Hi Pondus,
Well that means quite a sudden increase in detection rate. So it is a fact that we only can establish what is wrong with a site when we look directly at the specific source. Indirectly via Sucuri or directly via a VM like the malzilla browser (Do not do this unless you know how to handle and be protected inside a VM malcode browser). Another way is to analyse via
http://urlquery.net/ or view the source code browsing a free secure web proxy like
http://www.idoproxy.com/In the case of iFrame malware a wepawet scan can reveal a lot, and if we have a MD5 hash of the malcode in question, like here 92de4d225d8c333821176a9e05e95650 we could give that in in google to search on further detections. Well apparently Pondus VT scan has not landed in their cache then. It was rather fresh,
polonus