Script injection malcode, thank you DavidR and Pondus for putting the detection-cherry on the cake.
The proof of the pudding is indeed in the eating, but we had to taste it first...
For the moment I get here with the 403 error
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
<link href='-http://aw-snap.info/wp-content/redleg_sm.ico' rel='icon' type='image/x-icon'/>
<link rel="shortcut icon" href="-http://aw-snap.info/wp-content/redleg_sm.ico" />
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access / on this server.</p>
<hr>
<address>Apache Server at -aw-snap.info Port 80</address>
</body></html>
VT gives as clean: -http://aw-snap.info/wp-content/redleg_sm.ico,
somehow the connection is not encrypted and not secure.
So Redleg has some cleansing to do on his own website analysis website
pol