Hi Pondus,
Could it be this one:
http://pastebin.com/3Yzsv0PWSee the like hostile code flagged here:
http://urlquery.net/report.php?id=1036089I reported on this earlier in our webforum section here:
http://forum.avast.com/index.php?topic=102797.0 (218 views, no reactions)
Already high in the IDS alert charts during 2011:
The .tk domain is leased out and highly hostile. if you find some legitimate content in there we'd love to see it.
Other than a couple personal blogs we've been unable to do so. (And we really tried!)
2012810 - ET CURRENT_EVENTS HTTP Request to a .tk Domain - Likely Hostile (current_events.rules)
2012811 - ET CURRENT_EVENTS DNS Query to a .tk domain - Likely Hostile (current_events.rules) (reported by/credits to matt jonkman-
Emerging Sigs on EmergingThreats 5/15/2011)
Also PHISHING going on from that IP - and long overdue issues -migrated from 178.211.44.113 178.211.44.113 to 46.45.177.101
polonus