1-2.com/bins/int/9kgen_up.int?fxp=3d3d3d3d9a78b4bf79h4g5kjhbk3&/;lt/////;br&am
see: http://zulu.zscaler.com/submission/show/069307d82cb884c683569d2ecf2a37e6-1343302471
& http://urlquery.net/report.php?id=104312 (see IDS flags there for ET TROJAN Lop_com or variant Checkin (9kgen_up))

polonus

Blocked by avast Web Shield as JS:Redirector-RO[Trj] in url scanned here: http://urlquery.net/report.php?id=104650
Content returned by request for: htxp://v6.hdm.com.vn/C7xW8B3S/index.html
What goes on on that site?
WAIT PLEASE
Loading…
javascript" src≈ “htxp://www.lambrate-hostel.it/4j9WfA7R/js.js” → Running Plesk 9: wXw.lambrate-hostel.it:8443
Plesk version 9 outdated: Upgrade required.
document.location≈ ‘htxp://64.111.24.123/view.php?s≈ 7058dba9af062ccf’; → http://urlquery.net/report.php?id=104650
with “Detected Live BlackHole exploit kit”,

polonus