See IDS alert for "ET MALWARE All Numerical .cn Domain Likely Malware Related’ - Severity 3 -
here: http://urlquery.net/report.php?id=1423316959213
Site not blocked: https://en.greatfire.org/search/all/521850.cn
index
Severity: Suspicious
Reason: Detected suspicious redirection to external web resources at HTTP level.
Details: Detected HTTP redirection to htxp://qzs.qq.com/qzone/mall/act/20121231_vip_domain/index.html. *
File size[byte]: 0
File type: Unknown
Page/File MD5: 00000000000000000000000000000000
Scan duration[sec]: 0.001000

• landing here: http://qzone.qq.com/gy/404/page.js → http://jsunpack.jeek.org/?report=57ae4c429f9bc234ddb5b79c2b512dcb2843be09

IP badness history: https://www.virustotal.com/nl/ip-address/121.14.125.52/information/

Consider external link: http://www.ip-tracker.org/locator/ip-lookup.php?ip=mat1.gtimg.com

polonus

For the IDS alert consider this info also: http://www.aldeid.com/wiki/Suricata-vs-snort/Test-cases/Malwares-viruses
Suricata /w Emerging Threats Pro detects and Snort does not
See: http://doc.emergingthreats.net/bin/view/Main/2012328

Also consider this earlier posting of mine (and !Donovan): https://forum.avast.com/index.php?topic=98322.0

polonus (volunteer website security analyst and website error-hunter)