See: http://urlquery.net/report.php?id=7540791
IDS alerts: ET TROJAN FakeAV Landing Page severity 1 -
T CURRENT_EVENTS Ponmocup Redirection from infected Website to Trojan-Downloader - severity 1
WordPress version outdated: Upgrade required.
1467 sites on one and the same IP certainly does not help security: http://sameid.net/ip/184.106.55.78/
Malicious redirects and 22 websites infested: http://evuln.com/tools/malware-scanner/floridadeluxevillas.com/rescan/
going to htxp://sslabssys.com/cgi-bin/r.cgi?p=10003&i=cd6c94c0&j=314&m=77a3172cabc41ef9c902f17d0eb3a05e&h=floridadeluxevillas.com&u=/&q=&t=20131109082933
See: https://www.virustotal.com/en/url/17c84a21308a97280db9a051e5cdbdea3a117416da336b9a16fe9fae329f69d4/analysis/
Harmless file? https://www.virustotal.com/en/file/dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f/analysis/1372654036/
Site benign? http://zulu.zscaler.com/submission/show/435f60b214a632b44b3130f5bf0158bb-1384007306
Google browser difference:
Not identical

Google: 40089 bytes Firefox: 938 bytes
Diff: 39151 bytes

First difference:
us"> florida deluxe villas â�� <meta name=“robots”…

Meta data profiles
The profile attribute of the HEAD specifies the location of a meta data profile. The value of the profile attribute is a URI. User agents may use this URI in two ways: As a globally unique name. User agents may be able to recognize the name (without actually retrieving the profile) and perform some activity based on known conventions for that profile. For instance, search engines could provide an interface for searching through catalogs of HTML documents, where these documents all use the same profile for representing catalog entries. As a link. User agents may dereference the URI and perform some activity based on the actual definitions within the profile (e.g., authorize the usage of the profile within the current HTML document). This specification does not define formats for profiles.
Quote info Paul Tomblin on StackOverflow.

polonus

Heres a new scan of the site: https://www.virustotal.com/de/url/17c84a21308a97280db9a051e5cdbdea3a117416da336b9a16fe9fae329f69d4/analysis/1384008769/

And the site is blocked by Avast.

Very good, Steven Winderlich!

Now we at least know that that site is rightfully blocked.
I also see this IDS there: http://urlquery.net/report.php?id=7321742
ET POLICY Maxmind geoip check to /app/geoip.js → http://doc.emergingthreats.net/bin/view/Main/2015878
See an earlier posting of mine: http://forum.avast.com/index.php?topic=138845.0
This means at least that these postings are being followed up.

polonus